XYPRO representatives recently attended MRTUG, NENUG, SCTUG, RMTUG and DUST. At DUST, we presented “You Cannot Be PCI Compliant without XYGATE”. Interest in security remains high in the NonStop space, and while presenting at these three user groups, we were fortunate to have interactive discussions with everybody in attendance. Many open questions and discussions took place, which is the primary intention of user groups. Overall, attendance has been as expected, i.e., vendors have outnumbered users. We are happy to see optimism from the users, vendors and HP involving NonStop Blades, based upon the number of customers upgrading.
We believe it’s vital for the NonStop community to continue to have these types of meetings. Going to the user gives a broader group of people a chance to participate in learning what is going on in the HP NonStop space. Furthermore, the Connect meeting next fall should bring a sense to the community that HP still values the NonStop and users. It will not have the feeling of being shuffled in with everybody else, which is the impression many got when including this event with the HP Technology Forum.
Unfortunately, SCTUG was not very well attended with a ratio of 5 to 1 vendors vs. customers. We did, however, have some very good side conversations with the customers. We will be presenting at the next SCTUG which sounds like it will be at the end of March.
On the other hand, the RMTUG meeting in Denver had the biggest turnout we have ever seen. There were several current customers as well as some new faces and companies that we have not heard of, which is great to see.
In all of the meetings, we have chatted with folks about the “ITUG” that will be happening in September and it is like a big revival and everyone is excited again that there will be a Non-Stop conference again in San Jose!
Jay Price
Kevin Boham
Thursday, December 31, 2009
Wednesday, December 16, 2009
BITUG: A “HOME GAME” for XYPRO
After a run of recent European RUGs, visiting places like Madrid, Frankfurt and Stockholm, it was nice for XYPRO’s very busy European office to play a home game and visit a NonStop event that didn’t involve any air travel. In fact this year’s BITUG (British Isles Tandem User Group) Big SIG, held on the 2nd and 3rd December, was just half an hour from XYPRO’s London office.
Day one was a CLIM-themed education day, held at HP’s offices. Day two was the main event and the location was the magnificent Grade I listed, Crown Estate owned, Institute of Directors building on Pall Mall. A walk up the grand staircase led the 196 attendees (103 Non-Stop specific attendees including 40+ NonStop specific end users) up to the first floor, virtually all occupied by the Big SIG/Connect event. The largest room in the building was home to the vendor exhibition and also doubled as the coffee and dining room. The vendor room was slightly smaller than usual, and so space was limited. The 20 exhibitor spots went quickly, on a first-come-first-served basis, leaving a few NonStop Vendor Partners disappointed.
Those who weren’t disappointed were the attendees, who received free entry if they were BITUG members. The vendors didn’t have much to complain about either, with only modest, non-profit fees to pay.
With XYPRO having had its UK office open for well over a decade, the Big SIG was a great opportunity to catch up with many of our British customers. Because there was a BITUG Security SIG earlier this year, there was no specific presentation from XYPRO. There hadn’t been a BITUG Performance SIG in 2009, so a good portion of the vendor presentations were performance based. With five different tracks available, the day was packed with opportunities for all of the attendees.
After a great day with a very friendly atmosphere, it was very nice to have time to visit an English pub before the short journey home, rather than trekking to an airport departure lounge!
For those looking forward to the next BITUG event, the first of around five BITUG SIGs planned for 2010 has a system modernisation theme and the date is 17/02/2010.
For more information on BITUG and its events visit www.bitug.com
Dan Lewis
XYPRO
Day one was a CLIM-themed education day, held at HP’s offices. Day two was the main event and the location was the magnificent Grade I listed, Crown Estate owned, Institute of Directors building on Pall Mall. A walk up the grand staircase led the 196 attendees (103 Non-Stop specific attendees including 40+ NonStop specific end users) up to the first floor, virtually all occupied by the Big SIG/Connect event. The largest room in the building was home to the vendor exhibition and also doubled as the coffee and dining room. The vendor room was slightly smaller than usual, and so space was limited. The 20 exhibitor spots went quickly, on a first-come-first-served basis, leaving a few NonStop Vendor Partners disappointed.
Those who weren’t disappointed were the attendees, who received free entry if they were BITUG members. The vendors didn’t have much to complain about either, with only modest, non-profit fees to pay.
With XYPRO having had its UK office open for well over a decade, the Big SIG was a great opportunity to catch up with many of our British customers. Because there was a BITUG Security SIG earlier this year, there was no specific presentation from XYPRO. There hadn’t been a BITUG Performance SIG in 2009, so a good portion of the vendor presentations were performance based. With five different tracks available, the day was packed with opportunities for all of the attendees.
After a great day with a very friendly atmosphere, it was very nice to have time to visit an English pub before the short journey home, rather than trekking to an airport departure lounge!
For those looking forward to the next BITUG event, the first of around five BITUG SIGs planned for 2010 has a system modernisation theme and the date is 17/02/2010.
For more information on BITUG and its events visit www.bitug.com
Dan Lewis
XYPRO
Thursday, December 10, 2009
From the CEO's Desk
It’s that time of year again. What this really means to you depends on your location and your culture. It might be the middle of summer, a time to bring gifts, a time to relax a bit while your systems are locked down, or a time supporting record high end-of-year transaction volumes.
Speaking of systems, this year is the 35th anniversary of the first Tandem T16 computer, later called the NonStop I. Its 96 kilobytes of main memory and 700 KIPS (thousand instructions per second) bit-slice processor were as impressive then as the current generation NonStop Blade Servers are now, with 48 gigabytes of main memory, 18 megabytes of level 3 cache and 1.66 GHz dual-core Itanium® 9100 series processors.
The first NonStop systems were designed with a few basic principles: modularity, fault tolerance, fail-fast of individual components, and online maintenance. In 1983 XYPRO was formed to develop products for this excitin’ new machine (as Tandem’s founder, Jimmy Treybig, would say) and in 1984 we were named as one of the original Tandem Alliance members. The photo shows Jimmy with XYPRO’s founder, Dale Blommendahl, at an ITUG Summit some 20 years ago.
Since then, neither company has rested on its laurels, both expanding worldwide and supporting some of the most mission critical applications at some of the world’s largest and most prestigious organizations.
While XYPRO’s headquarters is in sunny southern California, our employees are as diverse as our customers. At last count, people from 13 different countries work here. But no matter where we are from or what we believe, the holiday season is the time of year when many of us take some time off to spend with our families, recharge our batteries and ring in the new year. Even so, we will have enough people on hand to support you 24x7 just as we do the rest of the year. Because even when our staff or your staff are on holiday, we know that your NonStop servers are still working around the clock.
Along with work, Decembers at XYPRO include a contest. Each person decorates their office door to reflect how they celebrate. Historically, the halls have been decked with doors made to look like a gingerbread house, a fireplace, a New Year celebration in India, and an ice skating scene. Over the years, we’ve seen themes executed with hand-made dreidels, a brightly lit cactus, snow babies, and even Christmas stockings arranged to represent ‘SOX Compliance’. And Scott Uroff, our Chief XYGATE Engineer, is also known for decorating our NonStop systems.
In addition to an annual holiday lunch and gift exchange, we traditionally take time to reflect on the rewards we receive throughout the year, from our co-workers as well as our valued customers. And as much as I would love to unwrap some of our biggest customers to show them off, I’m afraid those packages will have to remain sealed. Companies whose products are used to protect some of the most important secrets in the world sometimes need to stay under the radar. What I can tell you is that XYGATE users are all in very good company, amongst a customer base of international leaders in government and private industry.
If you want to rub shoulders with these leaders, you don’t need an invitation. Nor do you need to be cleared by the Secret Service. Simply attend one of the dozens of TUG or Connect meetings around the world and you can take advantage of the personal interaction that we love so much.
For example, XYPRO was present at the Connect Germany / GTUG IT Symposium in Darmstadt, celebrating the 35th Anniversary of NonStop and at the prestigious Institute of Directors premises in Pall Mall, London for the BITUG Big SIG meeting. If you were at either event, you would have seen us talking to some of the biggest names in Europe. Some of each event’s highlights are captured at http://blog.xypro.com/.
But we don’t want to forget other parts of the world. Recently, XYPRO has been at meetings in the United States, such as SCTUG in California, DUST in Arizona, and SunTUG in Florida. We also paid a visit to our neighbors to the north at CTUG in Toronto. It’s not too early to think about booking travel to SATUG so that you can rub shoulders with the leading companies in South Africa – who also happen to be our customers!
I would like to close this message with a request. We wonder what family or work traditions you find meaningful and what you like to do when you take time off of work. We would love to hear from you in the comments section. Take as much space as you like to let us know about what’s special to you this time of year.
Sheila Johnson
Speaking of systems, this year is the 35th anniversary of the first Tandem T16 computer, later called the NonStop I. Its 96 kilobytes of main memory and 700 KIPS (thousand instructions per second) bit-slice processor were as impressive then as the current generation NonStop Blade Servers are now, with 48 gigabytes of main memory, 18 megabytes of level 3 cache and 1.66 GHz dual-core Itanium® 9100 series processors.
The first NonStop systems were designed with a few basic principles: modularity, fault tolerance, fail-fast of individual components, and online maintenance. In 1983 XYPRO was formed to develop products for this excitin’ new machine (as Tandem’s founder, Jimmy Treybig, would say) and in 1984 we were named as one of the original Tandem Alliance members. The photo shows Jimmy with XYPRO’s founder, Dale Blommendahl, at an ITUG Summit some 20 years ago.
While XYPRO’s headquarters is in sunny southern California, our employees are as diverse as our customers. At last count, people from 13 different countries work here. But no matter where we are from or what we believe, the holiday season is the time of year when many of us take some time off to spend with our families, recharge our batteries and ring in the new year. Even so, we will have enough people on hand to support you 24x7 just as we do the rest of the year. Because even when our staff or your staff are on holiday, we know that your NonStop servers are still working around the clock.
Along with work, Decembers at XYPRO include a contest. Each person decorates their office door to reflect how they celebrate. Historically, the halls have been decked with doors made to look like a gingerbread house, a fireplace, a New Year celebration in India, and an ice skating scene. Over the years, we’ve seen themes executed with hand-made dreidels, a brightly lit cactus, snow babies, and even Christmas stockings arranged to represent ‘SOX Compliance’. And Scott Uroff, our Chief XYGATE Engineer, is also known for decorating our NonStop systems.
In addition to an annual holiday lunch and gift exchange, we traditionally take time to reflect on the rewards we receive throughout the year, from our co-workers as well as our valued customers. And as much as I would love to unwrap some of our biggest customers to show them off, I’m afraid those packages will have to remain sealed. Companies whose products are used to protect some of the most important secrets in the world sometimes need to stay under the radar. What I can tell you is that XYGATE users are all in very good company, amongst a customer base of international leaders in government and private industry.
If you want to rub shoulders with these leaders, you don’t need an invitation. Nor do you need to be cleared by the Secret Service. Simply attend one of the dozens of TUG or Connect meetings around the world and you can take advantage of the personal interaction that we love so much.
For example, XYPRO was present at the Connect Germany / GTUG IT Symposium in Darmstadt, celebrating the 35th Anniversary of NonStop and at the prestigious Institute of Directors premises in Pall Mall, London for the BITUG Big SIG meeting. If you were at either event, you would have seen us talking to some of the biggest names in Europe. Some of each event’s highlights are captured at http://blog.xypro.com/.
But we don’t want to forget other parts of the world. Recently, XYPRO has been at meetings in the United States, such as SCTUG in California, DUST in Arizona, and SunTUG in Florida. We also paid a visit to our neighbors to the north at CTUG in Toronto. It’s not too early to think about booking travel to SATUG so that you can rub shoulders with the leading companies in South Africa – who also happen to be our customers!
I would like to close this message with a request. We wonder what family or work traditions you find meaningful and what you like to do when you take time off of work. We would love to hear from you in the comments section. Take as much space as you like to let us know about what’s special to you this time of year.
Sheila Johnson
Wednesday, December 2, 2009
GTUG
The 2009 German Tandem User Group (GTUG) was held November 18-20th, and the idea behind this event was a sound one: Take the traditional GTUG event and open it up to all of Europe, meaning more vendors for the end users to talk to and vice versa.
The ten different conference tracks (nine in English and one in German) ensured that there was plenty going on for the 150ish people attending. Most of the content was NonStop based, but with the Connect link, it did mean that some elements weren’t relevant to us NonStop folk. The exhibition section was somewhat of a who’s who in the NonStop vendor world, with around 15 different firms all lined up with their matching shell schemes. A visit to the XYPRO booth revealed this was the first event where XYPRO and Merlon’s new collaboration was evident (see https://www.xypro.com).
With this year being the 35th anniversary of Tandem, there was an interesting mix of content. You’d be sitting in one talk where everyone was reminiscing about the ‘good ol’ days’ when Tandem did everything very differently and how being different was best... then you’d find yourself in an HP presentation where they’d be talking about the many benefits of utilizing as much industry standard blade hardware as possible. One thing is for sure, a modern day NonStop is spectacularly smaller and more powerful than its early Tandem predecessors. The best presentation was just before the coffee break on Thursday though: XYPRO’s Audit, Alerting and Compliance slot!
I attended Karen Copeland’s NonStop Security SIG before lunch on Thursday and was a little surprised by the low number of attendees – maybe 12 of us in total? I’m thinking there could be two explanations for this, the first could be that Bernd Ullmann’s “SCRUM - Do's and Don’ts” presentation was unmissable (nothing personal, Bernd) the second could be that for many, security only really becomes a serious issue when a breach threatens to cost millions of dollars or when a regulator demands action... Whatever the catalyst, you know where to find us.
Thursday evening promised a ‘traditional beer bust at a Darmstadt brewery’. The XYPRO team was bracing ourselves for a heavy night of beer lairyness, so we made sure we’d all packed our drinking hats before we got on our respective planes. But the reality was more ‘dinner in a pub’ than ‘beer bust in a brewery’. Not that I’m complaining, because I wanted to be in good shape for the Security Workshop on Friday the 20th.
Big key-note sessions aside, Friday’s Security Workshop was one of the more heavily attended group meetings of the event, with around 20-25 people. The four vendors present, XYPRO being one of them, had all agreed to give talks which were 100% devoid of product mentions. Everyone stuck to this, but my personal opinion is that it occasionally served to confuse, as it seemed to leave a couple of people with more questions than answers. All in all though, it was a very useful session and worth staying the extra day for.
Our Friday afternoon flight back to the UK signaled the end to a busy couple of days at what was probably the biggest NonStop event in Europe. Hats off to the organizers who had clearly put a lot of time and effort into arranging a very well run show.
Dan Lewis
European Marketing Manager
The ten different conference tracks (nine in English and one in German) ensured that there was plenty going on for the 150ish people attending. Most of the content was NonStop based, but with the Connect link, it did mean that some elements weren’t relevant to us NonStop folk. The exhibition section was somewhat of a who’s who in the NonStop vendor world, with around 15 different firms all lined up with their matching shell schemes. A visit to the XYPRO booth revealed this was the first event where XYPRO and Merlon’s new collaboration was evident (see https://www.xypro.com).
With this year being the 35th anniversary of Tandem, there was an interesting mix of content. You’d be sitting in one talk where everyone was reminiscing about the ‘good ol’ days’ when Tandem did everything very differently and how being different was best... then you’d find yourself in an HP presentation where they’d be talking about the many benefits of utilizing as much industry standard blade hardware as possible. One thing is for sure, a modern day NonStop is spectacularly smaller and more powerful than its early Tandem predecessors. The best presentation was just before the coffee break on Thursday though: XYPRO’s Audit, Alerting and Compliance slot!
I attended Karen Copeland’s NonStop Security SIG before lunch on Thursday and was a little surprised by the low number of attendees – maybe 12 of us in total? I’m thinking there could be two explanations for this, the first could be that Bernd Ullmann’s “SCRUM - Do's and Don’ts” presentation was unmissable (nothing personal, Bernd) the second could be that for many, security only really becomes a serious issue when a breach threatens to cost millions of dollars or when a regulator demands action... Whatever the catalyst, you know where to find us.
Thursday evening promised a ‘traditional beer bust at a Darmstadt brewery’. The XYPRO team was bracing ourselves for a heavy night of beer lairyness, so we made sure we’d all packed our drinking hats before we got on our respective planes. But the reality was more ‘dinner in a pub’ than ‘beer bust in a brewery’. Not that I’m complaining, because I wanted to be in good shape for the Security Workshop on Friday the 20th.
Big key-note sessions aside, Friday’s Security Workshop was one of the more heavily attended group meetings of the event, with around 20-25 people. The four vendors present, XYPRO being one of them, had all agreed to give talks which were 100% devoid of product mentions. Everyone stuck to this, but my personal opinion is that it occasionally served to confuse, as it seemed to leave a couple of people with more questions than answers. All in all though, it was a very useful session and worth staying the extra day for.
Our Friday afternoon flight back to the UK signaled the end to a busy couple of days at what was probably the biggest NonStop event in Europe. Hats off to the organizers who had clearly put a lot of time and effort into arranging a very well run show.
Dan Lewis
European Marketing Manager
Wednesday, November 18, 2009
From the CEO's Desk
Thanksgiving was celebrated last month in Canada where it is also called Jour de l'Action de grace and represents the end of the harvest. In the United States, we celebrate in November and give thanks to the Native Americans for keeping the English colonists from starving in the dead of winter.
The end of October saw us wrapping up two weeks of classes on the topic of NonStop security in our southern California office. Professionals attended from Malaysia, Mexico and the USA, representing manufacturing, energy and financial companies. Both our Securing Your HP NonStop Environment with Safeguard and XYGATE and the follow-on Comprehensive HP NonStop Security courses were sold out, confirming that protection of corporate information is essential, even in a down economy.
We enjoy hosting customers in our office because, like our products, it supports our mission of contributing to the protection of corporate information on the computing platform that outperforms all others. Furthermore, our education program gives our developers and technical staff a better feel for what it is that our customers need to make them successful. We welcome the partnership that results from direct interaction and exchange of information with our customers and fellow vendors and hope you find it as rewarding as we do.
Speaking of partnering, and Canada, we recently took another strategic step forward by signing an agreement with Merlon Software, based in Toronto. The agreement entitles XYPRO to represent Merlon’s products worldwide. This was a serious decision for us, and we found the business case is compelling.
Where XYPRO is aimed at protection of data, Merlon focuses on database management. Merlon’s products allow you to automate management of your file and disk space, monitor and correct database degradation, analyze key-sequenced files for proper partitioning, and increase your productivity when working with SQL/MP and SQL/MX tables. And just like many XYPRO products, Merlon products allow you to manage and monitor your NonStop server from a graphical user interface on a PC, freeing you from the drudgery of looking up commands and syntax that you might use only once in a great while. In sort, this partnership helps you do more with less, and with a lot less stress for you and your staff.
Our companies have in common a dedication to excellence in customer service and the ability to build products that improve efficiency, productivity and performance in today’s complex IT environments. This partnership represents a natural progression for both companies and a great way to bring more value to the NonStop user community.
In the spirit of Thanksgiving, I would like to express my gratitude to all of our wonderful employees and partners for their dedication to making XYPRO a leader in the industry and a great place to work. And a special Thank You goes to all of our customers too, who have put their security needs our hands.
Happy Thanksgiving everyone!!
-Sheila Johnson
The end of October saw us wrapping up two weeks of classes on the topic of NonStop security in our southern California office. Professionals attended from Malaysia, Mexico and the USA, representing manufacturing, energy and financial companies. Both our Securing Your HP NonStop Environment with Safeguard and XYGATE and the follow-on Comprehensive HP NonStop Security courses were sold out, confirming that protection of corporate information is essential, even in a down economy.
We enjoy hosting customers in our office because, like our products, it supports our mission of contributing to the protection of corporate information on the computing platform that outperforms all others. Furthermore, our education program gives our developers and technical staff a better feel for what it is that our customers need to make them successful. We welcome the partnership that results from direct interaction and exchange of information with our customers and fellow vendors and hope you find it as rewarding as we do.
Speaking of partnering, and Canada, we recently took another strategic step forward by signing an agreement with Merlon Software, based in Toronto. The agreement entitles XYPRO to represent Merlon’s products worldwide. This was a serious decision for us, and we found the business case is compelling.
Where XYPRO is aimed at protection of data, Merlon focuses on database management. Merlon’s products allow you to automate management of your file and disk space, monitor and correct database degradation, analyze key-sequenced files for proper partitioning, and increase your productivity when working with SQL/MP and SQL/MX tables. And just like many XYPRO products, Merlon products allow you to manage and monitor your NonStop server from a graphical user interface on a PC, freeing you from the drudgery of looking up commands and syntax that you might use only once in a great while. In sort, this partnership helps you do more with less, and with a lot less stress for you and your staff.
Our companies have in common a dedication to excellence in customer service and the ability to build products that improve efficiency, productivity and performance in today’s complex IT environments. This partnership represents a natural progression for both companies and a great way to bring more value to the NonStop user community.
In the spirit of Thanksgiving, I would like to express my gratitude to all of our wonderful employees and partners for their dedication to making XYPRO a leader in the industry and a great place to work. And a special Thank You goes to all of our customers too, who have put their security needs our hands.
Happy Thanksgiving everyone!!
-Sheila Johnson
Wednesday, November 11, 2009
Auditing the HP NonStop Server: Stop the Bad Dreams!
Ever had a bad dream about an upcoming audit? The one in which you’re told you must be prepared to assist the auditors? The HP NonStop Server is not familiar territory to many auditors, which can cause a lot of anxiety for them and you. Moreover, there are times when an auditor must tackle the audit of a NonStop server immediately, without adequate time to read the appropriate reference manuals: HP NonStop Security: A Practical Handbook, Securing HP NonStop Servers In An Open Systems World: TCP/IP, OSS and SQL and The Security Management Guide. You may have read them, or looked up a topic or two – but you probably don’t know them by heart, which only adds to your stress level.
You are not alone. The following is intended to help you educate your auditor, and lead you toward gathering the pertinent information that will be needed to conduct the audit—so you can say goodbye to your bad dreams!
The Basics
Security on the NonStop server starts with the operating system, Guardian. Guardian provides a basic level of security that deals with users and diskfiles and provides limits on the READ, WRITE, EXECUTE and PURGE operations. Users in system management, operations, security, and change control generally deal with Guardian environment using the TACL command interpreter program. Guardian supports the OSS ‘personality’ which is a UNIX-like extension that can be used in place of the TACL environment using a program called OSS Shell or osh.
Safeguard is the HP supported security system that can be used to manage users, object access control lists (ACLs), auditing and security event exit processes (SEEPs). XYPRO’s proven products allow for easy use of Safeguard to manage users and object ACLsand for use of SEEPs to significantly extend Safeguard functionality. Many companies in all industries around the globe use these products to not only reduce stress but to also boost security administration accuracy and productivity.
$CMON is an optional Guardian extension that allows for control of the logon operation and the program run operation. It does not require Safeguard to be used. $CMON must either exist on the NonStop server or there must be security controls to prevent its use.
Users are given access by creating Guardian or Safeguard userids. Guardian is no longer recommended because it does not support many features available in Safeguard, most important of which is Password Expiration. Userids are specified as a groupnumber, usernumber and as a groupname, username. The groupnumber is between 0 and 255 and once the first user has been assigned to a group, the groupname will be set for all userids in the group. The usernumber is between 0 and 255, and the username must be unique within the group. There is one userid that must be on the system: 255,255, which is usually called SUPER.SUPER.
For More Info:
You can view the complete article highlighting the questions and answers surrounding some of the most common problems found on the HP NonStop server by emailing lisap@xypro.com , enter “Audit NonStop Server” in the subject line.
When a more thorough audit is planned you may want to consider using a checklist where each Security Requirement is clearly identified, and the sources of such requirement are provided. You will find a complete checklist on https://www.xypro.com//. If you follow it closely and are able to “check” every item…you may find yourself PCI, SOX (Cobit), HIPAA, and SB1386 compliant and happy to invite your Auditor in. Isn’t that a dream?!
Lauren Uroff
XYPRO Technology Corporation
You are not alone. The following is intended to help you educate your auditor, and lead you toward gathering the pertinent information that will be needed to conduct the audit—so you can say goodbye to your bad dreams!
The Basics
Security on the NonStop server starts with the operating system, Guardian. Guardian provides a basic level of security that deals with users and diskfiles and provides limits on the READ, WRITE, EXECUTE and PURGE operations. Users in system management, operations, security, and change control generally deal with Guardian environment using the TACL command interpreter program. Guardian supports the OSS ‘personality’ which is a UNIX-like extension that can be used in place of the TACL environment using a program called OSS Shell or osh.
Safeguard is the HP supported security system that can be used to manage users, object access control lists (ACLs), auditing and security event exit processes (SEEPs). XYPRO’s proven products allow for easy use of Safeguard to manage users and object ACLsand for use of SEEPs to significantly extend Safeguard functionality. Many companies in all industries around the globe use these products to not only reduce stress but to also boost security administration accuracy and productivity.
$CMON is an optional Guardian extension that allows for control of the logon operation and the program run operation. It does not require Safeguard to be used. $CMON must either exist on the NonStop server or there must be security controls to prevent its use.
Users are given access by creating Guardian or Safeguard userids. Guardian is no longer recommended because it does not support many features available in Safeguard, most important of which is Password Expiration. Userids are specified as a groupnumber, usernumber and as a groupname, username. The groupnumber is between 0 and 255 and once the first user has been assigned to a group, the groupname will be set for all userids in the group. The usernumber is between 0 and 255, and the username must be unique within the group. There is one userid that must be on the system: 255,255, which is usually called SUPER.SUPER.
For More Info:
You can view the complete article highlighting the questions and answers surrounding some of the most common problems found on the HP NonStop server by emailing lisap@xypro.com , enter “Audit NonStop Server” in the subject line.
When a more thorough audit is planned you may want to consider using a checklist where each Security Requirement is clearly identified, and the sources of such requirement are provided. You will find a complete checklist on https://www.xypro.com//. If you follow it closely and are able to “check” every item…you may find yourself PCI, SOX (Cobit), HIPAA, and SB1386 compliant and happy to invite your Auditor in. Isn’t that a dream?!
Lauren Uroff
XYPRO Technology Corporation
Wednesday, November 4, 2009
XYPRO® Announces Strategic Reseller Relationship with Merlon
Los Angeles, Calif. (4, November 2009) XYPRO Technology Corporation, a leading provider of security software for HP NonStop™ Server environments, today announced a strategic partnership with Merlon Software Corporation of Toronto, Canada. Effective immediately, XYPRO will represent Merlon’s database management software solutions on a global scale.
“XYPRO offers a superior security solution set for businesses running on HP NonStop servers. With Merlon’s expertise and comprehensive offering in database management on the same computing platform, this partnership made complete sense,” said Rick Pettifer, CEO at Merlon. “XYPRO is a leader in the NonStop space, offering worldwide distribution channels as well as unmatched customer service to every client around the globe. With economies of scale, this really presented itself as a natural progression and a great fit for both of us.”
“Merlon products provide companies who rely on NonStop servers for storing and processing vast amounts of data with the means to efficiently administer even the most complex database environments. Demand for these solutions is high because they introduce operational simplicity and consistency vital to strengthening productivity and performance,” said Sheila Johnson, CEO at XYPRO. “We are very pleased to offer their unparalleled database management solutions. By partnering with Merlon, we can offer our clients a more robust portfolio of solutions to address their mission-critical needs.”
“XYPRO offers a superior security solution set for businesses running on HP NonStop servers. With Merlon’s expertise and comprehensive offering in database management on the same computing platform, this partnership made complete sense,” said Rick Pettifer, CEO at Merlon. “XYPRO is a leader in the NonStop space, offering worldwide distribution channels as well as unmatched customer service to every client around the globe. With economies of scale, this really presented itself as a natural progression and a great fit for both of us.”
“Merlon products provide companies who rely on NonStop servers for storing and processing vast amounts of data with the means to efficiently administer even the most complex database environments. Demand for these solutions is high because they introduce operational simplicity and consistency vital to strengthening productivity and performance,” said Sheila Johnson, CEO at XYPRO. “We are very pleased to offer their unparalleled database management solutions. By partnering with Merlon, we can offer our clients a more robust portfolio of solutions to address their mission-critical needs.”
Wednesday, October 28, 2009
Successful Security SIG
Thursday the 8th of October saw XYPRO’s British contingent (Sean and myself, Dan) heading to London for the fourth British Isles Tandem User Group (BITUG) Special Interest Group (SIG) of the year – the subject matter being very close to our heart: security.
The location was Hewlett Packard’s Wood Street offices in Moorgate, central London. If you’re a fan of Google Earth and ever find yourself visiting those offices, make sure you take a quick trip up to the top floor in one of the glass elevators – you’re assured a great view! Back to business: HP deserve a special thanks for providing their facilities, food and refreshments.
The day started off with a Connect/GTUG update (event in Germany on 18th and 19th November, with optional Security Workshop on the 20th). The two day conference element appears to have a feature-packed schedule of around seven different tracks. For any non-German speakers considering a visit, just one of those tracks is in German, so the vast majority will be in English and ideal for international visitors. We’ll update the XYPRO news feeds as soon as the schedule is completed.
Next up was an HP Security update from Iain Liston Brown who covered several products, including the use of XYPRO’s XYGATE Merged Audit (XMA) when using HP’s Compliance Log Warehouse (CLW) with NonStop servers. This was followed by an interesting presentation by James Tomaney of Barclays. Most of the ears in the room pricked up when he broached the successful move from IBM to NonStop for Barclays’ ATM network.
The afternoon saw three vendor presentations, including XYPRO’s Audit in the Enterprise. An interesting point raised was the submissions made to the DataLoss Database website, point your browser toward http://datalossdb.org/ for some rather alarming reading.
Last up was Ron LaPedis’ Volume Level Encryption presentation, exploring the various potentials for NonStop data loss and what can be done to prevent the loss and/or encrypt the data.
It was a shame that the PCI Qualified Security Assessor (QSA) had to pull out of his presentation, as I’m sure that would have made for some useful information, but that didn’t take anything away from what was still a very useful day. Fingers crossed we’ll revisit the subject of PCI compliance on NonStop in a future event – the next one being the BITUG ‘Big SIG’ on 3rd December in London (and education day on 2nd).
With the Security SIG now out of the way, the BITUG team will be turning their attention to dotting the Is and crossing the Ts on the Big SIG plans. Keep your eye on the XYPRO news feeds (LinkedIn, Facebook, Twitter, XYPRO.com etc.) and www.bitug.com for more info.
Dan Lewis
European Marketing Manager
XYPRO Technology Corporation
The location was Hewlett Packard’s Wood Street offices in Moorgate, central London. If you’re a fan of Google Earth and ever find yourself visiting those offices, make sure you take a quick trip up to the top floor in one of the glass elevators – you’re assured a great view! Back to business: HP deserve a special thanks for providing their facilities, food and refreshments.
The day started off with a Connect/GTUG update (event in Germany on 18th and 19th November, with optional Security Workshop on the 20th). The two day conference element appears to have a feature-packed schedule of around seven different tracks. For any non-German speakers considering a visit, just one of those tracks is in German, so the vast majority will be in English and ideal for international visitors. We’ll update the XYPRO news feeds as soon as the schedule is completed.
Next up was an HP Security update from Iain Liston Brown who covered several products, including the use of XYPRO’s XYGATE Merged Audit (XMA) when using HP’s Compliance Log Warehouse (CLW) with NonStop servers. This was followed by an interesting presentation by James Tomaney of Barclays. Most of the ears in the room pricked up when he broached the successful move from IBM to NonStop for Barclays’ ATM network.
The afternoon saw three vendor presentations, including XYPRO’s Audit in the Enterprise. An interesting point raised was the submissions made to the DataLoss Database website, point your browser toward http://datalossdb.org/ for some rather alarming reading.
Last up was Ron LaPedis’ Volume Level Encryption presentation, exploring the various potentials for NonStop data loss and what can be done to prevent the loss and/or encrypt the data.
It was a shame that the PCI Qualified Security Assessor (QSA) had to pull out of his presentation, as I’m sure that would have made for some useful information, but that didn’t take anything away from what was still a very useful day. Fingers crossed we’ll revisit the subject of PCI compliance on NonStop in a future event – the next one being the BITUG ‘Big SIG’ on 3rd December in London (and education day on 2nd).
With the Security SIG now out of the way, the BITUG team will be turning their attention to dotting the Is and crossing the Ts on the Big SIG plans. Keep your eye on the XYPRO news feeds (LinkedIn, Facebook, Twitter, XYPRO.com etc.) and www.bitug.com
Dan Lewis
European Marketing Manager
XYPRO Technology Corporation
Wednesday, October 21, 2009
Stockholm Calling
The last four months of 2009 sees a relative flurry of activity for the NonStop community in Europe. The first of six different outings in the space of three months started with the Viking NonStop User Group’s (VNUG) annual event. This year it was held in Sweden at the Vidbynäs Slott golf hotel in Nykvarn. That’s about an hour from Stockholm, or more like an hour and a half if you had our taxi driver, whose aptitude for navigation was matched only by our grasp of Swedish - what goes around comes around I guess!
This is XYPRO’s sixth visit to the well run and very friendly VNUG event, which has never been held in the same location twice and switches between Finland and Sweden – sometimes literally, as was the case of the ferry-based conference a couple of years ago!
Day one (28th September) was an optional education or golf day. The accredited education (Troubleshooting in the NonStop OSS Environment) was provided by HP at its Solna office and the golf was on the very picturesque course next to the conference hotel. We were unable to attend either this year, arriving late in the evening on the 28th, but on talking to the golf participants in the bar, it sounds like we were spared a tough afternoon of searching through aggressive rough and the loss of several balls to tricky water hazards!
Days two and three (29th, 30th September) saw the conference proper. A busy agenda of eight vendor presentations, two slots from HP (interesting to hear about the launch of quad core blades in 2010/2011) user presentations, and an HP Q&A session.
XYPRO’s PCI compliance and enterprise auditing presentation was scheduled in for just after lunch on the 29th. That turned out to be great timing, as everyone left lunch in an upbeat mood after having had some very good food.
Later that day saw all participants divided into teams for the VNUG competition. This involved walking the Vidbynäs Slott grounds answering NonStop-based quiz questions. An expertly timed beer stop after question four ensured everyone had enough lubrication to complete the full ten questions without any hardship. Proving that my team was paying full attention during the day’s presentations, I found myself in the joint winning team (9 out of 10 correct) and recipient of a rather splendid chopping board and carving kit – which later resulted in a fine from British Airways for overweight baggage, but that’s a different story! More great food and wine at dinner set the scene for a good evening of business networking and competitions in the pool lounge upstairs...
Day three picked up where the conference part of day two had ended. HP’s NonStop Programs Marketing Manager, Diana Cortes’ update made for some interesting viewing, including news of the Connect Global NonStop Summit being planned for October or November 2010 in California – exact details are still being finalised. The conference came to an end mid afternoon on the 30th, with presentation of various vendor and VNUG competition prizes – congratulations to Esa from Nordic Processor who won XYPRO’s prize, a wireless iPod dock.
Our thanks to Tommy Johansson and everyone at VNUG for putting on another excellent event. We’ll hopefully see you again in December for the unofficial ‘VNUG Christmas Beers’ I was talking to Sami about! Failing that, we look forward to VNUG 2010.
See the XYPRO calendar for all upcoming European and global events we’ll be attending.
Dan Lewis
European Marketing Manager
XYPRO Technology
This is XYPRO’s sixth visit to the well run and very friendly VNUG event, which has never been held in the same location twice and switches between Finland and Sweden – sometimes literally, as was the case of the ferry-based conference a couple of years ago!
Day one (28th September) was an optional education or golf day. The accredited education (Troubleshooting in the NonStop OSS Environment) was provided by HP at its Solna office and the golf was on the very picturesque course next to the conference hotel. We were unable to attend either this year, arriving late in the evening on the 28th, but on talking to the golf participants in the bar, it sounds like we were spared a tough afternoon of searching through aggressive rough and the loss of several balls to tricky water hazards!
Days two and three (29th, 30th September) saw the conference proper. A busy agenda of eight vendor presentations, two slots from HP (interesting to hear about the launch of quad core blades in 2010/2011) user presentations, and an HP Q&A session.
XYPRO’s PCI compliance and enterprise auditing presentation was scheduled in for just after lunch on the 29th. That turned out to be great timing, as everyone left lunch in an upbeat mood after having had some very good food.
Later that day saw all participants divided into teams for the VNUG competition. This involved walking the Vidbynäs Slott grounds answering NonStop-based quiz questions. An expertly timed beer stop after question four ensured everyone had enough lubrication to complete the full ten questions without any hardship. Proving that my team was paying full attention during the day’s presentations, I found myself in the joint winning team (9 out of 10 correct) and recipient of a rather splendid chopping board and carving kit – which later resulted in a fine from British Airways for overweight baggage, but that’s a different story! More great food and wine at dinner set the scene for a good evening of business networking and competitions in the pool lounge upstairs...
Day three picked up where the conference part of day two had ended. HP’s NonStop Programs Marketing Manager, Diana Cortes’ update made for some interesting viewing, including news of the Connect Global NonStop Summit being planned for October or November 2010 in California – exact details are still being finalised. The conference came to an end mid afternoon on the 30th, with presentation of various vendor and VNUG competition prizes – congratulations to Esa from Nordic Processor who won XYPRO’s prize, a wireless iPod dock.
Our thanks to Tommy Johansson and everyone at VNUG for putting on another excellent event. We’ll hopefully see you again in December for the unofficial ‘VNUG Christmas Beers’ I was talking to Sami about! Failing that, we look forward to VNUG 2010.
See the XYPRO calendar for all upcoming European and global events we’ll be attending.
Dan Lewis
European Marketing Manager
XYPRO Technology
Wednesday, October 14, 2009
Use XSW to save time and money for HP NonStop file reports and compliance
Part 1of 3
Why would you even think of using DSAP for PCI, SOX, HIPAA or other security compliance reports? Yes you can create DSAP reports on HP NonStop Guardian files, such as PROGID, LICENSE, files greater than some size, security settings or owners, but killing hours and hours of your time. Creating these reports for a just a single node would take hours and what you would have is a pile of useless paper! I feel sorry for the wasted trees.
Using XYPRO’s Security Compliance Wizard (XSW) can save you all that grief and time to generate PCI, SOX, HIPAA or other security compliance reports. Don’t waste your time! XSW can automatically create these custom reports for you in minutes, instead of hours or days. In addition, it can be streamlined to identify only changed files, thus saving many hours of analysis work. XSW can collect from multiple systems and generate combined reports from the multiple systems, something you just can’t do with any other tool.
- Ellen Alvarado
NonStop Security Specialist
Why would you even think of using DSAP for PCI, SOX, HIPAA or other security compliance reports? Yes you can create DSAP reports on HP NonStop Guardian files, such as PROGID, LICENSE, files greater than some size, security settings or owners, but killing hours and hours of your time. Creating these reports for a just a single node would take hours and what you would have is a pile of useless paper! I feel sorry for the wasted trees.
Using XYPRO’s Security Compliance Wizard (XSW) can save you all that grief and time to generate PCI, SOX, HIPAA or other security compliance reports. Don’t waste your time! XSW can automatically create these custom reports for you in minutes, instead of hours or days. In addition, it can be streamlined to identify only changed files, thus saving many hours of analysis work. XSW can collect from multiple systems and generate combined reports from the multiple systems, something you just can’t do with any other tool.
- Ellen Alvarado
NonStop Security Specialist
Wednesday, October 7, 2009
How to Resist a Dictionary Attack:
Password Quality is Key
If you’re a security or network administrator, then you probably already know that withstanding a dictionary attack is a common security requirement. For those who may not know, a dictionary attack refers to the general technique of trying to guess some secret, usually a password, by running through a list of likely possibilities, often a list of words from a dictionary.
So, what type of password can resist a dictionary attack? Well, one that is not a word that can be found in any dictionary, of course! Simply put, the best defense against a dictionary attack is a strong password composed of a combination of different types of characters.
Password Quality is Key!
Password quality is so critical that it is a PCI compliance requirement. Further, password quality plays a key role in resisting even a brute force attack because password cracking programs, used for such attacks, work by applying all the common variations of every word in the dictionary. They generate character sequences working through all possible one-character passwords, then two character, then three character, etc. The variations of words are encrypted and then the resulting hashes are compared to the hashes in the password file being cracked. If the hashes match, the password is known
Our Solution
XYPRO’s Password Quality (XPQ) software has helped numerous users effectively resist a dictionary attack. XPQ provides a wide range of password strengthening techniques, forcing users to create passwords that are able to withstand a dictionary attack. XPQ can be configured to require the following of users when creating or changing their passwords:
• Include both upper and lower case characters
• Include special characters in the password
• Include control characters in the password
• Include letters and numbers in the password
• Do not include any part of the user’s logon ID in the password
• Use password length of up to 64-characters long
What’s more, the rules can be mixed and matched to meet any site’s password quality requirements. Along with a minimum password length, periodic password expiration, and password history tracking, passwords created with XPQ-enforced rules would be virtually unbreakable via a dictionary attack.
In addition to enforcing Password Quality rules, XPQ offers yet another approach to withstanding a dictionary attack – generated passwords. If XPQ is configured to take advantage of this function, the generated passwords always match your configured quality rules and, therefore, are not vulnerable to a dictionary attack. Because many dictionary attacks target privileged userids such as SUPER.SUPER or the application owners, companies could establish a policy of always using generated passwords for their privileged userids.
The Proof is in the Numbers
The table below shows the amount of time* a successful brute force attack takes, depending on the combination of characters used in the password.
*The numbers should not be interpreted as actual time. The speed of the attack depends on multiple factors including computing resources, password encryption level, etc. However the table is a good illustration of how important enforcing password quality rules is for brute force attack resistance. Source for statistics and calculations: http://geodsoft.com/howto/password/cracking_passwords.htm
As the table shows, cracking a “simple” seven-character password would take 22.3 hours, while the same seven-character password composed of mixed case characters extends the attack time to 3.91 months. Adding numbers and symbols to the password, extends the time needed to process all possible combinations to more than two years. So, if a password is also changed regularly, this can mean an extended state of security against an attack.
Bottom line: Don’t let your system and critical data be left vulnerable to attack due to easily decoded passwords. Maximize XPQ to keep your passwords up to par!
Want to learn more? Visit us at www.xypro.com
If you’re a security or network administrator, then you probably already know that withstanding a dictionary attack is a common security requirement. For those who may not know, a dictionary attack refers to the general technique of trying to guess some secret, usually a password, by running through a list of likely possibilities, often a list of words from a dictionary.
So, what type of password can resist a dictionary attack? Well, one that is not a word that can be found in any dictionary, of course! Simply put, the best defense against a dictionary attack is a strong password composed of a combination of different types of characters.
Password Quality is Key!
Password quality is so critical that it is a PCI compliance requirement. Further, password quality plays a key role in resisting even a brute force attack because password cracking programs, used for such attacks, work by applying all the common variations of every word in the dictionary. They generate character sequences working through all possible one-character passwords, then two character, then three character, etc. The variations of words are encrypted and then the resulting hashes are compared to the hashes in the password file being cracked. If the hashes match, the password is known
Our Solution
XYPRO’s Password Quality (XPQ) software has helped numerous users effectively resist a dictionary attack. XPQ provides a wide range of password strengthening techniques, forcing users to create passwords that are able to withstand a dictionary attack. XPQ can be configured to require the following of users when creating or changing their passwords:
• Include both upper and lower case characters
• Include special characters in the password
• Include control characters in the password
• Include letters and numbers in the password
• Do not include any part of the user’s logon ID in the password
• Use password length of up to 64-characters long
What’s more, the rules can be mixed and matched to meet any site’s password quality requirements. Along with a minimum password length, periodic password expiration, and password history tracking, passwords created with XPQ-enforced rules would be virtually unbreakable via a dictionary attack.
In addition to enforcing Password Quality rules, XPQ offers yet another approach to withstanding a dictionary attack – generated passwords. If XPQ is configured to take advantage of this function, the generated passwords always match your configured quality rules and, therefore, are not vulnerable to a dictionary attack. Because many dictionary attacks target privileged userids such as SUPER.SUPER or the application owners, companies could establish a policy of always using generated passwords for their privileged userids.
The Proof is in the Numbers
The table below shows the amount of time* a successful brute force attack takes, depending on the combination of characters used in the password.
*The numbers should not be interpreted as actual time. The speed of the attack depends on multiple factors including computing resources, password encryption level, etc. However the table is a good illustration of how important enforcing password quality rules is for brute force attack resistance. Source for statistics and calculations: http://geodsoft.com/howto/password/cracking_passwords.htm
As the table shows, cracking a “simple” seven-character password would take 22.3 hours, while the same seven-character password composed of mixed case characters extends the attack time to 3.91 months. Adding numbers and symbols to the password, extends the time needed to process all possible combinations to more than two years. So, if a password is also changed regularly, this can mean an extended state of security against an attack.
Bottom line: Don’t let your system and critical data be left vulnerable to attack due to easily decoded passwords. Maximize XPQ to keep your passwords up to par!
Want to learn more? Visit us at www.xypro.com
Monday, September 28, 2009
From the CEO's Desk - September 28, 2009
From The CEO's Desk
For many years, XYPRO's security and compliance solutions have been the choice of leading organizations using the NonStop server. While I have met many of you at TUG meetings and Connect events, these venues are too few and far in between to support frequent discussions. So, XYPRO is in the process of opening up several new channels of communications that we believe will let us keep in closer contact with you, our customers and partners.
We are announcing our LinkedIn group, facebook, and if you want something a bit more real time you can follow us on Twitter. The intent of these channels is to let us provide timely general information to our customer base.
We know that resources are especially tight these days and we want to ensure that we are providing value to our customers in everything that we write. To this end, I am pleased to announce that XYPRO will be publishing several blogs on a regular basis. You can sign up for one or for all of them and our RSS feed will notify you when an update is available.
In From The CEOs Desk, I plan to talk about topics of general interest to the NonStop community around security, blades, cloud computing, virtualization, and compliance. This column will be published every month.
The Voice of the Customer will invite guest authors to talk about their challenges and how they have worked to meet them. It will cover real-life stories and real solutions. It may be edgy at times, and customers who cannot speak freely may be published anonymously. If you wish to submit an idea for a customer or topic, or you are a customer with a topic in mind, please send me an email. This column will be published monthly.
The third column we plan to publish should be a very interesting read. Based on the volume and kind of questions that our technical staff receives, they will be putting together a Tips and Tricks column which should increase your productivity and success in meeting your company’s security and compliance goals with XYPRO products. If there is something you just can't figure out, or want to know if there is a better way to perform a function, this column is for you. It will be published monthly as well.
Finally, XYPRO will participate in many upcoming TUG and Connect events. Some of these are CTUG, DUST, GTUG, INUG, SunTUG, VNUG and the BITUG Security SIG. Our updated events list is always available here.
Historically, TUGS have had some pretty interesting names and to launch this column properly, we're holding a contest. Anyone who sends me an email before October 30th, with the correctly expanded names of the TUGs listed above will be entered into a drawing for a USB encrypted memory stick. Due to US regulations, this contest is not open to government employees in any country.
Talk to you soon!
Sheila Johnson
For many years, XYPRO's security and compliance solutions have been the choice of leading organizations using the NonStop server. While I have met many of you at TUG meetings and Connect events, these venues are too few and far in between to support frequent discussions. So, XYPRO is in the process of opening up several new channels of communications that we believe will let us keep in closer contact with you, our customers and partners.
We are announcing our LinkedIn group, facebook, and if you want something a bit more real time you can follow us on Twitter. The intent of these channels is to let us provide timely general information to our customer base.
We know that resources are especially tight these days and we want to ensure that we are providing value to our customers in everything that we write. To this end, I am pleased to announce that XYPRO will be publishing several blogs on a regular basis. You can sign up for one or for all of them and our RSS feed will notify you when an update is available.
In From The CEOs Desk, I plan to talk about topics of general interest to the NonStop community around security, blades, cloud computing, virtualization, and compliance. This column will be published every month.
The Voice of the Customer will invite guest authors to talk about their challenges and how they have worked to meet them. It will cover real-life stories and real solutions. It may be edgy at times, and customers who cannot speak freely may be published anonymously. If you wish to submit an idea for a customer or topic, or you are a customer with a topic in mind, please send me an email. This column will be published monthly.
The third column we plan to publish should be a very interesting read. Based on the volume and kind of questions that our technical staff receives, they will be putting together a Tips and Tricks column which should increase your productivity and success in meeting your company’s security and compliance goals with XYPRO products. If there is something you just can't figure out, or want to know if there is a better way to perform a function, this column is for you. It will be published monthly as well.
Finally, XYPRO will participate in many upcoming TUG and Connect events. Some of these are CTUG, DUST, GTUG, INUG, SunTUG, VNUG and the BITUG Security SIG. Our updated events list is always available here.
Historically, TUGS have had some pretty interesting names and to launch this column properly, we're holding a contest. Anyone who sends me an email before October 30th, with the correctly expanded names of the TUGs listed above will be entered into a drawing for a USB encrypted memory stick. Due to US regulations, this contest is not open to government employees in any country.
Talk to you soon!
Sheila Johnson
Subscribe to:
Posts (Atom)
Posts
