Wednesday, November 18, 2009

From the CEO's Desk

Thanksgiving was celebrated last month in Canada where it is also called Jour de l'Action de grace and represents the end of the harvest. In the United States, we celebrate in November and give thanks to the Native Americans for keeping the English colonists from starving in the dead of winter.

The end of October saw us wrapping up two weeks of classes on the topic of NonStop security in our southern California office. Professionals attended from Malaysia, Mexico and the USA, representing manufacturing, energy and financial companies. Both our Securing Your HP NonStop Environment with Safeguard and XYGATE and the follow-on Comprehensive HP NonStop Security courses were sold out, confirming that protection of corporate information is essential, even in a down economy.

We enjoy hosting customers in our office because, like our products, it supports our mission of contributing to the protection of corporate information on the computing platform that outperforms all others. Furthermore, our education program gives our developers and technical staff a better feel for what it is that our customers need to make them successful. We welcome the partnership that results from direct interaction and exchange of information with our customers and fellow vendors and hope you find it as rewarding as we do.

Speaking of partnering, and Canada, we recently took another strategic step forward by signing an agreement with Merlon Software, based in Toronto. The agreement entitles XYPRO to represent Merlon’s products worldwide. This was a serious decision for us, and we found the business case is compelling.

Where XYPRO is aimed at protection of data, Merlon focuses on database management. Merlon’s products allow you to automate management of your file and disk space, monitor and correct database degradation, analyze key-sequenced files for proper partitioning, and increase your productivity when working with SQL/MP and SQL/MX tables. And just like many XYPRO products, Merlon products allow you to manage and monitor your NonStop server from a graphical user interface on a PC, freeing you from the drudgery of looking up commands and syntax that you might use only once in a great while. In sort, this partnership helps you do more with less, and with a lot less stress for you and your staff.

Our companies have in common a dedication to excellence in customer service and the ability to build products that improve efficiency, productivity and performance in today’s complex IT environments. This partnership represents a natural progression for both companies and a great way to bring more value to the NonStop user community.

In the spirit of Thanksgiving, I would like to express my gratitude to all of our wonderful employees and partners for their dedication to making XYPRO a leader in the industry and a great place to work. And a special Thank You goes to all of our customers too, who have put their security needs our hands.

Happy Thanksgiving everyone!!

-Sheila Johnson

Wednesday, November 11, 2009

Auditing the HP NonStop Server: Stop the Bad Dreams!

Ever had a bad dream about an upcoming audit? The one in which you’re told you must be prepared to assist the auditors? The HP NonStop Server is not familiar territory to many auditors, which can cause a lot of anxiety for them and you. Moreover, there are times when an auditor must tackle the audit of a NonStop server immediately, without adequate time to read the appropriate reference manuals: HP NonStop Security: A Practical Handbook, Securing HP NonStop Servers In An Open Systems World: TCP/IP, OSS and SQL and The Security Management Guide. You may have read them, or looked up a topic or two – but you probably don’t know them by heart, which only adds to your stress level.

You are not alone. The following is intended to help you educate your auditor, and lead you toward gathering the pertinent information that will be needed to conduct the audit—so you can say goodbye to your bad dreams!

The Basics
Security on the NonStop server starts with the operating system, Guardian. Guardian provides a basic level of security that deals with users and diskfiles and provides limits on the READ, WRITE, EXECUTE and PURGE operations. Users in system management, operations, security, and change control generally deal with Guardian environment using the TACL command interpreter program. Guardian supports the OSS ‘personality’ which is a UNIX-like extension that can be used in place of the TACL environment using a program called OSS Shell or osh.

Safeguard is the HP supported security system that can be used to manage users, object access control lists (ACLs), auditing and security event exit processes (SEEPs). XYPRO’s proven products allow for easy use of Safeguard to manage users and object ACLsand for use of SEEPs to significantly extend Safeguard functionality. Many companies in all industries around the globe use these products to not only reduce stress but to also boost security administration accuracy and productivity.

$CMON is an optional Guardian extension that allows for control of the logon operation and the program run operation. It does not require Safeguard to be used. $CMON must either exist on the NonStop server or there must be security controls to prevent its use.

Users are given access by creating Guardian or Safeguard userids. Guardian is no longer recommended because it does not support many features available in Safeguard, most important of which is Password Expiration. Userids are specified as a groupnumber, usernumber and as a groupname, username. The groupnumber is between 0 and 255 and once the first user has been assigned to a group, the groupname will be set for all userids in the group. The usernumber is between 0 and 255, and the username must be unique within the group. There is one userid that must be on the system: 255,255, which is usually called SUPER.SUPER.

For More Info:
You can view the complete article highlighting the questions and answers surrounding some of the most common problems found on the HP NonStop server by emailing lisap@xypro.com , enter “Audit NonStop Server” in the subject line.

When a more thorough audit is planned you may want to consider using a checklist where each Security Requirement is clearly identified, and the sources of such requirement are provided. You will find a complete checklist on https://www.xypro.com//. If you follow it closely and are able to “check” every item…you may find yourself PCI, SOX (Cobit), HIPAA, and SB1386 compliant and happy to invite your Auditor in. Isn’t that a dream?!

Lauren Uroff
XYPRO Technology Corporation

Wednesday, November 4, 2009

XYPRO® Announces Strategic Reseller Relationship with Merlon

Los Angeles, Calif. (4, November 2009) XYPRO Technology Corporation, a leading provider of security software for HP NonStop™ Server environments, today announced a strategic partnership with Merlon Software Corporation of Toronto, Canada. Effective immediately, XYPRO will represent Merlon’s database management software solutions on a global scale.

“XYPRO offers a superior security solution set for businesses running on HP NonStop servers. With Merlon’s expertise and comprehensive offering in database management on the same computing platform, this partnership made complete sense,” said Rick Pettifer, CEO at Merlon. “XYPRO is a leader in the NonStop space, offering worldwide distribution channels as well as unmatched customer service to every client around the globe. With economies of scale, this really presented itself as a natural progression and a great fit for both of us.”

“Merlon products provide companies who rely on NonStop servers for storing and processing vast amounts of data with the means to efficiently administer even the most complex database environments. Demand for these solutions is high because they introduce operational simplicity and consistency vital to strengthening productivity and performance,” said Sheila Johnson, CEO at XYPRO. “We are very pleased to offer their unparalleled database management solutions. By partnering with Merlon, we can offer our clients a more robust portfolio of solutions to address their mission-critical needs.”