Posts Tagged ‘RACF’

Compuware-Syncsort-Splunk to Boost Mainframe Security

April 6, 2017

The mainframe has proven to be remarkably secure over the years, racking up the highest security certifications available. But there is still room for improvement. Earlier this week Compuware announced Application Audit, a software tool that aims to transform mainframe cybersecurity and compliance through real-time capture of user behavior.

Capturing user behavior, especially in real-time, is seemingly impossible if you have to rely on the data your collect from the various logs and SMF data.  Compuware’s solution, Application Audit, in conjunction with Syncsort and Splunk, fully captures and analyzes start-to-finish mainframe application user behavior.

As Compuware explains: Most enterprises still rely on disparate logs and SMF data from security products such as RACF, CA-ACF2 and CA-Top Secret to piece together user behavior.  This is too slow if you want to capture bad behavior while it’s going on. Some organization try to apply analytics to these logs but that also is too slow. By the time you have collected enough logs to deduce who did what and when the damage may have been done.  Throw in the escalating demands of cross-platform enterprise cybersecurity and increasingly burdensome global compliance mandates you haven’t a chance without an automated tool optimized for this.

Fortunately, the mainframe provides rich and comprehensive session data you can run through and analyze with Application Audit and in conjunction with the organization’s security information and event management (SIEM) systems to more quickly and effectively see what really is happening. Specifically, it can:

  • Detect, investigate, and respond to inappropriate behavior by internal users with access
  • Detect, investigate, and respond to hacked or illegally accessed user accounts
  • Support criminal/legal investigations with complete and credible forensics
  • Fulfill compliance mandates regarding protection of sensitive data

IBM, by the way, is not ignoring the advantages of analytics for z security.  Back in February you read about IBM bringing its cognitive system to the z on DancingDinosaur.  IBM continues to flog cognitive on z for real-time analytics and security; promising to enable faster customer insights, business insights, and systems insights with decisions based on real-time analysis of both current and historical data delivered on an analytics platform designed for availability, optimized for flexibility, and engineered with the highest levels of security. Check out IBM’s full cognitive for z pitch.

The data Compuware and Syncsort collect with Application Audit is particularly valuable for maintaining control of privileged mainframe user accounts. Both private- and public-sector organizations are increasingly concerned about insider threats to both mainframe and non-mainframe systems. Privileged user accounts can be misused by their rightful owners, motivated by everything from financial gain to personal grievances, as well as by malicious outsiders who have illegally acquired the credentials for those accounts. You can imagine what havoc they could wreak.

In addition, with Application Audit Compuware is orchestrating a number of players to deliver the full security picture. Specifically, through collaboration with CorreLog, Syncsort and Splunk, Compuware is enabling enterprise customers to integrate Application Audit’s mainframe intelligence with popular SIEM solutions such as Splunk, IBM QRadar, and HPE Security ArcSight ESM. Additionally, Application Audit provides an out-of-the-box Splunk-based dashboard that delivers value from the start. As Compuware explains, these integrations are particularly useful for discovering and addressing security issues associated with today’s increasingly common composite applications, which have components running on both mainframe and non-mainframe platforms. SIEM integration also ensures that security, compliance and other risk management staff can easily access mainframe-related data in the same manner as they access data from other platforms.

“Effective IT management requires effective monitoring of what is happening for security, cost reduction, capacity planning, service level agreements, compliance, and other purposes,” noted Stu Henderson, Founder and President of the Henderson Group in the Compuware announcement. “This is a major need in an environment where security, technology, budget, and regulatory pressures continue to escalate.”

DancingDinosaur is Alan Radding, a veteran information technology analyst, writer, and ghost-writer. Please follow DancingDinosaur on Twitter, @mainframeblog. See more of his IT writing at and here.



IBM’s z13 Redefines Mainframe Performance, Economics, and Versatility

January 14, 2015

With the introduction of the new IBM z13, the latest rev of the 50-year old mainframe product line introduced today, it will be hard for IT people to persist in the mistaken belief that the mainframe can’t handle today’s workloads or that it is too expensive. Built around an 8 core, 22nm processor, the IBM z13’s 141 configurable cores (any mix of CP, IFL, zIIP, ICF, SAP) delivers a 40% total capacity improvement over the zEC12.

 IBM z113

The z13 looks like the zEC12 but under the hood it’s far more powerful

The IBM z13 will handle up to 8,000 virtual enterprise-grade Linux servers per system, more than 50 per core.  Remember when Nationwide Insurance consolidated 3000 x86 servers mainly running Linux on a System z and saved $15 million over three years, a figure later revised considerably higher. They got a lot of press out of that, including from DancingDinosaur as recently as last May. With the IBM z13 Nationwide could consolidate more than twice the number of Linux servers at a lower cost and the resulting saving would be higher still.

If you consider Linux VMs synonymous with cloud services, the new machine will enable superior Cloud services at up to 32% lower cost than an x86-based cloud. It also will cost up to 60% less than Public Cloud over three years. In almost every metric, the IBM z13 delivers more capacity or performance at lower cost.

IBM delivered an almost constant stream of innovations that work to optimize performance and reduce cost. For example, it boosted single thread capacity by 10% over the zEC12. It also delivers 3x more memory to help both z/OS and Linux workloads. The more memory combined with a new cache design, improved I/O bandwidth, and compression will boost analytics on the machine. In fact, with the z13 you can do in-memory analytics if you want it.

The one thing it doesn’t do is boast the fastest commercial processor in terms of sheer speed. The zEC12 processor still is the fastest but with all the optimizations and enhancements IBM has built in the z13 should beat the z12 in handling the workloads organizations most want to run. For instance, the z13 performs 2X faster than the most common server processors, 300 percent more memory, 100 percent more bandwidth and delivers vector processing analytics to speed mobile transactions. As a result, the z13 transaction engine is capable of analyzing transactions in real time.

Similarly, simultaneous multi-threading delivers more throughput for Linux and zIIP-eligible workloads while larger caches optimize data serving. It also improved on-chip hardware compression, which saves disk space and cuts data transfer time.  Also, there is new workload container pricing and new multiplex pricing, both of which again will save money.

In addition, IBM optimized this machine for both mobile and analytics, as well as for cloud. This is the new versatility of this redefined mainframe. Last year, IBM discounted the cost of mobile transactions on the z. The new machine continues to optimize for mobile with consolidated REST APIs for all z/OS transactions through z/OS Connect while seamlessly channeling z/OS transactions to mobile devices with the MobileFirst Platform. It also ensures end-to-end security from mobile device to mainframe with z/OS, RACF, and MobileFirst products.

For analytics, IBM continues to optimize Hadoop and expand the analytics portfolio on the z13. Specifically, the massive memory capability, up to 10TB, opens new opportunities for in-memory computing. The ability to perform analytics by combining data from different data sources and do it in-memory and in real-time within the platform drives more efficiencies, such as eliminating the need for ETL and the need to move data between platforms, as had previously often been the case. Now, just use Hadoop on z to explore data there within the secure zone of the mainframe. This opens a wide variety of analytics workloads, anything from fraud prevention to customer retention.

In addition to improved price/performance overall, IBM announced Technology Update Pricing for z13, including AWLC price reductions for z13 that deliver 5% price/performance on average in addition to performance gains in software exploitation of z13. DancingDinosaur will dig deeper into the new z13 software pricing in a subsequent post.

And the list of new and improved capabilities with the z13 just keeps going on and on.  With security IBM has accelerated the speed of encryption up to 2x over the zEC12 to help protect the privacy of data throughout its life cycle.  It also extended enhanced public key support for constrained digital environments using Elliptic Curve Cryptography (ECC), which helps applications like Chrome, Firefox, and Apple’s iMessage. In addition, the z13 sports a few I/O enhancements, like the first system to use a standards based approach for enabling Forward Error Correction for a complete end-to-end solution.

Finally, IBM has not abandoned hybrid computing, where you can mix a variety of blades, including x86 Windows blades and others in the zBX extension cabinet. With the z13 IBM introduced the new Mod 004 zBX cabinet, an upgrade from the previous Mod 002 and 003.

DancingDinosaur expects the introduction of the z13 along with structural organization changes, will drive System z quarterly financial performance back into the black as soon as deliveries roll. And if IBM stays consistent with past behavior within a year or so you can expect a scaled down, lower cost business class version of the z13 although it may be not be called business class. Stay tuned; it should be an exciting year.

DancingDinosaur is Alan Radding, a long-time IT analyst and writer. You can follow him on Twitter, @mainframeblog, or check out more of his writing and analysis at or here.

The Mainframe at the Heart of the Security Storm

December 18, 2014

A survey of Chief Information Security Officers (CISOs) released by IBM in early December found more than 80% of security leaders believe the challenge posed by external threats is on the rise, while 60% also agree their organizations are outgunned in the cyber war. Even mainframe shops—the zEC12 has received the highest security rating, EAL 5+ —should not get complacent. There are a lot of bad guys gunning for the data center. Just ask Sony.

 ciso study ibm 2014

At least top management is putting resources into security. Three quarters of the CISO respondents expect their security budgets to increase dramatically over the next 3-5 years. IBM is jumping in with a security paper geared specifically for mainframe shops titled Security Intelligence for Mainframe Environments.

So what are the threats keeping CISOs awake at night?  Based on the study sophisticated external threats were identified by 40% of security leaders as their top concerns. Expect the extra budget to be thrown at these threats, which will require the most organizational effort over the next three to five years, as much as regulations, new technologies, and internal threats combined, according to the IBM analysts.

Although a majority of the CISOs surveyed appear confident their mature, traditional technologies that focus on network intrusion prevention, advanced malware detection, and network vulnerability scanning will fend off outside threats, nearly half reported that deploying new security technology is the top focus area for their organization. Their top worries: data leakage, cloud security, and mobile/device security.

Some other interesting findings from the survey:

  • While concern over cloud security remains strong, still close to 90% of respondents have adopted cloud or are currently planning cloud initiatives. Of this group, most expect their cloud security budget to increase dramatically over the next three to five years.
  • Over 70% of security leaders said real-time security intelligence is increasingly important to their organization. Yet about half found areas such as data classification and discovery and security intelligence analytics have relatively low maturity and require improvement or transformation.
  • Not surprisingly, despite the growing mobile workforce, only 45% believe they have an effective mobile device management approach. According to the study, mobile and device security ranked at the bottom of the maturity list.

Although your data center provides a tempting target to attackers, it also can protect you with an effective counter-punch. That counter-punch is delivered through increasingly powerful and fast analytics, especially real-time analytics. The objective is to identify attacks as they are underway. Otherwise, you are left scrambling to close the proverbial barn door after the horses (data) have left.

This will entail systems that identify who did what and when, recognizing what’s normal behavior versus abnormal, and obtaining visibility into subtle connections between millions of data points. This requires a great deal of contextual data and the analytical means to make sense of it. And here is where you come in: your team needs to integrate mainframe data with distributed events to gain insights that apply to the entire enterprise.

In fact, IBM identifies a series of issues that put the mainframe squarely at the heart of the challenge and the solution:

  • Complexity: The mainframe is an integral component of multiple, often large and complex business services, making it difficult to identify and analyze threats.
  • Visibility: Mainframe processes, procedures and reports are often siloed, impeding cross-enterprise information sharing to combat threats. (But silos also help protect mainframe data—be selective in breaking down the silos.)
  • Compliance: Verification of compliance is frequently a manual task—with problem alerts all too often received only after a problem has occurred.
  • Cost: Mainframe management requires highly skilled administrators, who often are costly and in short supply.

You already have many of the solutions IBM recommends, like RACF, CA-Top Secret, and CA-ACF2. The mainframe security paper cited above covers the rest. Given what happened to Sony, it’s worth reading the paper closely.

Best wishes for the holidays. DancingDinosaur is Alan Radding. You can follow DancingDinosaur on Twitter, @mainframeblog. Check out more of my IT writing and analysis at and here.

Rocket z/SQL Accesses Non-SQL Mainframe Data

August 2, 2013

Rocket Software’s z/SQL enables access to non-SQL mainframe data using standard SQL commands and queries.  The company is offering a z/SQL free trial; you can install it no charge and get full access for as many users as you want. The only caveat, the free version is limited to three files. You can download the free trial here.

z/SQL will run SQL queries against any data source that speaks ANSI 92. “The tool won’t even know it is running relational data,” explained Gregg Willhoit, managing director of the Rocket Data Lab. That means you can run it against VSAM, IMS, Adabas, DB2 for z/OS, and physical sequential files.  In addition, you can use z/SQL to make real-time SQL queries directly to mainframe programs, including CICS TS, IMS TM, CA IDMS, and Natural.

By diverting up to 99% of processing-intensive data mapping and transformation from the mainframe’s CPU to the zIIP, z/SQL lowers MIPS capacity usage and its associated costs, effectively reducing TCO. And, it opens up the zIIP to extend programs and systems of record data to the full range of environments noted above.

z/SQL’s ability to automatically detect the presence of the z’s zIIP assist processor allows it to apply its patent pending technology to further boost the zIIP’s performance advantages.  The key attributes of the zIIP processor—low  cost,  speeds often greater than the speed of the mainframe engines (sub-capacity mainframe license), and its typical low utilization—are fully exploited by z/SQL for lowering a mainframe shop’s  TCO while providing for an accelerated ROI.

Rocket z/SQL is built on Metal C, a z/OS compiler option that provides C-language extensions allowing you to specify assembly statements that call system services directly. The DRDA support and the ANSI 92 SQL engine have been developed using what amounts to a new language that allows even more of z/SQL’s work to continue to run on the zIIP.  One of the key features in Metal C is allowing z/SQL to optimize its code paths for the hardware that it’s running on.  So, no matter if you’re running on older z9 or z10 or the latest zEC12 and zBC12 processors, z/SQL chooses the code path most optimized for your hardware.

With z/SQL you can expand your System z analytics effort and push a wider range of mainframe data analytics to near real time.  Plus, the usual ETL and all of its associated disadvantages are no longer a factor.  As such z/SQL promises to be a disruptive technology that eliminates the need for ETL while pushing the analytics to where the data resides as opposed to ETL, which must bring the data to the analytics.  The latter, noted Willhoit, is fraught with performance and data currency issues.

It’s not that you couldn’t access non-SQL data before z/SQL, but it was more cumbersome and slower.  You would have to replicate data, often via FTP to something like Excel. Rocket, instead, relies on assembler to generate an optimized SQL engine for the z9, z10, z196, zEC12, and now the zBC12.  With z/SQL the process is remarkably simple: no replication, no rewriting of code, just recompile. It generates the optimized assembler (so no assembler work required on your part).

Query performance, reportedly, is quite good.  This is due, in part, because it is written in assembler, but also because it takes advantage of the z’s multi-threading. It reads the non-relational data source with one thread and uses a second thread to process the network I/O.  This parallel I/O architecture for data promises game changing performance, especially for big data, through significant parallelism of network and database I/O.  It also takes full advantage of the System z hardware by using buffer pools and large frames, essentially eliminating dynamic address translation.

z/SQL brings its own diagnostic capabilities, providing a real-time view into transaction threads with comprehensive trace/browse capabilities for diagnostics.  It enables a single, integrated approach to identifying, diagnosing and correcting data connectivity issues between distributed ODBC, ADO.NET, and JDBC client drivers and mainframes. Similarly z/SQL provides dynamic load balancing and a virtual connection facility that reduces the possibility of application failures, improves application availability and performance, as well as supports virtually unlimited concurrent users and transaction rates, according to the company. Finally, it integrates with mainframe RACF, CA-TopSecret, and CA-ACF2 as well as SSL and client-side, certificate-based authentication on distributed platforms. z/SQL fully participates in the choreography of SSL between the application platform and the mainframe.

By accessing mainframe programs and data stored in an array of relational and non-relational formats z/SQL lets you leave mainframe data in place, on the z where it belongs, and avoids the cost and risk of replication or migration. z/SQL becomes another way to turn the z into an enterprise analytics server for both SQL and non-SQL data.

Rocket calls z/SQL the world’s most advanced mainframe access and integration software. A pretty bold statement that begs to be proven through data center experience. Test it in your data center for free.  As noted above, you can download the free trial here. If you do, please let me know how it works out. (Promise it won’t be publicized here.)

Updated Software for IBM zEC12

October 11, 2012

Everyone gets excited by a new piece of hardware, but it is the software that enables the new machine to work its magic. This certainly is the case with the zEC12. On Oct. 3 IBM announced  upgrades to zEnterprise workhorse software like CICS, Omegamon, Cognos, and zSecure intended to better tap the capabilities of zEC12. Even IMS and Sterling are getting a refresh.

Also getting increased attention is Netezza, which has emerged as a key component of IBM’s data analytics approach. Netezza enables IBM to counter Oracle’s Exalytics, another in-memory data analytics appliance. In fact, IBM’s announcement of the newest PureSystems, the PureData System, earlier this week gives IBM another counter punch.

For the zEnterprise IBM adds a flexible storage capability that provides the performance of the IDAA while removing the cost of storage from the z. Netezza will work with whatever IBM storage the organization prefers.  A new incremental update capability propagates data changes as they occur, making it possible to analyze activity almost immediately. This resolves the problem of the data currency, in effect providing as close to real-time analytics as most organizations will get or need.

CICS, which already had become a mainframe workhorse through SOA and web services, now adds rich cloud capabilities too. CICS v5.1 brings new web app capabilities built on the WAS Liberty Profile. New PaaS capabilities enable it to host SaaS apps based on CICS applications. It also employs a new lightweight Java web container that combines Java Servlets and JSPs with fast local access to CICS applications.  IBM reports the enhanced CICS v5.1 delivers a 25% performance gain.

Various online discussion groups are buzzing about the zEC12 software enhancements.  A sampling:

  • IBM provides DB2 10 performance enhancements for z/OS. As importantly for mixed platform (hybrid) shops DB2 10 LUW (Linux UNIX Windows) also will provide similar performance improvements.
  • There is added support for Oracle’s PL/SQL for DB2 10 for stored procedures and Oracle application interfaces for Java, Pro*C, Pro*COBOL, and Forms.
  • IBM also announced significant transactional performance improvements when running WebSphere on the zEC12.
  • IBM has started a Beta Testing Program for the new CICS Transaction Server 5.1 release that has a significant number of enhancements to support Web Applications and CICS application modernization, mainly through IBM’s Rational HATS.
  •  IBM has also improved performance of the C/C++ V1.13 compiler, Metal C feature of the IBM z/OS XL C/C++ compiler; and PL/1 V4.3 compiler for the zEC12.

Maybe less of a buzz generator but IBM Sterling gets a boost with the Sterling B2B Integrator V5.2.4 and Sterling File Gateway V2.2.4 for integration and file-based exchanges. IBM’s zSecure suite V1.13.1 brings new integration with QRadar, expanded integration points with DB2, enhanced RACF database cleanup capabilities, and support for the new enhanced CICS Transaction Server.

IBM also used the announcement to promote the relaunch of zEnterprise Analytics System 9710 (previously called IBM Smart Analytics System 9710) an unusual combo data decision system for analytics. It joins high performance data warehouse management with System z availability and recoverability using the z114. When the IDAA is added the result is a hybrid system of MPP and SMP technologies that combines mixed workload capabilities—both transaction and high speed analytical applications—on single platform tuned for operational business analytics.

Independent Assessment, publisher of DancingDinosaur, has finally released its newest white paper, zEnterprise BladeCenter Extension (zBX): the Case for Adopting Hybrid Computing. It is the most updated look at the zBX yet, including details on the zEC12. Available for free. Click here.

%d bloggers like this: