- "We use XAC and XMA extensively throughout the day, while XPQ is always there, in the background, enforcing enhanced password expiration and quality rules."
XYGATE Merged Audit now supports both BASE24 & BASE24-eps!
April 08 2015
The ability to track and review all activity on the HP NonStop server is a requirement that is no small task as businesses must quickly identify suspicious activity. To help their customers meet these security standards, HP bundles XYGATE Merged Audit (XMA) with the NonStop Operating System.
XMA is an easy to use product that collects and filters data from various audit logs into a single, normalized SQL database on the NonStop, from which you can generate reports. It can also send that data via SYSLOG to integrate seamlessly with Security Information and Event Management (SIEM) devices.
As security in payments processing becomes more challenging, businesses must capture every event going on within their system while also trying to accommodate steady streams of new information, transaction, channels and technologies. XYPRO has created plug-ins for XMA that enable event capture for ACI BASE24 and BASE24-eps. With these plug-ins you get all the great features of Merged Audit:
• A single repository for audit data
• Acceptance of audit records from multiple sources
• Single-server or multi-server view
• A customizable reporting tool
• A filtering mechanism to extract selected data
• An event monitor can display any event or item in near real time based on customized filters built by the user
• User-definable alerts
These Plug-ins are available for servers running H–L Series versions of the HP NonStop Operating System.
XMA has been shipping as part of the NonStop security bundle since 2010, so chances are high that you already have XMA on your system. For more information about purchasing the BASE24 & BASE24-eps plug-ins, please contact your XYPRO Sales Representative. https://www.xypro.com/xypro/contact
Learn more about XYGATE Merged Audit at https://www.xypro.com/xypro/products/merged_audit
See what will be discussed at BITUG 2015
March 18 2015
NonStop SQL Database Management
I have always been, and always will be, what has been referred to as a “command line cowboy”. I go through keyboards faster than most people go through mobile phones. I know how to type and I prefer to. I write macros and scripts day in and day out. I can extract data from my NonStop databases in EBCDIC or ASCII and I can update statistics or repartition with the best of them. So what am I whining about? The fact that these database administrator operations not only require me to be sitting at the keyboard, but each and every one of them requires custom work and intimate knowledge of everything I am touching, the somewhat cryptic syntax for every operation and a LOT of work. Scripts must be written and tested, formats decided on, security updated and who knows what else.
Furthermore, I am often at odds with the security administration team and way out of compliance to corporate security policy which mandates the capture and recording of all actions taken against sensitive database data, whether it be Enscribe, NonStop SQL/MP, or NonStop SQL/MX.
As a Database Administrator (DBA), it can become overwhelming to think of all of the tasks I am responsible for; designing databases, extracting data, managing performance (both programs and tables), not to mention I have to do all of this manually. If your job is anything like mine, you know a DBA is always being pushed to do more in less time which makes for stressful days.
Challenges of being a DBA
Let’s talk about a few of the challenges that all DBAs face day in and day out.
o Reviewing and updating key values
o Merging partitions
• Reuse partitions
• Update statistics
o Gathering SQL/MX statistics
o Copy statistics from one table (or system) to another
• Index maintenance
• Specifying access privileges
• Query performance and tuning
• Building and deploying standard queries
• Data load/unload
o Moving data from MP to MX for testing
Is there a Solution for us and those we work with?
While there are a few Database management tools offered from HP such as NSM/web or MXDM, I believe I have found the ideal solution for all DBA’s, developers, testers and QA analysts and users. Merlon Software Corporation has developed an extensive set of database solutions for SQL/MP and SQL/MX to allow anyone who needs access to NonStop hosted data, regardless of your NonStop knowledge, to manage, manipulate, view, query, and optimize data and the programs that interact with it. Not everyone has the same knowledge of a NonStop server, but everyone needs to access the vast data stores of the NonStop. Using Merlon’s software makes this possible with minimal effort.
What can a modern SQL solution do for my databases?
New database tools and technologies allow you to do more in less time, reduce your error rates, eliminate the need to remember the exact syntax to accomplish rare operations and you can automate those repetitive, tedious and complex tasks.
The main management solution in the Merlon database toolkit, SQLXPress, is the Swiss Army Knife® of utilities. It is a Microsoft Windows (because who doesn’t use Windows these days) GUI that includes just about everything you need to keep your NonStop databases in top shape. It supports both SQL/MP and SQL/MX and includes its own easy to use scripting language while easily integrates into any batch solution. No secondary utilities are required. On top of all this, the auditors and security police can satisfy their need for accountability as every session can be audited and include logon/logoffs, SQL statements, scripted activities such as SQLCI and MXCI commands, OSS program launched, and more.
With SQLXPress you can pull down as much data as you need in a single query and sort and order any way you like with the same dataset! One query, drag and drop, or click your way to data discovery. Table data or metadata, whatever you need. This feature alone saves hours of work.
Once you have extracted what you need, SQLXPress has made it easy to export your data to any number of useful, consumable formats such as PDF, EXCEL, other databases, etc. Or just print what you need and move on.
One of the best features of NonStop SQL (both MP and MX) is the ability to perform DDL operations on active databases. Partitions get full, access requirements change. Performance can suffer over time. We need to keep up with how our systems are behaving on a regular basis. Sometimes things need to be moved around. This kind of work can take a wide view of large amounts of data. Most of us would rather do this off peak to minimize performance issues, but we can do the difficult work up front. Analyzing keys and partition placement can be a daunting task even for small databases. SQLXPress takes the guesswork out of this by giving you the ability to run multiple analyses using very fast sampling to minimize impact and it can make recommendations based on data distribution AND query plan analysis.
I have found so many great features in SQLXPress that it is not possible to tell you all of them right now, but there is one that I simply cannot go without mentioning. The Merlon software provides the ability to develop and deploy user queries. Consumers often know what they want but have no idea what goes into what they are asking for, it is our job to decode their requests and provide them with a safe and secure way to get the data they need. Using SQLXPress, any DBA can write a query that only allows users to plug in data only in the fields relevant to the user.
Developers, Testers/QA analysts and Users
As mentioned before, others we work with can benefit from SQLXPress as well. Many of the same features and functions that benefit the database team are really useful for everyone:
• Build, test, and optimize queries
• Build scripts
• Explore database dependencies
• Create and manage test environments
• Compare schemas
• Compare data
• Generate test data
• Browse data
• XPressView provides read-only access to database queries and tables
• Run queries designed by DBA
• Build using a visual query builder
• Print data
• Export data
Considering the size and complexity of NonStop data, the last thing you want is users in your database. By giving them the GUI and controlling (and auditing!) what they do, you can grant them the freedom to access the data while maintaining control over what data they can see and how they can access it. They won’t know, or care, if the data is MP or MX, all they will know is that is available and their queries complete in record time.
A lot of users have a need for subsets of data. The development, test and QA teams are notorious for making requests for production data that often cannot be exported for security, privacy or legal reasons. SQLXPress, once again, has an answer for that. When someone needs representative data for testing, SQLXPress just needs to know what data you are looking for and how much. Whether you need 500 rows or a million rows that look like your production customer database all you need is SQLXPress to clone the database in question then ask it to generate a sample of a given size. These time consuming tasks will become easy for the development, test and QA teams making everyone’s lives less stressful.
The toolset is quite amazing. Do the Oracle kids make fun of you for your green screen? Does the MySQL dude over the wall ask you how long it takes you to get through your request queue? Do they simply not understand that this stuff takes work? Turn the tables. Ask them how many concurrent users THEY can support. Ask them what they think big data is. Tell them we have been doing it all for years without downtime. Then show them SQLXPress and laugh back.
Back again to security, because high-availability and fault tolerant systems need strong security, SQLXPress addresses these needs in many ways. In addition to its new auditing capabilities, SQLXPress also integrates seamlessly with XYGATE Access Control for the added comfort of limiting access on a need to know basis and having full individual user accountability, even when using shared or privileged ID.
Moreover, your copy of XYGATE Merged audit will soon be able to extract all this valuable security audit for centralized reporting, alerting, and for streaming off to your enterprise SIEM.
Continue to watch this space. Next time I will talk about database maintenance (reorgs)! The excitement continues!
XYPRO’s Head of Security joins ISSA CISO Advisory Council
March 16 2015
Steve Tcherchian, XYPRO Technology’s Head of Corporate Security, recently joined the ISSA CISO Advisory Council as a board member. Already a member of CISO Executive Forum, Steve now joins the board which is responsible for all aspects of the quarterly event including setting the content and theme about what’s important in cybersecurity, speakers and sponsors and overseeing partnerships for the forum.
The CISO Executive forum provides a venue for C level security executives to share concerns, successes and feedback in a peer only environment. The forum creates a unified voice to influence security industry vendors, standards and legislation.
“Joining a leadership position in ISSA not only shows XYPRO’s commitment to our customers’ security as well as our own security posture, but also allows XYPRO to give back to the community by contributing its 30+ years of experience in the security space” said Steve Tcherchian.
Steve will co-chair the April CISO Executive Forum alongside PETCO CISO Kevin Rigney, which will take place in April in San Francisco, prior to the RSA Conference. Speakers for the April event include the United States FBI, HP CISO Brett Wahlin and Cisco CSO John Stewart.