• "I have evaluated/used many security products throughout my over 30 year career and Xygate is my favorite."

See what will be discussed at BITUG 2015

March 18 2015

NonStop SQL Database Management
I have always been, and always will be, what has been referred to as a “command line cowboy”. I go through keyboards faster than most people go through mobile phones. I know how to type and I prefer to. I write macros and scripts day in and day out. I can extract data from my NonStop databases in EBCDIC or ASCII and I can update statistics or repartition with the best of them. So what am I whining about? The fact that these database administrator operations not only require me to be sitting at the keyboard, but each and every one of them requires custom work and intimate knowledge of everything I am touching, the somewhat cryptic syntax for every operation and a LOT of work. Scripts must be written and tested, formats decided on, security updated and who knows what else.

Furthermore, I am often at odds with the security administration team and way out of compliance to corporate security policy which mandates the capture and recording of all actions taken against sensitive database data, whether it be Enscribe, NonStop SQL/MP, or NonStop SQL/MX.

As a Database Administrator (DBA), it can become overwhelming to think of all of the tasks I am responsible for; designing databases, extracting data, managing performance (both programs and tables), not to mention I have to do all of this manually. If your job is anything like mine, you know a DBA is always being pushed to do more in less time which makes for stressful days.

Challenges of being a DBA
Let’s talk about a few of the challenges that all DBAs face day in and day out.
• Repartition
o Reviewing and updating key values
o Merging partitions

• Reuse partitions
• Update statistics
o Gathering SQL/MX statistics
o Copy statistics from one table (or system) to another

• Index maintenance
o Create
o Populate
o Drop
o Alter

• Specifying access privileges
o grant/revoke
• Query performance and tuning
• Building and deploying standard queries
• Data load/unload
o Moving data from MP to MX for testing

Is there a Solution for us and those we work with?
While there are a few Database management tools offered from HP such as NSM/web or MXDM, I believe I have found the ideal solution for all DBA’s, developers, testers and QA analysts and users. Merlon Software Corporation has developed an extensive set of database solutions for SQL/MP and SQL/MX to allow anyone who needs access to NonStop hosted data, regardless of your NonStop knowledge, to manage, manipulate, view, query, and optimize data and the programs that interact with it. Not everyone has the same knowledge of a NonStop server, but everyone needs to access the vast data stores of the NonStop. Using Merlon’s software makes this possible with minimal effort.

What can a modern SQL solution do for my databases?
New database tools and technologies allow you to do more in less time, reduce your error rates, eliminate the need to remember the exact syntax to accomplish rare operations and you can automate those repetitive, tedious and complex tasks.

The main management solution in the Merlon database toolkit, SQLXPress, is the Swiss Army Knife® of utilities. It is a Microsoft Windows (because who doesn’t use Windows these days) GUI that includes just about everything you need to keep your NonStop databases in top shape. It supports both SQL/MP and SQL/MX and includes its own easy to use scripting language while easily integrates into any batch solution. No secondary utilities are required. On top of all this, the auditors and security police can satisfy their need for accountability as every session can be audited and include logon/logoffs, SQL statements, scripted activities such as SQLCI and MXCI commands, OSS program launched, and more.
With SQLXPress you can pull down as much data as you need in a single query and sort and order any way you like with the same dataset! One query, drag and drop, or click your way to data discovery. Table data or metadata, whatever you need. This feature alone saves hours of work.
SQL Image

Once you have extracted what you need, SQLXPress has made it easy to export your data to any number of useful, consumable formats such as PDF, EXCEL, other databases, etc. Or just print what you need and move on.

One of the best features of NonStop SQL (both MP and MX) is the ability to perform DDL operations on active databases. Partitions get full, access requirements change. Performance can suffer over time. We need to keep up with how our systems are behaving on a regular basis. Sometimes things need to be moved around. This kind of work can take a wide view of large amounts of data. Most of us would rather do this off peak to minimize performance issues, but we can do the difficult work up front. Analyzing keys and partition placement can be a daunting task even for small databases. SQLXPress takes the guesswork out of this by giving you the ability to run multiple analyses using very fast sampling to minimize impact and it can make recommendations based on data distribution AND query plan analysis.
SQL Image 2

I have found so many great features in SQLXPress that it is not possible to tell you all of them right now, but there is one that I simply cannot go without mentioning. The Merlon software provides the ability to develop and deploy user queries. Consumers often know what they want but have no idea what goes into what they are asking for, it is our job to decode their requests and provide them with a safe and secure way to get the data they need. Using SQLXPress, any DBA can write a query that only allows users to plug in data only in the fields relevant to the user.

Developers, Testers/QA analysts and Users
As mentioned before, others we work with can benefit from SQLXPress as well. Many of the same features and functions that benefit the database team are really useful for everyone:
• Build, test, and optimize queries
• Build scripts
• Explore database dependencies
• Create and manage test environments
• Compare schemas
• Compare data
• Generate test data
• Browse data
• XPressView provides read-only access to database queries and tables
• Run queries designed by DBA
• Build using a visual query builder
• Print data
• Export data

Considering the size and complexity of NonStop data, the last thing you want is users in your database. By giving them the GUI and controlling (and auditing!) what they do, you can grant them the freedom to access the data while maintaining control over what data they can see and how they can access it. They won’t know, or care, if the data is MP or MX, all they will know is that is available and their queries complete in record time.
A lot of users have a need for subsets of data. The development, test and QA teams are notorious for making requests for production data that often cannot be exported for security, privacy or legal reasons. SQLXPress, once again, has an answer for that. When someone needs representative data for testing, SQLXPress just needs to know what data you are looking for and how much. Whether you need 500 rows or a million rows that look like your production customer database all you need is SQLXPress to clone the database in question then ask it to generate a sample of a given size. These time consuming tasks will become easy for the development, test and QA teams making everyone’s lives less stressful.

The toolset is quite amazing. Do the Oracle kids make fun of you for your green screen? Does the MySQL dude over the wall ask you how long it takes you to get through your request queue? Do they simply not understand that this stuff takes work? Turn the tables. Ask them how many concurrent users THEY can support. Ask them what they think big data is. Tell them we have been doing it all for years without downtime. Then show them SQLXPress and laugh back.
Back again to security, because high-availability and fault tolerant systems need strong security, SQLXPress addresses these needs in many ways. In addition to its new auditing capabilities, SQLXPress also integrates seamlessly with XYGATE Access Control for the added comfort of limiting access on a need to know basis and having full individual user accountability, even when using shared or privileged ID.

Moreover, your copy of XYGATE Merged audit will soon be able to extract all this valuable security audit for centralized reporting, alerting, and for streaming off to your enterprise SIEM.
Continue to watch this space. Next time I will talk about database maintenance (reorgs)! The excitement continues!

XYPRO’s Head of Security joins ISSA CISO Advisory Council

March 16 2015

Steve Tcherchian, XYPRO Technology’s Head of Corporate Security, recently joined the ISSA CISO Advisory Council as a board member. Already a member of CISO Executive Forum, Steve now joins the board which is responsible for all aspects of the quarterly event including setting the content and theme about what’s important in cybersecurity, speakers and sponsors and overseeing partnerships for the forum.

The CISO Executive forum provides a venue for C level security executives to share concerns, successes and feedback in a peer only environment. The forum creates a unified voice to influence security industry vendors, standards and legislation.

“Joining a leadership position in ISSA not only shows XYPRO’s commitment to our customers’ security as well as our own security posture, but also allows XYPRO to give back to the community by contributing its 30+ years of experience in the security space” said Steve Tcherchian.

Steve will co-chair the April CISO Executive Forum alongside PETCO CISO Kevin Rigney, which will take place in April in San Francisco, prior to the RSA Conference. Speakers for the April event include the United States FBI, HP CISO Brett Wahlin and Cisco CSO John Stewart.


SunTUG 2015:  Much Ado about Data Security

March 09 2015

Well, another very successful SunTUG meeting just finished and, while there were other important topics (e.g., modernization, integration, replication), the predominant area of discussion was data security. The focus on protecting sensitive data makes a lot of sense given that the SunTUG user community is composed of many sophisticated HP NonStop customers in industries like payments, financial services, and telecommunications.

Recently, HP made big news when it announced the acquisition of Voltage Security—the industry leader in Format Preserving Encryption (FPE) and Secure Stateless Tokenization (SST). SunTUG 2015 was the first HP NonStop user group meeting since that announcement and it was a great opportunity to highlight Voltage’s unique approach to data-centric security and Voltage’s partnership with XYPRO for the HP NonStop area.

Voltage and XYPRO coordinated their sessions to provide a two-part series on data protection for the enterprise and for the HP NonStop—these were the session titles with links to the presentations:

Part 1: Voltage Security: Data-centric Security for HP NonStop and Enterprise-wide Environments
Part 2: XYPRO: Optimizing Voltage Tokenization and Encryption for HP NonStop Environments

The 2-part series went very well—here’s a summary from those sessions of what differentiates the combined Voltage and XYPRO solution:

Voltage Security provides industry-leading tokenization and encryption
• Standards-based: all cryptography is standards based (AES) and
   publicly validated
• Industry-proven: used by large payment processors, financial
   institutions, retailers, and telcos
• Multi-platform support: HP NonStop, z/OS, Solaris, Windows,
   Linux, Stratus, AIX, etc.
• Support for wide variety of data types: payments, other PII
   (e.g., SSN, DoB)
• Stateless key management: no keys to store, manage or
• Flexible: full/partial encryption, masked, and tokenized data from
   the same interface
• Runs natively on NonStop: tokenization and encryption happen
   natively on NonStop

View the Voltage Presentation

XYPRO XDP optimizes Voltage for NonStop environments
• No application changes required on NonStop
• Support for nowaited/non-blocking encryption/tokenization
• Support for NonStop’s OS personalities and executable types
• Multiple language support: C, TAL and COBOL
• Distributed architecture provides fault-tolerance, parallelism
   and scalability
• Built-in access control and auditing, as with all XYGATE products

View the XYPRO Presentation

More information about XYGATE Data Protection (XDP) is available on XYPRO’s website.

Finally, a couple short, heart-felt notes of appreciation: SunTUG 2015 was, as usual, a very well run affair with strong attendance—thank you SunTUG team and HP NonStop users! Also, thank you to the HP team for your presentations and involvement—your updates on the HP NonStop business and technology were exciting and provided a great start to an energetic conference.

Ken Scudder
Business Development and Strategic Alliances
XYPRO Technology Corporation