Product Lines
Ruminations on the System i Market
January 26, 2010
SkyView Poised for Growth with New CEO
SkyView Partners, Inc., has hired Tom Coccione as its CEO. Current CEO John Vanderwall, cofounder of SkyView along with Carol Woodbury, will immediately assume the role of chairman of the board and chief operating officer. Coccione has 22 years of experience in the software industry and spent 13 of those years at IBM in sales and sales management. I spoke with Coccione recently to learn a little more about his plans for SkyView. Coccione told me that before deciding to join SkyView, he researched the IBM i space and found that "the importance and value of the i is still at the heart of these companies, and within that industry, compliance is rapidly becoming important."
System iNEWS: What motivated you to join SkyView?
Coccione: I was with IBM for 13 years, but I've never really been specifically in the security industry, so when this SkyView opportunity came up, I did my due diligence, and I saw a rapidly emerging market in the compliance area. Four or five years ago, you didn't hear a lot about compliance, but today it's becoming pretty common. As I looked at the compliance industry, I saw it as a significant emerging market. The majority of the market is still manual and very labor intensive. As these companies evaluate an automated software solution, they see an immediate ROI. It's one of those "markets within a market" that's emerging rapidly, and it's sizable. It's also the kind of market that, particularly with government regulations increasing, is going to be a growing market despite the economy. We were up 13 percent over last year, and we'd have done even better with more sales resources.
My skill set fits well with SkyView's vision to rapidly grow the business. From my past business experience in enterprise software sales, I know that raising investment capital and building infrastructure and process will help SkyView in growing the business.
SiN: How do you envision your business growing?
Coccione: SkyView has the opportunity to grow geometrically. The IBM i market is still relatively untapped. With additional sales resources and aggressive marketing, we believe we can increase revenues by 20 percent in 2010. Our cross-platform strategy, which will be announced later in the year, gives SkyView the opportunity to grow exponentially. I think we're very focused with our products—Policy Minder and Risk Assessor—and they solve some major problems for companies, and I like that focus and the design. The products are deep in maturity. So I see SkyView Partners not moving so much to additional product lines but to additional platforms. A number of our customers have shown interest in that. So you will see SkyView taking the strengths that we have in our products to other platforms. We'll focus on our very strong loyal customer base. Our brand has been established within the IBM i world, and we want to leverage and expand upon that. Partners, especially those in the ASP and outsourcing model, will be key in expanding our market share.
SiN: What is your product strategy going forward?
Coccione: Our satisfied customer base is crucial to our future growth and success. We are looking at other products and tools to expand and complement our products. We have a very high maintenance-renewal rate because of high customer satisfaction with our products. Risk Assessor is designed to easily download for customers to have a free trial.
There's a strategy to add on more products, whether our partners' or our own, and that will enhance the current product line. Our strategy for 2010, since we'll be focusing on our customer base, is to gain market share, and we're planning to expand our sales organization as well. In terms of the market, the health care market is going to be a priority market for us.
SkyView Partners is at the right place at the right time in this emerging compliance market. It has established its brand as a quality product that solves a major, labor-intensive problem for a customer. John and Carol have earned a reputation that will give the company a strong value proposition on other platforms. I believe my skill set and experience comes at a perfect time to grow the business.
—Linda Harty, executive editor & availability/security/networking/connectivity editor
Posted by lharty on January 26, 2010 at 2:55 PM | Comments (0)
December 17, 2009
Wish List Fulfillment: Raz-Lee Helps Replicate User and Security Settings Between Systems
Raz-Lee Security recently announced enhancements to its iSecurity product suite, and I spoke with Eli Spitz, Raz-Lee Security's vice president of business development, to get more information, as well as to get his take on the latest trends he's noticing in the security market as 2009 winds down.
What's hot in security these days? What are your customers asking for help with?
Spitz: In the industry in general, a trend we're seeing is companies consolidating their environment into multi-system and multi-LPAR networks. Over the past year or so, we've sold into large banks running well-known banking applications, especially in Europe; some even have P40s and P50s, but certainly the trend is to the smaller systems, P10s and P20s. The real challenge for companies is the management and coordination of these networked systems. You don't want to repeat work that you've done on one system for security and compliance—you don't want to have to do that again on other systems. You want to be able to reuse definitions, rules, and alerts that you've set up.
So we're answering to this trend, and our latest batch of features that we've released really relates to this. In fact, these features were specifically requested by a large U.S. financial institution. They have 100+ systems/LPARs, and what they asked for was help with the whole issue of replication: ensuring that definitions are in sync, user profiles are all in sync, and system values are all in sync. Of course there will be exceptions, for example between user profile or system value definitions on test as opposed to production systems, and we allow for this as well in our products.
A really interesting aspect of multi-system management is simultaneously checking compliance levels in these diverse environments. For this, the Compliance Evaluator product that we released about a year ago offers the possibility of evaluating a site's compliance level over any subset of systems, against both site-defined standards as well as regulatory requirements. In fact, the product comes with built-in PCI, SOX, and HIPAA compliance checks that can be run after minimum site customization. And, within the product, we allow for exceptions and unique definitions for the different environments existing at all sites. So alongside the Compliance Evaluator product, which gives a compliance score for individual systems, we've added the ability to replicate definitions, rules, product parameters, and values from one system to another—in the area of user profiles, system values, etc.
So that's one trend that we've been seeing. Another trend we've also addressed, which is important in large companies, is native object security. IBM a couple of years ago came out with a product called Secure Perspectives, whose purpose is to address native object security—defining various levels of user access rights to objects defined in the system. But Secure Perspectives sort of lost focus and has not seen wide market acceptance. As of recently, there is a group in IBM that is involved with that product again. [Editor's Note: IBMer Terry Ford says that IBM's STG Lab Services Security Team has begun new work on Secure Perspectives. Read Ford's comment in our Product Lines blog.]
Native object security is really important because you're always going to have to get down to the basic object that you need to secure, and there's no easy and error-prone way of doing that in large shops.
So, to answer to this growing concern, we've developed a rules-based solution that fully supports generic names for securing, defining, and monitoring access levels to all objects in the system, including all different levels of access—read, add, update, execute, delete, etc. [Editor's Note: See "Raz-Lee Security Releases New Modules for Security Tool Suite."]
A third trend we're seeing is the increasing awareness and concern about application security. Just last week, we concluded a deal in the UK through our rep there, Northdoor, for a financial institution that originally purchased our Firewall and Audit products and has now added the AP-Journal solution. We've been very successful selling this product because it allows for monitoring application-level data and alerting anyone, in realtime via SMS, e-mail, message, or SYSLOG, when application data changes by more than a predefined threshold—percentage or absolute.
As an example, one of our customers is a large medical-supply and healthcare distributor that monitors online the stock levels of all items, and when the level-on-hand goes below a certain value, they'll send out an SMS message automatically to somebody so they can reorder the item. That's just one example, but it's easy to understand how it works.
A related issue is the potentially serious security breach we've been hearing more and more about from companies when data is accessed (read) and not necessarily updated. Originally, our application journal product was based solely upon what IBM provides—journal receivers, which we can filter, monitor, and use to send out alerts. What IBM journal receivers don't do is record accesses—simple reads!
To solve the read access challenge, we developed a solution that integrates with AP-Journal for monitoring these read accesses. So if, for example, someone does access my particular salary, it will be more constrictive. Fewer people can access it, but if they do view it, we can issue the alert. So application security is also brought up as a requirement more and more, and of course we're making a big push out of it and marketing in that direction—spreading the buzz. And companies are responding positively, saying that their auditors would like this solution.
I mentioned that the realtime alerts that we generate in all our products, in Firewall, Audit, Authority on Demand, or AP-Journal, can be a SYSLOG message. So another trend we're noticing is the increasing implementation of system event management (SEM) systems by multi-platform shops. It's basically a central console that accepts event notices from different nodes in the enterprise, which can be any appropriate hardware, for example IBM i, z, or whatever. Or it could be a Wintel or Unix box. With our support for SYSLOG, the Power i is now much better integrated into overall site management.
I think I've covered all the major trends we're seeing and how we've addressed them. Looking to the future, we're doing a lot of development and integration work right now with some financial application companies using mostly AP-Journal, and we will soon be announcing a related OEM agreement we've signed. You'll hear more about that in January.
Also on tap during the upcoming half year or so are graphical and statistical analysis features in AP-Journal, including identifying field-level trends and activity, and the extension of Compliance Evaluator to other platforms, including Windows, Linux, and others. We will be expanding marketing efforts as well and signing up more distributors and looking to establish more OEM agreements.
The bottom line is, we're looking forward to a very successful 2010!
Here are links to some of the other System iNetwork coverage on Raz-Lee Security:
- Security Pulse Point: A Quick Chat with Security Vendor Raz-Lee
- Raz-Lee Solution Protects Your Business from Deliberate and Inadvertent Risk
- Raz-Lee Offers (H)iSecurity
- Raz-Lee Enhances IBM i Security Solution's GUI
- Raz-Lee Security Releases New Modules for Security Tool Suite
—Linda Harty, executive editor & availability/security/networking/connectivity editor
Posted by lharty on December 17, 2009 at 8:14 AM | Comments (0)
December 7, 2009
Single Sign-On Can Make Your Users Happy. But That's Not IT's Goal
In response to hearing of a new service related to single sign-on, I spoke with Pat Botz, president of Botz & Associates and formerly IBM's lead security architect for the IBM i, about SSO and learned what the true goal of SSO should be. Contrary to what you might think, SSO is actually not the primary goal. The primary objective is to efficiently and cost-effectively manage authentication to corporate IT resources. Looking at the SSO problem that way is the key to effectively choosing and implementing an SSO solution.
Pat expresses why he thinks SSO is an ambiguous term, provides details about the different approaches to achieving SSO, describes what their drawbacks are, and explains why the most important thing you can do is look at SSO from a business perspective. He gives details here about how you can do that. His company has also announced the availability of complementary one-hour consulting sessions to help organizations analyze both the technical and business aspects of moving to a single sign-on security strategy. The sessions are conducted as private online meetings and are offered to organizations that want vendor-independent guidance to find viable solutions and predict the potential payback of implementing various SSO solutions within their unique environments. You can find the details of the offer on the Botz & Associates website, which I link to at the end of this article. In the meantime, read on to get some great information about SSO from one of our industry's top authorities on the subject.
What is the state of SSO technology today?
Botz: There are more and more options out there for quote unquote SSO, and I always say "quote unquote SSO," because it's very important to define what you mean when you say "SSO." People think of SSO as a specific solution, but the term actually describes a variety of technical approaches to a common problem. There are many different approaches to mitigating the problem that is encompassed in SSO. So I always try to discuss SSO in terms of password management—because the real problem is not that people have to sign on too many times. The problem is that people have too many passwords to remember. When you look at it from a business point of view, the actual problem is that it costs too much to manage authorization to IT assets. And when you look at the problem from a business point of view, the number of solutions for that problem greatly increases.
Let's get back to the definition of SSO. When you say "SSO" to an arbitrary individual, you'll both shake your heads and say, "Ah, yes, SSO. We need that." But the two of you may quite likely be talking about two separate things. You may think it means, "I have one password that I type in whenever I'm prompted to sign on to any IT resources on my network." The other guy or gal may think it means, "When I sit down at my computer, I get prompted once to log on, and I never have to log on again no matter what resources I access and no matter where they're located."
That's why the term SSO is very ambiguous. The goal is not to implement SSO; the goal is to significantly reduce the cost of managing authentication to IT computing resources. So I don't like the term SSO. It's a technical term used by techies, and it tends to cause people to set the wrong objectives.
Consequently, I use the term SSO only because it gets people's attention and generally focuses them in a specific direction. As soon as I do that, I say to them, "Let's understand the real problem." They may reply, "A lot of my people are unhappy" or "The help desk spends too much time on password-related problems." That may be true, but IT's role is not to make users happy. IT's role is to make the usage of corporate information as cheap and efficient as possible for the business. If you look at this problem in any other way, you'll end up implementing technology that may not actually fix the problem at a reasonable price.
The real goal, as I mentioned, is to significantly reduce the cost of managing authentication to the corporate IT resources. If you do that well, you'll achieve all the other goals: You'll make your users happy, you'll make them more productive, and the help desk will spend less time managing password problems. But in order to measure whether you will (or have) significantly reduced these costs, you have to calculate what those costs are currently and what it will cost to acquire, implement, and manage the proposed solution. With this information, you can not only determine whether you reduced these costs, but you can also predict return-on-investment and months to break even.
There are a number of technical approaches to SSO. Most of the approaches involve capturing a user's current user ID and password everywhere on the network. Users are provided a user ID and password for the solution and always use those whenever they're prompted to log on. Some solutions will try to intercept logon attempts to anything on the network. The solution, given the user ID and password plus the entity to which the user is attempting to authenticate, will look up in its database the actual user ID and password previously captured for the entity to which the user is trying to authenticate and will then forward that information on as if the user had typed it in.
That's one approach. The problem with this approach is that you haven't eliminated any passwords that need to be managed. You've eliminated prompts, so the end user will see fewer prompts, but somebody or something has to manage the real user IDs and passwords being used. So rather than eliminate the cost, you've shifted much of the cost to the IT department from the shoulders of the end user. You've also introduced a single database in which user IDs and passwords are stored for all users everywhere. Is that a good solution? In some cases, it may be. It depends on what your costs were before and whether there is an improvement in the strength of the real passwords. You have to look at it on a case-by-case basis.
Another approach to SSO is this: There are tools out there that will merely help you sync your passwords across multiple systems. That approach doesn't eliminate any of the prompts, but it does allow the user to type the same password no matter where he or she is signing on. A lot of these solutions also are combined with another product—a user ID management product of some sort—that then tries to make it easy for end users to change their password once and get it changed everywhere else and keep all the passwords in sync. That's true for most of these solutions—often there's a companion product that goes with it, or the solution includes that additional functionality. And again, the drawback is that you haven't eliminated any data that needs to be managed. You've shifted the costs to the IT organization, which has to buy the product, pay the maintenance, manage the product, provide support, and so forth. That's not to say that it's not a viable solution, but again you have to take all those costs into account and then compare them to your current costs and to the costs of other solutions and approaches.
A third approach to the problem is to actually try to provide a common user ID and password repository. That's an attempt to have everything in the network that performs authentication use a single common repository for user IDs and passwords (e.g., LDAP). It gets you one copy of the password that you have to manage, because it's stored in one place. The problem with the approach is that it's pretty costly and often not possible to change the user ID and password repository used by an application or an OS. For example, IBM i is designed around the concept of user profiles. The place where the password is stored is very tightly integrated into the system. IBM would have to change the operating system code to allow the OS to optionally use an LDAP repository.
In theory, a common repository protocol is a nice approach, but it never took off, because the end user didn't have the ability to change the user ID and password repository used by applications and systems.
A fourth approach is to use a common authentication protocol that doesn't require pre-exchanged passwords. Password-based authentication protocols establish trust by forcing the user to prove that he or she knows a secret (i.e., a password) that is also known by the entity doing the authentication. This requires the secret to be "exchanged" before authentication can be successfully accomplished. Assigning or changing the password in a user profile constitutes this pre-exchange of passwords. At the time you log on, the machine or the application must already know what your secret is, or you're not going to be able to log on. But there are other authentication protocols that accomplish authentication just as well—in fact in a more secure manner—and that don't rely on a pre-exchange of secrets between you and the thing you're trying to authenticate to. One example is the Kerberos protocol. What makes Kerberos especially interesting is that anyone who logs on to a Windows domain is actually already using the Kerberos protocol. And Kerberos is also widely available on every general-purpose computing system that I know of. It certainly is available on all Unix, Linux, i, and z machines. You just have to turn it on and configure it. And then you must configure your apps that you're using to access those non-Windows machines to tell them to use Kerberos.
One advantage of Kerberos is that you already own it. You're most likely already using it in your environment, so all you have to do is configure the i so it can use that Kerberos protocol. The downside is that not all applications you use to access the i will necessarily support the Kerberos protocol. The benefit is that you can eliminate the prompt for a user ID and password, and you may be able to eliminate the password.
Basically, the drawback to all approaches is that there's no solution out there that I know of that works for 100 percent of everything in any kind of even slightly complex enterprise. If you have all Windows servers, you have SSO through Windows. Or if you have Windows and just one other type of server, and you use only Telnet to access that server, you might be able to eliminate all prompts and passwords for 100 percent of the users. But that's not the average environment. In most environments, you might be able to eliminate 80 or 90 percent of the passwords. The results are really very specific to an individual environment.
Now let's go back to looking at this from a business point of view. The whole reason that you need to look at this problem from a business point of view is because the goal is not to eliminate all the prompts or all the passwords. The goal is to significantly reduce the overall costs of managing authentication to your network resources. In order to do that, the first thing you need to do is calculate what it's costing the organization now to manage x number of user IDs and passwords per person. The next step is to calculate, for a given proposed solution, what it's going to cost you to acquire that solution (e.g., up-front licensing costs), what it will cost to roll out that solution (e.g., how much time to plan, document, test, and then implement), and how much it will cost you every year to manage that product (e.g., annual maintenance fees and any administrative costs associated with supporting the product). Finally, you have to calculate what managing those user IDs and passwords will cost once the solution is implemented. With these numbers, you can calculate an ROI and how soon you'll recoup the costs—if you ever do—of using that particular solution.
That's what our free offer is all about. We have an SSO ROI calculator. It's a totally vendor-independent tool. We walk you through the spreadsheet. On the first page, we help you provide reasonable assumptions about salaries and time spent on various user ID and password tasks. These assumptions are used to calculate your current costs for managing user IDs and passwords. It calculates how much you're spending on managing user IDs and how much of that is due to just managing passwords. So it gives you a total picture of what your costs are, in five or 10 minutes.
The second page of the calculator is where you provide assumptions about the cost of whatever solution or solutions we're looking at. So again, we fill in assumptions about license costs, how much time it will take to actually implement the solution, how much time it will take to manage that solution, and so forth, and then we come up with a cost of implementing and using the solution. Once we have that, we can do an ROI calculation based on your current overall costs compared with what the costs would be if you had the solution, minus the cost of acquiring, implementing and managing the solution. The ROI calculator is available free on the Downloads page of our website, and you can sign up for your free SSO consulting at our website as well. Signing up for free consulting will also allow you to download the calculator.
Your announcement about the free SSO ROI evaluation offer says, "This free service is meant to cut through the complexity and lead companies to more rational, cost-effective ways of reducing the expense of password management. That may or may not include technology solutions." I'm intrigued about the non-technology SSO solutions. Can you give us some information about that?
Botz: Sometimes a solution might include changes to processes and procedures either in addition to or instead of technology. One real-life example of this is a company (which I won't name) that I worked with. The IT department had no idea why every new user was given a user ID on one specific system. They learned they could easily move the task those users were doing on that system to a different system. This move not only allowed them to eliminate the password, but the user ID as well. This is just one example in which a change to existing processes or procedures is a better solution than technology.
Sometimes a better solution is less-advanced technology that solves only part of the problem. The ROI for the advanced technology may not be great enough to warrant the cost. Let's say you have a Windows domain, one IBM i, and 5,000 users. While you could buy an expensive password-sync tool or implement Kerberos, it's very possible that you could either build or find a non-licensed product (maybe it would have a one-time charge) that would sync those passwords for you easily. This is another example that SSO is not the goal. The goal is to significantly reduce the costs of authentication. If you can find something that's really cheap and easy to acquire and implement, and you can show that it provides a significant reduction in costs, that's the right solution for you. It might not eliminate all the costs, but it eliminates a big chunk of the costs for very little expense. That's a win-win.
Oftentimes, the right solution is a combination of approaches. For example, with Kerberos, let's say you can eliminate three of five passwords by using it. Well, you still have two passwords left. Depending on your environment, we may be able to build or buy a tool that easily syncs the two remaining passwords. Again, this is all very organization dependent. Unfortunately, many organizations never get to the point of combining solutions. This happens when you look at SSO as a purely technical problem instead of the business problem that it really is.
Any closing thoughts you'd like to offer our readers?
Botz: I think what differentiates Botz & Associates is that we not only have very deep technology background across multiple platforms, but we also get the business side of things. We can translate from one to the other better than anyone else.
—Linda Harty, executive editor & security/availability/networking/connectivity editor
P.S. For more insights from Pat Botz, check out another interview I did with him in August 2008: "True Security Requires Philosophical Shift."
Posted by lharty on December 7, 2009 at 7:02 AM | Comments (1)
November 20, 2009
Quadrant Software Pledges Support to iManifest Initiative
Quadrant Software, a developer of paperless process management solutions for IBM i systems, has joined the iManifest initiative in the U.S. and pledged its support.
Chris Maxcer has covered iManifest a lot lately in his blog, but it's good to see a grassroots effort trying to take the IBM i forward.
An Advanced IBM Business Partner, Quadrant Software has been involved with the IBM i community since its inception in 1990. "Throughout our history, Quadrant Software has demonstrated its commitment to the IBM i platform by participating in associations devoted to the community, by helping organize events and initiatives that promote the use of the platform, and also by continuing development of software solutions that help companies running the IBM i become more efficient," says Gary Langton, co-founder and CEO of Quadrant Software. "The iManifest initiative is in line with our long-term goal of continued development and commitment to our customers and the IBM i market place. We are proud to support it."
For the latest details and how to participate, check out iManifest United States, iManifest EMEA, or iForum in Japan.
--Rita-Lyn Sanders, senior industry editor
Posted by rsanders on November 20, 2009 at 3:18 PM | Comments (0)
October 12, 2009
Hardware Encryption Thumb Drives: Very James Bond and Very Handy for IT Shops and Users
Guest Post by Mel Beckman, System iNEWS senior technical editor
I've been a fan of USB thumb-drive encryption for a long time, and in recent years the best form of that encryption is hardware-based, employing an embedded crypto processor within the USB drive itself. Hardware encryption is critical to prevent "man in the middle" attacks that can occur with host computer encryption, and to achieve reliable cross-platform zero-footprint operation without installing special software.
For quite some time the king of this product niche has been the excellent IronKey, which combines hardware encryption with tamper resistance in the form of epoxy potting and self-destruct features. Very Bond. Very James Bond. One promising new contender is BlockMaster's SafeStick product. Where IronKey sells its product in single-unit quantities, BlockMaster seems to be aiming at enterprise users buying in volume.
Now a number of vendors offer hardware encryption thumb drives, so it's worth noting a few features you'll want to ensure they provide when selecting one. One key feature is online backup. The reason you're encrypting thumb drive data is because that data is both important and sensitive. If you lose the thumb drive, your data won't fall into the wrong hands. But if you don't have a backup copy, the data won't be in your hands either. Online encrypted backup is the perfect solution to this problem: the thumb drive vendor provides a web-based backup site to store the encrypted version of your data. The data is never decrypted in the backup process, so you're not trusting the vendor to keep your secrets for you. But if you lose your thumb drive, you can readily download the encrypted backup to a new thumb drive.
Some hardware encryption thumb drives include embedded cross-platform utilities, such as an anonymized web browser, password safe, or VPN client. Other useful features to look for include auto-lockout after failed password attempts and a "duress" password option that opens a fake drive space should someone force you to unlock your thumb drive.
—Mel Beckman, System iNEWS senior technical editor
Posted by lharty on October 12, 2009 at 11:28 AM | Comments (0)
October 6, 2009
ProData Supports iManifest in US and Abroad
ProData Computer Services has announced its support for the iManifest initiatives in both EMEA and the United States.
As an IBM independent software vendor (ISV) for nearly thirty years, ProData has participated in many programs to promote the midrange system, including IBM's iSeries Developers Roadmap, COMMON America Advisory Council, Advanced Business Partner, and as an IBM Tools Partner. ProData says the iManifest initiative offers the company another opportunity to help re-invigorate the system it has supported for its entire existence.
"We appreciate the efforts of the System i community to continue to build the ecosystem and tout the values of the midrange system to the entire business world," notes ProData owner and CEO Allen Hartley. "DBU database utility and our other products are in widespread use in midrange shops around the world and we want to give back and continue to promote the system that made us successful."
With this announcement, ProData says it will also increase its efforts within its own organization and customer base to encourage the success of the iManifest through customer interaction, email blasts, and newsletter offerings.
Posted by cmaxcer on October 6, 2009 at 11:01 AM | Comments (0)
October 5, 2009
Virtual Tape Appliance Makes Deploying Storage Virtualization Easy
When it comes to storage, virtualization is becoming increasingly feasible, as Mel Beckman explains in "Storage Area Networks Virtualize Disk." To get a feel for how things are trending in this area, I recently spoke with Glenn Haley, senior product manager at Crossroads Systems, which just released its new SPHiNX for Power Systems virtual tape solution. Haley explains how virtual tape can save you money as well as provide increased security and reliability for data storage and backup and recovery.
System iNetwork: What trends are you seeing in storage?
Haley: Storage is interesting in that at the very low-level SCSI commands, for example, things haven't changed a lot. But with regard to trends, we have started to see some significant things happen: One is the changing of costs. For example, the cost of disk has decreased, enabling it to be more acceptable as a storage medium for data over longer periods of time. Also, storage virtualization, which as a technology has been around a long time in the i market but is now being adopted more as a way to perform server consolidation and storage.
With the cost of disk coming down so much, the use of disk for storing data over longer periods of time becomes interesting. Data reduction technologies are allowing users to further expand upon the economies of disk. This said, data deduplication as a form of data reduction is proving to be the hottest trend in storage over the last decade. Reduced disk costs and IP connectivity is also enabling storage to be treated more as a Software as a Service (SaaS). Cloud computing is emerging as a way to offer storage as a service, especially among smaller companies that lack the storage resources or infrastructure to support backup operations in-house. Connectivity is really changing the storage paradigm as well. Fibre should become more mainstream, as will 10 Gigabit Ethernet (10GigE), using iSCSI as a SAN type of connection. And finally, although physical tape media has been used for nearly a decade or more to archive data, I’d say that companies are placing more emphasis on data archiving as well as steps necessary to ensure that they can restore data from their storage devices—especially with today's increasing set of regulatory compliance pressures, e-discovery requests, and corporate lawsuits.
SiN: When did Crossroads enter the i market?
Haley: Crossroads has been involved in the i market in two ways. The first point worth mentioning is around enabling the i to connect to other disk farms. Crossroads has numerous technology patents centered around protocol routing and FC connectivity; thus with that knowledge, we actually helped to bridge the gap in the i market in allowing older AS/400 servers the ability to share resources with Fibre Channel storage devices such as EMC-based disk storage. Aside from that, the SPHiNX for Power Systems technology has been available in other forms servicing similar critical application server markets for years. So our experience in these other mid-server markets gave us exposure to the need for a virtual tape solution to connect to the IBM i platform. In 2004, a large company in Sweden was looking to connect numerous environments, including its i system servers. So we started looking at the IBM i server and the needs of i users and began focusing on launching a product specifically focused on servicing the needs and challenges of the IBM i community. Thus, 18 months later we have launched the SPHiNX for Power Systems solution as a purpose-built, dedicated appliance for the Power System. We've got a lot of marketing muscle planned behind the new product, and you’ll see an increased involvement in COMMON user events. We're also conducting campaigns in some of the IBM publications. So basically, we're here to stay.
SiN: What do you think is important for readers to know about how SPHiNX for Power Systems can benefit their shops?
Haley: The goal of SPHiNX is to satisfy the challenges of the IBM i. For example, the DASD for i is fairly expensive, and utilizing backup resources on the i can also be expensive in terms of processing overhead. We estimate that a great majority of the i market, around 70 percent, are still writing to physical tape as their primary backup. Still others are using mechanisms within the BRMS utility to do file saves to disk (which involves using the virtual tape capability of BRMS) and then later are writing to physical tape. However, because this method uses precious processing resources and expensive DASD space on the i, utilizing virtual tape within BRMS is seen as a challenge. With SPHiNX, we are alternately providing an affordable, more efficient way to not only consolidate the number of tape devices used while reducing backup times, but also a way to more efficiently manage backup and recovery and tape operations. With SPHiNX, the goal is not so much to deliver faster backup (that's the goal of any disk-based backup product). Rather, we took a look at i users' challenges, and we found that what users require of a virtual tape solution is the ability to improve backup performance, perform tapeless backups (to disk) using BRMS, yet still have the ability to use physical tape as needed—and offer remote replication, tape stacking, and data reduction as ways to reduce the cost of operations.
SPHiNX supports data replication and can specifically cut back on the amount of human intervention needed in the backup process. Unfortunately, anytime you put human resources into the mix, you naturally also get human mistakes. For example, a human might inadvertently take last night's backup on physical tape and mistakenly put it back in the tape drive instead of on the truck for offsite storage.
Along with replication, the ability to do backups without using physical tape is another benefit of SPHiNX. Since we wholly emulate physical tape, BRMS and other backup mechanisms such as IBM i save commands think they're writing to physical tape even though it's actually RAID-protected disk. So as RAID-protected disk, the SPHiNX appliance provides better reliability but also can be designated as an alternate IPL device, allowing the customer to perform a full system save and restore without using physical tape. If offsite storage of media is required, SPHiNX provides two flexible ways to export virtual tape data to physical tape on the backend:
- native format (restore a tape directly through a physical drive connected to the i)
- stacked format (ability to take smaller virtual tapes and stack those tapes up so that you're better able to use them without wasting capacity)
Seamless integration with BRMS and the IBM i commands is achieved with SPHiNX without any disruption. This is an important point, as we've found that customers don't have time to go and change all their backup policies, nor do they want to change backup scripts they've written around the IBM i.
Data reduction is also a consideration. SPHiNX provides data reduction to help customers further expand upon economies of disk. In some cases, customers have experienced 10:1 data reduction scenarios. So essentially SPHiNX lines up well with the needs customers have talked to us about when they're looking for a virtual tape solution.
In a nutshell, SPHiNX for Power Systems is a dedicated appliance that helps optimize data protection and resiliency of data for Power System environments while dramatically decreasing the cost of maintaining a backup and recovery solution. Our goal is to provide efficiency to the customer. SPHiNX can improve not only performance and storage capacity but can also leverage existing investments in existing disk infrastructure. Customers can use HP, IBM, Hitachi, EMC, and more, as well as connect existing tape devices (e.g., a drive or library) on the back end of SPHiNX.
Our goal is not to be a tape replacement solution, but instead SPHiNX is more of a tape augmentation type of solution. We look like tape and sound like tape, but we're more efficient and faster. However, SPHiNX's ability to be an alternate IPL device is one of the features that has received the strongest response from our customers and partners. SPHiNX isn't modifying the file system structure, therefore regarding any of those option 21 system saves that are so important—you're able to use SPHiNX to restore the entire system image as needed without using physical tape.
Finally, SPHiNX has a great deal of future scalability and a lot of growth potential with respect to the Power Systems environment.
—Linda Harty, executive editor & security/availability/networking/connectivity editor
Posted by lharty on October 5, 2009 at 3:38 PM | Comments (0)
September 9, 2009
Riehl Signs On with Cilasoft Security Solutions
Dan Riehl, the founder and former President of the PowerTech Group, has signed on to become the head of U.S. Operations for Cilasoft Security Solutions. Not long after PowerTech was acquired by Help/Systems in late 2008, Riehl left PowerTech to form the IT Security and Compliance Group providing IBM System i security and audit services. System iNEWS and SystemiNetwork.com readers, of course, recognize Riehl as a frequent writer and technical editor. (See our interview with Dan about his career move. The interview also contains Dan's expert advise on IBM i security and a sneak peek at one of Dan's articles from the upcoming October issue of System iNEWS.)
Cilasoft is an international software company based in France that specializes in security, audit, and compliance software for the IBM i/System i. Cilasoft is a proven expert in the realm of System i security, having been involved with numerous investigations and bank fraud cases. The company has clients in more than 40 countries around the globe, ranging from small businesses to large multinational corporations.
"Since I left PowerTech, I have evaluated numerous System i security software solutions from various vendors. Each package and vendor that I evaluated has its good points. But after long review, I will be recommending and actively selling the Cilasoft security product line to my customers. In functional areas where Cilasoft does not have a product offering, as in the profile swap, authority broker and Anti-virus areas, I will continue to recommend the PowerTech Help/Systems brand," Riehl says.
"The Cilasoft product that really caught my attention is QJRN/400. It is a database change auditing tool that has all the bells and whistles. It is so rich in feature and function, that when compared to other similar offerings, it wins, hands down. The other major Cilasoft offering, CONTROLER, is unique in the way it controls and monitors STRSQL, ODBC, DRDA, TELNET and CL command usage. Cilasoft has introduced a completely new paradigm in its CONTROLER and QJRN/400 products that make auditing and controlling these interfaces highly customizable, yet simple enough so you do not have to be a System i technical expert to configure the monitoring and protection required in today's heavily regulated environments," Riehl explains.
Posted by cmaxcer on September 9, 2009 at 9:23 AM | Comments (0)
July 27, 2009
Product/Vendor News Roundup for the Security and Availability Beats
Even though business slows down a bit in the summer, I've still received a few newsy items from some IBM i security and availability companies . . .
Vision Solutions Announces Addition of New Partners Throughout Latin America
Vision Solutions, a high availability and disaster recovery solutions provider in IBM's Power Systems markets, recently formalized partner agreements with several leading distributors to distribute its software in Mexico, Central America, and South America. These include Avnet Technology Solutions and SISA of Colombia, South America.
"The potential for opportunity and growth throughout this part of the world is tremendous," says Miguel Flis, vice president of sales for Vision Solutions. "The number of companies searching for a reliable high availability solution at an affordable price is significant, and we're delighted to have experienced and established organizations such as Avnet Technology Solutions and SISA in this valuable marketplace."
Patrick Townsend Security Solutions Names New CEO
Patrick Townsend Security Solutions (PTSS) has hired John Earl as its president and CEO. Patrick Townsend, founder and current president, will immediately assume the role of chairman of the board and chief technology officer. John Earl has nearly 30 years of experience in the IBM mid-range market. He cofounded the PowerTech Group and was most recently vice president and chief technology officer of the Seattle-based technology company. In addition to his duties at PowerTech, Earl is a widely recognized System i (AS/400) security expert, serves as a subject matter expert (SME) for security with the COMMON user group, and is a former COMMON board member. Regarding his new position, Earl says, "I'm excited to join a company with such a strong foundation in encryption and data privacy solutions. . . . Now, we see tremendous opportunity for growth as we move toward introducing the new Encryption Key Manager solution to market."
Raz-Lee Security Experts Provide Free Guidance to Italian Enterprises on Implementation of New Data Security Regulation
Raz-Lee Security, a supplier of information security solutions for IBM i, has launched an educational venture to help Italian enterprises understand and implement the new amendments to the Italian Privacy Code 196/2003, concerning system administrators' role in companies' data security. The new legislation specifies procedures for data protection, including technical and administrative measures which companies are required to implement. It holds IT departments directly responsible for user access and actions relating to companies' information systems.
Raz-Lee has been holding free seminars explaining the requirements of the new legislation and how to implement it on System i. The sessions are conducted by Raz-Lee System i Security experts residing in Italy, who also provide ongoing technical support to Raz-Lee's Italian customers.
Raz-Lee Security Partners with nuBridges to Provide Advanced Encryption & Tokenization Solutions
Raz-Lee Security announces that it has partnered with nuBridges Inc., to sell nuBridges Protect, an encryption, tokenization, and key management solution, to customers in Israel.
Kim Addington, nuBridges chief marketing officer, says, "We're looking forward to working with Raz-Lee in Israel to help organizations achieve optimal data security and more easily comply with data security mandates and privacy laws."
Shmuel Zailer, Raz-Lee Security CEO, adds, "We've built an international business on providing a breadth of security solutions for enterprise IT. . . . With nuBridges Protect, our customers will enjoy the benefits of an all-inclusive PCI-DSS compliance solution, complete with encryption and tokenization."
--Linda Harty, executive editor & security/availability/networking/connectivity editor
Posted by lharty on July 27, 2009 at 3:52 PM | Comments (0)
July 13, 2009
Partnership Brings Encryption to Security Solution
Safestone announces a business partnership with nuBridges that expands Safestone's security offerings and provides its customers with tools for meeting compliance standards for mandates such as the Payment Card Industry Data Security Standard (PCI DSS) and HIPAA. Safestone says that nuBridges Protect augments Safestone's DetectIT Security Solutions with strong encryption, unified encryption key management, and universal format-preserving tokenization to help enterprises meet data security mandates.
Safestone recently released a complimentary assessment tool that assists organizations preparing to meet PCI DSS audit requirements. With the addition of nuBridges Protect to its solution offerings, Safestone can address IBM i data encryption needs specific to PCI DSS. Terry Heath, Safestone COO, says, "With nuBridges Protect, we can now provide our customers with a comprehensive way to encrypt data as it moves across networks and also address a specific PCI DSS requirement."
—Linda Harty, executive editor & availability/security/networking/connectivity editor
Posted by lharty on July 13, 2009 at 4:22 PM | Comments (0)
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
| 31 |
Blog Policy
We welcome your comments and opinions and encourage lively debate on the issues. However, Penton Media reserves the right to delete or move any content that it may determine, in its sole discretion, violates or may violate its Terms of Use or is otherwise unacceptable. For more information, see Penton Media's Terms of Use.