Product Roadmap Presented by Roger Andrews On the horizon… Synergy/DE Version 11 New Version Aversion • Too many breaking changes • I need to re-test my entire application • I need to support my existing customers/version • I have to install new keys WE GET IT! So we’ve been avoiding it too! What Necessitated a Change in Version? Security • OpenSSL • Spectre / Meltdown Upgraded tooling for building Synergy • C runtime libraries • .NET Framework features • Visual Studio UCRT and Linux GCC compiler OS and hardware requirements Version 11: Security Why should I care? • You have to be secure from your client to your web server • You have to be secure from your website to your web server • You have to secure your data on disk • You have to secure the data before it gets to the disk • Anyone with FDIC/HIPAA/PCI compliance requirements MUST KEEP UP TO DATE!! Version 11: OpenSSL 1.1 • Openssl.org dropping security updates for 1.0.2 by Dec 2019 • Unix and VMS manufacturers continue to backport critical security fixes for a period of time, after OpenSSL drops support • All Windows customers using encryption of any kind should upgrade to Synergy/DE 11 and update OpenSSL to 1.1 to get continued security support • MANDATORY for FDIC / HIPAA / PCI compliance Version 11: OpenSSL 1.1 How do I get it? • SSL patches are as critical as OS patches • Windows: SSL patches must be manually applied • Unix: SSL patches come as part of OS patches…you must keep up to date • Some Unix distributions already ship with 1.1 by default (e.g., Fedora) • VMS: Support will be available when VSI ships it Version 11: OpenSSL 1.1 • OpenSSL 1.0.* supports TLS 1.1 and 1.2 • OpenSSL 1.1.1 supports TLS 1.1, 1.2, and 1.3 • Synergy/DE version 11: • Defaults to (recommended) TLS 1.2 across the product set • Supports TLS 1.1 as the minimum • Removes support for TLS 1.0 and lower • We are investigating support for TLS 1.3 Version 11: Spectre / Meltdown • What are they? • Hardware security vulnerabilities affecting nearly every computer chip manufactured in the last 20 years • Am I affected? • Depends on your CPU (latest gen 7/8 Intel and AMD CPUs experience minimal to no impact) • Earlier CPUs have varying degree of impact, up to 50% slower, especially with xfServer on virtual machines • What did we do? • Windows runtime and xfServer built for Spectre compliance • Gibson Research InSpectre.exe demo Version 11: xfODBC Security • New dbcreate – a option • 128-byte passwords encrypted using SHA256 • Industry-standard grant/revoke syntax for tables to users • Default to continue with GENESIS_USERS Version 11: Upgraded Tooling • Built with latest Intel/Microsoft tooling on Linux and Windows • Windows: Upgrades C runtime from DEV11 (Visual Studio 2012) to DEV15/UCRT (Visual Studio 2017) • Enables Spectre mitigation in the runtime and xfServer • New C compiler in conjunction with code changes, enables improved performance (up to 20% on Windows) on arithmetic and simple assignment/if operations • Mitigates most Spectre impact on computation • Requires .NET Framework 4.7 • Enables support for .NET Core • Will require C runtime upgrade and may need .NET Framework upgrade on Synergy Clients Version 11: Upgraded Tooling • Windows installations • Authoring tool has changed from InstallShield to WiX • Windows Installer Service is 20+ year-old technology (msiexec) • Microsoft is moving away from MSIs to MSIX • Packaged .exe with embedded .msi (burn bundles) • True 64-bit installers for pure 64-bit OS, like Server Core • Supports most existing command-line options • Still supports setup.ini Version 11: OS Requirements • AIX 7 is the new minimum (IBM dropped AIX 6 support) • We continue to support the operating systems that the manufacturers still support (e.g., Windows 7 / Server 2008 R2) • If your application supports web access, your customers need to stay up to date with security patches • Revenue opportunity? Version 11: Windows Hardware Requirements • High DPI support • Many new monitors are 4K • Changes default look/feel of child windows, compatible with Windows 7 and higher • If not perfect, we’ll at least be better • Use of Windows GetSystemMetrics() requires code changes • Use of %U_WINMETRICS does it for you • Example What Else Is in Version 11? • Things to make Synergy/DE easier/better to use • Developer productivity • Performance enhancements • Support for 24 x 7 operations • Ease of configuration • Things to help you answer RFPs • Resource Center Community Ideas • Required changes to keep up with Microsoft Version 11: Developer Productivity • Traditional compiler/runtime • New String methods • More overloads for IndexOf, LastIndexOf, Insert, Substring and Replace • IsNullOrEmpty, IsNullOrWhiteSpace, TrimStart, TrimEnd, Split and Remove • Console.Writeline and Diagnostics.Debug.WriteLine • Full support for ? and ?? operators (targeting v11 runtime) • Support for extension methods Version 11: Developer Productivity • Traditional compiler/runtime • Debugger • Ability to examine cast objects in a path with multiple casts • Examine of ArrayList elements in full fidelity • Improved “hover over” of object expressions containing casts in Visual Studio • Quality improvements Version 11: Developer Productivity • Traditional & .NET compiler/runtime • Support for ^nameof • HTTP API • Chunked encoding • Head and Patch methods • Base64 encode/decode Version 11: Developer Productivity • Synergy DBL Integration for Visual Studio (SDI) • New “Find All References” improvements to match C# using later Visual Studio APIs • Repository project type • Rpsutl support for loading schema files in any order • Project attempts to load only modified schemas (not foolproof) • Support for Visual Studio 2019 (when it ships) Version 11: Performance Enhancements • Synergy DBMS • New ISAM Open option - Nonkeysequential • Bulk reads using only the data partition (.is1) • Up to 10x faster than using a primary key via the index • Most improvement on non-SSD drives • Ability to use this on Select for table scans • Considering an enhancement for ODBC table scans Version 11: Performance Enhancements • Select statement optimization • Improvements to use GRFA calculation only if user requests it (10% performance improvement) when no ISAM file-level GRFA (e.g., VMS) • Support for On.Keynum for specific key usage Version 11: Performance Enhancements • Synergy DBMS • New ISAM Open option - /BULK_INITIAL_LOAD • Stores new records without error checking and recreates the index on Close • Buffering of packets makes significant xfServer improvements Version 11: Performance Enhancements • Synergy DBMS: isutl • A test file with 36 million records and 13 keys (17 GB data file; 10 GB index file) went from 36 minutes down to 6 minutes • Takes advantage of modern SSDs and multi-core CPUs; will use more memory • Requires more temporary disk space—use a separate (SSD) temporary file location for best performance • All 32-on-64 installs will use a 64-bit isutl Version 11: Supporting 24x7 Operations • xfServerPlus • No longer runs under the System account • Windows: Username/Password comes from rsynd command line • Unix: Username/Password comes from startup of scheduled task • Backup service for registering with backup provider & Synbackup • Automatically sets/resets Synbackup to freeze I/O in conjunction with backup software like NetBackup Enterprise, Veeam, and Windows volume snapshot • CodeExchange script examples to do the same on Unix Version 11: Supporting 24x7 Operations • Synergy DBMS • isutl: Ability to re-index ISAM files in use • Provides improved performance in 24x7 operations without taking systems offline • Read/Write applications just stall • xcall REINDEX to allow program control of re-indexing without spawning isutl Version 11: Supporting 24x7 Operations • New ISAM file structure options • New “resilient” ISAM file creation option • Helps when customers kill processes (or a system crashes) in the middle of an ISAM file update operation • Keeps the index and data files in sync so the runtime can detect an out-of-sync ISAM file on Open/Store Version 11: Supporting 24x7 Operations • New ISAM file structure options • Auto-rebuild the index of resilient files if corruption detected • Just like Oracle and SQL Server do on system failover • Eliminates the need to use isutl –v to check for file corruption on system crash • Takes advantage of new isutl index rebuild performance enhancements • Designed for high-availability hardware systems with SSD-type disks and multi-core CPUs on 64-bit platforms • Users can let it run or have options to generate errors on Open while rebuild in progress • New Open and I/O hooks to control behavior (e.g., put up messages) Version 11: Supporting 24x7 Operations • New ISAM file structure options • For the ultimate in recoverability, “fullresilient” • Flushes just the data file (.is1) I/O on the file (most Writes are performed on the index) • Facilitates use of new Microsoft clustering technologies for failover clusters to auto-recover in the fastest time • New Open/Post Open hook event can be registered for all Opens • Allows developers to set up I/O hooks without changing all open code sites Version 11: Ease of Configuration • Windows xfServer and xfServerPlus • Import/Export of services • Use SynConfig or rsynd command line • REV11 licensing REV11 Licensing • Simplifies licensing of new systems • Simplifies annual license renewals • Simplifies addition of new products & users • Simplifies Synergy version upgrades Product Key Retrieval Before REV11 Product Key Retrieval With REV11 REV11