Posts Tagged ‘encryption’

New Syncsort Tools Boost IBMi

July 25, 2018

Earlier this week Syncsort announced new additions to its family of products that can be used to help address top-of-mind compliance challenges faced by IT leaders, especially IBMi shops. Specifically, Syncsort’s IBMi security products can help IBMi shops comply with the EU’s General Data Protection Regulation (GDPR) and strengthen security with multi-factor authentication.

The new innovations in the Syncsort Assure products follow the recent acquisition of IBMi data privacy products from Townsend Security. The Alliance Encryption and Security Suite can be used to address protection of sensitive information and compliance with multi-factor authentication, encryption, tokenization, secure file transfer, and system log collection.

Syncsort’s Cilasoft Compliance and Security Suite for IBMi and Syncsort’s Enforcive Enterprise Security Suite provide unique tools that can help organizations comply with regulatory requirements and address security auditing and control policies. New releases of both security suites deliver technology that can be used to help accelerate and maintain compliance with GDPR.

As the bad guys get more effective, multi-factor authentication is required in many compliance regulations; such as PCI-DSS 3.2, NYDFS Cybersecurity Regulation, Swift Alliance Access, and HIPAA. Multi-factor authentication strengthens login security by requiring something more than a password or passphrase; only granting access after two or more authentication factors have been verified.

To help organizations fulfill regulatory requirements and improve the security of their IBMi systems and applications, Syncsort has delivered the new, RSA-certified Cilasoft Reinforced Authentication Manager for IBMi (RAMi). RAMi’s rules engine facilitates the set-up of multi-factor authentication screens for users or situations that require it, based on specific criteria. RAMi’s authentication features also enable self-service user profile re-enablement and password changes and support of the four eyes principle of supervised changes to sensitive data. Four eyes principle requires that any requested action must be approved by at least two people.

Syncsort expects 30% of its revenue to come from IBMi products. It also plans to integrate its Assure products with Ironstream to offer capacity management for IBMi.

In one sense, Syncsort is joining a handful of vendors, led by IBM, who continue to expand and enhance IBMi. DancingDinosaur has been writing about the IBMi even before it became the AS400, which recently celebrated its 30th birthday this week, writes Timothy Prickett Morgan, a leading analyst at the Next Platform. The predecessors to the AS/400 that your blogger wrote about back then were the System 36 and System 38, but they didn’t survive.  In those 30+ years, however, the IBMi platform has continued to evolve to meet customer needs, most recently by running on Power Systems, where it still remains a viable business, Morgan noted.

The many rivals of the OS/400 platform and its follow-ons since that initial launch of the AS/400 are now gone. You may recall a few of them: DEC’s VMS for the VAX and Alpha systems, Hewlett Packard’s MPE for the HP 3000, HP-UX for the HP 9000s, and Sun Microsystems’ Solaris for the Sparc systems.  DancingDinosaur once tried to cheerlead an effort to port Solaris/Sparc to the mainframe but IBM didn’t buy into that.

Among all of these and other platforms, IBMi is still out there, with probably around 125,000 unique customers and maybe between 250,000 and 300,000 systems. Morgan estimates.

He adds: As much as computing and automation has exploded on the scene since the first AS/400 arrived, one thing continues: Good old fashioned online transaction processing is something that every business still has to do, and even the biggest hyperscalers use traditional applications to keep the books and run the payroll.

The IBMi platform operates as more than an OLTP machine, evolving within the constantly changing environment of modern datacenters. This is a testament, Morgan believes, to the ingenuity and continuing investment by IBM in its Power chips, Power Systems servers, and the IBMi and AIX operating systems. Yes, Linux came along two decades ago and has bolstered the Power platforms, but not to the same extent that Linux bolstered the mainframe. The mainframe had much higher costs and lower priced Linux engines on mainframes exhibited a kind of elasticity of demand that IBM wishes it could get for IBMi and z/OS. Morgan is right about a lot but DancingDinosaur still wishes IBM had backed Solaris/Sparc on the z alongside Linux. Oh well.

DancingDinosaur is Alan Radding, a veteran information technology analyst, writer, and ghost-writer. Follow DancingDinosaur on Twitter, @mainframeblog. See more of his work at technologywriter.com and here.

Meet the new IBM LinuxONE Emperor II

September 15, 2017

Early this week IBM introduced the newest generation of the LinuxONE, the IBM LinuxONE Emperor II, built on the same technology as the IBM z14, which DancingDinosaur covered on July 19. The key feature of the new LinuxONE Emperor II, is IBM Secure Service Container, presented as an exclusive LinuxONE technology representing a significant leap forward in data privacy and security capabilities. With the z14 the key capability was pervasive encryption. This time the Emperor II promises very high levels of security and data privacy assurance while rapidly addressing unpredictable data and transaction growth. Didn’t we just hear a story like this a few weeks ago?

IBM LinuxONE Emperor (not II)

Through the IBM Secure Service Container, for the first time data can be protected against internal threats at the system level from users with elevated credentials or hackers who obtain a user’s credentials, as well as external threats. Software developers will benefit by not having to create proprietary dependencies in their code to take advantage of these security capabilities. An application only needs to be put into a Docker container to be ready for Secure Service Container deployment. The application can be managed using the Docker and Kubernetes tools that are included to make Secure Service Container environments easy to deploy and use.

The Emperor II and the LinuxONE are being positioned as the premier Linux system for highly secured data serving. To that end, it promises:

  • Ultimate workload isolation and pervasive encryption through Secure Service Containers (SoD)
  • Encryption of data at rest without application change and with better performance than x86
  • Protection of data in flight over the network with full end-to-end network security
  • Use of Protected Keys to secure data without giving up performance
  • Industry-leading secure Java performance via TLS (2-3x faster than Intel)

With the z14 you got this too, maybe worded slightly differently.

In terms of performance and scalability, IBM promises:

  • Industry-leading performance of Java workloads, up to 50% faster than Intel
  • Vertical scale to 170 cores, equivalent to hundreds of x86 cores
  • Simplification to make the most of your Linux skill base and speed time to value
  • SIMD to accelerate analytics workloads & decimal compute (critical to financial applications)
  • Pause-less garbage collection to enable vertical scaling while maintaining predictable performance

Like the z14, the Emperor II also lays a foundation for data serving and next gen apps, specifically:

  • Adds performance and security to new open source DBaaS deployments
  • Develops new blockchain applications based on the proven IBM Blockchain Platform—in terms of security, blockchain may prove more valuable than even secure containers or pervasive encryption
  • Support for data-in-memory applications and new workloads using 32 TB of memory—that’s enough to run production databases entirely in memory (of course, you’ll have to figure out if the increased performance, which should be significant, is worth the extra memory cost)
  • A build-your-cloud approach for providers wanting a secure, scalable, open source platform

If you haven’t figured it out yet, IBM sees itself in a titanic struggle with Intel’s x86 platform.  With the LinuxONE Emperor II IBM senses it can gain the upper hand with certain workloads. Specifically:

  • EAL 5+ isolation, best in class crypto key protection, and Secure Service Containers
  • 640 Power cores in its I/O channels (that aren’t included in the core count) giving the platform the best I/O capacity and performance in the industry
  • Its shared memory, vertical scale architecture delivers a measurably better architecture for stateful workloads like databases and systems of record
  • The LinuxONE/z14 hardware designed to still give good response time at up to 100% utilization, which simplifies the solution and reduces the extra costs many data centers assume are necessary because they’re used to 50% utilization
  • The Emperor II can be ordered designed and tested for earthquake resistance
  • The z-based LinuxONE infrastructure has survived fire and flood scenarios where all other server infrastructures have failed

That doesn’t mean, however, the Emperor II is a Linux no brainer, even for shops facing pressure around security compliance, never-fail mission critical performance, high capacity, and high performance. Change is hard and there remains a cultural mindset based on the lingering myth of the cheap PC of decades ago.

DancingDinosaur is Alan Radding, a veteran information technology analyst, writer, and ghost-writer. Please follow DancingDinosaur on Twitter, @mainframeblog. See more of his IT writing at technologywriter.com and here.

 


%d bloggers like this: