Arcati Mainframe Yearbook 2007                          2011                                         Mainframe strategy   ...
Arcati Mainframe Yearbook 2011                                                                                            ...
Arcati Mainframe Yearbook 2007                          2011                                                              ...
Arcati Mainframe Yearbook 2011                                                                                            ...
Arcati Mainframe Yearbook 2007                          2011                                                              ...
Arcati Mainframe Yearbook 2011                                                              Mainframe strategy            ...
Shift into higher gear for     XML and SOAP processing!Easy integration of XML and web servicesusing COBOL or C on z/OS1 S...
Arcati Mainframe Yearbook 2011                                                                                 Mainframe s...
Arcati Mainframe Yearbook 2007                          2011                                                              ...
Arcati Mainframe Yearbook 2011                                                                                      Mainfr...
Arcati Mainframe Yearbook 2007                          2011                                                              ...
Arcati Mainframe Yearbook 2011                                                                                  Mainframe ...
Arcati Mainframe Yearbook 2007                             2011                                                           ...
Arcati Mainframe Yearbook 2011                                                                                 Mainframe s...
Arcati Mainframe Yearbook 2007                          2011                                                              ...
Arcati Mainframe Yearbook 2011                                                                                     Mainfra...
Arcati Mainframe Yearbook 2007                          2011                                                              ...
Arcati Mainframe Yearbook 2011                                                                                  Mainframe ...
Arcati Mainframe Yearbook 2007                          2011                                                              ...
Arcati Mainframe Yearbook 2011                                 Mainframe strategy20                                  © Arc...
Arcati Mainframe Yearbook 2007                          2011                                                              ...
Arcati Mainframe Yearbook 2011                                                                                   Mainframe...
Arcati Mainframe Yearbook 2007                          2011                                                              ...
Arcati Mainframe Yearbook 2011                                                                                    Mainfram...
Arcati Mainframe Yearbook 2007                          2011                                                              ...
Arcati Mainframe Yearbook 2011                                                                                  Mainframe ...
Arcati Mainframe Yearbook 2007                          2011                                                              ...
Arcati Mainframe Yearbook 2011                                                                                   Mainframe...
who can change the way themainframe is managed forever?Introducing CA Mainframe Chorus from CA Technologies.CA Mainframe C...
Arcati Mainframe Yearbook 2011                                                                                2011 user su...
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Arcati Mainframe Year Book 2011
Upcoming SlideShare
Loading in...5
×

Arcati Mainframe Year Book 2011

22,330

Published on

Published in: Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
22,330
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
102
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Arcati Mainframe Year Book 2011

  1. 1. Arcati Mainframe Yearbook 2007 2011 Mainframe strategy The Arcati Mainframe Yearbook 2011The independent annual guide for users of IBM mainframe systemsSPONSORED BY: PUBLISHED BY: Arcati Limited 19 Ashbourne Way Thatcham Berks RG19 3SJ UK Phone: +44 (0) 7717 858284 Fax: +44 (0) 1635 881717 Web: http://www.arcati.com E-mail: mainframe@arcati.com© Arcati Ltd, 2011 1
  2. 2. Arcati Mainframe Yearbook 2011 Mainframe strategy ContentsWelcome to the Arcati Mainframe Yearbook 2011 ............................................................ 3XML and SOAP data binding for enterprise applications ................................................. 4DataKinetics solutions for mergers and acquisitions .................................................... 10Thinking outside the box – monitoring DB2 security on z/OS ....................................... 15CA Mainframe Chorus ...................................................................................................... 25The 2011 Mainframe User Survey ................................................................................... 30An analysis of the profile, plans, and priorities of mainframe usersVendor Directory ............................................................................................................... 54Vendors, consultants, and service providers in the z/OS and OS/390 environmentA media guide for IBM mainframers .............................................................................. 117Information resources, publications, and user groups for the z/OS environmentGlossary of Terminology ................................................................................................ 120Definitions of some mainframe-related termsTechnical information ..................................................................................................... 146Hardware tables – z196, z10; mainframe hardware timeline 1952-2011;mainframe operating system development SPONSORSAction Software 47 EZLegacy 74CA 25, 60 Higobi Systems 77Canam Software 4, 60 Type80 15, 113DataKinetics 10, 682 © Arcati Ltd, 2011
  3. 3. Arcati Mainframe Yearbook 2007 2011 Mainframe strategy by Mark Lillycrop, Publisher Welcome to the Arcati Mainframe Yearbook 2011Welcome to the 2011 edition of the Arcati Mainframe Yearbook. I’d like to take this opportunity to thank those people andorganizations that contributed articles for the Mainframe Strategy section of the Yearbook, and those who took the timeto complete our mainframe user survey. As always, the results make very interesting reading. And, of course, I mustthank the advertisers and sponsors, without whose support this Yearbook would not beavailable for mainframe professionals to freely download.2010 will probably be remembered as the year of the cloud because it was the year whencloud computing started to be taken seriously across the industry. Microsoft opened itsmega data centre in Dublin and promoted its Windows Azure environment fordevelopment, service hosting, and service management based on the cloud. Googleworked with VMware to develop a new operating system for the cloud, and launched aversion of the Google App Engine for enterprise users. Amazon promoted its ElasticCompute Cloud (Amazon EC2) service. And many people suggested that mainframeshave offered cloud computing all along – we just called it something else!CA published a survey in September called “Mainframe - The Ultimate Cloud Platform?” Itrevealed that 79 per cent of European IT organizations believe the mainframe is anessential component of their cloud computing strategy. 74 per cent of respondents believe that the mainframe will havea role in any cloud computing initiative, with 70 per cent agreeing that cloud computing will sustain or extend themainframe environment. In November, CA published a second survey, this time based on responses from US-basedmainframe executives, called “Mainframe as a Mainstay”. 73 per cent of the respondents in this research confirmed thatthe mainframe is – or will be – part of their organizations cloud computing strategy.Not all research has been quite so positive, however. Only 10 per cent of mainframe sites in a BMC survey in Octobersaid that using their System z machines to run cloud computing or SaaS applications was an important priority for themin the coming year. Meanwhile, a straw poll of attendees at the November Guide Share Europe conference found mostattendees focused on what was available now that would make the business run better and their lives easier – howthey could do more with less. Perhaps this indicates a difference between the attitude of mainframe staff, who want toget the job done with minimum disruption, and senior managers who are looking more strategically towards the nextstep.The battle between IBM and NEON Enterprise Software (provider of the zPrime product, which allows users to run traditional workloads on specialty processors) has rumbled on in the courts for a year without any sign of an The Arcati Mainframe Yearbook 2011 outcome. The European Union regulators have taken IBM to task for not allowing its operating system to run on other Publisher: Mark Lillycrop hardware, and for not being fair to so-called ‘spare-part’ Editor: Trevor Eddolls vendors. The first complaint came from T3 and Contributors: Allan Zander, Jerry Harding, Stephen D TurboHercules, saying that IBM ties its mainframe operating system to its mainframe hardware – and thereby Rubin, William Buriak, Denny Yost, Canam Software destroys the emulation market. The second investigation was initiated by the Commission, alleging discriminatory © 2011, Arcati Limited. behaviour towards competing suppliers of maintenance services. IBM stated that it intends to cooperate with any All company and product names mentioned in this EU inquiries, while denying there was any merit to the publication remain the property of their respective complainants’ claims. It then alleged that the accusations owners. were being fuelled by business rivals (it’s no secret that Microsoft is a minority stakeholder in T3). IBM also This Yearbook is the copyright of Arcati Limited, and suggested that some of its larger competitors want “to may not be reproduced or distributed in whole or in mimic aspects of IBM mainframes without making the part without the permission of the owner. A licence for substantial investments IBM has made and continues to internal e-mail or intranet distribution may be obtained make”. from the publisher. Please contact Arcati for details. IBM has also been acquisitive this year, as usual. Amongst this year’s trophies are National Interest Security© Arcati Ltd, 2011 3
  4. 4. Arcati Mainframe Yearbook 2011 Mainframe strategyCompany, Initiate Systems, Intelliden, Cast Iron Systems, Sterling Commerce, Coremetrics, BigFix, Storwize, Datacap,Unica, OpenPages, Netezza , PSS Systems, and Clarity Systems.The big story of 2010, of course, was the launch of a new mainframe range in July. The zEnterprise 196 brings togetherthe latest mainframe technology with POWER7 and x86 IBM blade systems, giving potential users z/OS, AIX, and Linuxall on the one box. And all this is controlled from the mainframe console by the new Unified Resource Manager. Thisnew mainframe can be thought of as a virtualization hub that manages other workloads in the data centre.IBM has taken the view that data centres are running more than one set of hardware, and sites are experiencingproblems with space for the hardware, keeping control of these different systems, and even communicating betweenthem – so integrating them seems like the obvious answer. The zEnterprise 196 includes 96 5.2GHz (up from 4.4GHzon the z10) quad processors (80 of which are used by the client, and the rest are used by the machine itself) and up to3TB of memory (double that of the z10). The new microprocessors offer 100 new mainframe machine codeinstructions.In terms of performance, the zEnterprise can handle 50 billion instructions per second, providing a 40-60 per centperformance increase over the z10 without using any more power. A water-cooling option could help reduce energyconsumption by up to 12 per cent by removing air heat. The system also includes the first implementation of RAIDmemory, which is like RAID for disks, and could be used to increase uptime to beyond the 99.999 availability of currentmainframe technology.The zEnterprise BladeCenter Extension (zBX) operates as a tightly-coupled extension to the mainframe through a high-performance private network. Users then add POWER7 or System x blades to four racks. The new Unified ResourceManager allows users to install, monitor, manage, optimize, diagnose, and service resources and workloads from asingle console across the entire infrastructure. The new machine also includes a DB2 accelerator, called the SmartAnalytics Optimizer, which is able to route database queries either to the mainframe DB2 system or a specialist bladeserver optimized for smart analytics. IBM estimates that complex database queries can experience up to a ten-foldperformance improvement in this environment.For people who like to know the latest version numbers and dates of major products, CICS TS 4.1 has been availablesince the middle of 2009, DB2 10 was announced earlier this year, as was z/OS 1.12, and IMS 12 should be generallyavailable early in the New Year.All in all 2010 has been a particularly busy year for the mainframe, and 2011 promises to be just as lively. As users planthe next stage of their System z growth strategy, I hope that the Mainframe Yearbook continues to be their indispensiblecompanion.XML and SOAP data applications and XML is a key component of it. To fully utilize the potential of SOA, existingbinding for enterprise applications have to be modified to consume or produce XML or SOAP messages. The challengeapplications of turning XML data into formats that COBOL or C applications understand has been holding backCanam Software takes a detailed look Service or slowing down organizations in succeeding withOriented Architecture and how products like SOA. The more complex XML structures are, theXML Thunder can be used to maximize the greater the challenge of binding them to COBOLuse of this environment. or C. XML Thunder is a widely used solution for creatingOverview data binding programs between XML or SOAP, andService Oriented Architecture (SOA) has become COBOL COPYBOOKS or C header files. Thisthe most popular paradigm for distributed Windows based tool consists of a visual mapper4 © Arcati Ltd, 2011
  5. 5. Arcati Mainframe Yearbook 2007 2011 Mainframe strategyand a sophisticated code generator thatgenerates complete program code for z/OS and other platforms. Let’s take a closerlook at what XML Thunder offers.Parse XML content to a COPYBOOK!In the context of XML and COBOL, parsingXML consists of extracting XML content intoa format that can be stored and processedas regular COBOL data structures. TheXML document is typically received by theapplication from MQ, via HTTP or HTTPS,a web service call or even as a traditionalsequential file. Once received, the XMLdocument is moved to a buffer. This buffer,which is really just a COBOL working Figure 1: Mapping windowstorage area, will be passed to thespecialized COBOL subprogram thatparses the XML content to COBOL fields. This Select the appropriate options and click on thespecialized subprogram is generated by XML Generate button. The Log area shows the resultsThunder and contains XML validation and parsing of the code generation. The generated COBOLlogic based on the XML-to-COBOL mapping and program is transferred to the runtime computingcontent rules defined at design time. Each environment and compiled as usual. See Figuresgenerated parser (in XML Thunder terminology 2 and 3.“XML reader”) is high performing and efficientbecause it is custom designed for the specific XMLand COBOL structures mapped using XML Application program using an XML readerThunder. module Now let’s take a closer look at how a COBOL application program obtains the content of an XMLEasy parser development using XML Thunder document by calling an XML Thunder generatedAs mentioned, XML Thunder’s mapper allows the XML reader module .binding of COBOL fields to XML nodes. Forexample, in Figure 1 you can see that the COBOL Remember, by the time we execute the CALLfields BANK-ID, BANK-INCORPORATION-DATE, statement to the XML reader, the main applicationand BANK-NAME are mapped to XML nodes called program has already gathered the XML documentBANK-ID, BANK-Incorporation-Date, and BANK- and moved it to a buffer in working storage. In thisName respectively. This can be achieved by drag- case, we generated an XML reader with theand-drop operation or via auto-mapping when using program name and id of BAXSDR.the Wizard. The names and structures of theCOBOL side do not have to match those of the CALL "BAXSDR" USINGXML. CANAM-XML-DATA CANAM-XML-BUFFEROnce the mapping is complete, the code generator CANAM-XML-STATUScan be utilized to create the desired XML reader. END-CALL.© Arcati Ltd, 2011 5
  6. 6. Arcati Mainframe Yearbook 2011 Mainframe strategy CANAM-XML-BUFFER contains the XML document that is passed to the XML reader module BAXSDR for parsing. On return from the call to BAXSDR, CANAM-XML-DATA will contain the content of the XML document parsed to regular COBOL working storage fields based on the mapping rules. From here on, the content of the XML document is available in regular COBOL fields for processing. The CANAM-XML-STATUS structure contains return codes from the call and can be used for error handling. COBOL encoding rules – flexible and easy to modify When creating an XML reader, encoding rules for COBOL mappings are established. These rules are extracted from Figure 2: Generate XML parser an XML schema if one has been provided. (XML reader) module In cases where a schema is not available or does not define an encoding rule, toolset defaults are used. These can be changed to desired formats and lengths using a property sheet on the mapping window. Some examples of encodings between COBOL and XML schema data types are shown in Figure 4. Feature rich XML and SOAP support Generate your data binding as COBOL programs or C classes to transform the data content of your mapped (XML or SOAP) to/from (COBOL or C) structures. Generated code includes extensive support for XML features thus saving developers valuable time, improving productivity and quality. See Figure 5. Can I create XML writers? XML Thunder can also easily generate XML Figure 3: XML reader module writers from mapping definitions. An XML has been successfully generated writer performs the opposite function of an6 © Arcati Ltd, 2011
  7. 7. Shift into higher gear for XML and SOAP processing!Easy integration of XML and web servicesusing COBOL or C on z/OS1 Select source (XSD, DTD, WSDL, XML or COBOL/ANSI C structure)2 Map data structure to XML or SOAP3 Generate program code to create or parse XML or SOAPExceptional XML and SOAP feature support:UNION, CHOICE, ALL, NILLABLE, SEQUENCE, enumeration, ATTRIBUTES,namespace; recursive structures, simple types, complex types, imports, includesand more...More unique features:Automatic generation of readers and writers; XML PARSE support or native COBOLcode; validation; test harness; sample test XML/SOAP; and more... Request your evaluation copy today! sales@canamsoftware.comwww.xmlthunder.com
  8. 8. Arcati Mainframe Yearbook 2011 Mainframe strategy XML Schema Type Default COBOL data type in XML Thunder xsd:string PIC X(N) where N is maxLength from schema otherwise use toolset default xsd:positiveInteger PIC 9(N) or PIC S9(N) where N is totalDigits from the schema otherwise use toolset default xsd:int PIC 9(N) or PIC S9(N) where N is totalDigits from the schema otherwise 9(10) or S9(10). xsd:byte PIC 9(N) or PIC S9(N) where N is totalDigits from schema, otherwise 9(3) or S9(3) xsd:dateTime PIC X(20) with unformatted or PIC X(26) with Formatted or PIC X(32) with time zone support; customizable edit pattern with default “YYYY- MM-DDTHH:MM:SS.ssssss” xsd:base64Binary PIC X(N) Where N is maxLength from schema otherwise use toolset default Figure 4: Examples of COBOL encoding for XML schema typesXML reader: at runtime, these modules assemble 100% Automated Code GenerationXML documents from the content of COBOL fields. From an XML Handler design, XML Thunder willThe call to the XML writer module is identical to generate a callable sub program containing all ofthe XML reader. The difference is that before the code needed for validating, reading and writingexecuting the call to the XML writer the CANAM- XML documents.XML-DATA structure contains data to be used forassembling a desired XML document. Upon return Full life-cycle solutionfrom the call, CANAM-XML-BUFFER will contain XML Thunder is a full life-cycle solution for boththe assembled XML document. Again, the CANAM- development and maintenance.XML-STATUS structure contains return codes.After a successful call, the application has full Very large XML document handling: XMLcontrol over what is to be done with the resulting streamingXML message ( eg transmit the XML using MQ, Do you have a very large XML document that doescall a Web Service, update a database, etc.). not fit into memory? XML Thunder’s node-level processing makes XML streaming easy for both reading and writing XML.The Swiss Army knife of XML and COBOL databinding Test harness generationAuto-mapping with Wizard Full test harness can be generated with test dataAn easy to use optional wizard walks you through for your XML binding modules.the creation of your data binding/mapping to createan XML Handler design.8 © Arcati Ltd, 2011
  9. 9. Arcati Mainframe Yearbook 2007 2011 Mainframe strategy CHOICE Namespace UNION Recursive structures ALL Simple types NILLABLE Complex type (including nested complex types) SEQUENCE Imports Enumeration Includes ELEMENTS Length ATTRIBUTES Fractiondigits Character and Entity reference MinLength Schema restrictions MaxLength CDATA Total digits Encoding WhiteSpace Pattern, derives max field length, pattern not enforced) and more... Figure 4: Supported featuresSample XML generation to COBOL COPYBOOKs or C header files. GetXML Thunder can not only derive an XML schema your copy today at www.xmlthunder.com!from a sample XML document but can alsogenerate a sample XML document for a givenschema. It can even validate the XML document What types of projects have used XMLagainst a schema! Thunder? There have been many different types of projectsAutomatic mapping documentation that have used XML Thunder. From SWIFT andgeneration SEPA payment processing, through to gift registryThe mapping for your data binding is well management, vehicle licensing administration,documented and can be saved for your project travel industry bookings, and insurance solutionsdocumentation. – organizations have successfully used XMLXML Parse support Thunder for many enterprise projects. Try XMLXML Thunder can generate either native parsing Thunder out today and see how easy XML andprogram code or code that uses the XML PARSE SOAP processing can be!statement.XML Thunder Lite – free software forCOPYBOOK to XML conversion XML Thunder is available from Canam Software Labs, Inc, 5770 Hurontario Street Suite 310,Do you have the need to convert COPYBOOK Mississauga ON, L5R 3G5, Canada.structures to XML representation without needingto generate code to read and write XML? Download For more information please visit our web site atXML Thunder Lite. This free development tool www.xmlthunder.com or contactallows conversion of COBOL structures or C sales@canamsoftware.com.header files to XML representation. And vice versa!It can also convert XML,SOA,XSD, DTD or WSDL© Arcati Ltd, 2011 9
  10. 10. Arcati Mainframe Yearbook 2011 Mainframe strategyDataKinetics solutions for functions into a stronger, single organization. It will do this by eliminating overhead and wherevermergers and acquisitions possible leveraging the strengths of each of the merging organizations as they existed prior to theAllan Zander, CEO at DataKinetics looks at merger. In achieving these efficiencies, NewCoissues and best practice solutions for merging will position itself for the ultimate challenges.mainframe IT systems after a corporatemerger or acquisition. Ultimate challenges facing new company Growing market share, introducing new products,Industry objectives cost effectively reaching a broader market place,The forces driving companies into mergers and and growing earnings are the ultimate challengesacquisitions vary by industry and also by general facing NewCo. The cost efficiencies harvested ineconomic climate. Certain objectives are common the initial merger must be expanded, and NewCoacross these parameters, however; and they are must be positioned to quickly introduce newto cost-effectively grow market share, efficiently products, eliminate old ones, and respond toimprove wallet share, and leverage core competitive pressures.competencies (like operations, R&D, anddistribution channels) to accelerate growth. As The market place will expect NewCo to not onlyattractive as these high-level objectives are, there to perform but to behave as a market leader.are also some immediate objectives that must be NewCo will be expected to drive innovation, pursuemet. new standards, and position itself to acquire yet additional companies, technologies, andThe merged company, which we will refer to as distribution channels to continue its acceleratedNewCo, will be the melding of different cultures growth. The process of building a culture andwith different strengths and different customers systems which easily integrate new enterprises,into a single enterprise that must perform better along with the process of identifying and selectingthan the arithmetic sum of the pre-merger which enterprises to acquire, ultimatelybusinesses. Actions must be taken to preserve determines the industry leader.revenues, identify and realize synergies, anddeliver improved earnings within 12 to 18 months Underlying both sets of challenges is the need forof the merger being completed. These long- and systems to be able to support NewCo, bothshort-term goals give rise to two sets of through its difficult initial challenges, as well aschallenges. during its subsequent expansion. An integration team will typically be assembled to identify the strengths of each original organization and theInitial challenges facing merging companies best systems to support those strengths. They will then lay out a strategy to integrate thoseAs soon as the merger is announced to the market systems into a single platform that will supportplace, investors, and employees, a variety of the ultimate expansion. The skills and tools withshort-term challenges face NewCo. In order to which these issues are addressed determine thepreserve revenues, customers must be retained success of the merger.despite differing sales and support processes. Asquickly as possible, NewCo must appear as asingle enterprise with a uniform set of Mastering the merger – converged customernomenclature, rational pricing, and rational experiencedistribution. It must also be able to quickly realizecost reductions by consolidating redundant Within the IT organization, the challenge is to quickly make NewCo appear as a single,10 © Arcati Ltd, 2011
  11. 11. Arcati Mainframe Yearbook 2007 2011 Mainframe strategy Figure 1: Merging companies with multiple disparate IT systemsseamlessly consolidated enterprise. Customers Typically within 18 months, NewCo must be ablemust see NewCo as an improvement on the pre- to merge the systems, demonstrate costmerger company in terms of their experience and efficiencies, and have laid the foundation for futurethe breadth of products and services they can now additional acquisitions.easily purchase. Competitors must see NewCoas both larger and more competitive than either When companies merge, usually an analysis ofof the two organizations prior to the merger. the IT systems is done, and a decision is madeInvestors must see a plan to derive earnings that whether to maintain coexisting IT infrastructures,reflect eliminated redundancy and efficient retain one, the other, or start afresh with aoperations. A key element in all of this is the completely new system. Maintaining status quounderlying systems that support these activities. is rarely the best option, as there will undoubtedly be a significant amount of duplicate applicationsCompanies that merge enter with large amounts and data. In most cases, to minimize risk, the bestof complex customer data, different product existing applications are selected; and to these,tracking systems, different pricing mechanisms, enhancements are added to address the specificand large amounts of support related data (as capabilities of the replaced applications. Thisshown in Figure 1 below). For each of the pre- approach minimizes the amount of reworkmerger companies, these represented a required.significant value and a significant IT investment.Merging disparate databases and incompatible Figure 2 shows the ideal end result – a single,applications is a daunting challenge for any IT merged company with a completely converged ITorganization, but it is even more critical for NewCo. infrastructure, with little or no duplication of© Arcati Ltd, 2011 11
  12. 12. Arcati Mainframe Yearbook 2011 Mainframe strategy Figure 2: Merged organization with converged IT systemsspending, material or effort. The path to this end existing table-driven systems are half-way there.is never an easy one – in all cases there will be Table-driven systems are extremely flexible andsome level of rework required. Just how painful lend themselves very well to integration processesthe process is, largely depends on the like an IT systems merger. If existing systems arecharacteristics of the original IT system not table-driven, developing new applications thatinfrastructures, and the decision-making process. are table-driven is the best approach going forward. The ability to seamlessly merge information fromA major consideration should be what the IT disparate sources, create a table-driven systeminfrastructure looks like at the end. It must be that is easily modifiable in the future, whilecapable of accommodating future mergers and improving the speed of application execution isacquisitions – to minimize the pain felt during the the special domain of DataKinetics tableBASE.current exercise in any future exercise. Any12 © Arcati Ltd, 2011
  13. 13. Arcati Mainframe Yearbook 2007 2011 Mainframe strategyManager, Mainframe OpsIts 5am and that batch job hasnt nishedrunning yet! What do you do? Optimize. Optimize your batch window— run those critical batch applications in 1/10 the time that they need now. Finish your batch runs in minutes, or a few hours at the most. Were optimizing batch windows for 20% of the Fortune 50, and we can help you, too. Download our white paper, “Batch Window Optimization,” at Contact us: www.dkl.com/batch44/ +1-800-267-0730 info@dkl.com www.dkl.com © Arcati Ltd, 2011 13
  14. 14. Arcati Mainframe Yearbook 2011 Mainframe strategyAchieving competitive advantage engineering their applications, the best parts ofIn order to derive the most synergy from the the existing code are combined with the table-strengths of the pre-merger companies, the new driven programming techniques to create oneIT infrastructure must be purposefully designed single, more efficient, more flexible application. Byto accommodate disparate business rules and having the business rules in memory, new sets ofdifferent product nomenclature easily. To achieve business rules can be added to reflect thethis, the applications must be modified to operations of new acquisitions as they arecentralize the business rules in in-memory tables consummated.so multiple applications can reference them andso that they can be readily changed (as shown in The story on the product side is very similar. OrderFigure 3). Implementing a DataKinetics tableBASE entry systems and service commissioningsolution embeds the logic within in-memory tables. systems can draw on disparate back-end deliveryNot only is performance improved by greatly environments, but by capturing the productreducing the DASD access, but from re- information in memory can represent these products in a uniform way. Different product numbering systems, product configurators, and pricing systems can be hidden from order entry and sales personnel, simplifying their interaction with clients. As products change, the underlying tables housing the product information change but the applications do not and the user interface to the sales organization remains unchanged except for the new items. The result of putting both business rules and product information in memory is a strategy that can readily adapt to changing market conditions, can easily absorb new companies, product lines, or operations without affecting their ability to sell and support their products. The speed with which NewCo can adapt to market and technology changes provides sustainable competitive advantage. Benefits delivered by DataKinetics For over 25 years DataKinetics has been providing table management and performance optimization solutions to Fortune 500 companies. These companies have adapted and grown as markets have changed and economic conditions have varied. By using tableBASE to capture and administer account, product, and customer information, clients have been able to acquire and Figure 3: Business rules embedded in merge with other companies in record time. A good application code (top), and externalized example of this is a large US bank that acquired a into in-memory tables (bottom) West Coast regional bank. The analysts indicated14 © Arcati Ltd, 2011
  15. 15. Arcati Mainframe Yearbook 2007 2011 Mainframe strategythat it would take almost two years to merge the capital expense, and efficient IT infrastructuresystems and provide consolidated statements utilization. This contributed to more cost effectiveand support to their clients. Using tableBASE, they operation and improved earnings per share.met this objective in less than six months. Equallyimportantly, the redesigned in-memory table-oriented applications using tableBASE allowedthem to repeat this process for subsequent DataKinetics solutions are the mainframeacquisitions. optimization technologies of choice for rapidly growing market adaptive companies. ByAnother example where DataKinetics had a direct leveraging existing IT investments, DataKineticsimpact on enterprise performance was in the retail optimization provides strategic business flexibilityindustry. As retailers combined and merged to and competitive advantage to industry.form new larger retail companies, tableBASE wasused to merge the product configurators and order Allan Zander is the driving force behindentry systems and allow the new company to DataKinetics’ recent growth. An engineer by trade,tremendously broaden their offerings seemingly and an entrepreneur by heart, Allan has foundedimmediately after the merger. two businesses, and resurrected two others, before being asked to join DataKinetics. He hasIn all of these situations tableBASE also allowed successfully added his personal energy andthe newly formed company to enjoy increased marketing skill to an already successful company,computing performance, reduced operational and and has brought in more new business than the company has seen in many years.Thinking outside the box – The records are required to be protected according to the Federal Information Securitymonitoring DB2 security on Management Act of 2008 (FISMA, also referred to as US Senate Bill S.3474). FISMA mandates thatz/OS “the underlying framework that information systems and assets rely on in processing,Jerry Harding, Stephen D Rubin, and William transmitting, receiving or storing informationBuriak explain why every company is at risk electronically” have adequate security. It goes onof losing information and therefore security to say, “Meaning security commensurate with themust be given the highest priority. risk and magnitude of harm from loss, misuse, or unauthorized access to or modification ofExecutive summary information”.The President of the United States recentlyannounced plans to develop a comprehensive Web connections to data residing on theuniversal healthcare system. This program will mainframe DB2 platform through z/OS Webrequire the highly sensitive records to be stored Services, CICS® and TSO® have addedon massive computers. Essentially, they will be a functionality to legacy processing and brought“DNA footprint” for millions of Americans. Security transaction processing to new levels. It has alsofor these records should not be thought of as “after introduced a new perception of vulnerability.the fact” and will require vigilant and pro-active Mainframe Security Administrators sometimesmonitoring of security regardless of the host view it as opening up the mainframe to “intruders.”operating system.© Arcati Ltd, 2011 15
  16. 16. Arcati Mainframe Yearbook 2011 Mainframe strategyThe "bad guys" are finding new inventive ways to found to be incapable of countering security threatsobtain corporate and personal information and to of modern days. Finally it will discuss the methodsdisrupt a companys business as was done by that can be adopted to counter the latest securitysomeone holding the State of Virginia’s medical threats and how these tools work.records hostage and demanding a $10 milliondollar payment. BackgroundMost of the Financial, Healthcare and Security teams for z/OS DB2 commonly usePharmaceutical industries keep their vital records security products from IBM and Computeron DB2 and other databases residing on the IBM Associates for reporting. They are the first levelsz/OS mainframe platform. Government interests of defense. These products either allow or deny ain these corporations will lead to the next wave of user access to a resource. Unlike UNIX and otherexchange of information among them and it is operating systems security, it is a simple yes orexpected that private industries sharing database no decision. If security is denied, a violation eventinformation with the Government will soon have will be recorded on the security log files and into comply with the FISMA guidelines. most cases a message will be issued to the primary console. The event may go unnoticed untilBut regardless of the industry and whether or not the System Administrator runs a violation reportthey fall into the FISMA regulations, every company in response to an incident.is at risk of losing information. Security is notalways the highest priority in a corporation until it DB2 is capable of keeping a separate log file ofis named in the lead story on the evening news or events throughout its course of normal processing.Wall Street Journal and you are requested to testify These log files are a mainframe operating systembefore Congress. function called System Management Facility or “SMF®” records. The DB2 SMF records containThis paper puts its focus on ways to monitor z/ information related to many different types ofOS DB2 database security by thinking outside the events occurring within the system. The level ofbox. It will offer alternatives in developing an granularity depends on configurations of the DB2efficient security framework to monitor security audit trace at the individual table level. The SMFsettings and protect confidential data from ‘bad records provide data useful for investigatingguys’ in an effective and economical manner. This security events and if used in combination withpaper will also explore the tools that are available other resources, help investigate possible attacksfor developing such a security framework. The and breaches for incident response, auditing andmain focus is placed on security tools that can be compliance purposes. The DB2 SMF records areused outside the mainframe security framework. created in binary format and are not readable by aThe stress on “thinking outside the box” is plain text editor, making online viewing andemphasized as the majority of the traditional tools interpretation almost impossible.that fall within the mainframe security setting havefailed to meet today’s security, auditing andcompliance mandates. It will detail the steps to Separation of dutiesbe taken when setting up log collection and security One of the most fundamental aspects of theanalysis programs on the mainframe by using Sarbanes-Oxley Act of 2002 was the definition ofeconomical sources readily available. However, Separation of Duties. Having the same personalong with mentioning the efficiency of this system, monitoring security and setting up security is ait will also put stress on the need for a new clear case of a violation of the Act.framework as very often traditional measures are16 © Arcati Ltd, 2011
  17. 17. Arcati Mainframe Yearbook 2007 2011 Mainframe strategy Figure 1: The Forrester Group analysis of the cost per breachThe evolving security function “outside the box” in a centralized repository, (b)The Security Administrators in most z/OS introduces new technologies and experience toenvironments are responsible for monitoring mainframe computer security experts wishing tosecurity. In addition to defining and maintaining expand their careers, (c) allows non-mainframeusers and passwords, they assume the role of security technicians to become exposed to whatchasing down batch reports to answer periodic is happening “inside the box”, and is a win/winsecurity, auditing and compliance questions. proposition for the entire organization.Some leading mainframe installations are creatingindependent departments to actively monitor the The cost of a security breachsecurity using SMF event information. Other Reports on the average cost per incident for ainstallations are placing z/OS security into totally computer breach vary from $1.5 million as reportedautonomous security groups that monitor Network, by the US Department of Justice to $4.8 millionUNIX, Windows and other operating systems. per breach as stated by a 2006 Ponemon InstituteRestructuring the mainframe security group (a) survey. The Forrester Group, a leading IT Securityallows mainframe events to be monitored from firm, provided the best analysis of the cost per© Arcati Ltd, 2011 17
  18. 18. Arcati Mainframe Yearbook 2011 Mainframe strategybreach. As the Figure 1 shows, Forrester went as One very good example of this occurred duringfar as to break down the cost per record. the performance of a network vulnerabilityGovernment Agencies, large companies hosting assessment at a large government agency. Themedical and financial databases and most network was compromised (with authority of thefinancial institutions would obviously fall into the agency) and a workstation was hacked.Company C profile. Application files related to a process running on the workstation were examined. A mainframeHypothetically using this data if a hacker unencrypted DB2 logon ID and password werecompromised information from 1,000,000 credit found. The ID and password were then used tocards according to the Forrester’s charts, cost log into the DB2 application on the mainframe withestimates would be approximately $305,000,000. SYSADMIN privileges. This was just an exercise,Beyond the financial implications a compromise but if real the damages would be unlimited.of this nature would also include damage tocorporate reputation, loss of customers, andincreased regulatory scrutiny let alone the personal Weaknesses in DB2 application codedamage to the CIO and CEO There are two major concerns regarding DB2 application code being developed and running on mainframe processors.Personal liabilityInformation security breaches may go beyondcorporate boundaries and expose the corporationto unwanted legal actions. Security exposuresderived from the theft of data has lead to threeclass action law suits against the Secretary ofVeterans Affairs. The theft was a result of databeing transferred to a laptop which was laterstolen from a private residence of a VA Contractor.The security breach affected 26.5 million recordswith a VA estimate of between $100 million and$500 million to prevent and cover possible lossesfrom data theft.The Real Security Exposure to DB2 on z/OSThe most sought after target when attacking DB2data on the mainframe is to acquire the privilegesettings of the DB2 System Administrator.Compromising it and escalating the DB2 privilegesto a common user’s ID allows you to attack theDB2 data virtually unnoticed. It is becoming moredifficult to do this in the modern days of DB2; 1 Random checks of application code beinghowever, an emphasis should be placed on developed using mainframe Web Servicesmonitoring accesses to critical information seems to be in line with the security guidelinesregardless of whether an individual has or does and standards of today but “you don’t knownot have the correct privileges. It is not always what you don’t know”. Application reviews bysafe to assume that a mainframe security product the mainframe ISSO are almost non-existent.will always protect you.18 © Arcati Ltd, 2011
  19. 19. Arcati Mainframe Yearbook 2007 2011 Mainframe strategy2 Many of the DB2 legacy applications were Common to all companies are thousands upon written prior to the 9/11 mentality when it was thousands of SMF records that are written daily not cost-justified to change them to fit into the and in many shops the SMF logs switch once a security conscious world we are living in today. day, twice a day or perhaps hourly, depending on The inability to adapt these applications to the customer’s transaction processing volume. today’s security awareness posture poses a The volume of SMF records created cause major big problem for many large companies and difficulties making it impossible to monitor the high government agencies around the world. volume from one workstation in real-time. Another Especially when one considers that the DB2 problem presented is that these SMF records are Data-warehouse containing the key corporate typically made available with time lags between asset ‘data’ is updated, scanned, accessed reports. So for example if batch reporting on DB2 continuously supporting critical business SMF records by a bank are used to protect it from transactions. There reside the customer files, a security breach against credit card information medical information, credit card records, social and they are only available at best, on hourly security data, financial records, etc., all prime increments, it presents a window of opportunity targets for illegal information security breaches. for a breach. The Government has responded with strict regulations under HIPAA, SOX and Graham Another problem regarding batch reporting on SMF Leach, along with financial penalties to records is that these historical foundations for corporate officers who fail to comply. Under security, auditing and compliance batch reporting these pressures it is time for corporate are not at all cost effective. In fact, the cost of management to raise the bar for security manually reviewing logs is very high. Creation of methodologies protecting DB2 on z/OS to the logs with an aim to provide security is one thing, highest level. but actually manually reviewing and printing them is very expensive. Often companies seem to be reluctant in spending huge sums on reviewingUsing DB2 SMF records as event tracking these logs. But if a company does not review aThere are over 100 different types of SMF records log, then what is the purpose of putting efforts inreserved by the z/OS operating system for various collecting them?operational functions. Record numbers above acertain level can be used for vendor products andmainframe application programs. SMF record How to implement DB2 SMF Audit Tracenumber eighty (type 80 records) are used by two Recordsof the mainframe security products commonly SMF log analysis is very important when it comesfound on the mainframe. A third security product to monitoring DB2 security, auditing anduses an SMF number assigned to it at the compliance. One of the best ways to do it is byinstallation time of the product (commonly # 231) using the DB2 audit trace facility. The DB2 auditand DB2 auditing uses SMF record type 102. The trace facility must be turned on for each table youSMF records are written to files after the wish to monitor. This is done by using the AUDITmainframe operating system performs an event. clause at the time of the CREATE of the table.The mainframe Systems Programmer is Additionally, Audit Trace classes must be activatedresponsible for defining the size of the primary and in order to collect the data in the DB2 SMF records.secondary SMF files. When the primary file fills, Each class is associated with the type of DB2the secondary becomes the primary and the events you wish to monitor. The DB2 Audit Traceoriginal SMF file is archived. Classes are as follows:© Arcati Ltd, 2011 19
  20. 20. Arcati Mainframe Yearbook 2011 Mainframe strategy20 © Arcati Ltd, 2011
  21. 21. Arcati Mainframe Yearbook 2007 2011 Mainframe strategyClass One Class TenAccess attempts that DB2 denies because of (DB2 V9.1) CREATE and ALTER TRUSTEDinadequate authorization. CONTEXT statements, establish trusted connection information and switch userClass Two information.Explicit GRANT and REVOKE statements andtheir results. This class does not trace implicit Here is a partial list of DB2 security related eventsgrants and revokes. commonly monitored: · Access rightsClass Three · Privilege changes, explicit privilege changes asCREATE, ALTER, and DROP statements that well as administrative changesaffect audited tables, and the results of these · SYSCTRL and SYSADM activitystatements. · Changes to authorization · Dropping of tablesClass Four · Inserting/changing recordsChanges to audited tables. · Accessing data from unauthorized ID’s · GRANT/REVOKE statementsClass FiveAll read accesses to tables that are identified with For some classes, other activity within the DB2the AUDIT ALL clause. audit trail information, important for computer forensics and incident response, is the actual SQLClass Six statement that was being performed at the timeThe bind of static and dynamic SQL statements of the incident. It is a fingerprint to the table, rowof the following types: and column that the user was going after at theINSERT, UPDATE, DELETE, CREATE VIEW, and time. Unfortunately, it is buried behind a veryLOCK TABLE statements for audited tables. complex index of binary bit settings within the DB2SELECT statements on tables that are identified SMF audit trail record and difficult to interpret.with the AUDIT ALL clause. The DB2 Audit Trace facility is historically knownClass Seven for adding additional CPU overhead. DB2 hasAssignment or change of an authorization ID gotten progressively better when using this facilitybecause of the following reasons: with each new release and there has been a· Changes through an exit routine (default or drastic reduction on that overhead. The latest IBM user-written) statistics indicate that it will introduce less than· Changes through a SET CURRENT SQLID 10% additional CPU overhead, per transaction, if statement all of the classes are turned on.· An outbound or inbound authorization ID translation· An ID that is being mapped to a RACF ID from Thinking “outside the box” a Kerberos security ticket The mainframe operating system platform is the premier transaction-processing machine and hasClass Eight always boasted industry-leading securityThe start of a utility job, and the end of each phase technology. During many years of service, oftenof the utility. under the most demanding conditions imaginable, it has survived. It has proven itself time and again,Class Nine and was awarded the U.S. Government’s highestVarious types of records that are written to IFCID certification for commercial security. However, in0146 by the IFI WRITE function.© Arcati Ltd, 2011 21
  22. 22. Arcati Mainframe Yearbook 2011 Mainframe strategya changing world with an increase in lost trade The events are expected to be condensed by agentsecrets, theft of personal identity, and wrongdoings software executing on a remote device.by employees, associates and contractors, the DB2 SMF records can be excessive in length (thestrongest security mechanisms are essential. The SQL could be 4k alone) and should be filtered ormainframe security concept of “allow” or “not condensed for any SEIM product. The process ofallow” simply may not be enough. It needs reading the security logs and condensing themadditional safeguards that help protect users and into warnings and alerts is expected to occur by adata with features that were not possible until remote agent process residing on the mainframe.recently. Doing so saves network traffic overhead and expenses related to storing excess data in theThe answer to bringing mainframe security to the central repository on a mid-range disk device.next level is; integrating mainframe “yes” or “no” Commercial vendors for SEIM products such assecurity with existing network security products. NetIQ, Intellitactics, IBM, NetForensics, ArcSightThe mainframe security professional needs the and Novell often have remote batch or real-timetools to accomplish this feat in a world where the process to collect DB2 information from theReagan-era motto “Trust but Verify” is essential. mainframe.There are a variety of Log Management and SEIMproducts supporting DB2 that may already be One way to leverage money already spent and todeployed within your own organizations. These get the “employee of the month” award is to thinkproducts sit outside the mainframe, on the outside the box and to integrate mainframe eventsnetwork, and collect events logging from firewalls, into one of the products that your company hasUNIX, Windows and other operating systems. Very already invested in.seldom does a mainframe Security Administratortap into these resources. DB2 mainframe homegrown solutions Developing a homegrown agent application to readLog Management and monitor the DB2 SMF records, non-DB2 SMFLog Management products are available from records, console messages, applicationcommercial vendors including LogLogic, Network messages and vendor products is anIntelligence, Novell, Computer Associates, IBM and overwhelming and monumental task. The DB2others. They are designed to collect raw log data. SMF records are considered to be one of the mostA partial mainframe solution is to route the console complex record formats and can only belogs directly to the Log Management software. This interrupted by a veteran Systems Programmer.is only a partial solution because the console logs Not including the DB2 SMF records in aalone do not contain all of the information required homegrown solution would produce a highlyfor fully monitoring the mainframe environment. A ineffective result.better approach to Log Management is to use thecombination of raw data from console logs, Another interesting point is that the Sarbanes-security log files and SMF data. Problems arise Oxley Act of 2002 definition of Separation of Dutieswhen you attempt to send the combined specifies that security personnel administrating orinformation to the Log Management software monitoring should not be writing security code. Inbecause the volume of data traveling across the essence, homegrown written code, including lognetwork creates a lag time. The information does monitors and exits written by a security personnot arrive in a “timely manner” as required by within the organization, is in violation of the veryregulatory mandates as a result. audit finding that it was intended to resolve.SEIM products supporting DB2 With that being said; and you decide to proceed,SEIM products collect security events from many there are some complicated technical and designsources other than the mainframe.22 © Arcati Ltd, 2011
  23. 23. Arcati Mainframe Yearbook 2007 2011 Mainframe strategyissues that have to be worked out before you even breach. Therefore, it is no longer efficient or safebegin. These issues include: to rely solely on batch reporting and mainframe· Asynchronous timing security systems that work strictly inside the· Unacceptable consumption of CPU and mainframe, only recording on incidents where Network resources security has been violated. It is now possible to· Conversion of data from binary to text format use products to monitor mainframe security from· Delivering the information on a timely manner outside the mainframe itself. so that it can be immediately acted upon. Among the various kinds of security products thatThe complexity and costs related to the can work sitting outside the mainframe platformdevelopment of a homegrown application is often are Log Management and SEIM (Security Eventcast aside by management when compared to and Incident Management) products supportingthe cost of purchasing proven software from DB2. Each of these products has their own prosreliably vendors. and cons and there is no “one shoe fits all” solution. The important point is that all these solutions are more economical, efficient and faster than theSummary earlier models in countering new types of securityDB2 z/OS is here to stay and will only grow to threats.accommodate data warehousing requirementsand corporate business transactions. In the past So, how will you choose the correct softwarethe security emphasis always seemed to be on among the many alternatives? While choosing adistributed systems. However the new particular security product that is able to workGovernment regulations have leveled the field to sitting outside the mainframe platform, certaininclude all data, as exampled under the Federal factors have to be checked. Here are someInformation Security Management Act (FISMA) of criteria that you may consider when evaluating a2008. Every Government computer and network security product for your company:is essentially required to protect its confidential · Scalabledata and any other types of records. These · Ease of usestandards are about to spill over into the · Room for lateral growthcommercial arena with the fusion of Government · Real time 24/7 event monitoringand commercial entities. SOX and HIPAA have no · Ease of configuration and installationcomputer boundaries regarding the compromise · Small footprint of mainframe processing andof critical data. Unauthorized changes to patient minimum performance impact on mainframeinformation or accounting records are all fair game systemsin the eyes of the law. Companies should not wait for the incident toIn this paper we have addressed some important happen to make newspaper headlines. Althoughissues relating to security breaches. They include the cost of protecting data effectively is high, thehow the mainframe platform works towards cost of a security breach is even highermonitoring security of records, what the pitfalls considering the new laws governing theare in the traditional methods of using DB2 SMF compromise of data. Companies can take a sighrecords for event tracking, and how the mainframe of relief now that there is cost effective andplatform can be modernized to provide improved comprehensive mainframe software available insecurity monitoring of important and confidential the market. These products meet the currentrecords. An attack, especially on DB2 z/OS to needs of the corporations in the area of securingobtain the privilege settings of the DB2 System confidential records of their own businesses asAdministrator, allows for a stealthy security well as of their clients, and have all the qualities© Arcati Ltd, 2011 23
  24. 24. Arcati Mainframe Yearbook 2011 Mainframe strategythat are required to counter today’s security company and IBM Business Partner in softwarethreats. They work efficiently with existing development. He has over 25 years mainframemainframe security products and make use of systems experience and 15 years securitySMF and console messages in appropriate ways. management experience. He has worked withThey are capable of tracking DB2 audited events, NATO’s Counterintelligence Lathe Gambitseveral types of insider threats, delivering security project, the US Army Counterintelligence,mainframe alerts in real time and easily integrating and other government, private and publicwith other existing security monitors. organizations. He also provides professional services to government agencies on mainframeSo, don’t let data breaches derail your career, or and security related subjects.more importantly, your boss’s. Proactivecompanies, having a track record of monitoring Stephen D. Rubin is the founder and president ofsecurity logs from outside the box, are in the MMI. Under his leadership MMI has a track recordforefront of Government requirements and have of 20 years of financial success in creatinga solid framework in place to manage DB2 data business markets for information technologyand its associated risks. Doing so puts them, services (IT) across North America. Areas ofregardless of their industry, in a better competitive business include training, consulting services, andposition, with an ideal security posture that will software. MMI has trained over 3,000 IT studentsallow them to participate in the very important data- representing over 400 corporations in databasesharing evolution taking place. design, information security, capacity planning and distributed application development. Professional service engagements have included information security, server consolidation, and theFounded in 2002, Type80 Security Software is a auditing of capacity planning and chargebackleading producer of Mainframe security solutions. methodologies for both public and private sectors.Type80s flagship product, SMA_RT, is a Stephen has authored white papers to driverevolutionary host-based intrusion detection and market recognition and helped create the Unitedalert notification product for IBM mainframe States marketplace for a European software start-computers running on the zSeries/Operating up client.System (z/OS). Type80s products are designedto protect information stored on IBM mainframes William Buriak has over 25 years of informationby detecting the presence of unauthorized and technology experience with an extensivesuspicious activity and delivering relevant alerts background in financial services, healthcare, andto Log Management and SEIM products in real- technical and management consulting. Bill is atime. By allowing quick and easy access to Senior Executive with demonstrated experienceimportant Mainframe-specific security events, in planning, developing, and implementing costType80s products provide a valuable role in effective, innovative solutions to address complexhelping organizations around the globe meet business problems. He has broad recognizedvarious Governance, Risk Management and experience in managing mainframe systems,Compliance regulations. Type80 is a privately-held Web based, and distributed systems. He hascorporation based in Alexandria, Virginia. extensive qualifications including vendor management, consensus building, and strategicPlease visit www.type80.com for further planning skills. Currently working in the Securityinformation. Engineering area of a major world bank, Mr. Buriak is responsible for compliance and control of a largeJerry Harding is CEO of Type80 Security Software, number of global products.Inc. Type80 is an emerging security technology24 © Arcati Ltd, 2011
  25. 25. Arcati Mainframe Yearbook 2007 2011 Mainframe strategy and-error routines to find solutions to problems. IfCA Mainframe Chorus a problem recurs on an infrequent basis, there’s no easy way to document the solution so it canDenny Yost takes a detailed look at CA be shared with others or quickly implemented theMainframe Chorus from CA Technologies. next time it occurs. Mainframe professionals also find themselves switching between multiple,For many large organizations throughout the world, disparate tools to perform their jobs, furthermainframe computing environments are an zapping productivity.essential business asset that continues to grow.Mission-critical applications hosted on Determining how to leverage the expertise of themainframes process trillions of transactions aging mainframe professionals, transfer theirannually for customers of banks, insurance knowledge to the younger generation ofcompanies, brokerage houses, various professionals, increase productivity to keep costsgovernment agencies, manufacturers, and a host low, and teach the younger generation how to useof other organizations. However, if a mission- command-level mainframe tools is a significantcritical application or service isn’t available, challenge for CIOs. It’s a challenge that must becustomers suffer, causing significant losses in resolved soon.revenue and customer goodwill. For this reason,managing the mainframe computing environmenthas always been and will always be vital to the A new, innovative mainframe managementcontinued success and viability of many large solutionorganizations. CA Mainframe Chorus addresses the need for easing the management of mainframe resources, provides a standardized method of knowledgeThe dilemma transfer, and increases productivity through theCIOs are facing several significant challenges to use of its role-based, unique interaction model.keep their vitally important mainframe computingassets performing at their best. It’s no secret that The unique interaction model of CA Mainframemost mainframe professionals are specialists with Chorus delivers a new approach to managing20 to 30 years of experience who will be retiring in mainframe computing environments for today’sthe coming years. When a problem occurs with and tomorrow’s information systemsz/OS, DB2, CICS, security, storage, or other professionals by combining a visual workspace,mainframe components, the speed of correctly collaboration, automation, and the ability to capturesolving the problem is critical. Yet, years of and easily share knowledge into a graphically-rich,experience and knowledge are needed to quickly integrated solution organized around the job roleknow where to look and what action to take. The of the person using it. Here’s how it works.experienced mainframe professionals have thisknowledge, but the younger generation doesn’t.Getting younger mainframe professionals up to Easing mainframe managementspeed quickly is also difficult due to the CA Mainframe Chorus presents mainframemainframe’s text-based, command-oriented resources in an intuitive, easy to learn and useinterface in contrast to one that’s graphical. graphical display known as the workspace. The workspace includes a metric panel, workspaceProductivity is another issue. While experienced tabs, and the module section (see Figure 1). Themainframe professionals possess significant metric panel is located at the top and is aknowledge, they must still regularly reference continuously running horizontal scroll displayingmanuals, collaborate with others, and perform trial-© Arcati Ltd, 2011 25
  26. 26. Arcati Mainframe Yearbook 2011 Mainframe strategy Figure 1: CA Mainframe Chorus provides the base platform upon which different role-based management components are builtthe status of various performance variables (known to resolve issues has been a looming questionas Metric Icons) such as system, database, for the past few years. Experienced mainframeapplication performance, and many others. These professionals know what commands to enter toperformance variables dynamically change color identify a problem, what actions to take tobased on thresholds to provide visual notice of implement a solution, and a host of othervarious alert conditions. When the user clicks on information. How to capture the expertise of thea performance variable, more in-depth information experienced mainframe professionals and makeis displayed in the workspace tabs area to present it accessible to the younger generation for learningdetailed data of what’s taking place. Since CA and using has been a quandary for many CIOs.Mainframe Chorus provides an integrated solution,a mainframe professional can further drilldown into CA Mainframe Chorus provides the ability toa problem through seamless interfaces to other capture and store information. Policies,products and take the appropriate corrective procedures, actions, and solutions can beaction. documented, readily available, sharable, and, in many cases, automatically performed. The result is a standardized method for knowledge transfer,Knowledge transfer more effective management of mainframes, andCapturing the knowledge of aging, experienced easier skill development for the next generation ofmainframe professionals and the actions they take mainframe professionals.26 © Arcati Ltd, 2011
  27. 27. Arcati Mainframe Yearbook 2007 2011 Mainframe strategy Figure 2: CA Mainframe Chorus helps users easily visualize complex DB2 relationships when navigating LPAR, subsystems, databases and other DB2 objectsGreater productivity Chorus can also automate the execution ofBeing able to perform tasks quicker and easier is commands, steps or other workflow, potentiallyalways nice. Effortlessly performing repetitive and accomplishing in minutes what might take amonotonous tasks faster is awesome. mainframe professional much more time to complete.CA Mainframe Chorus increases productivity inseveral ways. Its intuitive interface makesperforming a wide variety of mainframe CA Mainframe Chorus for DB2 Databasemanagement functions far easier, thereby Managementimproving productivity for both experienced and CA Mainframe Chorus provides the base platforminexperienced mainframe professionals. Since the upon which different role-based managementproduct is easy to learn how to use, younger components are built. The CA Mainframe Chorusmainframe professionals can quickly be platform combined with one or more role-basedperforming tasks that would otherwise take them management components delivers a total solutionmonths to learn and master. CA Mainframe to optimize performance, simplify management,© Arcati Ltd, 2011 27
  28. 28. Arcati Mainframe Yearbook 2011 Mainframe strategyand accelerate staff knowledge and experience. • Object Tree navigation and management ofThe first role-based management component DB2 objects: Improve productivity andbeing introduced with the base platform is CA visualization when navigating LPARs,Mainframe Chorus for DB2 Database subsystems, databases and other DB2 objectsManagement (note: other roles will be introduced • Alerts on DB2 threshold exceptions that providein the future). a launch point for easier troubleshooting: Focus DBAs on priority Service Level AgreementA unique user experience is delivered by CA (SLA) items and enable new DBAs to learnMainframe Chorus for DB2 Database these skillsManagement for z/OS Database Administrators • In-context domain documentation with third-(DBAs). The product helps streamline and party integration: Increase productivity of bothautomate repetitive DBA tasks, freeing time for current and next-generation mainframe IT staffmore strategic projects. An example screen is through centralized, in-context knowledgeshown in Figure 2. Complex DB2 for z/OS • Near real-time performance monitoring withrelationships can easily be visualized, thresholds graphical displays: Manage the health of theand alerts can be proactively monitored, and DB2 system as well as currently executingperformance bottlenecks can be quickly identified, applications.diagnosed, and resolved to improve performance.Best of all, action steps to follow, documentationof actions taken, and other experiences can beeasily accessed and shared to help accelerate CA Mainframe Chorus and CA Mainframe Chorusknowledge and simplify mentoring for the next for DB2 Database Management are availablegeneration of DBAs. from CA Technologies, One CA Plaza, Islandia, NY 11749. Voice: 800-225-5224; Website: www.ca.com.CA Mainframe Chorus for DB2 DatabaseManagement key features: See a demo; read a White Paper; get more• Time series data graphing for DB2 application information – you can learn more about CA performance data: Automate tracking and Mainframe Chorus for DB2 Management by graphing of comparative historical data analysis visiting the vendor’s Website at http://www.ca.com/ for easier diagnosis and resolution of chorus. performance issues The 2010 Guide Share Europe UK National Conference was again held on 2nd and 3rd November at Whittlebury Hall. To help stay connected, the conference centre offered free Wi-Fi in public areas, and the conference provided 14 streams of seminars with five sessions per day - a staggering 140 presentations over the two days. In addition to the CICS, IMS, DB2, Enterprise security, large systems working group, network management working group, and software asset management streams, there were four streams for Tivoli users, DB2 LUW, zLinux, and new technologies. So there was definitely something for everyone. While management may feel that a couple of days out of the office must mean IT staff are simply enjoying themselves, the truth is these conferences help so much to share information and keep abreast of trends and new developments. Many thanks to the organizers for setting up such an excellent event, and to Mark Wilson who was conference manager for this years conference.28 © Arcati Ltd, 2011
  29. 29. who can change the way themainframe is managed forever?Introducing CA Mainframe Chorus from CA Technologies.CA Mainframe Chorus dramatically simplifies mainframe management to help make your peoplemore successful and more productive while helping you maintain worldclass Quality of Service.CA Mainframe Chorus is a part of the CA Mainframe 2.0 strategy. It is both a fast on-ramp tomainframe management responsibilities and a productivity engine designed to help you getmore value from your mainframe platform.Simpler. Faster. More productive.The first management role, “CA Mainframe Chorus for DB2 Database Management,” isavailable today.To learn more, please visit ca.com/chorus we canCopyright ©2011 ca. All rights reserved.
  30. 30. Arcati Mainframe Yearbook 2011 2011 user survey by Mark Lillycrop and Trevor Eddolls The 2011 Mainframe User Survey An analysis of the profile, plans, and priorities of mainframe users. Many thanks to all those who took part.As usual our annual mainframe survey provides Responses from large mainframe vendors anda snapshot of the System z user community’s multiple entries from different people at the sameexisting hardware and software configuration, and site were excluded from the survey.also their plans and concerns for 2011. Respondents were from all over the world and theirThis year we have continued to track the growth distribution is shown in Chart 1. 52% were fromof mainframe integration with Web services, cloud North America and 32% from Europe, with 16%computing, and other areas of new development, from the rest of the world.as well as gauging the extent to which ‘specialty’ 6% 2% 8% North America Europe Middle East/Africa 52% Asia Pacific 32% South America Chart 1: Distribution of respondentsengines, and Linux applications are changing the As usual, a wide range of industry types areface of mainframe computing. In addition, we have represented in our sample (Chart 2). Notcontinued to explore relative cost in more details, surprisingly banking and IT account for a largeasking respondents how fast their distributed proportion of the organizations involved (28% andserver costs are growing relative to the mainframe. 20% respectively), with Government next with 16%.And we have investigated how important “green” Insurance and retail both have 8% each. Transportissues are to the mainframe community. and ‘other’ have 6% each. Health has 4%, leaving education and telecoms with 2% each.Profile of respondentsThe mainframe user survey was completed by A third way to categorize respondents is to look at100 individuals between the 1 November 2010 and business size. As shown in Chart 3, 44% of thethe 3 December 2010. Survey respondents were companies have in excess of 10,000 employeeseither contacted directly by e-mail or other Web- worldwide,Below that, with 14% of respondents,based means and invited to complete the are staff sizes of 0-200, 1001 to 5000, and 5001mainframe user survey on the Arcati Web site. to 10000. 10% of respondents had 201-500 staff,30 © Arcati Ltd, 2011

×