February
2010
SPARTA
PresidentÕs Corner
by Brad Carson
Here we are in February 2010 and a big cold snap has settled in on
Last month we had a visit from Phil Smith III of Voltage Security to talk to us
about ÒEnterprise EncryptionÓ. For those of us that have to deal with
federal regulations (HIPAA, PCI, SOX, others), this is a major issue. Phil
told us about the questions that need to be asked when dealing with encryption:
¥What to encrypt?
¥Where to encrypt?
¥When to encrypt?
¥How to encrypt?
This was a good meeting and I learned a lot more on encryption.
We still have quite a lot going on here at LabCorp. WeÕve moved BMC MainView
out to all but our production LPAR (that happens next month) and Omegamon is on
the way out. I want to complete this before we begin our z/OS 1.11 install.
IÕve also spent a bit of time working with IBM to get our sub capacity reports
right and correct the inventory list of z/OS products in our ELA.
WeÕve also been very busy on the z/VM front. We now have working Oracle/DB and
Oracle/WebLogic servers running on the
I want to repeat the favor I asked you all last month. One of my Unisys system
programmers will be retiring at the end of April and we will be looking to fill
this position soon. If you know of someone with good Unisys OS/2200 experience,
please feel free to let them contact me.
This month Alfred Christensen of IBM will be talking to us about TN3270 and FTP
network security. I look forward to seeing you all on February 23rd at LabCorp.
Future Speakers
(subject to change)
Feb. 23 TN3270 and FTP Network Security - The Easy Way by Alfred
Christensen of IBM
Mar. 30 SHARE Update by Conference attendees from SPARTA
We need ideas and volunteers for future speakers. Presentations donÕt have to
be fancy, just informative and interesting. Even a 5 or 10 minute talk can
start an interesting interaction. Contact Ron Pimblett by phone as noted below.
2009-2010
SPARTA
Board of Directors
Brad Carson - President
LabCorp 336-436-8294
3060 S. Church St.
Burlington, NC 27215
Ron Pimblett - Vice President
Dignus, LLC 919-676-0847
8354 Six Forks Road
Raleigh, NC 27615
Mike Lockey - Secretary
Guilford Co. Information Services 336-641-6235
201 N. Eugene St.
Greensboro, NC 27401
Tommy Thomas - Treasurer
LabCorp 336-436-4178
231 Maple Ave, Koury Ctr 3rd Fl. 919-361-7267
Burlington, NC 27215
Ed Webb - Communications Director
SAS Institute 919-531-4162
SAS Campus Drive
Cary, NC 27513
Meetings
Meetings are scheduled for the last Tuesday evening of each month (except
no meeting in December), with optional dinner at 6:15 p.m. and the meeting
beginning at 7:00 p.m.
These monthly meetings usually are held at LabCorpÕs Center for Molecular
Biology and Pathology (CMBP) near the
Call for Articles
If you have any ideas for speakers, presentations, newsletter articles, or are
interested in taking part in a presentation, PLEASE contact one of the Board of
Directors with your suggestions.
Newsletter e-Mailings
The
Late 2009 ÒCBT TapeÓ Shareware Online
The directory and files from the latest CBT tape V478 (dated December 27, 2009)
are available from www.cbttape.org.
If you need help obtaining one or more files, contact Brad Carson at
LabCorp or Ed Webb at SAS (see Board of DirectorÕs list for contact info).
Minutes of the January 26, 2010 Meeting
¥Meeting was called to order at 7:00 p.m. by Brad Carson, the Chapter
President.
¥The meeting was held at LabCorp in
¥Eighteen (18) people were present; eleven (11) were members.
¥Everyone in the room introduced themselves, told where they worked, and
briefly described their job function.
¥The minutes of the November 2009 (Dec. 1, 2009) meeting were accepted as
published in the January 2010 newsletter.
¥Tommy Thomas, the Chapter Treasurer gave the Treasurer's Report. As of January
18, 2010, the balance is $543.34. Motion was made and approved to accept the
Treasurer's Report as published in the January 2010 newsletter.
OLD BUSINESS
¥Articles are needed for this newsletter. If you would like to write an article
for this newsletter, please contact Ed Webb. Keep in mind that you don't really
need to write the article, it can be an article that you read that you would
like to share with the membership.
¥The SPARTA Web page is available. To access the SPARTA Web page, point your
Web browser to this site: http://www.spartanc.org. Please send any
comments or suggestions about the Web page to Mike Lockey. Be sure to check the
Web page every once in a while to see any new or changed information.
¥Future Speakers and Topics:
(subject to change)
Feb. 23, 2010: Greg Thompson, IBM, "JES3 Workflow"
Mar. 30, 2010: Brad and Ed, "Share UpdateÓ from Seattle Mar 14-18
Apr 27, 2010: Robbin Lanning, LRS, z/Series Software
May 25, 2010: Robb Steiskal, CA, Update on CA automation & Performance
June 29, 2010: Mike Arnold, Softbase, DB2 Tuning
July 27, 2010: Serena
Software, Security Compliance
Aug. 31, 2010: Durham Bulls at the DBAP
Sept. 28, 2010: Brad and Ed, "Share
Update" from Boston Aug.
Oct. 26, 2010: Craig Mullens, zPrime,
What the ?
Nov. 30, 2010: Emmanuel Sauvion, Sysload Software, Performance Management
Virtual Environment
If you have suggestions about speakers and topics, contact Ron Pimblett.
¥The February SPARTA meeting will be on the 23rd at LabCorp in the RTP.
¥Food for the February meeting will be subs.
¥Brad reminded everyone to keep the conference room clean.
NEW BUSINESS
¥Thanks to Tommy Thomas of LabCorp for hosting the meeting.
¥Due to our treasury getting low, our annual dues were reviewed, a motion was
made to increase the annual dues from $20 to $30 , motion was made, seconded,
and passed.
¥The business portion of the meeting ended at 7:40 p.m.
¥Phil Smith III of Voltage Security talked to us about ÒEnterprise EncryptionÓ.
Some of the topics presented were:
Is your company ready for an OSA Qualified Security Audit?
Some of the topics presented were:
¥ Why weÕre here
¥ Why encryption is difficult and scary
¥ The five Ws of encryption
¥ Encryption key management: the ÒotherÓ gotcha
¥ A realistic approach to enterprise encryption
¥ Example: Voltage SecureData
¥Why we are here
- On the mind of upper management
- Breaches in the news
- DLP (Data Leakage Prevention)
- What hackers are doing
- Internal breaches are increasing
¥Encryption Is Difficult
- Lots of different technologies
- Companies have data in lots of places and lots of data
- Difficult to imagine how to get started
- Mainframe folks canÕt always ignore
¥Encryption Is Scary
- We donÕt understand the technologies
- It changes constantly
- Many varieties
- Easy to decide that it is too complex
¥The five Ws of encryption
- Why encrypt data?
- What should be encrypted?
- Where should it be encrypted?
- When should it be encrypted?
- Who should be able to encrypt/decrypt?
¥ Why encrypt?
¥Data breach sources:
- 73%: external
- 18%: insiders
- 39%: business partners
- 30%: multiple parties
¥Insider breaches far more expensive:
- External attack costs averages $57,000
- Insider attacks average $2,700,000!
¥What To Encrypt? (no single answer)
- Not everything (cost and performance barriers)
- Can make data useless (encrypt keys, canÕt follow)
- Data at rest and Data in motion (most troublesome)
- Different criteria, because have different issues
- Data is encrypted as it is captured (not downstream)
¥Who Can Encrypt / Decrypt?
- Who should have the abilities (partner, staff)
- Key protection / what if compromised
- Not trivial to implement
¥How will you encrypt data?
- hardware / software
- Cross platform
- Format Changes
- AES, TDES, Symmetric, PKI (many choices)
¥Key Management (the hard part)
- Give encryption keys to applications?
- Give decryption keys to users/applications
- Who specifies the policies (administrators?)?
- What about distributed applications (server access)
- What about partnersÓ
¥How Does One Start?
- Now or sooner
- Understand the multiple choices and effects
- How to use multiple solutions
- Data classification, risk analysis, Remediation, persistent encryption
- Involve stakeholders and get executive mandate
- Find a starter application (representation data base)
- Designate data by sensitivity
- Must know how the data is connected
- Validate performance
- Get a process: repeat
¥Voltage has products to assist with the process
- SecureData: Yet Another Encryption Product
- Available on z/OS, Windows, Linux, z/Linux, HP/UX, AIX
- Built on platform-agnostic codebase (easy to port)
- Can add platforms quickly as customers require them
- Complete suite of options and toolkits
- ASCII/EBCDIC handled automatically
- Simplified key management
- Handles rolling keys (required by PCI DSS)
- Allows for separation of duties
- Meets all data protection requirements
¥Conclusion
- Encryption is not a luxury, not optional today
- A complex topic, but one that can be tamed
- Many solutions exist
- Different data/media require different solutions
- Voltage SecureData solves many of the problems
¥Resources
- InfoSecNews.org: email/RSS feed of security issues http://www.infosecnews.org/mailman/listinfo/isn
- Voltage security, cryptography, and usability blog http://superconductor.voltage.com
- Bruce SchneierÕs CRYPTO-GRAM monthly newsletter http://www.schneier.com/crypto-gram.html
- RISKS Digest: moderated forum on technology risks http://catless.ncl.ac.uk/risks
- US Computer Emergency Response Team advisories http://www.us-cert.gov/cas/signup.html
- Tracking breaches:
http://datalossdb.org
http://www.privacyrights.org/ar/ChronDataBreaches.htm
¥Contact: Phil Smith III
Work: 703.476.4511 (direct)
Email: phil@voltage.com
http://www.voltage.com
¥Meeting ended at 9:10 p.m.
TreasurerÕs Report for February 2010
contributed by Tommy Thomas
The balance in the account is $489.79 as of February 16, 2010.
Financial Report
3/01/2009 through 2/16/2010
|
INCOME |
|
|
Opening Balance |
1,117.86 |
|
Dues |
540.00 |
|
Misc. |
0.00 |
|
TOTAL INCOME |
$1,657.86 |
|
|
|
|
EXPENSES |
|
|
Gift Given |
70.04 |
|
Food |
908.30 |
|
Petty Cash |
|
|
Bank Service Fees |
|
|
P.O. Box |
44.00 |
|
Hurricane Tickets |
|
|
Web Site |
142.96 |
|
TOTAL EXPENSE |
$1,165.30 |
|
|
|
|
BANK BALANCE |
492.56 |
|
PETTY CASH($175) |
(2.77) |
|
TOTAL CASH |
$489.79 |
Items of Interest
contributed by Tommy Thomas and Chris Blackshire
Feb. 23 - Subs
Mar. 30 - BarBQ
Apr. 27 - Pizza
May 25 - Chicken
Jun. 29 - Subs
July 27 - BarBQ
Aug. 31 - Pizza
Sept. 28 - Chicken
Oct. 26 - Subs
Nov. 30 - BarBQ
Dec. 28 - No meeting. Happy Holidays!
z/OS MTTR Redbook Now Available, Other
Redbooks
contributed by Ed Webb
The Redbook that Cheryl Watson discussed at our most recent
System z Mean Time to Recovery Best Practices
Revised: January 11, 2010
More details are available at
http://www.redbooks.ibm.com/redpieces/abstracts/sg247816.html?Open
These Redbooks are in final form:
Practical Migration to Linux on System z
Revised: January 29, 2010 ISBN: 0738433411 308 pages
Explore the book online at
http://www.redbooks.ibm.com/abstracts/sg247727.html?Open
z/OS Distributed File Service zSeries File System Implementation z/OS V1R11
Published: February 2, 2010 ISBN: 0738433705 460 pages
Explore the book online at
http://www.redbooks.ibm.com/abstracts/sg246580.html?Open
Introduction to the System z Hardware Management Console
Published: February 4, 2010 370 pages
Explore the book online at
http://www.redbooks.ibm.com/abstracts/sg247748.html?Open
Mainframe Linux Today and Tomorrow
contributed by Chris Blackshire
(Ed. Note: Article from Mainframe Executive
January/February 2010)
The mainframe is the birthplace of virtualization and where it still works
best, so it's no surprise that industrially virtualized Linux took to the
mainframe and z/VM like a penguin to water. IBMÕs brand new Enterprise Linux
Server line of mainframes confirms this.
Yet, it has taken the average organization a decade to begin taking advantage
of production mainframe Linux. A recent survey about mainframe Linux (http://ca.com/mainframe/linuxresearch)
found that:
¥ The Integrated Facility for Linux (IFL) specialty mainframe processor,
designed to enable Linux to run on the mainframe at a lower cost and with no
impact on the cost of traditional workloads, is an important and growing aspect
of mainframe data center environments.
¥ Linux on the mainframe is seen as more cost-effective and ÒgreenÓ than
non-mainframe alternatives.
¥ Provisioning, backup and disaster recovery, the ability to scale virtual
machines, security, and availability of applications were all seen as important
challenges, but they also all were identified as areas having significant
advantages within the mainframe Linux environment (vs. non-mainframe
platforms).
Clearly, the future of Linux on System z is bright and getting brighter, as
illustrated by the recent announcement of IBMÕs first ever mainframe system
designed just for Linux. But with such opportunity comes the need for
establishing generally accepted approaches to configuring, running and using
this environment, along with further innovation and other advances.
The primary virtue of Linux on the mainframe is that itÕs cost-effective for
production requirements. ThereÔs only one code base and you need only one physical
machine to run a nearly unlimited number of concurrent Linux Images, saving
substantial amounts of time, space, and staff. The advantages don`t stop there;
organizations moving to Enterprise Resource Planning (ERP), databases, and
Web-based applications also are reporting software licensing savings. Solutions
that are licensed by physical machines enable the most licensing savings
because of the extreme virtualization possible today. ThereÕs also the benefit
of matching the peaks and valleys of numerous concurrent Linux Images with an
economy of scale that smaller boxes could never achieve.
The first area of managing Linux on System z is z/VM, its virtualization
environment using established, proven quality solutions for securing,
automating, and provisioning this environment. This brings an immediate
advantage, ensuring that each individual instance of Linux can be trusted to
run in a reliably secure, available context.
With the assurance of this production-quality foundation, the next step is
enabling dynamic creation, configuration, modification and even removal of
Linux images in a demand-based manner, reflecting the constantly changing needs
of the organizations where it runs. While this has often been done as a
combination of z/VM-based functionality and local customizations, the
opportunity exists to move to a simpler, more dynamic provisioning system.
In addition to excellent security Ñ both within Linux and for Web-based access
to applications that are served up by Linux Ñ itÕs important to be able to
manage the performance of applications that have a mainframe Linux component,
to ensure their ongoing availability and acceptable response times, to alert
when these are negatively affected, and to drill-down to find the cause when
this occurs.
Your system also must have access to data for processing and distribution
purposes, as enabled by application development and reporting environments and
production-quality data transport solutions.
A final essential component is workload automation, using a single, graphically
based solution that can dynamically manage your whole enterprise, including
your mainframe Linux Images.
A well-managed mainframe Linux environment holds the keys to the future of
virtualization, cost control. manageability, environmental ("green")
responsibility, and dynamic adaptability. It looks like this penguin is here to
stay.
Reg Harbeck is CA's product management director for Mainframe Strategy.
In the more than two decades since he received his bachelorÕs degree in Computer
Science, he has worked with operating systems, networks, security and
applications on mainframe, Unix, Linux, Windows, and other platforms. He has
been with CA for almost 12 years, during which time he has traveled to every
continent where there are mainframes and met with and presented to IT
management and technical audiences, including Gartner, IBM System z Expo, CMG,
SHARE, GSE, and CA World user conferences. He is the published author of many
whitepapers, articles, and blog entries that are available online and was
responsible for CA's book, Releasing Latent Value, published in May
2009.
Email: reg.harbeck@ca.com
Humor
Things Got Ya Down?
contributed by Chris Blackshire
Things Got Ya Down?
Well then, consider these.....
----------
In a hospital's Intensive Care Unit, patients always died in the same bed, on
Sunday morning, at about 11:00 am , regardless of their medical condition.
This puzzled the doctors and some even thought it had something to do with the
super natural.
No one could solve the mystery as to why the deaths occurred around 11:00 AM
Sunday, so a worldwide team of experts was assembled to investigate the cause
of the incidents.
The next Sunday morning, a few minutes before 11:00 AM all of the doctors and
nurses nervously waited outside the ward to see for themselves what the
terrible phenomenon was all about.
Some were holding wooden crosses, prayer books, and other holy objects to ward
off the evil spirits... Just when the clock struck 11:00 , Pookie Johnson, the
part-time Sunday sweeper, entered the ward and unplugged the life support
system so he could use the vacuum cleaner.
-------------------
The average cost of rehabilitating a seal after the Exxon Valdez Oil spill in
-----
A woman came home to find her husband in the kitchen shaking frantically,
almost in a dancing frenzy, with some kind of wire running from his waist
towards the electric kettle. Intending to jolt him away from the deadly
current, she whacked him with a handy plank of wood, breaking his arm in two
places. Up to that moment, he had been happily listening to his Walkman.
---------
Two animal rights defenders were protesting the cruelty of sending pigs to a
slaughterhouse in
------
Iraqi terrorist Khay Rahnajet did not pay enough postage on a letter bomb. It
came back with 'Return to Sender' stamped on it. Forgetting it was the bomb, he
opened it and was blown to bits.
DonÕt
Forget the Next
Tuesday, February 23, 2010
7 p.m.
LabCorp in the RTP
Take I-40 to
Free
Food: Subs, Drink, Dessert
Program:
TN3270 and FTP Network Security -
The Easy Way
Speakers:
Alfred Christensen of IBM
First Class Postage
