I hope everyone is getting a good start on 2010. We have received a large amount of positive customer feedback on our reseller relationship with Merlon and we thank you for that.
Traditionally at XYPRO, we begin each February with a week of Kick-Off sessions. All of us gather at our California headquarters to assess the previous year and set plans for the future. It’s a time of concentrated information exchange and collaborative brainstorming, with all teams participating ‘across all the aisles’. It’s an opportunity to discuss changes in the market and our customers’ needs. We go over feedback from customers and partners regarding current requirements and anticipate what security functions will be needed, both to meet future compliance regulations and to thwart security threats. A high priority includes looking at our products and evaluating how to improve and repackage them so that customers can easily purchase the modules that they need and use them to their best advantage.
There are a number of exciting activities afoot with us, some of which we can share, and some of which we need to keep secret for just a bit longer. What I can tell you is that we cut our first deal with a Neoview customer, so we’re now protecting a high profile decision support system built from the ground up on the most scalable and available data warehouse platforms.
After my last column, an HP press release announced enhancements to our favorite system, the NonStop Server. It quoted Diederick de Buck, technical architect for NonStop systems at Rabobank, who said that, “Rabobank looks to HP NonStop technology to handle our mission-critical financial services applications and help mitigate risks associated with virtual banking.”
As you might imagine, the best way to mitigate the risks associated with any online application is through the implementation of secure systems, secure networks, and secure applications. With NonStop as the foundation, all that remains is to protect your application and network communications – and we’re here to help you do that with products and consulting services.
The release also mentioned the new NonStop BladeCluster Express 1.2, which allows the creation of complex enterprise data center systems spanning a large geographic area and thousands of processors. Other enhancements include the capability for improved business decision-making by aggregating “islands” of information across an enterprise. Can you say, “cloud computing?”
While other companies are just starting to talk about the cloud, XYPRO customers, like a large travel booking site, have been building clouds out of NonStop servers for many years. And not just any cloud, but a scalable, available, and secure cloud. So when a C-level exec drops by and asks what you are doing about cloud computing, just point to your NonStop Servers and let him or her know that everything is under control.
In other news, a hacker was able to break into the database of RockYou, which provides applications and services for social networking sites like Facebook and MySpace, and obtained 32 million clear-text passwords. For whatever reason, the passwords of RockYou’s customers were not encrypted and were an easy target. Now that the horse has left the barn, RockYou has found religion and is encrypting all passwords and reviewing their current data security features to ensure that they meet industry standards and best practices. Do you have ENCRYPTPASSWORD set for your UserID file? Have you upgraded from DES to HMAC256 encryption? Call our tech support line if you want assistance with either of these.
And speaking of encryption, watch for our own Scott Uroff’s article in the next issue of Connection magazine. This article will describe the various types of encryption algorithms and how they work, point out the limitations when using specific encryption methods, and address how important it is for companies to use approved and certified encryption modules within their infrastructure.
To close, I want to mention that just like XYPRO, the US government also is working on advancements in data protection. The FIPS 140-2 Level 2 standard to which we certify our encryption products dates back to May 2001. This is one year after the Zero Latency Enterprise (ZLE) was first introduced and the same year that HP announced the merger with Compaq. This is pre-NonStop SQL/MX and well before Integrity NonStop. As you can imagine, we could not agree more that the standard needs to be updated and our cryptographers are already evaluating any changes needed to comply with this new standard when it is published next year.
Sheila Johnson
Friday, February 19, 2010
Thursday, February 4, 2010
XYPRO to Sponsor & Present at MEXTUG
XYPRO is muy entusiasmados to be sponsoring and presenting at the upcoming MEXTUG. The one-day event is scheduled for 24, February and will be held at the HP offices in Mexico City, Mexico.
MEXTUG is packed with informative, timely presentations, not only from product experts, but also users themselves. See Agenda
Here’s a sneak peak
An educational presentation on the Native NonStopSecurity provided by Guardian, Safeguard and Atalla.
A representative from Raymond James will explain how they currently comply with HP NonStop security requirements, and future plans going forward.
A representative from Banorte will give a presentation on their successful experience monitoring & controlling of their operational environment as well as their ATM & POS network.
Attendees will also have the chance to participate in an interactive survey about future MEXTUG content.
Last but not least, XYPRO is sponsoring the raffle. Attendees have the chance to win an HP NetBook (must be present to win)—so be sure to register! View Agenda.
Lisa Partridge
MEXTUG is packed with informative, timely presentations, not only from product experts, but also users themselves. See Agenda
Here’s a sneak peak
An educational presentation on the Native NonStopSecurity provided by Guardian, Safeguard and Atalla.
A representative from Raymond James will explain how they currently comply with HP NonStop security requirements, and future plans going forward.
A representative from Banorte will give a presentation on their successful experience monitoring & controlling of their operational environment as well as their ATM & POS network.
Attendees will also have the chance to participate in an interactive survey about future MEXTUG content.
Last but not least, XYPRO is sponsoring the raffle. Attendees have the chance to win an HP NetBook (must be present to win)—so be sure to register! View Agenda.
Lisa Partridge
Thursday, January 28, 2010
Product Spotlight: Access PRO
Software that Addresses Your Auditing Concerns
How happy would you be to be able to solve NonStop PCI Requirements 7, 7.1, 7.2, 8, 8.1, 8.2, 8.5, 8.5.6, 8.5.8, 8.5.15, 8.5.16, 10, 12.3.8, and 12.3.9,with a single package from XYPRO?
XYGATE Access PRO software was designed with the fundamental HP NonStop security requirements in mind and addresses those issues most likely to concern an experienced security analyst or auditor as well as being required by compliance regulations.
Why Access PRO?
XYGATE Access PRO provides you with the following:
- Individual accountability, restricting each user to authorized actions based on that user's job function, all without the use of any shared user ids.
- Auditing as detailed as you need it to be (down to the keystroke)
- Logon to logoff session controls and load-balancing
- A convenient single spooler and peruse utility with advanced security and archiving functions.
Passing your audits will become a routine experience. Users will have the access and privileges they need to do their jobs, increasing resources available to focus on other areas that also affect profitability.
Detailed benefits of XYGATE Access PRO and the entire suite of XYGATE Security and Access Control software are highlighted in the free solutions papers available on our website: “PCI Compliance”, "SOX Compliance " and "HIPAA Compliance ". Visit www.xypro.com
Monday, January 25, 2010
Overwhelmed with PCI reporting requirements? XSW (part 3 of 3)
PCI compliance requires a diverse set of specific checks and reports on many different parts of an HP NonStop system; databases, security access, application models, networks, encryption, users, and so on. Manual HP tools each have unique export formats; some in a report-type format, but most as unstructured text, which is usually helpful at all. In fact, trying to create manual PCI reports for an HP NonStop system is a recipe for losing your hair!
Using XYPRO’s Security Compliance Wizard (XSW) you can load this diverse data into a consistent and query-able format, cutting PCI reporting down to size. XSW can then be used to create PCI reports in a standard printable format, regardless of whether the data concerns Users, Safeguard, disk files, PATHWAY, OSS files and directories, SQL/MX or Network information.
To start off, XSW provides you with over a hundred standard PCI reports and cross-references the PCI naming conventions to HP NonStop terminology, making it easier for you to complete the PCI reporting task. For cycles of compliance, as required for PCI, XSW automatically provides this service and gives consistency to the reporting and checking. So save your hair and time and get XSW!
-Ellen Alvarado
NonStop Security Specialist
Using XYPRO’s Security Compliance Wizard (XSW) you can load this diverse data into a consistent and query-able format, cutting PCI reporting down to size. XSW can then be used to create PCI reports in a standard printable format, regardless of whether the data concerns Users, Safeguard, disk files, PATHWAY, OSS files and directories, SQL/MX or Network information.
To start off, XSW provides you with over a hundred standard PCI reports and cross-references the PCI naming conventions to HP NonStop terminology, making it easier for you to complete the PCI reporting task. For cycles of compliance, as required for PCI, XSW automatically provides this service and gives consistency to the reporting and checking. So save your hair and time and get XSW!
-Ellen Alvarado
NonStop Security Specialist
Friday, January 15, 2010
Powerful software for managing disk resources on HP NonStop servers
In November 2009, XYPRO announced its strategic partnership with Merlon Software Corporation of Toronto, Canada. This partnership has already proven successful and we are very happy to be aligned with a company that provides the NonStop community such effective products.
XYPRO represents Merlon’s database management software solutions on a global scale, and today we would like to highlight their disk management solution, Discover. Discover provides a safe and efficient mechanism for monitoring disk resource usage on HP NonStop servers. It replaces manual methods of tracking disk and file growth, reduces the risk of human error, and frees up operations and support staff for other tasks.
Why Discover?
Most applications depend on the availability of sufficient disk space in order to function correctly. If a disk volume becomes short of free space, an application may not be able to allocate the disk space required in order to continue running.
In addition, individual disk files may only grow to a pre-configured size. If an application continually adds new data to a file it will eventually encounter a "no space" error condition - even if there is free space available on the disk.
Either of these situations can cause part, or all, of an application to become unavailable. Discover enables you to avoid these conditions by taking corrective actions before they occur.
Discover continuously monitors disk and file usage, and predicts potential disk full and file full conditions before they occur. You can configure Discover to automatically invoke corrective actions, or to alert an operator that manual intervention is required.
Discover’s key features include the following:
• Prevention of application outages due to disk or file full conditions
• Continuous monitoring of disk utilization
• "SpaceMaker" technology for improved disk space allocation
• File attribute monitoring
• Automatic reload of key sequenced files
• User disk space quotas
• Corrective measures initiated automatically
• Comprehensive reporting
• Worksheets
• Discover Utilities
• The Recycle Bin
• Backup and Archive Support
In addition, Discover is work-flow oriented. It organizes "action items" which are required in order to ensure the availability of your data. You can learn more about Discover and all of Merlon’s products by clicking here.
-Lisa Partridge
XYPRO represents Merlon’s database management software solutions on a global scale, and today we would like to highlight their disk management solution, Discover. Discover provides a safe and efficient mechanism for monitoring disk resource usage on HP NonStop servers. It replaces manual methods of tracking disk and file growth, reduces the risk of human error, and frees up operations and support staff for other tasks.
Why Discover?
Most applications depend on the availability of sufficient disk space in order to function correctly. If a disk volume becomes short of free space, an application may not be able to allocate the disk space required in order to continue running.
In addition, individual disk files may only grow to a pre-configured size. If an application continually adds new data to a file it will eventually encounter a "no space" error condition - even if there is free space available on the disk.
Either of these situations can cause part, or all, of an application to become unavailable. Discover enables you to avoid these conditions by taking corrective actions before they occur.
Discover continuously monitors disk and file usage, and predicts potential disk full and file full conditions before they occur. You can configure Discover to automatically invoke corrective actions, or to alert an operator that manual intervention is required.
Discover’s key features include the following:
• Prevention of application outages due to disk or file full conditions
• Continuous monitoring of disk utilization
• "SpaceMaker" technology for improved disk space allocation
• File attribute monitoring
• Automatic reload of key sequenced files
• User disk space quotas
• Corrective measures initiated automatically
• Comprehensive reporting
• Worksheets
• Discover Utilities
• The Recycle Bin
• Backup and Archive Support
In addition, Discover is work-flow oriented. It organizes "action items" which are required in order to ensure the availability of your data. You can learn more about Discover and all of Merlon’s products by clicking here.
-Lisa Partridge
Thursday, January 7, 2010
Use XSW create Safeguard access reports
(part 2 of 3)
If you are trying to make sense out of your tens of thousands of Safeguard records and ACLs, don’t expect Safeguard to help you. There is no HP tool that provides any level of extraction, except streamed text, and none to analyze access maps from Safeguard.
Using XYPRO’s Security Compliance Wizard (XSW) can create Safeguard access maps in minutes! XSW can generate Safeguard access maps for users or user groups and the access that is granted or denied across Safeguard ACL types, including patterns. These reports are a primary requirement of PCI, SOX and HIPAA.
-Ellen Alvarado
NonStop Security Specialist
If you are trying to make sense out of your tens of thousands of Safeguard records and ACLs, don’t expect Safeguard to help you. There is no HP tool that provides any level of extraction, except streamed text, and none to analyze access maps from Safeguard.
Using XYPRO’s Security Compliance Wizard (XSW) can create Safeguard access maps in minutes! XSW can generate Safeguard access maps for users or user groups and the access that is granted or denied across Safeguard ACL types, including patterns. These reports are a primary requirement of PCI, SOX and HIPAA.
-Ellen Alvarado
NonStop Security Specialist
Thursday, December 31, 2009
MRTUG, NENUG, SCTUG, RMTUG and DUST
XYPRO representatives recently attended MRTUG, NENUG, SCTUG, RMTUG and DUST. At DUST, we presented “You Cannot Be PCI Compliant without XYGATE”. Interest in security remains high in the NonStop space, and while presenting at these three user groups, we were fortunate to have interactive discussions with everybody in attendance. Many open questions and discussions took place, which is the primary intention of user groups. Overall, attendance has been as expected, i.e., vendors have outnumbered users. We are happy to see optimism from the users, vendors and HP involving NonStop Blades, based upon the number of customers upgrading.
We believe it’s vital for the NonStop community to continue to have these types of meetings. Going to the user gives a broader group of people a chance to participate in learning what is going on in the HP NonStop space. Furthermore, the Connect meeting next fall should bring a sense to the community that HP still values the NonStop and users. It will not have the feeling of being shuffled in with everybody else, which is the impression many got when including this event with the HP Technology Forum.
Unfortunately, SCTUG was not very well attended with a ratio of 5 to 1 vendors vs. customers. We did, however, have some very good side conversations with the customers. We will be presenting at the next SCTUG which sounds like it will be at the end of March.
On the other hand, the RMTUG meeting in Denver had the biggest turnout we have ever seen. There were several current customers as well as some new faces and companies that we have not heard of, which is great to see.
In all of the meetings, we have chatted with folks about the “ITUG” that will be happening in September and it is like a big revival and everyone is excited again that there will be a Non-Stop conference again in San Jose!
Jay Price
Kevin Boham
We believe it’s vital for the NonStop community to continue to have these types of meetings. Going to the user gives a broader group of people a chance to participate in learning what is going on in the HP NonStop space. Furthermore, the Connect meeting next fall should bring a sense to the community that HP still values the NonStop and users. It will not have the feeling of being shuffled in with everybody else, which is the impression many got when including this event with the HP Technology Forum.
Unfortunately, SCTUG was not very well attended with a ratio of 5 to 1 vendors vs. customers. We did, however, have some very good side conversations with the customers. We will be presenting at the next SCTUG which sounds like it will be at the end of March.
On the other hand, the RMTUG meeting in Denver had the biggest turnout we have ever seen. There were several current customers as well as some new faces and companies that we have not heard of, which is great to see.
In all of the meetings, we have chatted with folks about the “ITUG” that will be happening in September and it is like a big revival and everyone is excited again that there will be a Non-Stop conference again in San Jose!
Jay Price
Kevin Boham
Subscribe to:
Comments (Atom)
Posts
