Blockchain to Crypto to DLT Your Horizon, Our Journey Khody Khodayari CEO, Idelji

Home , DXC Technology

Khody Khodayari Blockchain to Crypto to DLT CEO, Idelji Your Horizon, Our Journey Seamless Interception Identifies / Protects Sensitive Data The Better Backup Method

May - June 2018 { Volume 39, No. 3 } XYGATE Identity Connector Identity Governance and Administration for HPE NonStop Servers HPE NonStop Availability Stats and Performance Continuous monitoring of application service-levels has been proven to be a key component of high availability systems. HPE NonStop Availability Stats and Performance (ASAP) provides continuous monitoring of service-levels and automated actions to maintain the highest levels of availability.

HPE NonStop Availability, Stats, and Performance software (ASAP) improves availability HPE NonStop via service-level objective monitoring coupled with built-in service-level alerts, and automated recovery actions. For over 10 years, NonStop ASAP is the smart, affordable way to keep NonStop servers running non-stop.

• Monitor application and system resources • Receive alerts via clients, events, email, & mobile • Set user-defined goals • Automate recovery actions Integrate SailPoint IdentyIQ with your HPE NonStop Server • Monitor and resolve issues quickly

For Additional Integrations Learn more at Contact Your XYPRO Account Executive xypro.com/Identity

Contact your HPE representative for more info. www.hpe.com/info/nonstop ©2018 XYPRO Technology Corporation. All rights reserved. Brands mentioned are trademarks of their respective companies HPE NonStop Availability Stats and Performance Continuous monitoring of application service-levels has been proven to be a key component of high availability systems. HPE NonStop Availability Stats and Performance (ASAP) provides continuous monitoring of service-levels and automated actions to maintain the highest levels of availability.

HPE NonStop Availability, Stats, and Performance software (ASAP) improves availability via service-level objective monitoring coupled with built-in service-level alerts, and automated recovery actions. For over 10 years, NonStop ASAP is the smart, affordable way to keep NonStop servers running non-stop.

• Monitor application and system resources • Receive alerts via clients, events, email, & mobile • Set user-defined goals • Automate recovery actions • Monitor and resolve issues quickly

Contact your HPE representative for more info. www.hpe.com/info/nonstop Puzzled by your data?

Let HPE Shadowbase SOLV and Compare fill in the missing pieces.

Why should you care? • Are you positive your backup database matches your production database in case of a failover or an audit? • Do you need to take an application outage to extract a consistent copy of your data for your data warehouse? • Do you need to take your application or database offline to perform software upgrades or platform refreshes?

HPE Shadowbase SOLV and Compare Utilities for HPE NonStop Platforms – key features • Online loader, validator, and compare utilities load, copy, synchronize, and verify databases while actively being queried and updated, without impacting application processing • Initial, refresh, and point-in-time data-loading creates a current, consistent, and complete target copy of source data, even when the source and/or target are open for updating • Supports transforming, filtering, and cleansing of data being loaded • Integrates with the HPE Shadowbase replication engine to keep source and target databases synchronized during and after load completes • Dynamically adjusts replication and loading activity to efficiently utilize available resources • Validates that online source and target databases match in real-time, and identifies any discrepancies between them (extra or missing data in source or target) • Satisfies compliance requirements for proving disaster recovery database is current, consistent, and complete

For more information, please see our solution briefs on HPE Shadowbase SOLV and Compare utilities. Hewlett Packard Enterprise directly sells and supports Shadowbase solutions. Please contact us or your HPE account team.

ShadowbaseSoftware.com

30 Let HPE Shadowbase SOLV and 32 Compare fill in the missing pieces. 08 36 Technology + Community 10 Blockchain & Healthcare Why should you care? Justin Simonds • Are you positive your backup database matches your production database in case of a failover or an audit? • Do you need to take an application outage to extract a consistent copy of your data for your data warehouse? 13 Getting Things Done ON THE COVER • Do you need to take your application or database offline to perform software upgrades or platform refreshes? Lisa Partridge 22 Blockchain To Crypto To DLT HPE Shadowbase SOLV and Compare Utilities for HPE NonStop Platforms – key features 14 The Better Backup Method Your Horizon, Our Journey • Online loader, validator, and compare utilities load, copy, synchronize, and verify databases while actively being Paul J. Holenstein queried and updated, without impacting application processing Dr. Bruce Holenstein Khody Khodayari • Initial, refresh, and point-in-time data-loading creates a current, consistent, and complete target copy of source data, Dr. Bill Highleyman even when the source and/or target are open for updating 26 Identify and Protect • Supports transforming, filtering, and cleansing of data being loaded • Integrates with the HPE Shadowbase replication engine to keep source and target databases synchronized during and Your Sensitive Data with Columns Seamless Interception after load completes 05 A Note from • Dynamically adjusts replication and loading activity to efficiently utilize available resources Jack Di Giacomo • Validates that online source and target databases match in real-time, and identifies any discrepancies between them Connect Leadership 30 Virtualized NonStop has arrived... Navid Khodayari (extra or missing data in source or target) No Need To Fear The Little Man • Satisfies compliance requirements for proving disaster recovery database is current, consistent, and complete Richard Buckle 07 News from HPE's For more information, please see our solution briefs on HPE Shadowbase SOLV and Compare utilities. 32 How a Credit Card Company in Japan NonStop Enterprise Division Hewlett Packard Enterprise directly sells and supports Shadowbase solutions. Please contact us or your HPE account team. Strengthens NonStop Security and Karen Copeland Simplifies Database Management

Chinami Higashibata 08 Advocacy Dr. Bill Highleyman 36 Ready Player None Protecting What You Can't See 40 Back for More Steve Tcherchian Richard Buckle ShadowbaseSoftware.com

©2018 Gravic, Inc. All product names mentioned are trademarks of their respective owners. Specifications subject to change without notice. Accelerating Next We live in a world where everything computes. Simplify Hybrid IT, innovate at the Intelligent Edge and bring it all together with HPE Pointnext services. At Hewlett Packard Enterprise Discover 2018 Las Vegas, learn how to capitalize on new, powerful methods of handling your data to seize the next big idea and accelerate what’s next for your enterprise.

hpe.com/discover Connect members save $300 with this registration link. http://bit.ly/DiscoverLV18

4 May - June 2018 A Note from 2018 Connect Board of Directors PRESIDENT Connect Navid Khodayari Leadership Idelji VICE PRESIDENT Marty Edelman ith summer just around the corner, things are in full swing here at Connect and (as Creative System Software always) in the NonStop world! W PAST PRESIDENT We had another very successful SUNTUG Rob Lesan meeting in Tampa (and at time of writing a very Security Architect, XYPRO successful hockey team to boot….not so much for this author’s LA Kings), and have quite a few TUG TREASURER meetings on the calendar in the next few weeks in places on the East Coast, the UK and Germany, just Sue Robinson to name a few. Aspen Insurance

In June, myself and the rest of the Connect HPE LIAISON Board will find ourselves at Discover in Las Vegas. Susan Ashkenas As someone with a background in NonStop, I know Director of Strategy Planning and Operations the idea of a Vegas HPE show may bring up strange memories of the years between ITUG and TBC SECRETARY where NonStop was in a corner of a massive Vegas show. However, if you haven’t been to Discover Trevor Jackson recently, I highly recommend stopping by, even if SOCAN only for a day. There’s really no other place to see the best that HPE has to offer (NonStop included of CHIEF EXECUTIVE OFFICER course) and get a first look at all things on HPE’s Kristi Elizondo horizon. Plus on the last night there's a really great Connect Worldwide party for all to enjoy! At the Connect Booth we will have lots of track sessions taking place, including a good amount of NonStop sessions, which are always well attended. The Connection is the official magazine of We accept advertisements in We love using the opportunity to promote the Connect, an independent, not-for-profit, The Connection. parts of HPE that are dearest to us and provide our user-run organization. For rate and size information contact: community with the presentations they want to see. Kristi Elizondo CEO It’s always a good time at our booth and if you are E-mail: [email protected] Stacie Neall ...... Managing Editor able to make your way over, please stop by and say To obtain Connect membership and The hello! Kelly Luna Event Marketing Mgr. John Clark Art Director Connection subscription information, Last but certainly not least, as the main topic Janice Reeder-Highleyman Editor at Large contact: of this issue is Blockchain, Connect is proud to Dr. Bill Highleyman Technical Review Chairman Connect Worldwide, Inc. announce our first foray into the HPE Blockchain Jonathan Deveaux Editorial Review Committee spectrum by hosting a Blockchain Community P.O. Box 204086 Karen Copeland Forum in London, UK on June 12th. This will be a Bill Honaker Austin, TX 78720-4086 USA day filled with presentations and panels for local Justin Simonds Telephone: +1.800.807.7560 HPE customers regarding all things Blockchain Glenn Garrahan Fax: +1.512.592.7602 being developed and offered by HPE. It will also provide an excellent place for customers to network E-mail: [email protected] with each other as well as with Blockchain Experts We welcome article submissions to the Only Connect members are free to quote from The from HPE and their partners. The HPE Blockchain The Connection. We encourage writers of Connection with proper attribution. The Connection technical and management information is not to be copied, in whole or in part, without prior presentations have all been standing room only at written consent of the managing editor. For a fee, you the last couple Discover shows so we think this is articles to submit their work. To submit can obtain additional copies of The Connection or a natural progression for the topic. We at Connect an article and to obtain a list of editorial parts thereof by contacting Connect Headquarters at guidelines email or write: the above address. The Connection often runs paid are thrilled to be part of creating a community for advertisements and articles expressing user views of this emerging technology. products. Articles and advertisements should not be The Connection construed as product endorsements. That’s it for now and looking forward to crossing E-mail: [email protected] The Connection (ISSN 1536-2221) is published paths with you all soon! bimonthly by Connect Worldwide, Thanks. Connect Worldwide 9014 Balcones Club Dr. Austin TX 78750. Periodical postage paid at Austin, TX. Navid Khodayari P.O. Box 204086 POSTMASTER: Send address changes to The Austin, TX 78720-4086 USA Connection, Connect Worldwide, Inc. P.O. Box 204086, Austin, TX 78720-4086 USA. Telephone: +1.800.807.7560 © 2018 by Connect Worldwide Idelji Fax: 1.512.592.7602 All company and product names are trademarks of Connect Worldwide President their respective companies.

www.connect-community.org 5 NonStop Technical Boot Camp 2018 Pre-Conference Seminar Sunday, Nov 11 NonStop TBC Monday, Nov 12 - Wednesday, Nov 14 Hyatt Regency SFO Airport - Burlingame, CA http://bit.ly/NonStopTBC18 News from HPE's NonStop Enterprise Division

Everything’s coming up Blockchain!

s we move from the cold of winter into a new spring, as the roses are once again blooming in California backyards, instead of visions of the summer beach, it seems that everyone’s mind is A on Blockchain and everyone has an excited point of view about the technology and the business opportunities it could mean. The powerful combination of NonStop running a Blockchain Distributed Ledger for purposes beyond Bitcoin has woken everyone’s creative energy. HPE has selected R3 as their partner to help bring this solution to market using R3 Corda on NonStop. We are preparing to host a Proof of Concept Lab (which should be available in June) for our customers, where they will be able to buy time to test applications that leverage Corda. The rest of the world is jumping on the train with new ideas of where this technology could take us and the opportunities ahead. This edition of The Connection leads with an article from Khody Khodayari, called, “Blockchain to Crypto to DLT” that helps introduce the reader about what Blockchain is, ways to use it, and the opportunities it can open for your business. In addition, NonStop’s Justin Simonds has an article in this issue on “Why Bitcoin Doesn’t Matter”, giving some new perspectives on what might be achieved when imagining applications beyond Bitcoin. As NonStop continues to do well, we are also navigating a time of change inside Hewlett Packard Enterprise. HPE has been streamlining the company to make things more efficient, outsourcing some functions while investing in new acquisitions such like the recent news about RedPixie, a company who provides cloud services and products to companies leveraging Microsoft Azure (check them out at www. redpixie.com). Some areas of HPE are being strengthened by organizational tweaks with new opportunities for employees at all levels. Antonio Neri believes in investing in people and hiring or promoting from within as much as possible. As a recent example, Jeff Kyle has been promoted this month to a new position as General Manager for the NonStop Business and will be hiring a new Director to lead the Palo Alto based NonStop Engineering team. For those who don’t know, Andy Bergholz left HPE a few months ago to pursue an opportunity in the Artificial Intelligence field. While we were sorry to see Andy move on, we are pretty excited about the new organization, Jeff’s expanded role and the new opportunities that will be created in the NonStop team. Our strategy and passion for NonStop remains steady. Our vision continues to be around opening the platform to new models of deployment. An update to Virtualized NonStop is out this month with new support for VMware, we are also now ready to ship the NS2 the first system where we install Virtualized NonStop on a simple hardware package to make it easy for customers to try it without a big investment. While new markets like Blockchain are opening up, we continue to invest in and strengthen many of our key products such as SQL/MX while we explore new markets and new partners that we can bring to the platform. So if you’ve been hunkered down or snowed in and haven’t looked at what’s new with NonStop in a while, we encourage you to take a day or two off in 2018 and come to one of the many NonStop events happening around the world. Catch up with your old friends in London, at the BITUG (British Isles Tandem User Group) on May 9th, or attend the biggest European conference this year which is GTUG (German Tandem User’s Group) meeting in Liepzig, Germany on May 14th. Randy Meyer will be the Keynote speaker at that event. HPE Discover Las Vegas is the middle of June, the 19th to the 21st and there’s a New England NonStop Users Group (NENUG) and an NYTUG – New York Tandem Users Group (NYTUG) meeting next month as well as an N2TUG group meeting in Texas on June 7th, where a favourite NonStop Texan is rumoured to be making an appearance. And of course the NonStop Technical Boot Camp (TBC) will be back again in Northern California by November 11th. Watch the Connect chapter page to find out about all the events being scheduled for NonStop around NonStop Technical Boot Camp 2018 the world. http://www.connect-community.org/chapter-events-2018/ Pre-Conference Seminar Sunday, Nov 11 In the meantime we all hope you enjoy this issue of The Connection and hope to see you at a future event! Karen Copeland NonStop TBC Manager, WW NonStop Product Management Monday, Nov 12 - Wednesday, Nov 14 Mission Critical Solutions Hyatt Regency SFO Airport - Burlingame, CA www.connect-community.org 7 SHELTERED HARBOR PROVIDES PROTECTION FOR FINANCIAL INSTITUTIONS’ DATA Dr. Bill Highleyman >> Managing Editor >> Availability Digest

wo years ago, dozens of U.S. banks, including Citigroup, JPMorgan Chase, and Bank of America, began working on a secret, ultrasecure data bunker called Sheltered Harbor. The data bunker holds a copy of all bank T transaction data to protect it from a devastating cyberattack. What is Sheltered Harbor? Sheltered Harbor is an initiative undertaken by the financial services sector. It provides an extra layer of protection against potential cyber risks. Sheltered Harbor is designed to provide enhanced protection for the customer accounts and data of financial institutions. Its goal is to securely store account data and to recover it even in the event of the loss of operational capability of a bank or brokerage. Multiple industry associations collaborated to develop and deliver Sheltered Harbor. They include: American Bankers Association Credit Union National Association Independent Community Bankers of America Financial Services Forum Financial Services Information Sharing and Analysis Center (FS-ISAC) Financial Services Roundtable National Association of Federal Credit Unions Security Industry and Financial Markets Association The Clearing House These financial services industry trade groups have established new resiliency capabilities to ensure that consumers will be able to access their financial accounts even if their banks or brokerages go out of business. Large banks pay $50,000 to become members of Sheltered Harbor. Smaller banks pay less. Members receive access to the full set of Sheltered Harbor specifications to ensure secure storage and recovery of their account data.

Sheltered Harbor Provides Data Security Sheltered Harbor provides data security through multiple mechanisms: • It is physically isolated from unsecured networks. It has no connection to the Internet (it is air-gapped). • It is redundant and decentralized. • It can survive any attack or disaster because the vaults that store the banking transactions are distributed geographically. Any disaster will leave at least one vault operational. • It prevents data stored in its vaults from being changed by hackers or other unauthorized personnel.

• It is owned by each participant. Customer data stored in a Sheltered Harbor data vault is encrypted and kept private by the institution owning that data. Extracted data is decrypted, validated, formatted, and re-encrypted before it is transmitted to the requesting party via industry-established file formats. Sheltered Harbor establishes standards to increase the resiliency of participating institutions so that they can reliably access their data. It promotes the adoption of these standards and monitors the adherence of financial institutions to these standards so that consumers benefit from the added protections.

A Backup Buddy System Sheltered Harbor provides a backup buddy system. Banks choose ‘restoration’ partners that store a vault of one another’s core data, which is updated each night. If one bank goes down, the other can restore accounts from its buddy vault and make customers whole. Thus, redundant backup vaults eliminate the risk of a single point of failure. Each day, participating banks and brokerage houses convert customer data into a standardized format, encrypt it, save it in air-gapped storage, and put it in the air-gapped storage medium of their restoration partners. Thus, the data is archived in secure vaults that are protected from alteration or deletion.

8 May - June 2018 Sheltered Harbor is Complementary to FS-ISAC FS-ISAC (Financial Services – Information Sharing and Analysis Center) is a U.S. industry trade group representing securities firms, banks, and asset management companies. It is the global financial industry’s resource for cyber and physical threat intelligence analysis and sharing. FS-ISAC is a member-owned, non-profit organization. It was created by and for the financial services industry to help assure the resilience and continuity of the global financial services infrastructure against acts that could significantly impact the sector’s ability to provide services critical to the orderly function of the global financial system and economy. Founded in 1999, FS-ISAC has over 7,000 members worldwide. FS-ISAC enables financial institutions to securely store and rapidly reconstitute account information should the data become lost or corrupted. FS-ISAC makes account information available to customers in the event that an institution appears unable to recover from a cyber incident. In this respect, FS-ISAC performs functions similar to that of Sheltered Harbor and adds to the capabilities of Sheltered Harbor.

Summary Sheltered Harbor was created to provide secure and resilient storage for the financial transactions of banks and brokerages. It is unique in that it is owned by the participating financial institutions. Will Sheltered Harbor ever use blockchain technology to increase its security and resilience? A blockchain model has been created based on the Ethereum block chain. However, it has yet to gain approval by the participating financial institutions.

Acknowledgements Information for this article was taken from the following sources: FS-ISAC and Sheltered Harbor; November 23, 2016. Banks’ underground data vault is evolving – will it use blockchain next?, American Banker; February 16, 2018. www.shelteredharbor.org

Dr. Bill Highleyman brings years of experience to the design and implementation of mission-critical computer systems. As Chairman of Sombers Associates, he has been responsible for implementing dozens of real-time, mission-critical systems - Amtrak, Dow Jones, Federal Express, and others. He also serves as the Managing Editor of The Availability Digest (availabilitydigest.com). Dr. Highleyman is the holder of numerous U.S. patents and has published extensively on a variety of technical topics. He also consults and teaches a variety of onsite and online seminars. Find his books on Amazon. Contact him at [email protected].

www.connect-community.org 9 Blockchain Healthcare& Justin Simonds Master Technologist Hewlett Packard Enterprise

oes your company have transactional workloads? Blockchain ledger – that is, all the transactions that have ever Would you say that there are trust or identity occurred. This means that you can see if someone with a specific challenges between business units? Suppliers? ‘public key’ really does own the Bitcoins he/she claims to own. You Partners? Are your contracts executed manually and don’t trust him/her; you trust the ledger. sometimes have issues? Does your company have The trust occurs because it is out in the open, public and assets that are misplaced or underutilized? If these are some of D there are many, many copies. Since there are so many copies it is your company’s issues a Distributed Ledger (DLT) or a Blockchain inherently distributed, decentralized and public. One important may provide some efficiencies and cost savings. note on decentralization is that there is no ‘master’ chain from In 2008 there was a worldwide financial crisis for those that which the others are copied. All chains have equal value – there is may be new to the planet. It had been building for a long time. no central authority. The open ledger and its many instances are In the United States the stock markets and real estate markets the authority. If the majority agree on the contents of the ledger crashed sending the United States into a protracted recession. that is called consensus. An important aspect at least for the With the collapse of the American economy the effects were Bitcoin implementation is that it is confidential because only public felt worldwide. Some financial institutions failed completely. keys, not actual identities are exchanged. On the Blockchain, a Others were supported by the United States government. But it digital signature or public key is known to possess “x” number of was clear the institutions we trusted to watch over our money bitcoins based on the open public ledger and therefore has the had failed to do so. If you saw the movie “The Big Short” then right to spend those bitcoins which will now be associated with you know. The point is there was international institutional and a new and different public key address. These ‘transactions’ are governmental distrust. In 2008 a mysterious writer using the gathered together until there are enough for a new block to be name Satoshi Nakamoto wrote a whitepaper entitled Bitcoin. It added to the chain. In the Bitcoin implementation of Blockchain was a paper showing how a digital currency could be created that only ‘miners’ can write a new block onto the chain. You too can was independent of countries, institutions and without the backing become a miner just like you can download a copy of the complete of any precious metals. A global currency tied to nothing. In 2009 Blockchain. Of course nowadays with the price of bitcoin so high, Bitcoin (the company) launched based on the Satoshi Nakamoto you had better have a datacenter filled with GPU based systems whitepaper. Bitcoin, the company and cryptocurrency grew from to effectively mine. The reason is that there is a massive compute virtually no value in 2009 to over $10,000 per Bitcoin today (price problem that needs to be solved before a new block is written. varies wildly at times). The ‘problem’ insures that a random miner will win. This is done so that one miner cannot dominate block creation and thereby After the launch of Bitcoin some of the founders determined potentially hack the system. The miners compete attempting to that by using the underlying Blockchain technology many more solve the problem. Once a miner solves the problem they publish things could be accomplished than just keeping a ledger for a the proof of work (solution) to the other miners who agree that cryptocurrency. A new company, Ethereum, was launched with the it is the solution. This also is consensus. This consensus allows concept of a ‘smart contract’. A smart contract is really a program the miner who solved the problem the right to write the next block but one that is duplicated in the ledger and runs based on events onto the chain. For winning, the miner makes some bitcoin from occurring. Like Bitcoin there is no central point of control of the the people doing the transactions in the block – usually from smart contract. Once it’s launched it will run. 0%-4% of the value of the transaction but most importantly when Let’s try to distinguish the technology “Blockchain” from the a new block is written, new bitcoins are created by and given to currency platform “Bitcoin” and the smart contract platform the successful miner. Today that amount is 12.5 bitcoins. So it is Ethereum. Of course both platforms use Blockchain as the very lucrative to be a miner (a successful miner). Multiplying 12.5 underlying technology. One of the advantages a Blockchain can times $11,000 and one can see why people have invested so much offer is trust between two parties that don’t necessarily trust in mining. Each block points to (is chained to) the previous block each other. This is accomplished by having an ‘open’, shared and therefore are ‘chained’ all the way back to the very first block ledger. Anyone (even you) can get a complete copy of the Bitcoin known as the genesis block.

10 May - June 2018 A look at why Bitcoin’s blockchain Figure 1 is immutable. There just aren’t enough computing resources to recalculate the number of previous blocks and also win the current mining race and change all the copies in the world (See Figure 1). In terms of the double spend problem, immutability, security, authentication and privacy Blockchain Bitcoin overcomes all the technical challenges so why isn’t everyone using it? The Bitcoin platform & was designed to run the Bitcoin transaction load. It was NOT designed to run a major credit card transaction rate. When comparing it to existing Healthcare banking and credit card platforms there are Justin Simonds Master Technologist Hewlett Packard Enterprise many issues: low capacity, poor response time (10 MINUTES for Bitcoin!), poor (no) governance, unknown cost (# of nodes/miners), anonymous miners and cryptocurrencies These are some real-world issues that make Bitcoin, as-is, unusable at present for workloads such as credit card transaction rates – 5,000+ transactions per second. oes your company have transactional workloads? Blockchain ledger – that is, all the transactions that have ever But the technology holds promise and many Would you say that there are trust or identity occurred. This means that you can see if someone with a specific are looking at modifying the original ideology a bit challenges between business units? Suppliers? ‘public key’ really does own the Bitcoins he/she claims to own. You to develop private, permissioned Blockchains and Partners? Are your contracts executed manually and don’t trust him/her; you trust the ledger. ledgers. Without the forced open, public, shared sometimes have issues? Does your company have The trust occurs because it is out in the open, public and everything model platforms could be developed assets that are misplaced or underutilized? If these are some of D there are many, many copies. Since there are so many copies it is that were more controlled, more secure and by your company’s issues a Distributed Ledger (DLT) or a Blockchain inherently distributed, decentralized and public. One important invitation. This would allow some of the things may provide some efficiencies and cost savings. note on decentralization is that there is no ‘master’ chain from that govern and slowdown Bitcoin to be overcome. In 2008 there was a worldwide financial crisis for those that which the others are copied. All chains have equal value – there is In a controlled environment miners could be may be new to the planet. It had been building for a long time. no central authority. The open ledger and its many instances are optional. Without miners there would not be any In the United States the stock markets and real estate markets the authority. If the majority agree on the contents of the ledger need to arbitrarily limit blocks of transactions crashed sending the United States into a protracted recession. that is called consensus. An important aspect at least for the to 10 minutes. Security could be handled by With the collapse of the American economy the effects were Bitcoin implementation is that it is confidential because only public agreements and standards instead of compute felt worldwide. Some financial institutions failed completely. keys, not actual identities are exchanged. On the Blockchain, a intensive hashes and encryptions. So speed, scale Others were supported by the United States government. But it digital signature or public key is known to possess “x” number of and security could be addressed and still allow the benefits of a consensus model. was clear the institutions we trusted to watch over our money bitcoins based on the open public ledger and therefore has the With private chains or distributed ledgers we now have a potential spectrum of offerings by differing public and private and had failed to do so. If you saw the movie “The Big Short” then right to spend those bitcoins which will now be associated with permissioned and permissionless access to the chain/ledger (See Figure 2). With these different options there are lots of startups each you know. The point is there was international institutional and a new and different public key address. These ‘transactions’ are with just a little better idea than bitcoin…. governmental distrust. In 2008 a mysterious writer using the gathered together until there are enough for a new block to be One of these startups, R3 has developed a very name Satoshi Nakamoto wrote a whitepaper entitled Bitcoin. It added to the chain. In the Bitcoin implementation of Blockchain interesting Distributed Ledger product called Corda. was a paper showing how a digital currency could be created that only ‘miners’ can write a new block onto the chain. You too can Figure 2 The R3/DLT limits sharing and limits participants was independent of countries, institutions and without the backing become a miner just like you can download a copy of the complete (private, permissioned). This tackles both the privacy of any precious metals. A global currency tied to nothing. In 2009 Blockchain. Of course nowadays with the price of bitcoin so high, and scalability issues inherent in most Blockchain Bitcoin (the company) launched based on the Satoshi Nakamoto you had better have a datacenter filled with GPU based systems implementations. The R3/DLT limits who receives whitepaper. Bitcoin, the company and cryptocurrency grew from to effectively mine. The reason is that there is a massive compute each transaction into channels or sub-ledgers (data virtually no value in 2009 to over $10,000 per Bitcoin today (price problem that needs to be solved before a new block is written. segregation). So the R3 DLT only requires consensus varies wildly at times). The ‘problem’ insures that a random miner will win. This is done on the state of a sub-ledger to parties within a so that one miner cannot dominate block creation and thereby After the launch of Bitcoin some of the founders determined channel (channel independence). Therefore there potentially hack the system. The miners compete attempting to that by using the underlying Blockchain technology many more is no unnecessary global sharing of data and only solve the problem. Once a miner solves the problem they publish things could be accomplished than just keeping a ledger for a those parties with a legitimate need to know can the proof of work (solution) to the other miners who agree that cryptocurrency. A new company, Ethereum, was launched with the see the data within an agreement. The workflow is it is the solution. This also is consensus. This consensus allows concept of a ‘smart contract’. A smart contract is really a program choreographed between firms but without a central the miner who solved the problem the right to write the next block but one that is duplicated in the ledger and runs based on events controller. This enables regulatory and supervisory observer nodes which will be critical for banking and most other industries. Unlike onto the chain. For winning, the miner makes some bitcoin from occurring. Like Bitcoin there is no central point of control of the Bitcoin, transactions are validated by parties to the transaction rather than a broader pool of unrelated validators (miners). The the people doing the transactions in the block – usually from smart contract. Once it’s launched it will run. ledger records an explicit link between human-language legal prose documents and smart contract code so that transactions within 0%-4% of the value of the transaction but most importantly when an R3 DLT are legally enforceable. And the R3 code is built on industry-standard tools. Additionally R3 has no currency standards and Let’s try to distinguish the technology “Blockchain” from the a new block is written, new bitcoins are created by and given to customers are free to use any currency they wish so with R3 there is no native cryptocurrency. Corda is not a blockchain which they currency platform “Bitcoin” and the smart contract platform the successful miner. Today that amount is 12.5 bitcoins. So it is believe has some advanatges. Blockchain involves a specific architecture for implementing distributed ledgers whereas Corda provides Ethereum. Of course both platforms use Blockchain as the very lucrative to be a miner (a successful miner). Multiplying 12.5 the fundamental services of a blockchain, but with a different physical implementation that does not require each state change to be underlying technology. One of the advantages a Blockchain can times $11,000 and one can see why people have invested so much broadcast to all nodes. This eliminates the expensive and resource-intensive proof-of-work mining operations that are required for a offer is trust between two parties that don’t necessarily trust in mining. Each block points to (is chained to) the previous block blockchain like Bitcoin. So Corda is much more robust and flexible for storing complete executable contracts. The contract logic in each other. This is accomplished by having an ‘open’, shared and therefore are ‘chained’ all the way back to the very first block Bitcoin is an “after-market” addition, not designed from the beginning within the Bitcoin blockchain architecture. ledger. Anyone (even you) can get a complete copy of the Bitcoin known as the genesis block.

www.connect-community.org 11 So can this technology, Distributed Ledgers or Blockchains chain verifying the patient has indeed followed all instructions. bring efficiencies to and reduce costs in Healthcare? Let’s This is very impactful given the number of readmissions following compare a Blockchain/DLT environment to the Health Information a hospital stay where patients have not followed recommended Exchange (HIE) which never seemed to get off the ground, even procedures which is both dangerous for the patient and very though it was and is a great idea and one that would fit the expensive for whomever has to foot the bill for the readmission. NonStop architecture quite well. In architecting that environment Drug manufacturing could be traced through shared ledger there would be a central authority (the HIE) that would have the technology from the manufacturer to the wholesaler, to the health database of record. Organizations would send data to the pharmacy to the patient providing a complete tracking of the HIE and request data from the HIE. If we take a fresh look perhaps medications. Although very helpful in the event of a recall, this a better way to achieve the record sharing and trust required also would be instrumental in reducing pharmaceutical fraud. for an HIE would be with a shared ledger. Ledgers are kept and Drug ‘identity’ and source could be verified in the ledger. Also changes approved by the members of the consortium. There is once a patient received medication, that same patient would be no central authority but a shared authority. This in turn should unable to ‘fill the prescription’ at another pharmacy. reduce costs since a separate organization and separate system Figure 3 ’m a heads down, roll up your sleeves kind of leader. I started Q1 2018 also marks the release of a brand new product - out at XYPRO on the ground floor 27 years ago and feel most XYGATE Identity Connector. Our new technology partnership with I comfortable in the trenches with the team, making sure they’ve SailPoint, a proven leader in enterprise Identity Management, got what they need to be successful. I know I don’t provide public means that XYPRO provides the first and only SailPoint-certified updates nearly as often as I should, so this blog is an excellent integration for HPE NonStop servers. exercise in reflection as the events of a year are distilled into a message that conveys where we’ve been and where we’re going as a company. The impact we’re having and are still to have on Mission Critical Security & Risk Management is the heartbeat of XYPRO’s business opportunity and it’s what we identify as our mission. We’re thrilled with what we accomplished in 2017 and the plans for 2018 that are already coming to fruition. In addition to 2017 being another record revenue year, it was an exemplary year for us in several areas. Following an executive restructuring in Q1 we were able to streamline our product management and engineering divisions, improving product vision, time to market and overall company What drives us every day? communication and productivity. What is XYPRO’s raison d’etre? In March we finalized XYPRO’s acquisition of Canadian database We all live our daily lives relying specialist Merlon Software Corporation, which increased our on technology. Mission Critical global client base and added a sophisticated suite of Database security solutions allow us to Management products to our HPE NonStop Mission Critical securely shop, bank, manage our Software catalogue and a great group of people to our company. fi nances and stock portfolios, wire Amalgamating the very experienced team from Merlon with the money and pay for things with credit cards, mobile phones and all and database would not be required. One of the issues with the One of the most important benefits of Blockchain in Healthcare growing XYPRO family was new territory for us and has proven to types of newer tech innovations. At the heart of these activities HIE was the patient record which might look very different from is that it puts the consumer in the driver’s seat (see Figure 3). be a very rewarding experience. is the digital core where your data resides - moving, talking, organization to organization. Data modeling and transformation At present doctor’s office, Lab, hospital and pharmacy all have A key factor to ensuring happy customers is to make sure that transacting, doing what data does. At XYPRO, we believe that no would have to be done to get the records in the approved HIE information about us. With the implementation of a Blockchain we people enjoy coming to work every day. One of the ways we try to data is more important than your data and we protect your data like format. Additionally when sharing data to another member that would have control of our information and how it gets distributed. accomplish this is ensuring that each employee knows they are a it’s our own. Because it is. data would need to be transformed into the format of the receiving That may be the most important benefit of all. Putting our health valuable contributor to the our success and in Q2, 2017 we were system. That’s a lot of complexity and a lot of processing. In information in our own control. honored as one of Inc. Magazine’s “Best Places to Work 2017”. Lisa Partridge, CEO a shared ledger approach a standard could be agreed upon Happy employees give their best and make sure that customers XYPRO Technology by all members. A Distributed Ledger may be worth a look to know we’re on their side. organization that could have benefited from a HIE. www.xypro.com Justin Simonds is a Master Technologist for the Americans Enterprise Solutions In November we officially released our new Security @XYPROTechnology Another example given the requirements for vaccinations to and Architecture group (ESA) under the business critical division of Hewlett Intelligence & Risk Management solution, XYGATE SecurityOne Packard Enterprise. His focus is on real-time, event-driven architectures, attend school in the United States, would be to have a shared (XS1). This milestone marks a significant shift towards marrying ledger with a family health record. The parents could control business intelligence for major accounts and strategic business development. our expertise in HPE NonStop server security with innovative, truly P.S. Watch for more exciting product access to the records but imagine a 5 year old child getting a set He is involved with HPE Labs on several pilot projects. He has worked on Internet of Things (IoT) initiatives and integration architectures for improv- cutting-edge technology focused on reducing risk in the Mission announcements over the next few months as of vaccinations. This “event” is written to the smart contract ing the reliability of IoT off erings. He has written articles and whitepapers for Critical environment. Navy Federal Credit Union, one of those first well as an update on the “patent pending” running in the ledgers. That event could trigger a payment to the internal publication on Helion cloud, TCO/ROI, availability, business intelligence, deployments, has written an article about the experience and status of the technology behind XS1! physician, or healthcare facility administering the vaccinations. Internet of Things, Blockchain and Converged Infrastructure. He has been benefits gained from XYGATE SecurityOne. Additionally when the child enrolls in school the vaccination published in The Connection magazine. He is a featured speaker at HPE’s records could be released to the school for eliegability. Insurance Technology Forum and at HPE’s Executive Briefi ng Center and at industry It’s already the end of companies could also be allowed to verify vaccinations and conferences such as the XLDB Conference at Stanford, IIBA and the Q1 2018 and we’re off to a even Hospitals in the event a child came in with a cut, have they Metropolitan Solutions Conference. busy start! XYPRO’s annual had a tetanus shot? This could also be used to trigger follow- corporate kick-off was held Right before publication of this article we learned about the on vaccination requirements for boosters and age appropriate in February and we marched passing of our HPE NonStop Security colleague, Thomas Burg, vaccinations. headlong into our new year! CTO of comForte 21 GmbH. Thomas’s enthusiasm for information We celebrated team success security was genuine and the NonStop community is better off A Blockchain could prove that a patient has followed a with a marching band and a because of Thomas’s contributions. We send our condolences to physician’s treatment plan. Medications, physical therapy and fantastic group photo that Thomas’s family and the team at comForte. Respect. follow-up laboratory procedures could all become events on the highlights our energy, diversity, enthusiasm and camaraderie.

12 May - June 2018 So can this technology, Distributed Ledgers or Blockchains chain verifying the patient has indeed followed all instructions. bring efficiencies to and reduce costs in Healthcare? Let’s This is very impactful given the number of readmissions following compare a Blockchain/DLT environment to the Health Information a hospital stay where patients have not followed recommended Exchange (HIE) which never seemed to get off the ground, even procedures which is both dangerous for the patient and very though it was and is a great idea and one that would fit the expensive for whomever has to foot the bill for the readmission. NonStop architecture quite well. In architecting that environment Drug manufacturing could be traced through shared ledger there would be a central authority (the HIE) that would have the technology from the manufacturer to the wholesaler, to the health database of record. Organizations would send data to the pharmacy to the patient providing a complete tracking of the HIE and request data from the HIE. If we take a fresh look perhaps medications. Although very helpful in the event of a recall, this a better way to achieve the record sharing and trust required also would be instrumental in reducing pharmaceutical fraud. for an HIE would be with a shared ledger. Ledgers are kept and Drug ‘identity’ and source could be verified in the ledger. Also changes approved by the members of the consortium. There is once a patient received medication, that same patient would be no central authority but a shared authority. This in turn should unable to ‘fill the prescription’ at another pharmacy. reduce costs since a separate organization and separate system Figure 3 ’m a heads down, roll up your sleeves kind of leader. I started Q1 2018 also marks the release of a brand new product - out at XYPRO on the ground floor 27 years ago and feel most XYGATE Identity Connector. Our new technology partnership with I comfortable in the trenches with the team, making sure they’ve SailPoint, a proven leader in enterprise Identity Management, got what they need to be successful. I know I don’t provide public means that XYPRO provides the first and only SailPoint-certified updates nearly as often as I should, so this blog is an excellent integration for HPE NonStop servers. exercise in reflection as the events of a year are distilled into a message that conveys where we’ve been and where we’re going as a company. The impact we’re having and are still to have on Mission Critical Security & Risk Management is the heartbeat of XYPRO’s business opportunity and it’s what we identify as our mission. We’re thrilled with what we accomplished in 2017 and the plans for 2018 that are already coming to fruition. In addition to 2017 being another record revenue year, it was an exemplary year for us in several areas. Following an executive restructuring in Q1 we were able to streamline our product management and engineering divisions, improving product vision, time to market and overall company What drives us every day? communication and productivity. What is XYPRO’s raison d’etre? In March we finalized XYPRO’s acquisition of Canadian database We all live our daily lives relying specialist Merlon Software Corporation, which increased our on technology. Mission Critical global client base and added a sophisticated suite of Database security solutions allow us to Management products to our HPE NonStop Mission Critical securely shop, bank, manage our Software catalogue and a great group of people to our company. fi nances and stock portfolios, wire Amalgamating the very experienced team from Merlon with the money and pay for things with credit cards, mobile phones and all and database would not be required. One of the issues with the One of the most important benefits of Blockchain in Healthcare growing XYPRO family was new territory for us and has proven to types of newer tech innovations. At the heart of these activities HIE was the patient record which might look very different from is that it puts the consumer in the driver’s seat (see Figure 3). be a very rewarding experience. is the digital core where your data resides - moving, talking, organization to organization. Data modeling and transformation At present doctor’s office, Lab, hospital and pharmacy all have A key factor to ensuring happy customers is to make sure that transacting, doing what data does. At XYPRO, we believe that no would have to be done to get the records in the approved HIE information about us. With the implementation of a Blockchain we people enjoy coming to work every day. One of the ways we try to data is more important than your data and we protect your data like format. Additionally when sharing data to another member that would have control of our information and how it gets distributed. accomplish this is ensuring that each employee knows they are a it’s our own. Because it is. data would need to be transformed into the format of the receiving That may be the most important benefit of all. Putting our health valuable contributor to the our success and in Q2, 2017 we were system. That’s a lot of complexity and a lot of processing. In information in our own control. honored as one of Inc. Magazine’s “Best Places to Work 2017”. Lisa Partridge, CEO a shared ledger approach a standard could be agreed upon Happy employees give their best and make sure that customers XYPRO Technology by all members. A Distributed Ledger may be worth a look to know we’re on their side. organization that could have benefited from a HIE. www.xypro.com Justin Simonds is a Master Technologist for the Americans Enterprise Solutions In November we officially released our new Security @XYPROTechnology Another example given the requirements for vaccinations to and Architecture group (ESA) under the business critical division of Hewlett Intelligence & Risk Management solution, XYGATE SecurityOne Packard Enterprise. His focus is on real-time, event-driven architectures, attend school in the United States, would be to have a shared (XS1). This milestone marks a significant shift towards marrying ledger with a family health record. The parents could control business intelligence for major accounts and strategic business development. our expertise in HPE NonStop server security with innovative, truly P.S. Watch for more exciting product access to the records but imagine a 5 year old child getting a set He is involved with HPE Labs on several pilot projects. He has worked on Internet of Things (IoT) initiatives and integration architectures for improv- cutting-edge technology focused on reducing risk in the Mission announcements over the next few months as of vaccinations. This “event” is written to the smart contract ing the reliability of IoT off erings. He has written articles and whitepapers for Critical environment. Navy Federal Credit Union, one of those first well as an update on the “patent pending” running in the ledgers. That event could trigger a payment to the internal publication on Helion cloud, TCO/ROI, availability, business intelligence, deployments, has written an article about the experience and status of the technology behind XS1! physician, or healthcare facility administering the vaccinations. Internet of Things, Blockchain and Converged Infrastructure. He has been benefits gained from XYGATE SecurityOne. Additionally when the child enrolls in school the vaccination published in The Connection magazine. He is a featured speaker at HPE’s records could be released to the school for eliegability. Insurance Technology Forum and at HPE’s Executive Briefi ng Center and at industry It’s already the end of companies could also be allowed to verify vaccinations and conferences such as the XLDB Conference at Stanford, IIBA and the Q1 2018 and we’re off to a even Hospitals in the event a child came in with a cut, have they Metropolitan Solutions Conference. busy start! XYPRO’s annual had a tetanus shot? This could also be used to trigger follow- corporate kick-off was held Right before publication of this article we learned about the on vaccination requirements for boosters and age appropriate in February and we marched passing of our HPE NonStop Security colleague, Thomas Burg, vaccinations. headlong into our new year! CTO of comForte 21 GmbH. Thomas’s enthusiasm for information We celebrated team success security was genuine and the NonStop community is better off A Blockchain could prove that a patient has followed a with a marching band and a because of Thomas’s contributions. We send our condolences to physician’s treatment plan. Medications, physical therapy and fantastic group photo that Thomas’s family and the team at comForte. Respect. follow-up laboratory procedures could all become events on the highlights our energy, diversity, enthusiasm and camaraderie.

www.connect-community.org 13 The Better Backup Method Paul J. Holenstein Executive Vice President, Gravic, Inc. Dr. Bruce Holenstein President and CEO, Gravic, Inc. Dr. Bill Highleyman Managing Editor, Availability Digest

The need to back up data has existed as long as data itself. Sometimes the backup is needed for historical purposes, for example, to preserve a snapshot of the information in time. In other cases, it is used to maintain an accurate and up-to-date copy of the information if the primary copy is lost or corrupted.

14 May - June 2018 agnetic tape is the oldest backup medium still in use. It was introduced in 1951, but tape sales began to fall with the introduction of high-speed and high-capacity hard disks, DVD’s, CD’s, M and other innovations such as cloud storage. However, utilizing magnetic tape is on the rise again. With so much big data created by mobile devices and IoT sensors, there is a growing need for an economical and effi cient way to back up this data. Many companies are returning to tape to fi ll this need.1

Physical Tape, Virtual Tape, and the Backup Problem Magnetic tape, however, has its disadvantages. Physical tapes are bulky and handling large numbers of them is a cumbersome and time-consuming process, including shipping offsite or retrieving from storage. Tape is primarily a streaming medium, and it is relatively slow to access an arbitrary position to write or read the data stored on it. Inserting additional information often has to be appended at the end instead of in the middle where other related data may be stored. To solve the most problematic of these issues, tape was virtualized to allow disks and other storage media to archive the information, thereby allowing automatic processing for recording or retrieving the information with high-speed supporting networks to more easily transfer the information offsite or onsite. Despite these advances, classic backup and restore methodologies using tape, virtual tape, or other technologies still suffer from numerous inefficiencies that must be overcome to allow backups and restores to function in the new big data environments. This article will discuss advances to address these issues. In current systems, the volume of data being generated that needs to be backed up can easily overwhelm even the fastest virtual tape methods. The problem compounds itself if the body of data grows or quickly changes (big data volumes), and/or the database is constantly and actively being accessed to provide a critical service. We call these mission-critical databases and mission-critical services. In this article, we primarily focus on backing up and restoring transactional mission-critical databases, since these databases support most companies and organizations’ critical applications. Most mission-critical databases cannot be taken offline, even briefly; therefore, enterprises must create backups of actively updated databases. Unfortunately, since transaction processing is active while the backup occurs, some of the data changes that are being backed up may abort and subsequently come undone, which means the backup has “dirty” data in it. Additionally, as the database is being backed up, the data that was previously backed up is being changed, causing an inconsistent backup. Fortunately, methods have evolved over time to not only back up the database, but to also capture the subsequent change data that has occurred since the backup started (or completed) so that the inconsistent and stale copy can be made consistent and brought current when retrieved and restored. How is an online backup process accomplished, and how can it be improved and made more efficient? Doing so would lead to faster backup and recovery methods, use less storage, and provide more consistent and current information when the backup copy is maintained and eventually restored.

Online Backup of an Active Database A method to back up an active (“online”) database is needed to ensure that the backup is current, consistent, and complete: • Current means that the backup is up-to-date and not stale. A snapshot of the data means that all of the data that was backed up is kept current to a specific point in time. • Consistent means that the backup is accurate, (e.g., referential integrity is preserved; the so- called dirty data is removed). • Complete means that the backup represents the entire database (or a specific/important subset of the data). • Additionally, the backup should not consume more resources (such as disk or other persistent storage) than is needed to reconstruct the database – either to a point-in-time or to the current state.

The Traditional Backup Method It is common practice (the Traditional Backup Method) periodically to back up a database onto a medium such as magnetic tape, virtual tape, cloud infrastructure, solid-state storage, or other persistent storage as shown in Figure 1 (1). Throughout this article, the use of the phrase tape for the backup copy medium is meant to include all of these storage medium locations and technologies and is not meant to limit the reference to just classic electronic tape technologies.2 The use of the word tape or phrase backup medium implies a persistent storage device.

1 For more information on the rise and fall and rise again of tape, please see the Availability Digest article, http://www.availabilitydigest.com/public_articles/1210/mag_tape_comeback.pdf.

2 The recent advances in tape density, writing and reading speeds, and the longevity of tape media over other storage technologies has reinvigorated the use of tried-and-true physical tape for saving copies of information for long periods of time. www.connect-community.org 15 magnetic tape virtual tape solid-state memory (2) (3) changes source (4) online backup data tape base (1) (8) roll forward

(6) (5) oldest changes change change change change log 4 log 3 log 2 log 1 Account 374 = $10 newest changes (7) beginning Account Account Account of backup 374 = $92 374 = $38 374 = $74

Figure 1: The Traditional Backup Method

As shown in Figure 1, a backup is taken of a source database (2) while it is actively supporting transaction processing (3). Thus, the source database is changing as the backup takes place. This is known as an online backup (4). The problem with an online backup is that it takes time to complete, and changes are occurring to the database during this time. Data written to the backup could be changing, and if the transaction aborts, the changes will be undone. Data written early in the backup phase is missing subsequent changes, but data written later in the backup contains more of the application’s changes. Therefore, the data in the backup is inconsistent. The classic method to resolve this issue is to capture all changes made to the database while the backup occurs, and eventually to replay them over a subsequently restored copy of the database to “roll” it forward to make it consistent and current. More specifically, in order to restore a consistent (e.g., from a relational perspective, logically complete and usable to applications) database on a target system, the changes that are occurring during and following the backup must be written to a persistent change log such as an audit trail, a redo log, a journal, or equivalent data structure. In Figure 1, the oldest changes were written to Change Log 1 (5) and the newest changes to Change Log 4 (6). The restore process then typically involves marking the persistent change log via various methods to note the time or relative position in the change log at which the backup began (7). The database is restored onto the target system by loading the backup copy onto it, and the pertinent change logs are sequentially rolled forward (8) to apply the changes that occurred after the backup started in order to make the target database current, consistent, and complete. In Figure 1, the pertinent change logs are Change Logs 2, 3, and 4. (Change Log 1 was created before the backup began, and its changes are already reflected in the source database and were captured by the backup operation at the time the backup began.) Therefore, in Figure 1, once the backup copy has been loaded onto to the target database, the changes in Change Logs 2, 3, and 4 must be applied to the target database to bring it current and to a consistent state. It at least must be brought current to the time that the backup operation ended, since additional changes were likely made to the source database after the backup ended. A problem with this technique is that several change logs may be required to hold the changes that occurred during the backup. For a very active source application with many changes occurring per second, there may be many such change logs required to hold all of the changes that occurred during the backup. These change logs all must be saved and made available (typically very quickly) if a restore sequence is needed. For instance, as shown in Figure 1, Account 374 initially is backed up with an account value of $10. This change was made in log file 1, which occurred before the backup began. Account 374 subsequently is updated by the application to $74, then $38, and finally to $92; this sequence is reflected in the log files. These values are applied to Account 374 as the roll forward takes place. More specifically, the restore writes the initial value of account 374 from when the original backup occurred ($10). The log files then replay in succession, starting with log file 2, then log file 3, then log file 4 as shown in Figure 1. Unfortunately, the old values for this account replay before ultimately ending at the correct account value of $92. Besides being a lengthy process, which also requires a lot of storage for the log files, any access to the database during this time experiences old and inconsistent information while the replay of the data occurs. If the original database fails, denying users access to this information during this time will prolong an outage.

16 May - June 2018 Furthermore, as shown in Figure 2, many of the changes that occur during the backup operation already may have been captured by the backup if they occurred after the backup operation started, but before those particular data objects (or part of the database) were copied to the backup medium. magnetic tape Thus, these changes are a duplicate of data that already was backed up. Worse, there could be a virtual tape series of changes to the same data that occurred after the backup began, but before that data was solid-state memory subsequently backed up, and rolling forward through those changes will actually cause the restored (2) data to reflect older (and inconsistent) values while it is being rolled forward, as shown in Figure 2. (3) changes source (4) online backup Account 374 starts off at $10 (when the backup starts), is updated to $74, then $38, and finally to data tape $92; however, it is not backed up until it is $38, as represented by the change captured in log file 3. base (1) (8) roll Using this method of restore and roll forward, Account 374 is initially restored from the backup to forward $38, but then is updated to old account values ($74 in log file 2, then $38 in log file 3, then $92 in log file 4) while all of the log files are processed and the changes are rolled forward. (6) (5) oldest changes change change change change log 4 log 3 log 2 log 1 Account persistent 374 = $10 storage device newest changes (7) beginning Account Account Account of backup changes source online backup 374 = $92 374 = $38 374 = $74 tape data account 374 base Figure 1: The Traditional Backup Method

oldest As shown in Figure 1, a backup is taken of a source database (2) while it is actively supporting changes change change change change transaction processing (3). Thus, the source database is changing as the backup takes place. This is log 4 log 3 log 2 log 1 known as an online backup (4). newest The problem with an online backup is that it takes time to complete, and changes are occurring to changes beginning Account Account Account the database during this time. Data written to the backup could be changing, and if the transaction of backup 374 = $92 374 = $38 374 = $74 aborts, the changes will be undone. Data written early in the backup phase is missing subsequent Account changes, but data written later in the backup contains more of the application’s changes. Therefore, 374 = $10 the data in the backup is inconsistent. The classic method to resolve this issue is to capture all Account 374 = $38 backed up here changes made to the database while the backup occurs, and eventually to replay them over a subsequently restored copy of the database to “roll” it forward to make it consistent and current. More specifically, in order to restore a consistent (e.g., from a relational perspective, logically Figure 2: Backing Up Duplicate Data complete and usable to applications) database on a target system, the changes that are occurring during and following the backup must be written to a persistent change log such as an audit trail, Consequently, restoring a backup requires rolling forward through several change logs, which may a redo log, a journal, or equivalent data structure. In Figure 1, the oldest changes were written to take a great deal of time and consume a great deal of storage medium resources for all of the change Change Log 1 (5) and the newest changes to Change Log 4 (6). log files. Furthermore, rolling forward through all of the changes that occurred during the backup The restore process then typically involves marking the persistent change log via various methods makes the restored data out-of-date and inconsistent until the final set of changes are replayed from to note the time or relative position in the change log at which the backup began (7). The database is the log file(s). Additionally, during this process, the source database is still being updated; these restored onto the target system by loading the backup copy onto it, and the pertinent change logs are changes must be logged and rolled forward to update the restored backup to a current and consistent sequentially rolled forward (8) to apply the changes that occurred after the backup started in order to state to when the backup operation ended. All of this processing takes a considerable amount of time make the target database current, consistent, and complete. to accomplish. In Figure 1, the pertinent change logs are Change Logs 2, 3, and 4. (Change Log 1 was created before the backup began, and its changes are already reflected in the source database and were The Better Backup Method captured by the backup operation at the time the backup began.) Therefore, in Figure 1, once the The Better Backup Method is shown in Figure 3. It is similar to the Traditional Backup Method backup copy has been loaded onto to the target database, the changes in Change Logs 2, 3, and 4 shown in Figure 1 in that the contents of the source database (2) are written to a backup medium (1). must be applied to the target database to bring it current and to a consistent state. It at least must be brought current to the time that the backup operation ended, since additional changes were likely made to the source database after the backup ended. persistent A problem with this technique is that several change logs may be required to hold the changes storage device that occurred during the backup. For a very active source application with many changes occurring per second, there may be many such change logs required to hold all of the changes that occurred changes source (2) (6) online backup (1) during the backup. These change logs all must be saved and made available (typically very quickly) if data tape a restore sequence is needed. base For instance, as shown in Figure 1, Account 374 initially is backed up with an account value of roll $10. This change was made in log file 1, which occurred before the backup began. Account 374 forward subsequently is updated by the application to $74, then $38, and finally to $92; this sequence is (5) (3) reflected in the log files. These values are applied to Account 374 as the roll forward takes place. More specifically, the restore writes the initial value of account 374 from when the original backup occurred ($10). The log files then replay in succession, starting with log file 2, then log file 3, then change change change change log 4 log file 4 as shown in Figure 1. Unfortunately, the old values for this account replay before ultimately log 3 log 2 log 1 ending at the correct account value of $92. Besides being a lengthy process, which also requires Account Account a lot of storage for the log files, any access to the database during this time experiences old and Account 374 = $92 374 = $38 374 = $74 (4) beginning inconsistent information while the replay of the data occurs. If the original database fails, denying of backup users access to this information during this time will prolong an outage. Figure 3: The Better Backup Method

www.connect-community.org 17 The Better Backup Method – Change Logs Since the source database is actively being updated, restoring it from the backup medium does not provide a consistent database, because some of the data may be dirty, and changes made to that portion of the source database that were previously backed up are not included in the backup copy. These changes must be captured in a change log and applied to the restored version in order to make it consistent, current, and complete. The Better Backup Method recognizes that changes for data that are not backed up yet do not have to be written to a change log. These changes were made to the data in the source database and will be carried to the backup medium when they are written to that medium as part of the backup operation. Thus, the consistency of the backup database is preserved without having to roll forward these changes.

The Better Backup Method – Database Restore During the restore process, the captured changes in the change logs must be rolled forward to the restored copy of the backed-up database. In Figure 3, Change Log 1 (3) contains changes that were made to the source database before the backup began (4). Therefore, its contents do not have to be rolled forward to the backup copy of the database when it is restored. However, Change Log 2 (5) contains some changes that were made to the source database following the initiation of the backup; and these changes must be rolled forward to the restored backup copy to make the database consistent. Once the changes have caught up with the online backup, there is no further need to log changes and to roll them forward. All changes to the source database will be included in the online backup data stream (6), guaranteeing the consistency of the backup database. Therefore, Change Logs 3 and 4 (and perhaps some changes in Change Log 2) do not have to be saved nor applied to the backup when it is restored. Note that during the restore process, the database is not in a consistent state; it is made consistent once all of the changes in the change log are rolled forward to it. Thus, the restored database eventually is consistent, current, and complete, which is also known as eventual consistency. Also, note that the data being restored is not going to revert to previous values during the restore process. For instance, assume that the backup begins at time T1, and data D1 is changed after T1 to D2, then to D3, then to D4. This data object backs up at time T2 when its value is D2. The classic approach backs up D2, then rolls forward changes and sets it back to D1 (as that is the first change restored), then D2, D3, and finally D4. Therefore, the database is very inconsistent during the restore process and in fact, is rolled back to a previous value when D1 is applied. One alternative approach is to capture the database at D2 and not replay the D1 or D2 changes, and only replay the D3 and D4 changes. Over time, the database is consistent; it resets to older values than the final value, but not older than the initial value. Another alternative approach is to capture D2 and then overlay it with D3 and later D4 (either in the change log or the backup copy itself) before beginning the restore process. To resolve backed up dirty data, either aborted information is removed from the logs during replay, or the dirty data is overwritten by the eventual “backout” data that is written when a transaction aborts. Removing the aborted information is a simple process if the logs are read in reverse, as discussed later, or if a list of aborted transactions is maintained along with the change logs so that when the change logs are applied (rolled forward), any aborted transactions can be skipped. Only portions of the change logs that are required under the Traditional Backup Method are needed in the Better Backup Method. The fewer the change logs, the less processing is required to create them and the less storage is required to save them. Perhaps even more importantly, the fewer the change logs, the less time is required to roll them forward, and the online backup/restore processing becomes much faster and more efficient. Additionally, the restored data goes through fewer data consistency issues (and in some implementations no issues) while it is being restored to a current and complete value.

Performance and Eﬃ ciency Improvements An improvement in performance and efficiency can be achieved by saving only the last change to a specific data object that is being modified multiple times, as shown in Figure 4. In the figure, only the most recent change to a particular data item is shown; previous changes to that same data item are removed. More specifically, if a change is made to a data object that was previously changed, the first change can be located in the change log and replaced with the new change. If the first change previously was backed up, it can be located on the backup medium and replaced with the new change.

18 May - June 2018 persistent storage device

changes source (2) (6) online backup (1) data tape base roll forward

(5) (3)

change change replace existing log 2 log 1 change, if any Account 374 = $92 (4) beginning of backup

Figure 4: Roll Forward an Existing Change

Alternatively, changes to previously backed up data directly can be made to the backup medium as shown in Figure 5. This method eliminates the need for change logs and roll-forward operations.

persistent storage device

changes online backup source tape

replace existing backup data as changes are made

Figure 5: Modify Existing Changes on Tape with New Changes

Another potential performance improvement can be achieved by reading the log files in reverse during the backup, and eliminating any data for transactions that abort as well as only saving the most recent (committed) change for each data item encountered. In a similar manner, the backup operation can physically process the source database, block by block, rather than logically processing it by ascending (or descending) key path or some other logical or physical order (as mandated by the technology being used). This physical process can make the determination of whether to save a change that has occurred, since the backup is much faster. More specifically, using a physical path (such as the physical order the blocks appear in the file) to access the data is often much faster than using a logical path (such as an index tree) to access the data when the backup is initially taken.

The Continuous Backup Method The Continuous Backup Method provides the capability to continuously save further changes made to the source database after the backup is taken in a persistent change log. As the backup copy is initially copied, any changes that were made to the previously copied portion are written to the continuous backup change log. Thereafter, all further changes to the source database also are written to the continuous backup change log. The backup copy becomes consistent, current, and complete at that (and every) point in time by continuously rolling forward the changes in the continuous backup change log to the backup copy.3 When it is time to restore the database, the backup copy simply is written to the target database to bring it consistent, current, and complete.

3 Of course, performing a continuous backup starts to approach the availability and consistency/completeness of using a classic data replication engine to create and maintain the backup copy. While we advocate using data replication techniques to provide a viable backup copy of your production database (visit www.ShadowbaseSoftware.com/solutions/business-continuity/ for such a data replication engine implementation), we understand that some customers will continue to require backup copies via the more traditional methods, especially for creating snapshot point-in-time copies of data. We hope that the new methods discussed in this article will help improve state-of-the-art solutions for such backups. www.connect-community.org 19 Summary Periodically, it is necessary to create a backup copy of a database while it is actively being updated. The changes that occur during the backup also must be preserved so that the restore can leave the restored database in a consistent and current state. These changes are preserved in change logs resident on persistent storage. When making the backup, it is not necessary to save changes for data that has not yet been backed up. These changes will be read from the database and applied into the backup copy when the backup is made. Hence, the Better Backup Method creates a backup copy and logs only those changes that need to be applied to restore the database to a consistent state. (In other words, while the backup occurs, only the changes that have occurred for objects that previously were backed up are saved in the logs.) Similarly, it is not necessary to save all changes, or even the sequence of changes made since the data was backed up. Only the last (committed) value of the data needs saved while the backup is made. Hence, the Better Backup Method creates a backup and only one change log – to hold the last change made to any object that was updated while the backup occurred. Alternatively, the changes that occurred while the backup operation occurred are directly overlaid on the backup data. Consequently, no change logs are necessary, and no roll forward operation needs to occur after the backup is restored. Thus, the Better Backup Method minimizes the amount of changes that must be logged and played back to restore a database to a current, consistent, and complete copy. In an additional implementation, changes to the source database made after the backup database was completed are saved to persistent storage in the Continuous Backup Method. With this method, the backup copy is consistent, current, and complete from the point of the backup operation going forward, and it remains that way as subsequent changes are made to the source database. Will tape continue its resurgence to become the backup media of choice? As of this writing, a Linear Tape File System (LTFS) cartridge can currently hold up to 2.5 terabytes of data. (Obviously, compression can improve the raw rates substantially further.) Tape’s future certainly seems bright with the introduction of mega-density tape (about 29.5 gigabits per square inch in 2010 and approaching 145 gigabits per square inch in lab settings in 2018), which provides about three decades of shelf life.4 Since there is a growing need for an economic and effi cient way to back up big data, many companies will continue to return to physical tape to fi ll this need. The Better Backup Method signifi cantly and effi ciently uses backup media and backup/restore processing over current approaches.

4 For more information on the resurgence of physical tape, please see, http://www.availabilitydigest.com/public_articles/1210/mag_tape_comeback.pdf.

Paul J. Holenstein is Executive Vice President of Gravic, Inc. He is responsible for the HPE Shadowbase suite of products. The HPE Shadowbase replication engine is a high-speed, uni-directional and bi-directional, homogeneous and heterogeneous data replication engine that provides advanced business continuity solutions as well as moves data updates between enterprise systems in fractions of a second. It also provides capabilities to integrate disparate operational application information into real-time business intelligence systems. Shadowbase Total Replication Solutions® provides products to leverage this technology with proven implementations. HPE Shadowbase software is built by Gravic, and globally sold and supported by HPE. Please contact your local HPE account team for more information, or visit https://www. ShadowbaseSoftware.com. To contact the authors, please email: [email protected].

Dr. Bruce D. Holenstein leads all aspects of Gravic, Inc. as President and CEO. He started company operations with his brother, Paul, in 1980. His technical fi elds of expertise include algorithms, mathematical modeling, availability architectures, data replication, pattern recognition systems, process control and turnkey software development.

20 May - June 2018 www.connect-community.org 21 Blockchain to Crypto to DLT Your Horizon, Our Journey Khody Khodayari CEO, Idelji

his is part one of a two-part series. In this issue, we cover the journey from Blockchain to Crypto to DLT (Distributed Ledger Technology). We will review why blockchain matters, where we are now, and what future may hold. In the next issue, we will review the current DLT architectures, who the main players are, and most importantly what this all means to you, your customers, and your business.

I am hoping you are reading this online, or otherwise are near a connected device. You will see references to “Search” throughout this article, along with references to a site or keywords. You are encouraged to pause from time to time, do some online checks, and come back here.

May - June 2018T 22 You already know about the rapid rise and recent volatility of and can benefit the mankind. However, and as we review Bitcoin & other like-Cryptos. “Satoshi Nakamoto’s” White Paper later in this article, it may also lead to some major and most is online, and there are many articles online you can search for likely disruptive & unpleasant events. and review (for a quick introduction, Search blockchain after • It’s about Time and Money – Open slide sets of most locating 3Blue1Brown on YouTube), to learn the bits & bytes on Blockchain presentations. There is diagram after diagram blockchain. I’ve also covered technical details at my Blockchain showing the flow of money from one person to another virtual lab presentations before. You should be able to find them (Alice and Bob are usually the main characters), and how online. Write me ([email protected]) if needed. the transaction is weaved through several private (banks, exchanges, credit card companies) and public (SWIFT, ACH) Some basics: agencies before completion. Argument is, and it is a valid • Blockchain is the technology behind Crypto currencies and one, that each party needs to collect a fee adding to the ICOs (Initial Coin Offerings). total transaction cost, and requires time to do whatever it • Blockchain is a chain of digital blocks, each linked to the does, which adds to the total transaction time. This in fact one before. Each block represents a set of completed is a very convenient and lucrative arrangement for all the transactions. Blocks & content within them are immutable. middle parties involved in the transaction (at the expense of Alice & Bob). Interesting to note, is that most of investment • Pure Blockchain implementations require Miners who verify in defining & implementing blockchain (actually DLT) use the validity of a block’s content before its introduction cases are coming from the same middlemen / companies. I to the chain. They use simple & publicly available suppose it is a recognition of the inevitable, and an attempt cryptographic algorithms (Search SHA256) to obtain their to join in and ride the blockchain wave. I agree with them; “proof of work”. the alternative will not be pleasant. Search for “Threat of • Blockchain is based on borderless & public consensus Cryptocurrencies” on cnbc.com (mind the ads). among active nodes (open to anyone), who verify the • It improves Productivity & lowers cost – Yes, absolutely. Miners’ “proof of work”. This allows for the Block’s At the advent of commercial computing, every company acceptance & entry into the chain. All nodes participating which bought an early generation computer developed its in consensus have a full ledger of all transactions (chain) own applications for their own use cases. We called them since the birth of the first block of that chain. in-house applications. Later, software vendors developed • Distributed Ledger Technology (DLT) is a variation of and marketed more generic forms of application software Blockchain, where access to ledger (full or partial) is for different use cases. This was a game changer. A open only to members of its consortium. Depending company could now simply employ a solution at a far lower on the implementation, consensus may come from all cost, compared to in-house development (This reminds me. members, or by those with a need-to-know (e.g. parties to Remember Y2K when we could not find the source code for the transaction), or a trusted party such as a Notary (R3 programs decades in production-use). Of course, there Corda), or a Validator (Ripple). There are no Miners in DLT. were multiple vendors offering similar apps. Each business purchased and deployed the app which closely matched There are more details behind each of the above line items their requirements and price point. This is how Software which you can find online. Various implementations of blockchain Silos were created. Finance, Retail, Manufacturing, and are on GitHub. You can download the code to use, or even create others, all ended up with a hodgepodge of software which your own fork. could not communicate with software at other companies Here instead, let us focus on possible use cases, and why it in the same trade. Enter middlemen. For a fee, they would is hailed at the next internet. You need to know the immense take a transaction, do the protocol translation, insure the effect it may have on businesses and long established worldwide content (nearly all companies signed up for this service, and socioeconomic structures. of course passed on the fee to Alice & Bob), and take it to its destination. Of course, one middleman will not do. More There are different schools of thought on why parties got involved, adding more fees and time. Search blockchain matters: “Credit card transaction flow”. Blockchain can fix this. • It promotes Democracy – Brock Pierce is the Chairman Objectives: Efficiency, direct point-to-point transactions, of bitcoin foundation, an early adopter of Crypto, serial lower costs. entrepreneur, and… (Search his name). At 37, he is worth Blockchain also offers Smart Contracts. These are pieces more than everyone alive in my family tree, combined! Go to of code that are common across the consortium. No more one his presentations (next one is in March 2018 in Puerto translation, no more Software Silos. What makes them Rico – Sorry, sold out), and he will most likely play Charlie smart? A contract can incorporate, enforce, and log (ok, Chaplin’s The Great Dictator Speech (it’s on YouTube), add to the chain), all steps of a complex transaction. My and talk about peace, love, and harmony which are now (and many others’) favorite example: buying a house. It possible, thanks to Blockchain technology. The message represents what happens from the time a buyer makes is that people around the planet can establish global and an offer, to counter offers / acceptance, to appraisal, direct commerce, promoting personal freedom & choice. inspections, removal of contingencies, funding, mutual Simple, since, and this is already forming, a new economy close, titles, and many other steps along the way. A Smart which bypasses regional and national governments, opens Contract on the chain implements all these steps in one direct one-to-one trade & new commerce opportunities. immutable chain of transactions, and can enforce or reject Elon Musk’s upcoming network of 12,000 internet satellites any step based on any number of factors, such as time will pave the global highway in the cloud; call it the (deadlines), authorization (signature of parties involved), blockchain SilkRoad. Brock and a network of his friends are proof of funds, … That transaction in its entirety is there buying up 250,000 acres of land in Puerto Rico (where there for the eternity, where each step is fully recorded. All is no federal income tax) to setup their own CryptoWorld participants in that Consortium (think a group of Brokers, City (Search Crypto Utopia). For the record, Brock is not Banks, Notaries, etc.) will use the same Smart Contract for all the only one; nearly everyone I’ve talked to, is of the same belief that direct global commerce, which bypasses the middlemen and, in most cases, government regulations, is the way to go. In my opinion, in many instances, it is ideal

www.connect-community.org 23 like transactions (one application for all, and a smart one at their balance sheets. After visiting this site, do you feel your trust that). Improved productivity: Easy to follow, implement, and is earned? Do you look at the currency in your pocket & your bank record one transaction set, compared to mountains of papers balance, the same way you did before? which would otherwise need to be passed along different Crypto’s first currency, Bitcoin, came to be in 2009. Less parties. Lower cost due to improved productivity and the than 10 years later, there are about 1,500 crypto Coins with a fact that there are no Software Silos. One use case, one App. $500 Billion USD cap (Search “Coinmarketcap”), traded through BTW, what if you wanted to buy your house using Bitcoin? It’s 8,700+ markets (exchanges), dispersed around the world, and already being done (Search “Real State Bitcoin”). mostly unregulated. You can argue that Crypto came to make the • Better to be a Disruptor than a Disruptee (word not in direct global commerce possible, to create an alternative to Fiat dictionary, yet). How many of you ride your horse to work? currencies, and perhaps to put governments to task. One thing is Modern (really?) automobile was invented in 1886 (Carl Benz, certain; the dust has not yet settled. Daily fluctuations are finding Germany), and in very short order, ponies & their handlers their limits. Consider a bouncing ball that will eventually come to were disrupted. How many of you still carry paper currency in rest and starts rolling in a direction yet unknown. your pocket (please don’t read further if you carry coins)? Fiat This is an excerpt from Bank of England filing (Search “a currency goes back to 11th Century (Yuan dynasty, China). blueprint for a new RTGS service for the United Kingdom”) in Isn’t it about time? We’ll cover later as to why that is still May 2017: This is not me; it’s Bank of England, one of the most so. But currency is just one use-case. Nearly everything we conservative & largest global banking centers. IMF managing do today, can be done cheaper and faster with Blockchain, director, Christine Lagarde, at Davos 2018: “I think we are about to especially if computers and middle men are involved (ok, see massive disruptions”. She further commented that government everything). Search “Blockchain Future Thinkers” and within it, regulation of Cryptocurrencies is inevitable: “It is clearly a Search “Blockchain” on futurethinkers.org. Unfortunately, and domain where we need international regulation and proper this may apply to you: just adopting the blockchain technology supervision.” Exactly how that is possible remains to be seen. IMF may not be enough. In some cases, blockchain allows for a is considering creating its own Crypto / Digital currency. Estonia new way of conducting business that completely bypasses tried to issue one and was stopped by Mario Draghi (European established methods. Horse of a different color won’t do. Central Bank president), in favor of Euro and perhaps a unified European digital currency. Several other countries are taking Where we are today independent moves towards crypto to meet their own policy requirements. Point is this: Crypto in one form or another is here Early stages & noted issues to stay. Its effect can be, and I use Ms. Lagarde’s word: massive. Speed & Scale: To start, Bitcoin network was able to only do 7 Governments need to come together, and devise policies which TPS, and Ethereum 15. Forks of the same protocols offered larger hold the populous whole, and use technology to benefit all. Stage blocks, and significantly improved throughput. Ripple (ripple.com) of Georgia in U.S. is considering receiving bitcoin for tax payment, started with 1,000 TPS and is already exceeding its goals. Stella creating yet another use case. The day may come when Alice uses (stella.io) does over 1 billion transactions per day. In 2017, Red Crypto through Binex (a leading crypto exchange in Asia) to pay Belly blockchain (redbellyblockchain.io) network in a worldwide Bob for her cup of coffee. Should that happen, and it is possible & test-run did 660,000 TPS. Not an issue anymore. likely, we will be living on a different planet. Lost wallets / Stolen coins – Does this not happen to thousands of people in Fiat currency world every day? It becomes news Want to start a company? when it is Crypto. 1.3 million people die in car crashes every year. Commercial air travel casualties in 2017: zero. Yet, every time there is a crash it will make the news nearly everywhere for Bank of England, May 2017: days. Crypto coin owners decide whether to keep their wallets “The world of payments is changing rapidly. on their own devices or trusted it with an Exchange. They can Households, companies and individual intermediaries also do both, where multiple wallets are kept, and coins can be are demanding faster, simpler, cheaper and more transferred and distributed as needed. Crypto wallets are safer flexible ways to pay. In response, new technologies are than currency wallets. being developed, some by existing market participants, Security, anonymity & Fraud: Security It is inherent in the and some by new service providers, to meet these blockchain architecture. Users are anonymous (public key is needs. At the same time, these technologies, and known but no link to user), but not to government agencies when needed (Search “Kathryn Hahn” on YouTube for her Tedx talk). broader developments can create new treats to users Can it become a cover to launder money? KYC and AML checks of the payments system, and to the stability of that are already in place at main Exchanges. I suppose there are system, which require ever stronger protections and exceptions. However, by far, Blockchain offers a superior trace of more resilient infrastructure. Balancing the need transaction activity back to its source. Imagine knowing where to safeguard stability whilst enabling innovation is your currency bill has been for every second of every day, since it was first printed. Blockchain can tell you in an instant. Compare the challenge facing everyone involved in providing that to the serial number on your currency note. What valuable payment services.” information can it give you or anyone else? Case closed. Traditional methods may involve the following steps: Pillars of our societies: 1. Ask grandparents for initial funds. Banking. Currencies. Governments. Banking began around 2000 BC in Assyria & Babylonia (source 2. Form a professional business plan, or if possible start your Wikipedia). Now, some 4,000 years later, there are an estimated business offering a product or service. Show promise. 20,000 financial institutions on our planet. There are 195 3. Look for Angel investors. countries, using 180 currencies. Now Search “WorldDebtClock”. 4. Attract Series A investors. Go there. Stay a while & click away. Take your time. Focus and think. Financial health of a nation is of immense importance. In the world of Fiat currencies, trust is placed in governments and

24 May - June 2018 5. Once or more, look for Series B funding. Smart Cities are an example of IOT and Blockchain benefiting citizens. Middle East (UAE specifically), and Asia (Singapore & China are good 6. Still there (less than 3% reach this step)? Continue your examples) are leading the way. Perhaps a review of their progress and business, hoping to survive, and some day issue an IPO goals could be covered in another article. (Initial Public Offering) on one of the main exchanges. This last step can be quite expensive due to SEC regulations and IOTA is just one blockchain implementation, hoping to “enable liability costs. companies to explore new b2b models by making every technological resource a potential service to be traded on an open market in real Here is a better idea: Develop a PowerPoint presentation of time, with no fees (Search iota.org). The “no fees” comment makes me less than 10 slides; use the word Blockchain in 3 or more places. skeptical. Microsoft is considering this technology. Create a “team” of “trusted” people in the blockchain industry. Give no more than 5 presentations in the investment communities worldwide (There is one every month in Santa Monica, you can HealthCare. Insurance. listen to three 10-minute presentations. It’s on meetup. Join us.). Music & all digital content. Now fork the code off git and create an ICO (Initial Coin Offering). Supply management. Go to market. Offer discount to early birds and set (extend if necessary) your public offering date. Receive Ethereum for your Quality & source control. & … Coins & convert to Fiat of currency of your choice. You are in These are but a few other blockchain use cases. It is applicable business, along with the other 1,500 who came to existence in the anywhere data matters, meaning everywhere. For more info past 3 years. Did we mention? Your offerings are not regulated by on anything do a Search on “blockchain” + its name (e.g. SEC in the U.S. or any other major government entity elsewhere. Blockchain Healthcare) Blockchain is rapidly bringing changes Your ICO is most likely registered in an Island some place remote, to our societies. We all understand its potential for saving time more open to the “new pace of innovation”. and money at our businesses. It can help us offer more to our customers at lower cost, and in many cases open new lines of While this has opened doors to many legitimate entrepreneurs, business. it has also facilitated for shadowy figures to walk away with investments from unsuspecting investors worldwide. Search One thing that we must not overlook is its potential disruptive TokenMarket.net for eye opening information and stats. force, especially in the world of finance (Search “Goldman Sachs Remember, most businesses here are trying to disrupt an crypto”). Again from FutureThinkers.org: “Cryptocurrency is a established business model. Is your business in their sight? revolutionary force for a reason that people often miss: it enables people to print and distribute money without a central authority.”. Here, we made several references to how this is already happening, Internet of Things & IOTA. and the profound changes it can bring. Smart Cities. We will continue this topic in the next issue, where we focus on No need to explain IOT here; my guess is you’ve sat through DLT and its use cases for Enterprise. You will learn about popular multiple presentations and have read many articles on the topic. architectures & protocols, where they are most useful. Objective It’s blockchain that brings a new dimension here. There are over is to help you become familiar with the current technology 17 billion active sensors around the planet (world population landscape and assist you in setting your forward path. today: 7.6 billion) collecting, recording, and emitting data about their surroundings. Blockchain can bring authentication, connectivity, and scaled security to these silos of data, at low cost. Use SpaceX’s Internet satellites to securely transmit data from anywhere to Super Computers (cloud or otherwise) which can compile the massive data, and use A.I. for immediate action (e.g. emergencies, asking Amazon to deliver milk on Tuesday), or future planning. This data on blockchain offers a full record of nearly everything everywhere which gives info on trends, exceptions, and interconnectivity of events. This is exactly what could be most useful or harmful to us, depending on who uses the data and for what purpose. I am optimistic.

First exposed to NonStop right out of college, at his first job at CitiBank, and later founding Idelji, Khody has been a fixture in the NonStop world for many years. He is passionate about innovation & analytics. His latest work has been in Machine learning / A.I., Cloud analytics, and Blockchain / DLT.

SQL/MX Dialect for Hibernate Version 5.0.12 is generally available on HPE NonStop X, Virtualized NonStop and NonStop i Systems HPE NonStop Enterprise Division is pleased to announce the General Availability of Hibernate dialect for version 5.0.12 on HPE Integrity NonStop X, Virtualized NonStop and NonStop i systems. Hibernate is an Object-Relational Mapping (ORM) framework that simplifies the development of JDBC application code dealing with database interactions.

www.connect-community.org 25 Identify and Protect Your Sensitive Data with Seamless Interception

Jack Di Giacomo, TANDsoft Inc. Beaconsfi eld, Quebec, Canada

our name is John Doe. Your nine-digit U.S. Social Security Number (SSN) is 123-45-6789. You earn an annual salary of USD $93,000, and your employer maintains all your personal information as unprotected data in the Y company database. Do you think that John Doe’s unsecured data is an isolated incident? Think again. Although we all may agree how critical it is to protect sensitive data, there exist many companies that continue to keep such data in the clear. Firewalls may offer some protection, and many companies believe that their firewalls are good enough. Reality check – often, they’re not. Should hackers succeed in gaining unauthorized access into John Doe’s company network, his data will be just as vulnerable as if it were plastered in flashing neon lights all over a highway billboard.

EMP ID NAME SSN HIRED DAY END DAY SALARY

2 John D 123-45-6789 08-01-2017 ? $93,000

*Green = data in the clear Nowadays, the exposure of sensitive personal information via data breaches takes places on an all-too-regular basis. Among them: Equifax (2017) – 143 million users of one of the United States’ three major credit reporting agencies had their private data exposed. Yahoo (2013/2014) – all three billion Yahoo users worldwide had their names, email addresses, and passwords accessed by hackers. Uber (2016) – 57 million riders and drivers of this global ridesharing company had their personal data compromised. My Fitness Pal (2018) – Sportswear brand Under Armour announced that 150 million users of its popular nutrition app had their user names and passwords breached. Once a firewall is breached, what makes the difference between stolen data being rendered useless to hackers or being offered for sale on the Dark Web is whether that data was further hack-proofed via tokenization and/or encryption, two methods by which to secure personal data. Tokenization is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no exploitable meaning or value. Encryption translates personal data into another form, or code, so that only people with access to a secret key (decryption key) or password can read it.

EMP ID NAME SSN HIRED DAY END DAY SALARY

2 John D 631-32-6789 08-01-2017 ? $39,999

*Secured Data with Format Preservation (last four SSN digits remain in the clear for verification purposes) In the case of both tokenization and encryption, what allows unencrypted (plaintext) operations performed by authorized users to be converted into encrypted (ciphertext) data for interpretation by a protected data file, then reconverted into plaintext data for return to the same authorized users is the concept of interception technology.

Let’s Defi ne Interception Technology Interception technology covers a range of techniques that can be used to alter or augment the behaviors of applications, operating systems, or other software components by intercepting function calls or system calls. The result is the creation of new application functionality without the need to make costly, time-consuming modifications or complete recompiles.

26 May - June 2018 The code that handles intercepted function calls, system calls, events, or messages is commonly called a hook. In the HPE NonStop world, a hook is known as an intercept Identify and Protect library. It sits between an operating system and a program, a user library, or a dynamic program link library (DLL). As a process carries out a function (read/insert/update/delete), the attached intercept library captures the system call, modifies the call to handle whatever Your Sensitive Data with System new functionality is intended, and sends the modified call to the operating system, Call Seamless Interception represented here by the NonStop Kernel. When the intercept library receives a response from the operating system, it returns the modified response to the process. The entire operation is so seamless that at no intercept Jack Di Giacomo, TANDsoft Inc. time is the process aware that any modifications were made to its original system call. library Beaconsfi eld, Quebec, Canada No Source Code Required System The best thing about interception technology is that no source code is required, of Call particular importance when the source code is unavailable. Interception technology does not alter application logic and is language-ambivalent because it works directly with NonStop ernel object files.

Seamless Interception in the NonStop Environment HPE NonStop customers use seamless interception in a variety of ways to extend the functionality of their applications. For instance: our name is John Doe. Your nine-digit U.S. Social Security Number (SSN) is 123-45-6789. You earn an annual Application Modernization – provides salary of USD $93,000, and your employer maintains all your personal information as unprotected data in the Security automatic TMF protection of non- company database. Do you think that John Doe’s unsecured data is an isolated incident? Think again. Although Application program, and audited Enscribe files. Enables the Y Moderniation user library, we all may agree how critical it is to protect sensitive data, there exist many companies that continue to keep such Compliance conversion of Enscribe files to SQL data in the clear. Firewalls may offer some protection, and many companies believe that their firewalls are good or D tables. enough. Reality check – often, they’re not. Should hackers succeed in gaining unauthorized access into John Doe’s System company network, his data will be just as vulnerable as if it were plastered in flashing neon lights all over a highway Business Continuity – replicates Call billboard. Enscribe, SQL/MP, and SQL/MX DDL changes to a backup site. Replicates Development, Enscribe unaudited files or Enscribe file EMP ID NAME SSN HIRED DAY END DAY SALARY ntercept Business Testing, modifications to a backup site. and Trace library Continuity 2 John D 123-45-6789 08-01-2017 ? $93,000 Development, Testing, and Trace – lists program procedure calls to the NonStop System Kernel. Identifies deadlocks and Call *Green = data in the clear program sequencing errors. Monitors process stack usage to avoid abends Nowadays, the exposure of sensitive personal information via data breaches takes places on an all-too-regular irtualiation System NonStop caused by stack overflow. Adds Enscribe basis. Among them: Equifax (2017) – 143 million users of one of the United States’ three major credit reporting and System Management ernel file-format modifications without the agencies had their private data exposed. Yahoo (2013/2014) – all three billion Yahoo users worldwide had their names, Consolidation need to reprogram. email addresses, and passwords accessed by hackers. Uber (2016) – 57 million riders and drivers of this global ridesharing company had their personal data compromised. My Fitness Pal (2018) – Sportswear brand Under Armour System Management – files accidentally announced that 150 million users of its popular nutrition app had their user names and passwords breached. purged or deleted can be recovered from a recycle bin. Scripts can be executed upon process termination. Workloads can be balanced between CPUs and disks. Low-pin resources can be optimized across all CPUs. Once a firewall is breached, what makes the difference between stolen data being rendered useless to hackers or being offered for sale on the Dark Web is whether that data was further hack-proofed via tokenization and/or Virtualization and System Consolidation – allows Guardian and OSS applications to operate within any virtual time zone. encryption, two methods by which to secure personal data. Tokenization is the process of substituting a sensitive data Allows Guardian and OSS applications to operate with any virtual system clock or current time value. element with a non-sensitive equivalent, referred to as a token, that has no exploitable meaning or value. Encryption translates personal data into another form, or code, so that only people with access to a secret key (decryption key) or Use Seamless Interception for NonStop Security and Compliance password can read it. Within the NonStop world, an intercept library seamlessly intercepts EMP ID NAME SSN HIRED DAY END DAY SALARY Security and NonStop database access calls from Compliance Guardian and OSS applications, then 2 John D 631-32-6789 08-01-2017 ? $39,999 works with a variety of HPE, third-party, or in-house security solutions to protect sensitive data (Enscribe, SQL/MP, SQL/MX) by encrypting / *Secured Data with Format Preservation (last four SSN digits remain in the clear for verification purposes) tokenizing data written to disk and decrypting / detokenizing In the case of both tokenization and encryption, what allows unencrypted (plaintext) operations performed by data read from disk. For instance, TANDsoft’s Sensitive Data authorized users to be converted into encrypted (ciphertext) data for interpretation by a protected data file, then Intercept (SDI) is an intercept library that is embedded into reconverted into plaintext data for return to the same authorized users is the concept of interception technology. the solutions of HPE security partners comForte and XYPRO. Interception technology also helps companies comply with government and industry regulations as well as Let’s Defi ne Interception Technology enforce security policies by identifying all sensitive Interception technology covers a range of techniques that can be used to alter or augment the behaviors of database access and statements, then logging the data for applications, operating systems, or other software components by intercepting function calls or system calls. The authorization and authentication. result is the creation of new application functionality without the need to make costly, time-consuming modifications or complete recompiles.

www.connect-community.org 27 Intercept Libraries Satisfy Multiple Security Preferences Summary As mentioned earlier, an intercept library can serve numerous purposes. Since it functions directly with object Your name is John Doe. Your nine-digit U.S. Social Security Number (SSN) is 123-45-6789. You earn an annual files, application modifications can be made without the presence of source code. If you purchased software from a salary of USD $93,000, and your employer maintains all your personal information as protected data in the company third-party provider, you don’t need the source code. If you use HPE code, you don’t need the source code. Even if you database. wrote the application in-house and have the source code, you don’t need the source code. EMP ID NAME SSN HIRED DAY END DAY SALARY

Scenario 3 – Presence of intercept library, Presence of NonStop encryption / tokenization engine In Scenario 3, an intercept library is embedded within the encryption / tokenization engine. The intercept library associates itself with whatever Guardian/OSS applications will be making operating-system calls. By doing so, the applications seamlessly invoke the intercept library instead of the operating system. Working together, the intercept library and the security provider’s engine recognize and implement tokenization and encryption algorithms. For example: a) the intercept library receives an insert/update database function call with data in the clear from an application, encrypts / tokenizes the data, and sends the now encrypted or tokenized data to the pertinent database; b) the intercept library receives a read/select database function call made from an application, receives encrypted / tokenized data from the pertinent database, decrypts / detokenizes the data, and returns it to the application in the clear. The application is able to make database calls with clear data and receive responses with clear data. As such, no source code modifications are required in order for the application to access protected database files.

28 May - June 2018 Intercept Libraries Satisfy Multiple Security Preferences Summary As mentioned earlier, an intercept library can serve numerous purposes. Since it functions directly with object Your name is John Doe. Your nine-digit U.S. Social Security Number (SSN) is 123-45-6789. You earn an annual files, application modifications can be made without the presence of source code. If you purchased software from a salary of USD $93,000, and your employer maintains all your personal information as protected data in the company third-party provider, you don’t need the source code. If you use HPE code, you don’t need the source code. Even if you database. wrote the application in-house and have the source code, you don’t need the source code. EMP ID NAME SSN HIRED DAY END DAY SALARY

Identify Sensitive Data 2 John D 631-32-6789 08-01-2017 ? $39,999 The process of auditing/logging company data is often manual, labor-intensive, and particularly challenging when companies must work with auditors for the purpose of regulatory compliance. An intercept library can be configured to capture all of a customer’s database calls and then to log that access. Customers can see who or what is accessing *Secured Data with Format Preservation (last four SSN digits remain in the clear for verification purposes) sensitive data, the times of access, and what specific data is being accessed. In these cases, no sensitive data is being Your company is a NonStop customer that takes advantage of one of several security solutions providing powerful encrypted or decrypted. Only database interception is taking place. The auditing/logging process also is valuable for encryption / tokenization capabilities. Embedded within those solutions is an intercept library. It allows authorized the purposes of fraud detection and security whitelisting from both internal and external sources. Guardian / OSS programs to make database calls that access your encrypted data without requiring the programs themselves to have expensive modifications made to them. Intercept libraries do not require source code, of particular Mask Sensitive Data importance when the source code is unavailable. Masking data is a 24x7, year-round effort to protect sensitive data. It is used for internal purposes, preserves the original format (SSN = 123-45-6789), yet is altered in such a way as to make unauthorized detection and reverse TANDsoft Inc. engineering impossible (SSN = XXX-XX-6789). Because the formatting is preserved, the masked data still can be used Since 1993, TANDsoft has been a global provider of innovative HPE NonStop software solutions for use in time for application development, testing, training, and other functions. virtualization, security, data replication, and application modernization. We specialize in interception technology, which allows our NonStop customers to enhance their legacy application functionalities without the need for program Protect Sensitive Data – Three Scenarios modifications. TANDsoft’s innovative products are easy to install, easy to use, and are backed by exceptional support. They include Sensitive Data Intercept (SDI), an intercept library that works with HPE, third-party, or in-house security Scenario 1 – No intercept library, No NonStop security solution solutions to protect sensitive data-at-rest (Enscribe, SQL/MP, and SQL/MX) by encrypting/decrypting data written Regardless of whether a firewall is present or absent, application database calls are made with clear data; and to and from disk. SDI is embedded into the solutions of comForte and XYPRO, two major HPE NonStop security responses are received with clear data. No encryption or tokenization takes place. If the firewall is breached, often partners. Its masking/auditing/logging solution is sold separately. Yet another product is FileSync for automatic file because of network configuration errors, system security is compromised and can result in data being vulnerable to synchronization, replication, and data deduplication. Within the NonStop community, TANDsoft is the sole source of theft and misuse by unauthorized parties. time-zone virtualization and clock simulation tools (OPTA2000) for use in consolidated IT environments. For more information about these and other TANDsoft solutions, visit www.tandsoft.com, or call us at +1 (514) 695-2234. Scenario 2 – No intercept library, Presence of NonStop encryption / tokenization engine Jack Di Giacomo has over 30 years of experience in the design, development and support of NonStop software. As a developer in the plat- Available to HPE NonStop customers are several Guardian/ SS Applications form’s formative years, Jack recognized the need for additional tools that at the time were unavailable. In 1993, he created TANDsoft, a outstanding security solutions. Once an encryption or company focused on delivering quality NonStop solutions for time virtualization, application modernization, business continuity, and security. tokenization engine is selected, the result allows customers to Many of the TANDsoft solutions rely on a seamless interception technology, designed and implemented by Jack. Today, he continues to oversee protect their sensitive company, individual, and customer data database the company’s innovation, marketing, and support of an expanding line of products for the NonStop community. from unauthorized access, regardless of whether a network calls Contact him at [email protected]. incursion takes place. non-intercepted ntercept ibrary As it is with Scenario 1, a Guardian or OSS process will database make an operating-system call to the database. This time, calls encryption/ however, the database has been encrypted / tokenized by a NonStop security solution. tokeniation/ Vale Thomas Burg – A Giant of the NonStop World masking Encryption/tokenization is wonderful, but here’s the challenge. Guardian/OSS applications always make database database calls with clear data and expect to receive responses with calls After a long and merciless illness, Thomas Burg passed away this past April. He had been fighting clear data. If a security solution is present but does not for over two years with admirable strength, never giving up hope. include an embedded intercept library, application source code must be available; and the applications must be modified to data protected After having finished the university with a diploma in physics, Thomas joined the NonStop World encrypt / tokenize the data before sending to the database in and decrypt / detokenize the data received from the database. data (still TANDEM at that time) in the early 90s. With his remarkable intelligence and his never-ending Such modifications can be time-consuming, expensive, and clear appetite for new challenges - far beyond IT, into areas like photography, music and woodworking - he workload-intensive. soon was deep into the internals of Guardian. His openness and flexibility, his ability to think outside the box also took him into application areas like banking, retail, and telco. Scenario 3 – Presence of intercept library, Presence of NonStop encryption / tokenization engine In Scenario 3, an intercept library is embedded within the encryption / tokenization engine. The intercept library After having worked several years for MR and ACI, he joined comforte in early 2000 where he started working in the security arena. associates itself with whatever Guardian/OSS applications will be making operating-system calls. By doing so, the Although known for his speed and passion to dig into and adapt to new technologies, it was amazing to watch how fast he became applications seamlessly invoke the intercept library instead of the operating system. Working together, the intercept one of the experts in this complex subject. While he worked on architectural design and development of security products, he library and the security provider’s engine recognize and implement tokenization and encryption algorithms. For readily shared his expertise with the NonStop community. He authored several publications and he became a member of the example: a) the intercept library receives an insert/update database function call with data in the clear from an CONNECT editorial team. He delivered presentations at TUGs and ITUGs. He ignited open and fruitful discussions throughout HPE, application, encrypts / tokenizes the data, and sends the now encrypted or tokenized data to the pertinent database; b) the intercept library receives a read/select database function call made from an application, receives encrypted / customers and vendors. tokenized data from the pertinent database, decrypts / detokenizes the data, and returns it to the application in the clear. The application is able to make database calls with clear data and receive responses with clear data. As such, no Thomas was well known for his skills and visions, his openness and objectivity, his fairness and social responsibility. He truly was a source code modifications are required in order for the application to access protected database files. giant of the NonStop world.

Thanks Thomas, we are grateful that you were with us. We will miss you.

On behalf of Connect Worldwide we thank Thomas for his years of involvement with the NonStop community and invaluable service as a member of our Editorial Review Committee. www.connect-community.org 29 happening behind the curtain, given how little that will ever be questions that everyone should be asking of “how good will popular television sitcom of the late 1980s aired an episode, externalized to the virtualized NonStop workload. And CLIMs? They NonStop be on a platform that is NOT NonStop?” As time has The Little Man in the Freezer. You know, the little man too will be virtualized and appear to the hypervisor as just another moved on, HPE has done a better job of explaining the concept A who turns on and off the light. One of the sitcom’s cast virtualized workload, albeit a specialty workload. of a vNonStop deployment and this in turn toned down our initial members expressed her fear of the little man, telling her fellow excitement. Right now, we must see how the published pricing The topic left uncovered is support, along with consulting cast members that she was, “Not in the mood for jokes, especially model will be received by the market because that will be what services – how best to optimize virtualized NonStop workloads for about the little man; you know he scares me!” There are many decides whether it will be successful or not. In the meantime, we the hypervisor in use. In his excellent article published in the last occurrences that take place daily that are mysterious, after a did take the time and effort to thoroughly test DataExpress on issue of The Connection, HPE NonStop Takes Strides in its Journey fashion, and where the story that there is a little man at work, out vNonStop and are happy to have the HPE certification behind us.” of sight, seems a perfectly reasonable explanation. through the Cloud, Senior Product Manager, Prashanth Kamath U, notes how already, RedHat together with NonStop, “off ers you the When it comes to solutions providers, especially those in the When it comes to the rapidly changing landscape of NonStop, cloud design and implementation service” in support of OpenStack all-important payments solutions marketplace, virtualized NonStop coming to terms with how it all works isn’t without a sense of and Kernel-based Virtual Machine (KVM). Vendors experienced in is a very big step for HPE to take. When OmniPayments, LLC, CEO mystery. Fault tolerance? Figuring out a way around points OpenStack and KVM, like RedHat, will be able to provide input as Yash wrote about his own expectations of virtualized NonStop in of failure in an optimal fashion with no noticeable downtime? to how best to leverage KVM, but perhaps that experience doesn’t the December, 2017, issue of NonStop Insider, he began by noting Amazing! Pull out a gun, shoot a disk drive and no, the application carry over to VMware with its vSphere hypervisor. Expectations too how at OmniPayments, “We have been among the first vendors, magically doesn’t stop; NonStop keeps on processing your are that initial deployments will be from out of private clouds but once again, to be testing with vNS and unlike other vendors we transactions. Shake the building with a massive earthquake and what programs are in place should the jump to public clouds follow? believe we will be able to configure OmniPayments on vNS to the whole system falls on its side? Again, no worries; NonStop be every bit as available and scalable as NonStop is today on It is HPEs plan to develop an ecosystem of ISVs and SIs to the kept at it without interruption. Even as these stories and many traditional systems.” With experience already gained in support party but even the most experienced vendor will not have all the more like them are now a part of the NonStop folklore, it’s hard of heterogeneous configurations, Yash then added that the arrival answers on day one. It is more than likely that as the ecosystem not to step back for a moment or two and just wonder how it of virtualized NonStop essentially takes off the table, “any further develops we will see partnerships arise as managed services all happened. Today, it’s not the violence of a gunshot or the discussion about the choice of the NonStop platform will go even companies familiar with NonStop reach out to other ISVs and SIs disturbances from an earthquake that are shaking the foundations further as we embrace vNS and we see that this will not only open who have the experience with VM. In this way, shared experiences of NonStop, but rather the arrival of invisible metalwork. That’s new markets for OmniPayments but it wouldn’t surprise us to see would be easily leveraged and the NonStop community wins out from right; NonStop has been freed from any dependency on the additional solutions vendors enter the marketplace with NonStop.” underlying hardware – the world of NonStop has been virtualized! getting more concrete advice. However, this is still very much a work- in-progress reﬂ ecting just how early in the game NonStop happens Finally, it was left to Tributary Systems, Inc. (TSI) CEO Shawn Invisible metalwork may be a stretch but it tells part of the to be when it comes to running virtual, but again, the magic and the Sabanayagam, when in the October, 2017, issue he said that, story. The NonStop development team have done a tremendous job little man will certainly go some ways to give us all a running start. “TSI is certainly ready for vNonStop and has been for a while. As of limiting change to just the L-Series operating system. Part of mentioned earlier, we have data management solutions in our The question though that many within the NonStop community the stated objective first made public all the way back at the end portfolio today for cloud native applications that can reduce the have raised has very little to do with the mechanics of the of 2015 when news first broke at the annual NonStop Technical data footprint in the cloud and automatically tier data within cloud implementation or issues to do with configuration and whether Boot Camp was that there would be nothing special required of tiers (such as EBS, S3, Glacier in AWS). The possibility to open there is “a little man turning on the light”, but rather, how will the the virtual machines software. The hypervisors that are most new markets and bring new customers to NonStop exists with NonStop vendor community respond to the arrival of virtualized popular among users today would be left untouched and changes vNonStop. However, we believe the real potential to transform NonStop? Over the past six months each issue of the new digital to NonStop kept to a bare minimum so transitioning between the use case for NonStop going forward may be with a role in publication NonStop Insider has put this question to executives physical systems and virtual machines could be executed with blockchain technology.” no visible differences to the application programmer. Resources representing managed services, solutions, middleware and yes, appear to be real and at all times there is no outward indication even hardware. Blockchain – up until this reference by Shawn to blockchain, it was more or less opportunities for NonStop users to capitalize on that anything has changed. The Little Man in the Freezer – oops, in In the July, 2017, issue TCM CEO Tony Craig said that, “TCM virtualized NonStop for existing NonStop applications rather than the Hypervisor – is doing his job. Well, sort of! is very excited about Virtualized NonStop and see a great many new solutions influencing NonStop vendors. However, there are opportunities for NonStop users to apply this technology to great Richard Buckle When it comes to virtual machines and their hypervisors, many within the NonStop community looking for a lot more than advantage. In general, we are just happy to see investment in the CEO, Pyalla Technologies an application developed for NonStop will now simply run same-o, same-o, including a return to growth for NonStop and platform and that the right people are being given the opportunity as a virtualized NonStop workload. In all likelihood, it the realization that NonStop is an ideal platform for some of the to take NonStop further.” Tony also noted that when it comes to will not be the only virtualized workload supported new technologies and applications now coming to the attention of TCM and its expectations, “We are certainly looking at this for a by the hypervisor and these other virtualized CIOs everywhere. It has been very hard to miss all the excitement number of our customers where we believe it would be a perfect workloads could be practically anything at all! surrounding blockchain and to see the first efforts from HPE fit. Some of these are smaller NonStop users who are looking to Linux and Windows are the most likely systems focusing on a deep port to NonStop – virtualized NonStop, that is! running alongside NonStop but there is also upgrade but have budget challenges. These customers are looking the opportunity to run multiple virtualized to TCM to provide a complete solution where TCM will manage and And this could very well be the start of moves by solutions NonStop systems and that business will host their application through the provision of “Infrastructure as vendors to rethink their options when it comes to running all- provision each virtualized NonStop system a Service” (IaaS) based on a virtualized NonStop solution or part important blockchain distributed ledger technology-based to meet current business demands such thereof, be it for Test, Development or Production environments. applications. Perhaps this is the biggest story yet to surface with the advent of virtualized NonStop – the prospect of attracting that at any given point in time, the number According to NuWave’s Andrew Price and the update he new solutions and new users to NonStop. With the combination of virtualized NonStop systems that present provided in the February, 2018, issue of the magazine, “The work of magic, drawn curtains and yes, that little man inside the themselves could be as varied as the hours on that the NonStop development team has done to ensure any hypervisor resolving all our configuration issues, there will always a wall clock. One very distinct possibility is that NonStop user running on the L-Series operating system would see be aspects of the implementation of virtualized NonStop that will with the support of virtualized NonStop workloads, applications protected, no matter what machine they chose, was be beyond any real need to know anything more, but then again, if HPE may never again sell standalone development or quite remarkable and clearly reflected customer input concerning it does take a little magic rubbing off on NonStop for it to becomes test systems as it would be so much easier (and a lot changes to code. But the really outstanding issue here is that HPE attractive to a new community of users then there is nothing less expensive) to give each developer and every test funded NonStop to go down this path and that is indeed equally as whatsoever to be scared about with HPE’s addition of virtualized group their own virtual system. remarkable and certainly lays to rest any concerns customers and NonStop into its growing product portfolio. While there isn’t anything that can be labelled as being vendors may have about the future of NonStop.” part of what orchestrates the resources needed by individual DataExpress CEO, Billy Whittington, shared similar thoughts virtualized NonStop workloads, what you get in the real to that of Andrew Price in the September, 2017, issue when he world doesn’t change in the world of virtualization. You want 6 said, “Truthfully when vNonStop was announced we were ecstatic Richard Buckle is the founder and CEO of Pyalla Technologies, LLC. He has processors then you will get 6 processors at your disposal. You are because we felt that this would allow the technology to push enjoyed a long association with the IT industry as a user, vendor, and more licensed for 4 cores then yes, you will get 4 cores. Nothing changes a wide path into the market, obviously a great thing for every recently,as an industry commentator. Richard has over 25 years of research in this regard, again, that little man in the hypervisor sees to it vendor supporting it. However, after the initial wonderment of experience with HP’s NonStop platform, including eight years working at Tandem all. Probably it’s best to think of it as something rather magical the announcement had burned out, we asked the same obvious Computers,followed by just as many years at InSession Inc. and ACI Worldwide.

30 May - June 2018 happening behind the curtain, given how little that will ever be questions that everyone should be asking of “how good will popular television sitcom of the late 1980s aired an episode, externalized to the virtualized NonStop workload. And CLIMs? They NonStop be on a platform that is NOT NonStop?” As time has The Little Man in the Freezer. You know, the little man too will be virtualized and appear to the hypervisor as just another moved on, HPE has done a better job of explaining the concept A who turns on and off the light. One of the sitcom’s cast virtualized workload, albeit a specialty workload. of a vNonStop deployment and this in turn toned down our initial members expressed her fear of the little man, telling her fellow excitement. Right now, we must see how the published pricing The topic left uncovered is support, along with consulting cast members that she was, “Not in the mood for jokes, especially model will be received by the market because that will be what services – how best to optimize virtualized NonStop workloads for about the little man; you know he scares me!” There are many decides whether it will be successful or not. In the meantime, we the hypervisor in use. In his excellent article published in the last occurrences that take place daily that are mysterious, after a did take the time and effort to thoroughly test DataExpress on issue of The Connection, HPE NonStop Takes Strides in its Journey fashion, and where the story that there is a little man at work, out vNonStop and are happy to have the HPE certification behind us.” of sight, seems a perfectly reasonable explanation. through the Cloud, Senior Product Manager, Prashanth Kamath U, notes how already, RedHat together with NonStop, “off ers you the When it comes to solutions providers, especially those in the When it comes to the rapidly changing landscape of NonStop, cloud design and implementation service” in support of OpenStack all-important payments solutions marketplace, virtualized NonStop coming to terms with how it all works isn’t without a sense of and Kernel-based Virtual Machine (KVM). Vendors experienced in is a very big step for HPE to take. When OmniPayments, LLC, CEO mystery. Fault tolerance? Figuring out a way around points OpenStack and KVM, like RedHat, will be able to provide input as Yash wrote about his own expectations of virtualized NonStop in of failure in an optimal fashion with no noticeable downtime? to how best to leverage KVM, but perhaps that experience doesn’t the December, 2017, issue of NonStop Insider, he began by noting Amazing! Pull out a gun, shoot a disk drive and no, the application carry over to VMware with its vSphere hypervisor. Expectations too how at OmniPayments, “We have been among the first vendors, magically doesn’t stop; NonStop keeps on processing your are that initial deployments will be from out of private clouds but once again, to be testing with vNS and unlike other vendors we transactions. Shake the building with a massive earthquake and what programs are in place should the jump to public clouds follow? believe we will be able to configure OmniPayments on vNS to the whole system falls on its side? Again, no worries; NonStop be every bit as available and scalable as NonStop is today on It is HPEs plan to develop an ecosystem of ISVs and SIs to the kept at it without interruption. Even as these stories and many traditional systems.” With experience already gained in support party but even the most experienced vendor will not have all the more like them are now a part of the NonStop folklore, it’s hard of heterogeneous configurations, Yash then added that the arrival answers on day one. It is more than likely that as the ecosystem not to step back for a moment or two and just wonder how it of virtualized NonStop essentially takes off the table, “any further develops we will see partnerships arise as managed services all happened. Today, it’s not the violence of a gunshot or the discussion about the choice of the NonStop platform will go even companies familiar with NonStop reach out to other ISVs and SIs disturbances from an earthquake that are shaking the foundations further as we embrace vNS and we see that this will not only open who have the experience with VM. In this way, shared experiences of NonStop, but rather the arrival of invisible metalwork. That’s new markets for OmniPayments but it wouldn’t surprise us to see would be easily leveraged and the NonStop community wins out from right; NonStop has been freed from any dependency on the additional solutions vendors enter the marketplace with NonStop.” underlying hardware – the world of NonStop has been virtualized! getting more concrete advice. However, this is still very much a work- in-progress reﬂ ecting just how early in the game NonStop happens Finally, it was left to Tributary Systems, Inc. (TSI) CEO Shawn Invisible metalwork may be a stretch but it tells part of the to be when it comes to running virtual, but again, the magic and the Sabanayagam, when in the October, 2017, issue he said that, story. The NonStop development team have done a tremendous job little man will certainly go some ways to give us all a running start. “TSI is certainly ready for vNonStop and has been for a while. As of limiting change to just the L-Series operating system. Part of mentioned earlier, we have data management solutions in our The question though that many within the NonStop community the stated objective first made public all the way back at the end portfolio today for cloud native applications that can reduce the have raised has very little to do with the mechanics of the of 2015 when news first broke at the annual NonStop Technical data footprint in the cloud and automatically tier data within cloud implementation or issues to do with configuration and whether Boot Camp was that there would be nothing special required of tiers (such as EBS, S3, Glacier in AWS). The possibility to open there is “a little man turning on the light”, but rather, how will the the virtual machines software. The hypervisors that are most new markets and bring new customers to NonStop exists with NonStop vendor community respond to the arrival of virtualized popular among users today would be left untouched and changes vNonStop. However, we believe the real potential to transform NonStop? Over the past six months each issue of the new digital to NonStop kept to a bare minimum so transitioning between the use case for NonStop going forward may be with a role in publication NonStop Insider has put this question to executives physical systems and virtual machines could be executed with blockchain technology.” no visible differences to the application programmer. Resources representing managed services, solutions, middleware and yes, appear to be real and at all times there is no outward indication even hardware. Blockchain – up until this reference by Shawn to blockchain, it was more or less opportunities for NonStop users to capitalize on that anything has changed. The Little Man in the Freezer – oops, in In the July, 2017, issue TCM CEO Tony Craig said that, “TCM virtualized NonStop for existing NonStop applications rather than the Hypervisor – is doing his job. Well, sort of! is very excited about Virtualized NonStop and see a great many new solutions influencing NonStop vendors. However, there are opportunities for NonStop users to apply this technology to great Richard Buckle When it comes to virtual machines and their hypervisors, many within the NonStop community looking for a lot more than advantage. In general, we are just happy to see investment in the CEO, Pyalla Technologies an application developed for NonStop will now simply run same-o, same-o, including a return to growth for NonStop and platform and that the right people are being given the opportunity as a virtualized NonStop workload. In all likelihood, it the realization that NonStop is an ideal platform for some of the to take NonStop further.” Tony also noted that when it comes to will not be the only virtualized workload supported new technologies and applications now coming to the attention of TCM and its expectations, “We are certainly looking at this for a by the hypervisor and these other virtualized CIOs everywhere. It has been very hard to miss all the excitement number of our customers where we believe it would be a perfect workloads could be practically anything at all! surrounding blockchain and to see the first efforts from HPE fit. Some of these are smaller NonStop users who are looking to Linux and Windows are the most likely systems focusing on a deep port to NonStop – virtualized NonStop, that is! running alongside NonStop but there is also upgrade but have budget challenges. These customers are looking the opportunity to run multiple virtualized to TCM to provide a complete solution where TCM will manage and And this could very well be the start of moves by solutions NonStop systems and that business will host their application through the provision of “Infrastructure as vendors to rethink their options when it comes to running all- provision each virtualized NonStop system a Service” (IaaS) based on a virtualized NonStop solution or part important blockchain distributed ledger technology-based to meet current business demands such thereof, be it for Test, Development or Production environments. applications. Perhaps this is the biggest story yet to surface with the advent of virtualized NonStop – the prospect of attracting that at any given point in time, the number According to NuWave’s Andrew Price and the update he new solutions and new users to NonStop. With the combination of virtualized NonStop systems that present provided in the February, 2018, issue of the magazine, “The work of magic, drawn curtains and yes, that little man inside the themselves could be as varied as the hours on that the NonStop development team has done to ensure any hypervisor resolving all our configuration issues, there will always a wall clock. One very distinct possibility is that NonStop user running on the L-Series operating system would see be aspects of the implementation of virtualized NonStop that will with the support of virtualized NonStop workloads, applications protected, no matter what machine they chose, was be beyond any real need to know anything more, but then again, if HPE may never again sell standalone development or quite remarkable and clearly reflected customer input concerning it does take a little magic rubbing off on NonStop for it to becomes test systems as it would be so much easier (and a lot changes to code. But the really outstanding issue here is that HPE attractive to a new community of users then there is nothing less expensive) to give each developer and every test funded NonStop to go down this path and that is indeed equally as whatsoever to be scared about with HPE’s addition of virtualized group their own virtual system. remarkable and certainly lays to rest any concerns customers and NonStop into its growing product portfolio. While there isn’t anything that can be labelled as being vendors may have about the future of NonStop.” part of what orchestrates the resources needed by individual DataExpress CEO, Billy Whittington, shared similar thoughts virtualized NonStop workloads, what you get in the real to that of Andrew Price in the September, 2017, issue when he world doesn’t change in the world of virtualization. You want 6 said, “Truthfully when vNonStop was announced we were ecstatic Richard Buckle is the founder and CEO of Pyalla Technologies, LLC. He has processors then you will get 6 processors at your disposal. You are because we felt that this would allow the technology to push enjoyed a long association with the IT industry as a user, vendor, and more licensed for 4 cores then yes, you will get 4 cores. Nothing changes a wide path into the market, obviously a great thing for every recently,as an industry commentator. Richard has over 25 years of research in this regard, again, that little man in the hypervisor sees to it vendor supporting it. However, after the initial wonderment of experience with HP’s NonStop platform, including eight years working at Tandem all. Probably it’s best to think of it as something rather magical the announcement had burned out, we asked the same obvious Computers,followed by just as many years at InSession Inc. and ACI Worldwide.

www.connect-community.org 31 How a Credit Card Company in Japan Strengthens NonStop Security and Simpliﬁ es Database Management Chinami Higashibata

n Japan, credit card usage is not a big deal compared Marching-towards Tokyo Olympic/Paralympic games in to o ther countries. However, these days, the Japanese 2020, the Japanese government expects Japan is going to be credit card industry has been vividly increasing. Many one of the world’s safest and easiest countries to use credit people shift to use credit cards for shopping at stores, cards. The Japanese Government carried out a ‘Cashless Japan’ on the internet, and even the railway system. The 2020 program. Ministry of Economy, Trade and Industry (METI) Olympics in Tokyo is another example of Japan’s culture revised installment sales law which will be applied around May- changing too. Credit card usage is expected to increase June 2018, and presented ‘Execution plan of 2017’ as a specific not only for the Japanese, but by foreigners as well. HPE NonStop countermeasure. This Execution plan is continuously reviewed serversI support the credit card industry in Japan. We from DXC every year. Technology Japan lead these increases of credit card usage and transaction using NonStop system strong security and optimizing PCI DSS compliance for the credit card industry database for increasing transaction. in Japan. Trends of the credit card industry in Japan The plan by METI includes PCI DSS compliance. The Credit card industry in Japan is growing at a steady pace. In 2012, the Execution Plan released by Japan Credit This is mainly due to the increase in internet transactions. In Association, which is a national plan, included PCI DSS compliance. 2016, many issuers have seen an increase in transaction rates This was the start of making the Execution Plan based on PCI DSS by about 5-13%. Reference: Monthly Shohisha-Shinyo 2016 compliance. After that, METI presented an interim report that (consumer’s credit). The Japanese government expects credit card “compliance with PCI DSS is effective efforts,” at association consumption to increase by 40% or more in the next decade. for development of credit card payment in 2014. METI made an obligation to comply with PCI DSS to credit card companies by The Second reason for this upward trend is that more March, 2018. foreigners will be coming to Japan for the 2020 Tokyo Olympics. They will use credit cards issued by their home countries, which In 2010, one of the NonStop credit card system in our support, we means systems need to be upgraded to handle those various had started to consider what security products are best for the system credit card transactions. Many systems need to be redeveloped for to comply with these new requirements. Thinking the aspects to easy dealing with the different options. usage and strengthen security guard, we decided to lead to compliance Execution plan by using XYGATE. Not only execution plan but also we Another mark is that Credit Card Fraud is increasing. complied with PCI DSS in 2014 in the lead. After being certifi ed, we Unauthorized access targeted affiliated stores with insufficient have continued PCI DSS certifi cation until now. security management. Fraudulent transactions totaled to about $130 million in 2016. The Japanese government needs to make efforts and take measure.

32 May - June 2018 PCI DSS compliance and security products Our Next Step: P2PE usage in our system Using existing XYGATE products, we achieved PCI DSS Safeguard security products have originally been used from compliance and also streamlined operations on our server, however, past systems. However, from the renewal of VENUS in 2014, we also need to take the next steps for matching the trends of the we have implemented XYGATE security suite of products to credit card industry in Japan and the rest of the world. achieve PCI DSS compliance, more easily and effectively. In Recent attacks of Point-of-sale registers have had a huge addition to Safeguard, NonStop ssh2 functions, using XYGATE impact globally. These attacks have changed from server direct security products have helped to achieve our security needs. Our attacks of a few decades ago and have become one of the greatest implementation has 3 objectives. impacts for the credit card industry. First objective, log acquisition quality is high; In addition to the In Japan, merchants have not been compliant with PCI DSS. Safeguard audit log, a more detailed audit log is recorded at by This main reason is that it is too expensive to obtain and maintain XYGATE User Authentication (XUA). XUA provides a comprehensive PCI DSS compliance for them. On the other hand, most credit card audit log, including information such as IP address and other companies and Payment Service Providers have already been or, factors. The operator uses the detailed audit log every day to if not, they have to be compliant with PCI DSS by March 2018. It is report on PCI DSS compliance. also very tough for them because it is too short of a time frame to The second objective is real-time monitoring sent by EMS. get the legal application until then. When a suspicious event has occurred, the EMS messages are To deal with these issues above, Japanese government instantly sent to monitoring. Monitoring can then alert an operator established an Execution plan including this key institutional for immediate action on the event. approach in 2017. Protecting leaking card information from The last objective is optimizing log monitoring. Using XYGATE POS or merchants stores; either by conformance to PCI DSS for Report Manager (XRM), a visual representation of the system and businesses holding card information or ‘Non-holding’ of card information for merchants. How a Credit Card Company in Japan Strengthens NonStop Security and Simpliﬁ es Database Management Chinami Higashibata n Japan, credit card usage is not a big deal compared Marching-towards Tokyo Olympic/Paralympic games in to o ther countries. However, these days, the Japanese 2020, the Japanese government expects Japan is going to be credit card industry has been vividly increasing. Many one of the world’s safest and easiest countries to use credit people shift to use credit cards for shopping at stores, cards. The Japanese Government carried out a ‘Cashless Japan’ on the internet, and even the railway system. The 2020 program. Ministry of Economy, Trade and Industry (METI) Olympics in Tokyo is another example of Japan’s culture revised installment sales law which will be applied around May- changing too. Credit card usage is expected to increase June 2018, and presented ‘Execution plan of 2017’ as a specific not only for the Japanese, but by foreigners as well. HPE NonStop countermeasure. This Execution plan is continuously reviewed serversI support the credit card industry in Japan. We from DXC every year. Technology Japan lead these increases of credit card usage and transaction using NonStop system strong security and optimizing PCI DSS compliance for the credit card industry security audit logs is available. This helps operators quickly check database for increasing transaction. in Japan. the log more efficiently – saving time and ultimately saving money. Tokenization on NonStop Server Trends of the credit card industry in Japan The plan by METI includes PCI DSS compliance. In addition to enhancement these three aspects of operation to One of the most popular ways to achieve ‘non-holding’ is compliance PCI DSS points, XYGATE products also have benefits tokenization. We were tasked with how to implement tokenization The Credit card industry in Japan is growing at a steady pace. In 2012, the Execution Plan released by Japan Credit for security control in following point of view. on one of our biggest customer’s system. This is mainly due to the increase in internet transactions. In Association, which is a national plan, included PCI DSS compliance. 2016, many issuers have seen an increase in transaction rates This was the start of making the Execution Plan based on PCI DSS XUA provides not only detailed logs, but also controls logon The solution on the HPE NonStop server is Micro Focus by about 5-13%. Reference: Monthly Shohisha-Shinyo 2016 compliance. After that, METI presented an interim report that based on a number of parameters such as time, location, or SecureData powered by XYPRO’s Transparent Data Protection (consumer’s credit). The Japanese government expects credit card “compliance with PCI DSS is effective efforts,” at association requestor. XUA extends Safeguard’s capabilities further than (TDP). Seamless execution on NonStop Servers is an effective consumption to increase by 40% or more in the next decade. for development of credit card payment in 2014. METI made an traditional authentication controls. solution to take advantage of transaction response and the obligation to comply with PCI DSS to credit card companies by robustness of NonStop Server. SecureData can tokenize card data The Second reason for this upward trend is that more To meet PCI DSS compliance, the NonStop systems need to March, 2018. for end to end encryption. For example; from the web browser or foreigners will be coming to Japan for the 2020 Tokyo Olympics. track every each command execution. XYGATE Access Control payment terminal. They will use credit cards issued by their home countries, which In 2010, one of the NonStop credit card system in our support, we (XAC) enables them to use key stroke logging to log every means systems need to be upgraded to handle those various had started to consider what security products are best for the system command and command executed on the system. Database usage issues credit card transactions. Many systems need to be redeveloped for to comply with these new requirements. Thinking the aspects to easy Another important and effective method to our operations is Dealing with increasing transaction volumes and the focus to dealing with the different options. usage and strengthen security guard, we decided to lead to compliance optimized ACL to reduce missed security controls. XYGATE Object enhance security, the database is also needed to be considered Execution plan by using XYGATE. Not only execution plan but also we Another mark is that Credit Card Fraud is increasing. Security (XOS) reduces ACLs by wildcarding, enables regular for performance. Generally there are two main concerns for credit complied with PCI DSS in 2014 in the lead. After being certifi ed, we Unauthorized access targeted affiliated stores with insufficient expressions and ability to use multiple masks to allow for greater card systems: Temporary performance degradation and data have continued PCI DSS certifi cation until now. security management. Fraudulent transactions totaled to about applicability of rules without adding complexity. Compared with migration delay. $130 million in 2016. The Japanese government needs to make Safeguard ACLs, XOS reduces ACLs to about 80%. efforts and take measure.

www.connect-community.org 33 Temporary performance degradation is brought on by This allowed us to run MARS Functionality tests for 1 month, congestion due to a large volume of transactions. It occurs during performance tests for 2 months, and evaluate the result suffi ciently. peak times of the system and the system becomes overloaded. We Through these aspects, we had good clarity in the designing need to make online processing and search processing load more and implementation phase; we were able to focus on performance efficient while at the same time to improving search performance. tests. We saved time and money using MARS for reorganization of Another concern is the delay data migration took. The delay the NonStop database. We tested with a combination of 30 to 40 caused the migration between systems to take more time than performance patterns to determine the minimum business impact. expected. The system needs to prevent data extraction delay Another point to highlight is that MARS met our very high by fragmentation. In order to resolve these situations, we quality technical, performance and speed demands. Promptly implemented a database reorganization solution on the NonStop achieved our requests about the control functions and other server from Merlon called MARS, Merlon Auto Reload System. functions necessary at minimum. New functions have been MARS is a product that supports NonStop Server implemented within a short period of time. This has made our reorganization (RELOAD) operations. MARS performs database overall system reorganization more efficient. object reload automatically. Depending on some conditions that We successfully implemented database reorganization and we may indicate that an object needs to be reloaded, MARS then would like to share the benefits of MARS too. We achieved high schedules a reload for that object. In addition MARS also has efficiency, improved operability by GUI, and even inexperienced granular control functions for reload. members can reload easily. This high operability brought us MARS also has an easy to use Graphical User Interface. We easy and immediate value. Operators can now quickly respond register database conditions and an expected MARS operating to changing system to deal with business peaks from business schedule for the MARS monitor process from a Windows client PC. demands. MARS also helps avoid human errors. For example, it MARS then runs automatically. The monitor process controls start safeguards against execution on the same DISK by the control and stop times to reload the database automatically. There is also function of MARS, which leads to safe operation. a performance monitor process for the reload. The Performance Security maintenance will constantly be an issue. We need monitor process controls the number of parallel executions to to comply with the latest PCI DSS requirements and deal with optimize reorganization. If executions happen too often, system challenges as they arise. The nearest issue is that merchants deal performance can be impacted. In addition to the control of with those problems. We will also need to implement the best execution, the performance monitor process also monitors system solution, such as Tokenization. CPU-BUSY and DISK-BUSY. Resource management is an important factor to performing database reorganization efficiently without Credit card transaction rates are increasing, DB model is also affecting other operations of the system. more important. The increase in transaction volumes make the database more complex. MARS is a very useful product for DB We have many expectation to use MARS, however, there were optimization automation. also some concerns during the implementation review.

As everyone knows, Japanese customers are very cautious. For example, implementing MARS in a production environment was a We presented these topics during NonStop big concern. The system is already deployed and our plan was to implement MARS in the production environment. Another example Technical Boot Camp 2017 in San Francisco is safety and efficiency. They always expect high quality and no Our company, DXC Technology, is the world’s leading mistakes. independent, end-to-end IT services company. We guide clients on their digital transformation journey, multiply their capabilities, and On the other hand, DXC Technology had some thoughts too. We help them harness the power of innovation to thrive on change. had to carefully determine the parameters so that processing will not be aff ected because there are not many cases of MARS in Japan.

To solve these concerns, we approached with following plan. Chinami joined Hewlett-Packard Japan in 2015 and has worked as a Systems Consultant mainly working for the Credit Card Companies in Japan. She has First of all, we engaged with Merlon early in the process - worked with Japan Credit Card Companies more than 3 years providing the sys- including support requests and enhancements needed. We realized tem consultation, the project management, and the development lead with Non- we may need more support than past projects so we started early Stop Server. Before joining the credit card system project, she had developed to maximize our preparation time. Secondly, we researched as NSS infrastructure in other projects.Using her experience in those projects, she many cases as available in order to determine as many of the is developing the system including security. She holds a Bachelor of Science in parameters and requirements up front as possible. Learning from Computer Science and Education. existing cases and solutions gave us very notable information. Finally, we spent time doing deep evaluation tests. Using information gathered from cases and discussion with the Merlon team, we Experimented and ran through test cases on our own.

34 May - June 2018 A Secure Private or Hybrid Cloud for NonStop It’s no secret, NonStop™ customers run mission-critical applications…but how about backup/restoration and archival of mission critical data? Requirements for any backup solution must include Availability, Security, Transparency, and of course Cost!

Meeting all these requirements is Tributary Systems’ Storage Director® coupled with advanced IBM Cloud Object Storage® (COS) technology. NonStop customers can transparently take advantage of IBM’s COS without any changes to their NonStop applications.

Still the First Place to Look Consider these key points: Hewlett Packard Enterprise Education Services is here • PERFORMANCE - data ingestion and restore rates to serve you. Be on the lookout this year for a whole new experience, additional new course titles, special unmatched in the market workshops, timely technical webinars with NonStop • SECURE - with AES 256 bit Encryption and gurus, education offerings at key Connect regional Erasure Coding events and new performance support portals such as our • SCALABLE - inherent with Object Storage soon to be released NonStop Academy. • COST EFFECTIVE - up to 50% less expensive You want and need the official, most up to date, cutting- than de-dup VTLs and disk appliances edge NonStop content available. You also want the most • ALREADY IN USE by government agencies and experienced instructors on the planet. For that, there leading smart phone manufacturer, among is only one place to look and rely on. HPE NonStop many others Education Services. For more information visit www.tributary.com If you haven’t had your staff attending HPE NonStop training for a while, isn’t it about time? See our always updated course schedules at the url below or contact us for custom or specific on-site training.

HPE NonStop Education Services http://h10076.www1.hpe.com/us/en/training/portfolio/nonstop.html Steve Tcherchian CISSP Chief Information Security Officer

here is quite a large disconnect in the way breaches are evolving versus how security solutions are keeping up to address them. Virtualization adds an entire new layer of complexity to the T puzzle. As a security strategist, I’m constantly evaluating what is possible to help identify gaps and opportunities. The one thing I have learned over the course of my career: The only thing constant in cyber security is that attackers’ methods will continue to evolve. They get smarter, more resourceful and are impressively ever patient. The HPE Integrity NonStop server is not only a foundation of the HPE Server business, it is also central to countless mission-critical environments globally. For the longest time, security of these powerful systems and the “Mission Critical” applications they run remained mostly static and under the radar while high profile attacks on other platforms have taken the spotlight. That hasn’t lessened the risk to the NonStop server. It’s actually created a gap. With globalization, virtualization and introduction of new technologies like IoT, this security gap will only increase if not addressed. Interestingly enough, the NonStop server isn’t the only mission critical enterprise solution in this situation. There are some colorful parallels that can be drawn between applications running on the NonStop server and those running in SAP environments. Both are in highly mission-critical environments and vital to the revenue generation of an organization, and they frequently run payments applications like ACI’s BASE24 and other homegrown applications. This creates some interesting security challenges. In a recent The Connection Magazine Article, Jason Kazarian, Senior Architect at HPE described legacy systems as “complex information systems initially developed well in the past that remain critical to the business in spite of being more difficult or expensive to maintain than modern systems”. His article went on to point out the security challenges of legacy applications. In summary, some of these types of applications can tend to be unsupported, security patches aren’t readily available and if they are, they aren’t applied in a timely fashion because of fear of disruption, and they don’t have a lot of the security features modern applications would have. This makes detecting and addressing security risk and anomalies a greater challenge than it already is.

Mind The Gap How can this problem be addressed? Protect what you can. As a first step, be it system, application or data – push the risk down the stack to an area that is more controllable by security controls. For example, tokenizing data used by a legacy application will send an attacker to go search for that data through alternate methods, preferably one better suited for detection. Have a risk based, layered approach. This will swing the odds in your favor. Perhaps not entirely in your favor, but this approach will provide you with the arsenal you previously did not have: It will create those choke points, provide the visibility needed and help reduce mean time to detection and response. 36 May - June 2018 With the way threats are evolving, those of us responsible for an alarm system.” No museum ever says: “Our door and window security need to constantly evaluate and assess our capabilities. locks are so good, we don’t need night watchmen. Detection and Let’s take a dive into each layer to explore the benefits they response are how we get security in the real world… “ provide in an overall security strategy. Schneier gave this testimony back in July of 2001, yet in 2018 where organizations are getting hit by incidents they can’t detect, this premise is still valid and critical. In the previous section we discussed hardening systems and building a wall around assets as the first layer of security strategy. I’m surprised by the number of conversations I have with IT and Security folks who still carry the mindset that this degree of protection and compliance is good enough. No matter what level of protection a system has, given enough time, an attacker will find a way through. The faster you can detect, the faster you can respond, preventing or limiting the amount of damage a security breach can cause. Detection is not a simple task. The traditional method of detection is through setting up distinct rules or thresholds. For example, if a user fails 3 logons in a span of 5 minutes, detect it and send an alert. In most cases that rule is explicit. If the failed logon events spanned 20 minutes, or worse yet, 10 days, it would not be detected. The limitation with relying on rules for detection Protection/prevention is the first and most critical layer of any is they will not alert on what they don’t know about. Those low and security framework. Without a proper protection layer in place, slow incidents and unknown unknowns – activity not normal on none of the other layers can be relied upon. Think of the protection a given system -will fly under the radar and no one would be the layer as the traditional defensive strategy – “the wall built around wiser until you get a call from the FBI. assets“. This includes defining and implementing a security policy as well as hardening of the network, the system and applications. The other challenge is correlating events from multiple data The protection layer is also where users, roles, access control sources. Let’s look at the incident diagram below. and audits are set up. Key fundamentals to consider as part of the In this incident pattern, we have events from EMS, Safeguard protection layer. and XYGATE. The NonStop server could send each individual • Authentication – Allows a system to verify that someone is who data source to a Security Incident and Event Management (SIEM) they claim to be. In a HPE NonStop server environment, this solution, but the SIEM would not have any context to detect the can be done using Safeguard, XYGATE User Authentication, or incident pattern as suspicious behavior. A security analyst could through application authentication. create rules to detect the incident pattern, but that’s just one use case. The traditional method is to scour through event audit • Authorization – Determines what a user can and cannot do on a records, try to put the pieces together and then create a rule to system. Authorization defines roles and access to resources. detect that pattern in the future. The weakness in that thinking is • Access Control – Enforces the required security for a resource the incident has already occurred. You’re putting a rule together or object. on the off chance it will happen again. However, it’s not reasonable or possible to anticipate and define every possible incident pattern • Logging and Auditing – Ensures that all security events are before it happens. captured for analysis, reporting and forensics A third area of concern is profiling a system and its behavior • Encryption and Tokenization – Secures communication and data to understand what is normal behavior for users, applications and both in flight and at rest. Examples of products which protect the system to be able to recognize when activity is not normal. data include VLE, TLS, SSH, Tokenization and more. This can be accomplished through evaluating the system and its • Vulnerability and Patch Management – Ensure timely installation configuration, profiling the system over a period of time, profiling of all RVUs, SPRs and application updates. Prioritize and take user behavior, highlighting risk management and a variety of other recommended action on HPE Hotstuff notices. intelligence methods. This is where machine learning has These types of preventative controls are necessary and intended to prevent unauthorized access to resources and data, P�� S�� but they cannot solely be relied on as a sustainable security strategy. Attackers’ motivations N�� A�� and sophistication are changing, therefore when prevention fails, detection should kick in while there M�� F�� L�� is still time to respond and prevent damage. �� S�� L�� XS1 �� G�� S�� U�� Detect In testimony given before the N�� A�� Senate Subcommittee on Science, Technology and Space, famed C�� A�� cryptographer and cyber security U�� U�� specialist Bruce Schneier said: “Prevention systems are never L�� A�� perfect. No bank ever says: “Our O�� T�� safe is so good, we don’t need www.connect-community.org 37 a significant advantage. No human could possibly evaluate the volume of data needed to make these types of determinations Respond: Deploy your army at the speed required by today’s standards. Machine learning is a type of artificial intelligence that enables the system to teach itself. Explicit rules are no longer the lone method of detection. Machine learning can profile a system or network over a given amount of time to determine what is normal to isolate what is not normal. Inserting machine learning as part of a solution process significantly increases abilities to stay on top of what is going on with a given system, user, network or enterprise.

Alert

For any of the first three layers to produce value, there needs to be a proper incident response plan. Responding will allow you to deploy your countermeasures, cut off access, send the attacker to a mousetrap or other actions that will assist in minimizing the impacts and recovery of a breach. Containing the breach and quickly recovering from it are the most important steps of this layer. Response and containment comprise of a number of simultaneous activities to assist in minimizing the impact of a breach. These may include but not limited to: • Disabling accounts • Blocking IPs and Ports • Stopping applications or services • Changing administrator credentials • Additional firewalling or null routing • Isolating systems This is necessary to slow down or stop an attack as well as The third layer relies on alerting. The challenge most the preservation of evidence. Evidence of the attack is generally environments have as they grow and their infrastructure becomes gathered from audit logs, but coupled with detection and analytics more chaotic with more tools, more users, more data and more tools can provide access to information in a much quicker and events is they alert too much or too little. How does one know what more granular fashion. Being able to preserve evidence is key to act on and what is just noise? There are solutions that position is forensic investigations of the breach as well as important for themselves as being able to do data and analytics, but that ends prosecution. up generating more data from existing data. Someone needs to Once all the pieces fall into place and there is an incident determine if the newly formed alert is actionable or just noise. alert that requires response, how will your organization deal Going back to our previous failed logon example, if we were to with the issue? Breach incidents are hardly ever the same. There receive 15 different alerts for the same rule, how can one know needs to be a level of categorization and prioritization on how which alert to pay attention to and which to safely ignore? If to deal with specific incidents. In some cases, you may want to you’ve ever been responsible for responding to security alerts, slowly stalk your attacker, where in others, the sledgehammer you know this creates alert fatigue. Back in my early days, mass approach may be the only thing that can preserve data. Does deleting emails of similar types of alerts was one of my favorite everyone understand their assigned roles and responsibilities? things to do. Is there someone in charge? Is there a documented plan? All of these are considerations that need to be accounted for as part of Contextualization allows the system itself to determine what response. This can be summarized in two words – BE PREPARED. is actionable and what is just noise. A solution like XYGATE SecurityOne can evaluate each potential alert and, based on activity that happened previously for that that user, IP, system Resources etc…, determine whether the reported activity is business as usual On the HPE NonStop server – the protection layer can be or a serious issue that needs to be paid attention to. Creating addressed with properly configuring Safeguard, implementing new data and new alerts from existing data doesn’t solve the protection of data in flight and data at rest and deploying third problem. Applying context to the new incidents generated helps party security tools available for the system. For alerting and focus efforts on those incidents that truly need attention. Once an detection, XYGATE Merged Audit with HPE Arcsight can provide the account changes hands, it will behave slightly differently. tripwires and alarms necessary for proper detection. For further detail on how to properly protect a NonStop server, HPE has Context is key. published the HPE NonStop Security Hardening Guide. XYPRO has also published a 10 part blog series on how to properly protect a NonStop server (http://bit.ly/21nmQiY).

38 May - June 2018 For the next generation of detection and alerting, XYPRO’s We need to recognize the paradigm shift in how we approach newest offering, XYGATE SecurityOne (XS1), bringing risk security, especially in a virtual word and understand an attackers’ management and visibility into real time. XS1’s Patented ability to stay one step ahead of most defenses is central to their technology correlates data from multiple HPE Integrity NonStop strategy. As the NonStop platform evolves and becomes more server sources, detects anomalies using intelligence and analytics interconnected, what was put in place previously to address algorithms to recognize event patterns that are deemed out of the security will not be sustainable going forward. No matter how ordinary and suspicious for users, the system and environment. vendors position their solutions, security is hard, doing the right Coupled with SIEM solutions, XS1 can provide a constant, real thing is hard, but that doesn’t mean security professionals need to time and intelligent view of actionable data in a way that was never work harder. been seen before. From a security professional’s perspective, cyber criminals will Strong technology and process is important, but people are always be viewed as war-like. Relentlessly driving to break into paramount to any successful security strategy. Regular security systems, get to data, wreak havoc and cause disruption to fulfill training and development on industry best practices, security their malicious objectives. Meanwhile, cyber security staff need trends and attack evolution should be factored into any security to act more cautiously and deliberately to avoid being seen while program. Without ongoing training and reinforcement of people, following the enemy. With the proper security layers in place, the gap only has an opportunity to widen. An organization’s most the enemy will be thwarted by deliberate masking, redirection and valuable resource is the people hired to provide security and detection that hides where the data really is and alerts when the close the gap. Use them wisely and ensure they have the tools and enemy is near. We continue to get smarter by blocking, hiding and training to provide the layers of defense required. redirecting things away in response to attacks. We just have to keep it up and evolve with the technology around us. Cyber criminals don’t sit around waiting for solutions to catch up. Security complacency ends up being the Achilles Heel of most organizations. Because of its unique attributes, security on the Steve Tcherchian, CISSP NonStop server needs to be addressed in a layered approach and Chief Information Security Officer Risk Management is a big part of the process. Putting the layers in XYPRO Technology place to allow us to highlight risk as early as possible to address it @SteveTcherchian is key in dealing with upcoming challenges. This will hopefully help @XYPROTechnology bridge the gap between attacks and security.

Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Information Security Officer and the Director of Product Management for XYPRO Technology. Steve is on the ISSA CISO Advisory Board, the NonStop Under 40 executive board and part of the ANSI X9 Security Standards Committee. A dynamic tech visionary with over 15 years in the cyber security field, Steve is responsible for strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance and security to ensure the best experience to customers in the Mission-Critical computing marketplace.

XYGATE SecurityOne® Security Intelligence and Analytics

Faster Threat Detection Improved Risk Management Separate Noise from Actionable Data Detect Anomalies Multi-Platform Support NonStop, Linux, Unix, Windows

Learn more at xypro.com/SecurityOne

©2018 XYPRO Technology Corporation. All rights reserved. www.connect-community.org 39 Brands mentioned are trademarks of their respective companies BackforMore Richard Buckle // CEO // Pyalla Technologies, LLC.

he English language is rife with expressions and sayings many CMS instances, it was like having a giant, in-house, time many of which are simply shorthand for how we feel about sharing system. Oh yeah, Cool! a person or object. These expressions can range from “Oh, T A lot has happened since those times and we have seen bother!” to “Botherations!” to something that is best left to be virtualization take hold of many server environments offering read in other publications. Decades ago a popular television not just isolation of multiple users but a better way to capitalize show gave us the expression “Sock it to me!” even as it was left on the escalating power of the underlying chip technology. to another show to give us the techie farewell, “Live long and Deploy a VM control program, or hypervisor, on top of the metal prosper!” It was the rock group J Giles Band who sang, “Love and now, many more guests could be supported than otherwise stinks!” On the other hand, for followers of the sitcom, Friends, possible. Guests could be anything from a single instance of perhaps recall when Monica said it best as she explained how, an operating system such as Windows or a complete multi- “Welcome to the real world. It sucks. You’re gonna love it!” Oh tasking operating system running transaction programs like yeah, Lovely! zOS (MVS) or even NonStop. Yes, NonStop! As announced, HPE’s For as long as we have been programming NonStop systems virtualized NonStop (vNS) can run, in total – that is, the OS and as a community we have been “making it real” but shortly all the software stack that includes NS SQL and TS/MP (Pathway) that will change. When it comes to fault tolerant computing – as a guest of a hypervisor. Right now, this includes the kernel with NonStop continuing to be the leading proponent, there is level VMs such as OpenStacks KVM as well as VMware’s vSphere, a real need to know everything about “what lies beneath” so both of which are supported today by vNS. By the actions HPE is much so that experienced NonStop programmers baulked taking today in support of NonStop, it is insuring that NonStop at considering anything other than running the OS and will continue to be a great solution for all mission critical its companion software stack as close as possible applications. Oh yeah, Special! to the metal. We just had to know what was going Before you think this issue’s column is nothing more on! We just had to know about every source of than a collection of clichés, consider this; the very failure so we could switch to a backup path word NonStop is almost a cliché. Expectations or an alternate device. The Mackie diagram abound across IT that applications will run explained it all; dual paths and dual continuously and yet, there is barely a day ported devices allowed processing go by where there isn’t news about the to continue even after a failure. disruptions caused by one outage The concept of n+1 processors or another and the general public ensured that any given NonStop has become somewhat blasé about system could handle any single point the impact such outages have on our of failure and if we kept low enough lives. However, standings in the business workloads per processor, re-balancing world have been tarnished as a result of workloads after a failure of even a processor such headlines and today CIOs report that a meant that end-users wouldn’t be impacted. single hour of downtime can cost them anywhere However, the world has changed. It started a from $100,000 to $1-5 million* when you take into long time ago when we realized the value that came consideration the additional costs associated with from separating the logical world from the physical labor that is left idle. NonStop systems are renowned for world. No longer was it the responsibility of the application delivering the highest levels of uptime and cliché or not, as programmer to write their own peripheral access methods but the world moves towards hybrid IT where complexity prevails, rather, they now could call macros or subroutines that simplified NonStop continues to provide the high levels of availability such access. Putting a little distance between the real world of whether running traditionally on physical systems or virtually, as physical devices and a logical world that provided a degree of a guest of hypervisor. device independence, we could easily upgrade to next generation When someone tells you to get real, they want you to get a peripherals without worrying about changing the application reality check and to stop behaving as though you're living in a code. Brilliant! However, when it came to the processors, it was fantasy world. For years, this was the understanding too all of going to take a lot more than accessing logical I/O routines. those who depended upon NonStop in support of their mission Many vendors will talk about their paths to virtualization and critical applications. However, today, getting real is now less of how they were the pioneers of one aspect of virtualization or about metal under the NonStop than it is about independence. another. My own journey began with IBM in the early 1970s when NonStop provides and it is opening the doors to a much larger I sat through an explanation of CP/67 – virtualization being selection of hardware. This can only be even more beneficial to done on specially modified IBM 360/65 mainframes. And then I businesses everywhere. Perhaps the cliché we may all come to came across the Conversational Monitor System (CMS) – a very love in time is well, “there’s no time like the present” or perhaps, “simple interactive single-user operating system.” Together, better still, “actions speak louder than words” as anyone can talk CP / CMS morphed into IBM’s Virtual Machine (VM) product, a big game, but the truly great let their actions speak for them! offering that came to life in a big way once IBM began shipping the System 370 with Virtual System (VS) support – operating systems that included DOS/VS, SVS (from OS/MFT) and MVS * https://www.randgroup.com/insights/cost-of-business-downtime/ (from OS/MVT). However, my early experience with CMS running as a guest of VM gave me the perspective I was running my own machine, independent of everyone else (considered a good thing by my fellow programmers) and as the VM hypervisor supported

40 May - June 2018 SQLXPress & MARS Productivity Performance Security

Comprehensive NonStop Database Management Solutions Now available from HPE NonStop Sales!

SQL/MX SQL/MP Enscribe

SQLXPress MARS SQLXPress is an easy-to-use GUI for managing MARS is an automated database reload solution NonStop SQL MP and MX databases. It provides that provides a safer and more productive way to powerful tools for managing data and graphically reload NonStop databases for peak performance. building and tuning queries. SQLXPress also has With MARS, you can prevent application comprehensive tools for database maintenance and performance degradation, recover unused disk management that streamline critical DBA tasks. space, and free your DBA to perform other tasks.

Learn more at www.xypro.com/merlon

upgrade your digital core

comforte solutions for HPE NonStop systems

Many NonStop applications were developed years ago and are not equipped to deal with current technology standards. Yet there is no need to rip and replace them.

Give your NonStop applications the fast and efﬁcient compatibility upgrade they need so your core business can quickly meet customer demands and stay ahead of the competition.

Overcome technology limitations Unlock more value with minimal effort Address legacy skills shortages Reduce support costs

Migrate Enscribe ﬁles to NonStop SQL. Open systems connectivity to and from NonStop systems: REST/JSON ° SOAP ° Java/J2EE ° .NET ° HTTPS ° RSC

For more info, visit our website www.comforte.com or send an email to [email protected]