Tuesday, September 23, 2014

comForte Lounge has moved !

We recently moved the comForte Lounge blog to a new home. Please visit http://blog.comforte.com/ to read the latest posts.

Thursday, July 24, 2014

Security – comForte ensures our valuables are safely out of reach!

A new opinion paper is now available from comForte and it’s all about our need for a deep defense – when it comes to keeping out the bad guys, we do need to take action!

It was the hallmark of the Roman Empire that is still visible two millennium later. I am talking about roads – the arterial highways that allowed the Roman Empire to prosper. Bridges and gateways remain visible in many parts of Europe and they helped Rome defend its empire – Roman legionnaires could quickly traverse vast distances to help defend against intruders. Hadrian’s Wall is still a reminder today of what it took to keep enemies at bay.

However, in the twilight of the Roman Empire these roads also facilitated others, with less honorable intentions, and it became easy to take off with the wealth of a nobleman or even of a whole village. The roads that bound the Roman Empire were a blessing and a scourge, so much so that by the middle ages massive fortresses were built to ensure valuables could be safely locked up. Today, we are experiencing much the same problem once again.

According to a special report on Cyber-Security in the July 12, 2014, issue of the magazine, The Economist, it’s no longer about roads that connected ancient Rome but about the networks that connect the world. “Cyberspace has become shorthand for the computing devices, networks, fiber-optic cables, wireless links and other infrastructure that bring the internet to billions of people around the world,” suggests the writers of the report.

“The myriad connections forged by these technologies have brought tremendous benefits to everyone who uses the web to tap into humanity’s collective store of knowledge every day. But there is a darker side to this extraordinary invention,” the report observes. “Securing Cyberspace is hard because the architecture of the internet was designed to promote connectivity, not security. Its founders focused on getting it to work and did no worry much about threats because the network was affiliated with America’s military.”

However, the very channel we all surf so regularly contains unimaginable terrors that perhaps have their  origins with the Military that has generated imagery that we all can comprehend. Indeed, in a conference call on its latest Big Data Analytics initiative, HAVEn, HP CEO, Meg Whitman, compared enterprises battles keeping out intruders as an arms race, where despite the best efforts of all involved, with each lifting of the bar, new ways to climb over were soon found by those intent on penetrating an enterprises defenses.

“The biggest day-to-day threats faced by companies and government agencies come from crooks and spooks hoping to steal financial data and trade secrets,” notes the report in The Economist. “Smarter, better organized hackers are making life tougher for the cyber-defenders.” However, it wasn’t too long before those who built the castles in the middle ages determined that often the best defenses included multiple deterrents.

Depth of defenses involving moats, drawbridges with high gate towers, along with massive stone walls, all contributed to making the task of conquest a lot more difficult. Relying on multiple precautionary defenses in time proved to be a great deterrence to the bandits exploiting the benefits of ancient roadways. The benefits from pursuing a multi-pronged defense was highlighted by the Australian Signals Directorate, The Economist went on to note.

This government department noted that “85% of targeted breaches (that) it sees could be prevented by just four measures: whitelisting software applications; regularly patching widely used software such as PDF viewers, web browsers and MS Office; doing the same for operating systems and restricting administrator privileges to those who really need them to do their job.”

In other words, ensuring only “approved” application code (and the data they depend upon) could be run, known bugs and security “holes” were regularly patched (in applications as well as the OS and middleware), and really tightening up who can do what and under what conditions, could help enterprises limit possible unwarranted incursions into their IT departments. The flip-side to approved application code (and data) is making sure anything not approved doesn’t get to run and this includes making it hard to see and indeed access, your most valuable treasures.

The prospect of beefing up the depth of our defenses is the main focus area of my latest opinion paper on security, Secure the Fort – Your Data has become the new Gold that can be downloaded from the comForte web site. Follow the link above, register, and read the commentary provided. The key contribution comForte is making to any viable depth of defense is encryption – hiding the valuables behind an “impenetrable wall” to ensure “crooks and spooks” cannot make off with what is sacred to the enterprise.

In my latest opinion paper I quote comForte CTO, Thomas Burg, a number of times. “Many hackers go for the easier options such as unprotected log files containing ‘virtual gold” such as credit card numbers together with expiration dates,” Burg told me. “It will likely be internal agencies within a company that encourage and indeed fund more systemic approaches to security and we are seeing such changes already.”

Looking at castles from the middle ages that have survived, it’s hard to miss the complexity involved. However, oftentimes, with the complexity, came exposure and more than one castle fell because a “secret passage” had been discovered. Comparing this to what we rely on today inside the data center, Burg added how “Complex systems are inherently harder to secure, but again, I don’t see systems becoming less complex. Just as in other areas, there is no silver bullet. People need to realize it is an ongoing task (to secure code and data) and stop underfunding and under-prioritizing it.”

My latest opinion paper on security was subtitled, “Lock the gates! Flood the moat and pull up the draw bridge! comForte now providing the depth of defense our castles need!” Yes, it’s all about hiding what’s valuable to the enterprise and with the encryption approaches adopted by comForte and now available to all members of the NonStop community, this depth of defense so prized by enterprises has just become a whole lot deeper!  

Wednesday, June 25, 2014

The big surprise and the need for comForte …

Important messages and an ever-evolving storyline were among the more important aspects of 20014 HP Discover and comForte was present to take it all in!

There are surprises and then there are really big surprises. Back from 2014 HP Discover now for a week and I’m still coming to terms with the announcements made during HP CEO, Meg Whitman’s, keynote presentations. Last year I thought the unveiling of a new form factor and packaging in Project Moonshot was impressive, but compared with the unveiling of The Machine, it’s more of a footnote by comparison. This came as a really big surprise and like many in the NonStop community, I am still rather shell-shocked by the announcement.

For decades now I have been a willing attendee of vendor’s major marketing events. When I worked at Nixdorf Computers in the 1980s it was always a big deal to get a company invite to attend the Hanover fair, and by happenstance, I managed to get invited twice during my time with Nixdorf. The importance of this industry trade event was that Nixdorf turned it into its own special event going as far as to take over a railway station in Hanover, as well as an airport hangar on one occasion, to celebrate the year’s results!

At Tandem Computers, getting invited to participate in an ITUG event was special – particularly for us in America, if it was the European event – loved Nice and Lyon. Similarly, at IBM the events put on by the mainframe user community, SHARE, were must-attend opportunities. For anyone associated with HP then clearly, HP Discover is a must-attend event as well, but perhaps not for all subsets of the community.

Looking back on this year’s events there was clearly a focus on vendor executives as well as those in the vendor community charged with business development. HP Discover was the place to meet with HP executives and to hear firsthand HP’s vision and strategy and to see the roadmaps that executing on the vision and strategy produced. Coming to terms with where HP is headed, particularly when it involves NonStop, is of great importance to all who make up the NonStop vendor community.

When it comes to comForte, they were one of only two vendors with a kiosk on the exhibition floor. No longer simply a space to demonstrate your wares, HP calls this portion of the venue the Discover Zone. According to HP, the “Discover Zone is the heartbeat of the show, your area for conversations and investigation. Here you can find pavilions, demo theaters, kiosks, tours, the Innovation Theater, and more – all centrally located.”

Seeing the familiar faces of comForte’s Brad Poole and Dieter Orlowski as they shared time in front of the kiosk brought back so many memories and was a foretaste of what to expect at the bootcamp in November. Hearing about the opportunity for Poole to give a HP NonStop solutions architect a demo of maRunga running on one of their own HP systems was good to know. Of course, comForte CEO Dr. Michael Rossbach was never far away, ever attentive to the developing story from HP as it unfolded.

Just recently, InfraSoft’s maRunga product has been installed in HP NonStop’s Advanced Technology Center (ATC) and is now accessible by all HP NonStop sales and solutions architects. It replaces the original prototype developed by HP NonStop solutions architects for 2012 HP Discover, and marks a major milestone in the effort for greater promotion of a solution jointly developed by HP and its partners, comForte and Infrasoft. Getting the opportunity to present to HP NonStop personnel, as Poole was able to do? Priceless!

Partnerships are of paramount importance to HP and this was easily recognized with the multiple sessions where HP had partners on stage with them – either as part of a panel or as the subject of an interview. The importance of partnerships with select vendors is only going to become even more important and it’s all because of The Machine, referenced earlier.

In short, The Machine was introduced to the community by HP CTO, Martin Fink, “We've been using the same architecture and been doing it the same way for decades,” said Fink. When you look at it, Fink explained, ninety percent of what the operating system and processors are doing “is just shuffling data between different storage tiers.”

Furthermore, The Machine is “a new compute design built from the ground up. Processors, specialized for a particular task or ‘workload’, connect to a fabric based on light for communication. In turn, all of this is connected to a large single pool of ‘universal memory,’ which obviates the need for separate memory and storage tiers.” So what’s in this for NonStop? And what of NonStop vendors like comForte, deeply steeped in the NonStop architecture for nearly as long as NonStop has existed?

The message from HP with The Machine was very simple, and it contained two very important points for the NonStop community. Firstly, for the rest of the decade, The Machine would consume 75% of the total HP R&D budget and then secondly, even with this level of funding, HP would be looking for partnerships – commercially, from the private sector as well as institutionally, from universities around the globe. Bottom line? It will be partners who forge ahead with NonStop and it will be NonStop partners who will be contributing to The Machine.

Almost lost in the slideware is the imminent arrival of NonStop on Intel’s x86 chips – but for it to succeed, and look like something completely new from HP, it will require modern languages, frameworks and tools – not just a continuation of what exists already. It will provide challenges in connectivity as well as in management and monitoring even as it seeks out new solutions vendors and indeed, completely new market segments in which to compete. The load on partners will be sizeable and for companies like comForte, these opportunities will be significant.

“But wait”, as the TV promoters like to add, “there’s even more!” As all systems today converge on The Machine, and as models are developed in support of everything HP builds from handheld devices to supercomputers, it’s going to need to leverage some aspects of NonStop – yes, post 2020, NonStop as a pure software play, may not be supported with hardware as we know it, nor will it even be identifiable from the outside but as the new operating system is built for The Machine, deep inside the code I suspect there will be much that is recognizable as NonStop.

Yes, it was a very big surprise to see the level of commitment HP is making in support of The Machine but it’s not going to be surprising in the short term to see partners taking on more of the development load and for those with the experience, including vendors like comForte, the opportunities may prove boundless in the extreme. And that’s a good thing for every constituent in the NonStop community! 

Thursday, June 5, 2014

Do you know where your wires run? Safely navigating network changes with uLinga!

Infrasoft Managing Director, Peter Shell, opens up on future role for uLinga as HP elects to let the SWANs go …
One of the downsides to switching between cars is that the interfaces, important for us to safely drive the car, all seem to change. Sure, the gas pedal is next to the brake pedal but I challenge anyone to jump into an unfamiliar ride and then turn on the headlights or activate the windscreen wipers. As for the navigation and entertainment ‘centers’ then my only response is, “good luck!”

As much as the automobile industry has advanced, and safety today is unquestionably better than it ever has been, there’s still that sense of bewilderment when we take a quick look at all that’s been provided to help us. Nothing is truly standard between manufacturers, and I’m certain I will see little change on this front for as long as I continue to drive cars.

Standards, particularly those to do with interaction, have always been a stalwart of computers and with communications in particular. Pick up any communications programming guide and immediately the language jumps out at you – it may look foreign at first but to any communications programmer, no matter the product, they quickly resort to terms in a universal manner. And nowhere is this more apparent than when any programmer faces the daunting challenge of communicating with applications running on IBM mainframes.

The communications protocols and services needed to successfully connect with mainframes are decades old. They enjoy a rich history of stoically allowing, and indeed protecting, IBM mainframe applications access from client devices of all types. While the world completed a transition to TCP/IP long ago, and developing a new application using sockets is commonplace, when it comes to the mainframe, even though today it too can easily access TCP/IP, when it comes to the actual protocol application programs rely on, they are far removed from TCP/IP and owe their roots to IBM’s SNA.

This too remains true of the protocols used over the wire – whether the device interface is 3270 and the wire protocol is SDLC or perhaps X.25 – life goes on for many mainframe applications even as everything around them has changed. The mainframe today is every bit as TCP/IP centric as any other server, but more often than not the LAN oriented TCP/IP networks in place are being used to transport formerly WAN oriented communications traffic.

Have SDLC, X.25, and even BiSync protocols gone away completely? It turns out that while the underlying protocols that make the relevant communications protocol “stack” are long gone – protocol convertors, encapsulation and tunneling have all helped keep alive technologies everyone thought irrelevant, for the most part, and even today, “behaving like a 3270 terminal” makes sense to programmers. It’s all about the trillion dollar investment in solutions and even as they may change in a different world, the business logic captured within their code stays relevant and trundles along unaware of what the interface being used.

For a very long time HP NonStop systems have provided strong support for both WAN and LAN protocols ,for decades. However, when it comes to the older WAN protocols the end of the line is fast approaching, and for good reason. The hardware needed to support WAN is simply proving too costly to retain and solutions that can support WAN oriented interfaces over LAN solutions are becoming commonplace. The wires from your desktop may run to a plug in the wall but whereto after that?

This was the basis for the message conveyed in a recent posting in the eNewsletter, Tandemworld, by comForte marketing head, Thomas Gloerfeld. “HP recently started to announce the End of Sales of the SWAN2 box which is used by many to connect devices to HP NonStop systems using SNAX, X25 and other protocols”, Gloerfeld said. However, he also noted that “While SWAN2 boxes will be at least supported until June 2017 according to the HP NonStop Hardware Maintenance List (available on the HP NonStop website in the ‘Product' section’), maybe now is the time to look for alternatives.”

More importantly, while not being alarmist and fully cognizant of HP NonStop product management’s timeframes for the end of SWAN2, Gloerfeld did reiterate the message now being conveyed to the NonStop community – use this announcement to accelerate your plans to bring in-house alternative solutions. In presentations made in the Middle East and the United Kingdom, HP has already begun pitching how firstly, there will be “no direct replacement, (it’s) the end of an era” and that the NonStop community still relying on WAN protocols formerly associated with IBM’s SNA, to “consider the uLinga product using Ethernet and TCP/IP”.

 “The recommendation by HP is to consider uLinga, if you are a current SWAN user,” said Infrasoft Managing Director, Peter Shell, the vendor responsible for developing uLinga. Shell then said, it “doesn’t come as a surprise to Infrasoft. We have been aware that we were being considered to provide such a SWAN2 replacement and certainly, we are encouraged with what we are now seeing appear in the latest HP NonStop presentations.”

“There are many considerations to be made once you look to replace SWANs,” added Shell. “If you currently depend upon SWANs to support SDLC lines then we have a solution right out of the box with uLinga for (Data Link Switching) DLSw. If the line terminates not at a terminal but at a system such as an IBM mainframe then perhaps uLinga for EE is a better fit. If you rely on SWANs for X25 then give us a call as it’s on our roadmap and we will deliver to meet any critical timeline a NonStop user may have.”

With these presentations from HP NonStop it may encourage NonStop users to more aggressively pursue an all IP network solution. As Shell observed, with this latest news about SWANS, “this might be a good time to move to a completely native IP communications using the uLinga for CICS / uLinga for IMS products – and with uLinga there’s still no requirement to change your applications.”

Not everyone in the NonStop community will be considering a SWAN replacement strategy, but where they are uLinga is now a well-established product line with implementation in all regions of the world. Gaining the recommendation of HP NonStop Product Management as the alternative to SWAN2 is a well deserved honor and the likely impact of this news coming from HP cannot be underestimated.

Standards are good to have but I sure wish I was confident enough to say that I knew how to turn on the headlights of any car. When it comes to communications it’s still the solutions on mainframes that dictate what’s needed and the interfaces and services that originated with communications architectures decades ago will continue to dictate simple connectivity. TCP/IP may be in everyone’s network but what flows across these networks includes many things apart from native TCP/IP, and that will remain a reality, I am certain, for as long as I continue in IT. 

Wednesday, April 23, 2014

What happens when the tide goes out? comForte wraps NonStop in an extra layer of insulation!

A chance reading of a recent headline posted to the industry blog, ATMmarketplace, made me rethink the importance of covering our systems in even more insulation – after all, when security breaches are reported, we don’t want to be seen inadequately prepared!

In a recent post to the ATM Industry Association web site, ATMmarketplace, Triton Systems CEO, Daryl Cornell, published a short feature under the heading, Who's swimming naked? This heading is a reference to the famous quote by Berkshire Hathaway Inc. CEO, Warren Buffett, "It's only when the tide goes out that you learn who's been swimming naked.” Cornell then writes about how, “If Canada's experience with EMV implementation is any indication, we're about to find out which ISOs might be lacking clothes.”

Independent Sales Organization (“ISO”) in this context “is an organization that deploys ATMs and POS terminals at merchants, gas stations, hotel lobbies, etc. In the USA, ISOs must be sponsored by a financial institution” according to one reference I checked, and I suspect the term is in wide use elsewhere. And how will we be able to tell which ISOs are naked (in Canada)? According to Cornell, “Here's how to tell if you are exposed: Your priority is to tackle Windows XP ATM upgrades before moving to EMV upgrades on CE machines.”

While it hasn’t quite reached panic proportions, across the ATM industry, support for Windows XP has come to an end. Operators need to upgrade to Windows 7 (yes, Windows 7 and not 8), even as the broader financial community is looking to move to EMV – so which project goes first and at what cost?  Clearly, EMV is becoming a priority here, in North America, following recent incursions by the bad guys bent on pilfering as much of our money as they could.

The clock has expired on the Windows XP issue and from here on out, all involved are aware that when it becomes a case of correcting a bug originating in Windows XP, the required fix will cost a lot of money. Microsoft will likely to be in no hurry to correct, no matter the service charges involved. However, it does raise the bigger question of just how do we protect our networks, and by implication, ourselves?

But sticking with Windows XP seems every bit as poor a decision as being slow to embrace EMV. But can we do both? And does it really matter? Perhaps the most important observation is that security in all its guises has taken center stage with IT professionals everywhere. Clearly concerned about the potential damages from not being adequately insulated from even the most rudimentary of attacks, those in IT are working with partners and vendors alike to better cover themselves no matter the extent or source of a potentially catastrophic incursion. 

A recent case in point? While the ATM industry is wrestling with the dual problems of EMV and Windows XP’s expiration along comes a potentially worse situation this time involving network security - the Heartbleed bug. According to the web site, heartbleed.com, “The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.” Again, after panic initially set in across the media, and to some extent within the general public, measures are being taken to mitigate the concerns of all parties.

According to recent email exchanges and web site updates, comForte CTO, Thomas Burg, made the observation that, “Unfortunately, Heartbleed is a VERY bad vulnerability, unmatched in scale and potential impact. A well-executed ‘defense in depth’ strategy will make things easier for your organization – but your security folks will probably be busy rolling out fixes and having you change your passwords for a while.” When it came to the full product suite available from comForte, Burg then added, “If you are using any comForte product, EXCEPT for the TOP product, you are also NOT affected.” I also took the opportunity to check in with the developers at Infrasoft and they too confirmed that neither uLinga nor maRunga were affected in any way.

Heartbleed has global impact, as too does the withdrawal of support for Windows XP. To a lesser extent, EMV is restricted to just North America, as other regions have already embraced EMV. However, as HP CEO, Meg Whitman, related in a recent webinar on the HAVEn initiative, for all involved in IT, “we are in an arms race” and with each fix developed, the bar only gets raised a little higher and the bad guys will continue to exploit weaknesses. As Burg so rightly observed, “A well-executed ‘defense in depth’ strategy” remains key when defending against all security threats and developing a holistic approach, encompassing every component involved in any transaction path, is becoming increasingly important.   

Fortunately, for all involved with NonStop, should the tide indeed go out, today’s modern NonStop systems will not be among those swimming naked, and comForte’s expertise in security is widely known even inside HP where today security components provided by comForte have been integrated with the NonStop Operating System (OS). As comForte Marketing VP, Thomas Gloerfeld, told me, “protecting transactions destined for NonStop flowing across any network are an important consideration today for any NonStop user and as part of having a global perspective on every component a transaction may interact with, remains a priority and one well understood by all within comForte.”

Gloerfeld then added, “The analogy with swimmers being caught out as the tide recedes, may depict what happens when necessary steps are put off for any reason, but whether it’s a case of an OS coming to an end of life, the roll-out of an industry-standard being delayed, or the detection of a potentially devastating network bug, we do have the expertise and today, modern NonStop systems everywhere are the recipients of our skills.”

What happens when the tide goes out may bring a wry smile to many of our faces, but Warren Buffett wasn’t joking and made his now-famous observation about hedge funds. When Buffett made the statement, it was the Economist, in the article Indecent exposure, countered with, “If someone has staked all his wealth on a leveraged fixed-income hedge fund, then he is too stupid to deserve to be rich.” Harsh words indeed coming from the Oracle of Omaha. However, leaving even the most robust of systems - including NonStop systems of course - without an extra layer of security to better insulate them from attack begs the same question being asked of the companies involved; should they deserve to remain in business!   

Thursday, March 27, 2014

Message in a bottle – pulling the cork and revealing MQ options on NonStop!

IBM’s WebsphereMQ has gained popularity among enterprises as the preferred choice when it comes to connectivity involving disparate systems. For the NonStop community, the concerns have always been over currency, cost and competition and now NonStop users have choice …

The very first time I made the trip to Hursley, Great Britain, it was akin to visiting Westminster Abby or nearby St Paul’s Cathedral.  As you drove into the grounds at Hursley and made your way to the visitor center, it was as if you were walking on hallowed ground, no different than that to be found in any one of these great cathedrals. If you have worked on transactional systems, Hursley was where much of the modern transaction and messaging infrastructure we rely on today first saw the light of day. Hursley was and remains the primary IBM Lab in support of CICS, and as of the 1990s, MQ Series (or, as it is known today, Websphere MQ, or simply, WMQ). 

Of course, when I first went to Hursley I surprised my colleagues by asking where I could buy a tee shirt, and shock of shocks, IBM Hursley had a gift shop and so a coffee mug and a blue tee shirt were quickly produced. For many in the NonStop community, the opportunity to visit Cupertino and walk into the lobby of Building 3 where the Customer Conference Center (CCC) was located, produced similar feelings but as good a job as the CCC did, the customer center in Hursley House traced its origins back to Cromwell and that of itself was a hard act to follow.

When it comes to supporting transactional dialogues between NonStop and IBM Mainframes, putting to one side the IMS product developed at IBM’s Santa Teresa Labs (STL), it’s hard to ignore the presence of CICS and WMQ even today. Two common approaches for connecting NonStop to the Mainframe involved coding to either the CICS or WMQ APIs – the former coming in many varieties, with complexity to match, whereas the latter, a much simpler Open, Close, Put and Get.

Clearly, if given the option, many developers fell back on WMQ simply because it was much easier to use, so much so that in time IBM provided a WMQ / CICS Bridge for the Mainframe to satisfy the requirement of applications running on client systems, external to the Mainframe, that needed to interact with CICS transactions and leverage their logic when it came to accessing tables, files and databases on the Mainframe. The availability of this bridge made things a lot simpler but it didn’t come cheaply nor did it eliminate the need for a WMQ presence on the client systems. To keep things simple, continue support of WMQ’s easy to use APIs, and to change the pricing model, Australian based Infrasoft recently added support of WMQ APIs into the uLinga product suite.

The availability of this feature was covered in the post of March 2, 2014, to the NonStop community blog, Real Time View, It’s simply good cricket – NonStop’s Australian connection! In that post I turned to Infrasoft’s Managing Director, Peter Shell, for more information.  “The major benefit of what we are providing is for applications on the NonStop (or other server platforms including Linux and Windows) that currently use MQ to communicate with a mainframe application, can do so now with uLinga and with no need for any application changes.”

To be more precise, Shell then explained, “If the application on the NonStop/Win32/*ix platform uses the MQ Interface (MQI) to communicate with an application on the IBM mainframe ‘and’ the mainframe application is CICS based ‘and’ the CICS-WMQ bridge is used, then what we provide with uLinga can replace the usage of WMQ and the CICS-WMQ bridge on the mainframe for that application's purpose. The CICS-based application would not need to be modified and once again, it is the IPIC protocol that is used between the NonStop/Win32/*ix platform and CICS.” And yes, in using uLinga, it all runs across industry-standard TCP/IP networks.

Furthermore, Shell added, in using uLinga for this purpose NonStop users, “Will save a lot of money by not requiring MQ to be installed on the NonStop nor have to worry about MQ versions.” However, turning to uLinga satisfies just one use case scenario, as Infrasoft’s Shell readily admitted. For those who still need other attributes of WMQ, in particular, what is commonly referred to as WMQ’s “Store and Forward” (S&F) capabilities when running WMQ Asynchronously, more than uLinga may be required and in keeping the costs down, Infrasoft’s partner, comForte, has another product in its portfolio, CS-QMAN.

Developed in Germany by CS Software GmbH, CS-QMAN does provide the support for S&F that applications may require. CS Software GmbH’s motivation for providing this product was similar to Infrasoft’s in that with CS-QMAN there’s no requirement for equivalent WMQ functionality on NonStop and hence, the cost to run WMQ application is greatly reduced. According to CS Software Managing Director, Dr. Werner Alexi, “It seems that Infrasoft (uLinga) and CS Software GmbH (CS-QMAN) had the same idea – however with a completely different background and focus.”

When looking at both products, the markets they serve, and even at where they can coexist, it was comForte CTO, Thomas Burg who put things into perspective. “For NonStop applications requiring connectivity in many cases WMQ has been the product of choice. WMQ is available on almost any platform and provides a rich set of functions, especially in cases where applications do not want to care about the availability of the communication peer,” said Burg. “Furthermore, WMQ configured to run over TCP/IP can offer better security than alternate connectivity options. For comForte, having a strong presence in connectivity and security, it’s only natural that we are pursuing this marketing and providing lower cost solutions to those NonStop users electing to exploit WMQ.”
When it comes to having two products, Burg then explained, “In talking with customers we recognize that there are different use-case scenarios for WMQ. There are situations where MQ is used as an online link to transactional systems where no local storage of messages is required nor desired for fastest turnaround. In other cases applications use store and forward queues so that applications can continue working even if the connected peer is not available – and as we know, if all else fails NonStop still runs. With uLinga and CS-QMAN, both categories are addressed. And the good news is that should the need for both be paramount, we anticipate future configurations where CS-QMAN will be able to directly use uLinga for immediate message delivery combining the advantages of both approaches.”

As the isolation of NonStop silo-ed, as is often the case and, like an island, surrounded by platforms from many vendors, the need to build bridges is paramount for the ongoing success of NonStop. To all those waiting for a bottle to wash ashore with a message telling them what to do, the solution has arrived and is more cost-effective than what may have been anticipated. Hursley may indeed be hallowed ground for many, with lengthy ties back to the origins of the Mainframe, but in today’s world of modern IT, it’s no longer the only location sending out the message of WMQ connectivity!

Tuesday, February 25, 2014

The advent of Securability – NonStop has all the prerequisites to fortify the data center!

Defending the data center – just as in times past, there’s a premium for multiple layers of defense but they withheld hostile attacks for centuries. NonStop comes standard with good defenses and deploying NonStop? That’s a great place to start!

At a time when there is so much debate over the primary attributes of servers being deployed within a data center, it’s hard to imagine security being far from the minds of any CIO. Indeed, when the LinkedIn group, Mission Critical Systems Forum (facilitated by Oracle) saw a discussion start with the question, In one sentence, what do you think is the most important element when it comes to designing a new data centre? many of the responses focused on security.

Very quickly, we saw comments like “Security and data privacy”, “Uncompromised security that doesn’t slow down or come in way of genuine business needs”, “Business Continuity, security, Green, Less power consumption, more space, efficiencies, geographically stable” and even “How do we keep NSA and their partners out?” Standouts for me, when a list of attributes was included, apart from uncompromised security, geographically stable, and how can we ensure NSA isn’t at work inside our perimeters, was the number of times system security percolated to the top – not always the number one item, but on the whole, pretty close.

Hidden in the responses was language better suited to warfare, including attacks, defenses, and even fortresses. When it comes to the most important element of a new data center, erecting it within a castle comes to mind. And for good reason, as barely a week goes by without a government agency, a bank or retailer, or even a university, as was the case this week with the University of Maryland reporting a massive breach , including the theft of social security numbers (SSNs), acknowledging the loss of information.  

In a post to the NonStop community blog, Real Time View, I look at many of the comments made in this discussion so I am not about to repeat myself – check out the post So much to read! for more of what I had to say on this topic – however, suffice to say, the topic of securing the data center is generating a lot of discussions. Therefore, it is only natural to think of the contribution NonStop can make and to look at the responses coming from the middleware vendors active in security, not the least among them being, of course, comForte.

Where comForte has focused its attention is on support “of the underlying security infrastructure on NonStop, making sure
that data in transit and at rest is protected’, explained comForte CTO, Thomas Burg, in a recent email exchange. “comForte also provides a product that tokenizes Primary Account Number (PAN) data, with its SecurData offering,” added Burg, but in general, “we work to ensure PANs anywhere they come to rest are rendered unreadable as a last line of defence should data centre breaches occur.”

For the BASE24 community concerned about being truly PCI “compliant”, comForte provides a multipart YOUTUBE Whiteboard Session featuring comForte’s Chief Architect Michael Horst, and should you have a need to better understand the importance of PCI compliance, and where comForte products can be used, in particular, with how comForte can intercept and then tokenize PANs, this is a must-view session. However, in introducing the subject, comForte lays out in simple language some of the basic principles when it comes to securing data at rest, and the value of NonStop quickly becomes apparent.

Like the layers of an onion, as you peel away any one layer only to expose yet another, security inherently offers up a multi-pronged defence. In medieval times, castles were constructed to ensure the safety of the nobles that occupied them. Built atop a hill with good visibility in all directions, these castle fortresses provided centuries of protection. With a perimeter moat abutting thick high walls and towers, often with a second wall erected closer to the premises (and wide enough to allow cavalry to circulate), an attempt to penetrate any level could be readily detected and defensive actions initiated.

Defences of modern data
centers are constructed in much the same manner. A company’s clients and business partners access their data centers via networks including the Internet and so the first line of defense will always involve network and perimeter security, a defense that would-be attackers must first determine how to bypass. These would-be attackers then encounter anti-virus software that they would need to overcome before they could infect a system with malware. For any malware to access files and databases they too would need to have the right level of access authority to pull information from a database, but even here, they are still at the mercy of the monitoring software that most likely has been configured with thresholds triggered through abnormal activity.

At the center of the multi-layered “onion” is the core, which, for the data center, is where personal information is involved, this should always be encrypted with the management of the encryption keys inaccessible to operations and applications programming staff. On paper, it all looks straight forward, unfortunately there’s just too many production systems written long before their capabilities were externalized as services, accessed from the internet and with data in the clear. It necessitates the need for security software as each layer is traversed.

For the NonStop community, there has been inbuilt protection supplied at nearly every level. The long history of being the go-to-platform for banks, retailers, and even stock exchanges has given NonStop developers years of exposure as to where defenses need to be mounted. In partnership with middleware vendors, even as the complexity of NonStop systems has grown, there’s product available at every level – protecting each and every layer unwanted attackers would encounter. In an aspect of business akin to warfare, NonStop may not be the only path to data but should business elect to deploy NonStop between the network and the data, a level of unsurpassed securability can be achieved.

Most of us will not have the opportunity to build a new data center and many of us will differ as to what is most important and which are the most important elements in designing a data center. However, this doesn’t stop us seeking out weaknesses and making sure we can see what’s coming, that our watchtowers are manned, and our drawbridges are raised. As history taught us, the arrival of gunpowder made these medieval defenses obsolete overnight – are we about to suffer the same fate? Will our fortress protect us from what surely is coming next!

Tuesday, January 28, 2014

Hybrid – with NonStop, a bigger bang for the buck!

We know CIOs prefer taking baby steps, looking to see if new technology can be introduced incrementally, so the uptick in hybrid computing is completely understandable. However, for the NonStop community, hybrid computing has been a way of life for decades and throwing clouds into the mix doesn’t faze them one bit …

The ancients, from time immemorial, took advantage of the lack of anything closely approximating scientific or rational consideration. For the Romans and Greeks of antiquity it seemed entirely likely that Griffins existed; combining the features of a lion with those of an eagle, very possible! Just as it was reasonable for Pegasus to take flight, as a winged stallion. Then of course, there was fabled unicorn that enchanted populations for centuries.

In nature, hybrids do exist – the mule (a cross between a horse and a donkey) being perhaps the best example. When it comes to technology, however, hybrids not only exist but they are gaining in popularity. Not limited to a specific vendor, references to hybrids are coming from IBM, HP and even Oracle following their purchase of Nimbula (a provider of private cloud infrastructure management software). Included in the conversation, naturally, are NonStop systems, even as part of hybrid clouds, because so much mission-critical data (for greater business insight) resides on NonStop.

Hybrids by definition imply more than one entity, working in combination (often with just small amounts of data and / or less valuable transactions offloaded from an adjacent primary system) and as such, it all makes so much sense, as IT prefers taking incremental, baby-steps. Nothing grabs greater negative attention of the CIO than rip-and-replace solutions, and hybrids eases the deployment plans leaving CIOs with the choice to opt out at any time.

Infoworld of January 27, 2011, drew early attention to the merits of hybrid computing with the article, Why the hybrid cloud model is the best approach. “When the industry first began discussing the hybrid computing model back in 2008, cloud computing purists pushed back hard. After all, they already thought private clouds were silly and a new, wannabe-hip name for the data center,” author David Linthicum, noted. “To them, the idea of hybrid clouds that used private clouds or traditional computing platforms was just ridiculous.”

However, Linthicum noted how, “Over time, it became clear that hybrid cloud computing approaches have valid roles within the enterprises as IT tries to mix and match public clouds and local IT assets to get the best bang for the buck. Now it’s the cloud computing providers who are pushing back on hybrid cloud computing, as they instead try to promote a pure public cloud computing model.” Linthicum then observes, “However, these providers are hurting the adoption of cloud computing.”

When I raised the topic with comForte CTO, Thomas Burg, he agreed with the inherent value that hybrid computing provides. “Hybrid computing is nothing new, in fact SABRE presented an example of how to combine low-cost, stateless, x86 computing power with a NonStop in a single hybrid system nearly a decade ago. Today the x86 bit of this system would be called private cloud in a hybrid environment. Terminology aside, as described in a recent article in The Connection, comForte has long had the technology to both enable and protect hybrid architectures encompassing HP NonStop architectures”.

In the post to the blog Real Time View of January 17, 2014, NonStop adding further chapters to its rich history in a hybrid world! Infrasoft Pty Limited Managing Director, Peter Shell, highlighted how transactions themselves have been processed by hybrid computers for many years with great success. “With so much being discussed about hybrid computing today, we shouldn’t overlook the traditional NonStop – IBM mainframe ‘hybrids’ that have existed for many decades,” Shell observed. “Integrating, and indeed simplifying, communications between respective transactional environments has many upsides and with uLinga for CICS and uLinga for IMS, application integration can be taken to a whole new level.”

Enhancing uLinga and reshaping it in support of clouds, as is the case today with maRunga, ensures transactions are not only processed by a hybrid IBM and NonStop configuration, but inside clouds as well. Highlighting, yet again, that the shape of future data centers will be completely arbitrary as CIO’s seek “the best bang for the buck”. Nowhere is this more widely understood than it is by those companies providing monitoring solutions, a circumstance I came to appreciate a few days ago when presenting thoughts on hybrids to managers and executives of Integrated Research.

In the PowerPoint slides that I used in my presentation, I pulled material from the post to realtime.ir of January 13, 2013, Data centers with hybrid systems; challenges persist for all who monitor. In that post, I acknowledged that IR recognized the growth in interest in hybrid computers several years ago, and are now more advanced in supporting hybrid configurations than others in the marketplace. As IR’s General Manager Products and Alliances, John Dunne, told me back then, “If our customers determine that there’s value in having the oversight of the heterogeneous mix of systems, so typical of a modern data center, then IR will continue to ensure Prognosis features communicate with each other!”

According to Burg, “whenever we see interest in a technology, and hybrid computing is a good example, then we get excited by the prospects it creates. Now that HP has announced plans for NonStop to support the x86 architecture and also added support for InfiniBand, there’s a strong possibility that NonStop itself will take on the appearance of a hybrid computer. Particularly when you consider the likelihood of clusters of Itanium and x86 NonStop systems. The potential to exploit this technology may open the doors to supporting users in new and exciting ways – yes, the best bang for the buck is certainly possible with NonStop today!”

As a community, we have still a long way to go in convincing CIOs of the value proposition but the option to take simple baby-steps greatly reduces the risks involved in going down a hybrid path – hybrid clouds included. However, considering the alternatives when NonStop is already in place, it’s not too big a stretch to imagine NonStop making a sizeable, positive contribution, to ensuring hybrids are robust and reliable and with that, the bang for the buck gets even bigger. And, with that, I expect to hear few arguments to the contrary from any CIO! 

Thursday, January 2, 2014

When it comes to modern servers, their best ability is their availability!

This year's holiday season has seen even more outages than normal - with a lot of red faces thrown in for good measure - if we demand our sporting stars to show up and perform, should't we expect the same from business leaders?

I was reminded again over these past few weeks of just how important a role NonStop plays and of how big a contribution NonStop makes to ensuring all we do on a daily basis runs smoothly. Move too far from NonStop in your infrastructure and wear the wrath of your customers and clients.

In commentary last night about a footballer prone to injury, the television analyst suggested that for this player, “your best ability is your avail-ability”! All with whom I work within the NonStop community couldn’t agree more, and yet the headlines decrying the outages as well as the compromises of key systems this month have been prominent.

In my private client newsletter circulated a week or so ago, I referenced the impact that the skimming of card information from 40 Million American Target customers had on their customers. At a time when these customers were shopping for holiday season gifts, one bank’s response was to limit the amount of cash that could be withdrawn as well as the total value of transactions per day allowed - a circumstance now relaxed, according to the bank.

The situation wasn’t much better for millions of Myer’s Australian customers as well, as the news that the Myer website crashes on Boxing Day sales – one of the busiest shopping days of the year. This bad news was followed by something much worse as it was then reported how the Myer website down 'until further notice'

According to the reporter, Ben Butler, “It means Myer will see no benefit for those days from booming domestic online sales, which were tipped to hit $344 million across the retail sector on Boxing Day alone. ‘We're continuing to experience significant issues with our website, and as a result we will not be activating the site for customers until we are confident the issues have been resolved,’ Myer said in a statement on its Facebook page.”

Throw into this mix all the issues to do with scale – and in particular, scale out – that both, UPS and FedEx, experienced as retailers everywhere guaranteed their online shoppers overnight or two days delivery and these shippers were unable to process the flood of orders these services created. These shipping companies did experience difficulties rotating aircraft as winter storms affected the Dallas / Fort Worth airport, but that was only a small part of the problem – the capacity exceeded all of their systems capabilities.

“It’s a reminder that massive undertakings with lots of uncontrollable variables and tight deadlines have multiple points of failure and we shouldn’t be shocked when they fail,” said reporter, James Joyner, in his report
UPS and FedEx Ruin Christmas for Late Shoppers published in the publication, Outside the Beltway. As anyone within the NonStop community can attest, systems aren’t becoming simple – they are in fact becoming more complex, and meeting demands, scaling out and remaining available are every bit as important attributes of today’s systems as at any time in the past.

I have been discussing the issue of the future of NonStop with several vendors. The uptick in interest has definitely coincided with plans announced by HP for NonStop to support the Intel x86 architecture. This has generated both, relief that the NonStop roadmap will not just end with the last spin of the Intel Itanium chip as well as excitement over the future potential of NonStop in new and innovative ways.

Making NonStop cool again for a bigger audience is one element in this equation, but so too is seeing “the swagger” return to HP’s sales and marketing efforts – it’s a lot easier talking about a product that is being viewed positively in the popular press. But where will NonStop develop the most traction and which markets will see broader acceptance of NonStop and produce more customers?

As unfashionable as it sounds, the likelihood is in markets unnoticed by the general public. It’s in the infrastructure where the potential for inexpensive, commodity, NonStop servers to generate the most interest, so long as HP marketing gets behind it – something I believe they are beginning to do. It’s a lot less flashy, and way less fashionable, but without infrastructure, all the potential for the user-led “universal integration of everything” train will be derailed before it leaves the station.

When you consider the partnerships and acquisitions by comForte of late, you will see considerable focus being paid to enhancing the ability of NonStop servers to participate with others and to do so relying on industry standard interfaces, protocols and services. To get the train onto the tracks in the first place, of course, relies upon efforts to modernize as today’s basic infrastructure makes some sizable assumptions.

Protecting and securing data, moving data and better integrating the networks needed by data are all central to what comForte is providing. Modernization simply underpins many of the activities associated with these data actions. The recent acquisition of the Escort family from Carr Scott (now completed) is just one example of how comForte is building out its solutions designed to help NonStop servers play a more important role in infrastructure.

“The Escort range of products complements the comForte product portfolio and helps us to expand our offerings into the database modernization space, said Dr. Michael Rossbach, CEO of comForte 21, in the press release that came out at the time of the recent NonStop Advanced technology Boot Camp. Data Base, Big Data, Cloud Computing, Hybrid Computers; these are the hot topics within IT today and all of them require healthy, robust and available infrastructure, all of which are central to what NonStop servers provide.

It’s a commentary most of us can sympathize with – every sportsman is only congratulated (for an achievement) when they are actually on the playing field making a contribution. For the applications industry pundits anticipate making a big difference to prove attractive, the supporting infrastructure must be in place. Without NonStop servers and without the vendors enhancing the services on offer, the limitations of these new applications will be visible to all. To rephrase the sports commentator, perhaps our best cap-abilities will remain dependent upon our best avail-ability and with all we saw over the holiday season, there’s little likelihood this requirement will ever go away!     

Wednesday, December 18, 2013

For the NonStop user, when it comes to X 86, “I´ve Got My Mind Set on You”

New downloads on the HP.com web site included an update by IDC on fault tolerant computers and the emergence of a new model for IT, the 3rd platform. While it may not be anything new for the NonStop community, it’s still makes or a good read …

This past week an executive at an auto show unveiling an updated car model, remarked that the last time they pulled back the drapes from this product, they played tunes by the Beatles, snapped photos on their Kodak cameras, and broadcasted emails from their Blackberries. Even as he took pride in the fact that his car remained popular, he couldn’t help observing how the car’s longevity exceeded that of other entertainment and industry icons.

The view we, as members of the NonStop community, embrace is that NonStop too is a halo product for HP, and in particular, when it comes to fault tolerance, is as iconic as anything else we care to consider. IDC, an industry analysis company, recognizes just four levels of availability and reserves the top category (what they call Availability Level 4 – AL4), for fault tolerant computers – a category where only NonStop systems and select configurations of IBM’s mainframe (i.e. with Parallel Sysplex) participate.

In November, HP interviewed Matthew Eastwood, Group VP and GM, Enterprise Platforms for IDC and the resultant write-up is now available on the HP web site:

In the interview, Eastwood makes a couple of important statements that everyone in the NonStop community should help convey to colleagues everywhere. “IDC defines the rapid growth of cloud, mobile, social, and big data analytics as the emergence of a new IT paradigm called the 3rd Platform,” said Eastwood. “The emergence of the 3rd Platform is driving robust transaction growth, including mobile transactions.” Deeper into the interview, Eastwood then adds, “One of the biggest IT impacts associated with the 3rd Platform is availability. As users spend more time online, IT services must be available around the clock. Windows for planned downtime become increasingly difficult to manage, and users are unwilling to accept unplanned downtime.”

For the NonStop community this begins to cover familiar territory, but then Eastwood concludes that, “For high-value applications where enhanced performance (i.e., high availability) is a requirement, the availability of sufficient IT budget to sustain the SLA is equally important. Standardizing on common modular components, such as those utilized within an x86 architecture, can contribute to the economics and efficiencies needed to ensure critical business processes and to balance a tight budget.”

NonStop is not only a halo product for HP but it’s also the subject of transformation on a massive scale. We have seen the hardware shift to commodity components as well as the implementation of industry standard software and open programming interfaces. Simply put, the NonStop is now as easy to program and as easy to manage as any other hardware platform. When combined with the NS SQL, in many cases it’s even easier to manage, often requiring the services of far fewer technical staff.

Announcing plans for NonStop to support the Intel x86 architecture, as IDC’s Eastwood indirectly acknowledges, will give even greater credence to the value proposition of NonStop at a time when CIOs everywhere are being wooed by paradigms such as IDC’s 3rd Platform. My own interest in NonStop on x86 has been well documented and couldn’t have been missed, being the theme of my most recent posts to the NonStop community blog, Real Time View. With headings such as:
The real deal - NonStop supports x86!
HP continues to set goals very high and the NonStop community is enjoying the stretch!
NonStop offers balance, and why not?
As well as posts to other vendor blogs including,

and Attunity.com: 

Aside from my own interest in NonStopx86, it was probably Integrated Research’s (IR) General Manager – Products & Alliances, John Dunne, who  stated the obvious most succinctly, when he said, “There were concerns that Itanium would be the undoing of NonStop. With the architecture moving to a mainstream chipset, as is the case with the x86, NonStop won’t fall off the ‘chipset cliff’ as Itanium reaches end of life and is discontinued.”

Equally astute was comForte CTO, Thomas Burg’s, observation, “One potential added benefit of moving to X86: you eventually will be able to run the NonStop OS on exactly the same hardware that you are running Windows and *nix on (and that) it would give HP customers the flexibility to run ‘NonStop on demand’!” Belief over the benefits of NonStop x86 are certainly buoying both vendors and users expectations alike. I really admire the efficiency in the way NonStop capitalizes on standard hardware, all while meeting the challenges from “robust transaction growth, including mobile transactions”.

HP’s halo product for fault tolerance, NonStop, is not just the best out of-the-box AL4 solution providing an ideal 3rd Platform solution, but with support for x86 on the horizon, the economics as IDC notes will only get better. “For many years, IT has been pressured to reduce complexity and lower delivery costs through consolidation and standardization,” responded IDC’s Eastwood when asked about balancing budgets – efficiency versus standardization. Eastwood then added, “However, it is important to note that heterogeneity in the datacenter continues for very important business reasons, and ensuring appropriate availability levels for a given workload is an important reason IT infrastructures are not completely standardized.”

Sometimes we simply forget just how capable NonStop systems have become. Sometimes we simply shy away from talking about how appropriate fault tolerance is, when it comes to supporting mission critical applications. Sometimes, we accept that other architectures are almost good enough, cheap enough, that we will be OK. Mostly. But perhaps, not so fast, says IDC’s Eastwood. “Fault tolerance is about much more than redundant hardware design, with full fault tolerance achieved only when data integrity is maintained at all times. Because fault-tolerant systems deliver resources that are optimized end to end for reliability, availability, and serviceability, the system cannot easily be confused with a more general-purpose system serving a workload with potentially lower business value. This could be the case with a more mainstream failover Linux cluster.”

The reference made at the auto show to the Beatles, Kodak and Blackberry reminded me of the lines from a popular George Harrison song “ I’ve got my mind set on you”. One stanza simply says:
“It's gonna take time
A whole lot of precious time
It's gonna take patience and time”

And for the NonStop community nothing could be closer to the truth – we have known of the value of NonStop for decades, even as we begin to see industry experts better articulate the value proposition to higher levels of management. There’s little that is new or that surprises any of us when companies like IDC talk up the merits of NonStop. I suspect that while it may take time, patience and time, it may end up not taking “a whole lot of precious time” before HP’s halo is a whole lot more visible!