We recently moved the comForteLounge blog to its new home at … www.blog.comforte.com … and we hope that you like the new look and feel. We'd like to invite you to visit the comForteLounge blog and look for anything that's of interest to you.

To wet your appetite here are the two most recent ones:

The cost of PCI-non-compliance – some real numbers at last

In this post Thomas Burg, comForte CTO, presents some numbers on the cost of not being PCI compliant. A very interesting read as these numbers are not easy to come by.

Security – comForte ensures our valuables are safely out of reach!

Richard Buckle, CEO of Pyalla Technologies, looks at the importance of strengthening an organizations' security. It refers to a security opinion paper that spells out this topic in more detail.

Visit the comForteLounge and subscribe.

               Third Data Corporation provides numerous products which can reside on HP Nonstop and other HP and Non-HP  hardware platforms. In addition we provide custom high performance software design and development for our clients.

FastBuild Switch – When building a switch be it ATM-POS, Wire Transfer, EFT, Medical, or any other type of data that needs to get from one place to another, you are usually faced with three choices. Take an existing package and modify your system to match it. Get the vendor to “enhance” their system to meet your needs. Write a new system from scratch. The FastBuild Switch integrates with your existing system, or if you are building from scratch gives you a great start. The switch is also built around the latest HP technology to maximize performance. It integrates several of our other products to maximize cost savings and security in a fault tolerant manner. In a cross platform environment it also runs on other non-Guardian HP supplied platforms.

SecureStore – If you are security conscience trying to become compliant (PCI, HIPAA, etc) then you know that you can not leave sensitive data readily viewable. SecureStore does three things for you. The data is encrypted so that you can become compliant. The data is compressed so that your hardware costs are reduced. As part of disaster recovery your data is sent to multiple locations so it will be available when you need it. As a bonus for those having trouble with Guardian 4K limits there is no record size. It supports Big Data with up to 18 Exabytes. It can also integrate with SQL systems (SQL MX/MP, Oracle, Postgres etc).

NxLib – NxLib provides a platform and utility libraries for developing a high performance multi-threaded applications on NonStop Guardian. The platform provides threading, queuing and network capabilities. This enables development of an application written single threaded style to perform as multi-threaded.   Extensible command processing and help are supported.  Development time can be cut to a fraction of the time it would normally take.  This results in fast  application development with consistent look and feel across multiple projects.

NxWeb – A high performance web server which provides support for NxLib applications.  It also can be used without NxLib.  It provides for secure connections, virtual domains, full http support and interfaces to pathway and IPC communications.

NxFile+ – NxFile+ provides compression and encryption to Enscribe structured files.  The files are configured through a GUI interface and the results are provided seamlessly to your applications, typically without any code changes.  In addition this provides for dynamic key changes on the fly so data stored at-rest may have its encryption keys changed as required.  Because the records can be compressed prior to encryption, it’s also possible to have records which significantly exceed the 4k record size limitations.

NxSSL – NxSSL is an SSL proxy which may be used to provide SSL encryption and authentication services to TCP/IP connections.  It provides full support for certificates and multiple encryption standards.  It has been carefully tuned to provide the highest performance available for any NonStop SSL connection.

NxUndelete – Files accidentally deleted can be a real problem.  Even when a backup is available, it is frequently a significant effort to retrieve it from a backup tape.  NxUndelete implements a recycle bin function on the the HP NonStop system.  Files deleted may be easily recovered using its GUI interface.

comForte's SecurData product suite gains traction around the world

An increasing number of comForte customers around the world see the benefits of a solution such as SecurData which allows organizations to monitor and log access to sensitive data (SecurData/Audit) and which provides a tokenization solution on HP NonStop (SecurData/Base and SecurData/24 for BASE24-classic users). Numerous proof of concepts, imminent go-lives and customers in production worldwide are impressed by the robustness and performance of the solution.

One of the main drivers for the growing demand is PCI but also customers realize in general that it's a good practice to properly protect their data at rest.

In case of PCI, PCI requirement 3.4 demands PANs to be "rendered unreadable anywhere it is stored" by encryption, tokenization or other suitable mechanisms. SecurData/24 provides a fully compliant solution for the protection of PANs in BASE24-classic, enabling processors to take complete control of their sensitive data, lowering compliance costs and significantly reducing the risk of data breaches – all without any changes to the BASE24 application and no need for compensating controls to pass a PCI audit.

We put together a series of whiteboard sessions on this topic which will help you understand why you might want to start looking at options and then explains the solution comForte is offering.

In Part 1, we explain why you should care about tokenization of PAN data

In Part 2, we take a look at how you can get PCI 3.4 compliant using SecurData/24 from a high level.

And lastly, in Part 3, we'll show you how SecurData/24 works in detail.

Visit www.comforte.com/securdata24 to learn more.

Check CPU Status and Storage From a Browser or Mobile Device

NuWave's new LightWave demo shows how applications can use LightWave to obtain information from your NonStop servers. The Explorer demo is a web application that uses LightWave behind the scenes, allowing you to check NonStop CPU status and storage from your browser. You can try it for yourself at http://explorer.lightwave.mobi/. The Explorer mobile application (for Android) shows how you can incorporate LightWave's capabilities into a mobile app, and can be downloaded at http://explorer.lightwave.mobi/apk/NonStopExplorer-0.0.3.apk.

LightWave allows you to develop neat applications like Explorer and Explorer Mobile quickly and easily, so you can obtain information from your NonStop anywhere, from any device. The information that you can have access to goes way beyond CPU status and storage, giving you endless possibilities. Learn more about LightWave at http://www.nuwavetech.com/lightwave.

XYPRO's Steve Tcherchian Reports on BlackHat 2014

Stay Connected with XYPRO

Look at those Backups RUN!!!

Really!  With the Tape Drive Monitor (Q/TDM) from QSA Enterprises, LLC you can see all of the activity for all of the tape drives on a NonStop node in real-time.  Q/TDM displays all of the tape drives in a window on a windows PC and shows when the tape drive is free, when it’s in use and all of the details about the tape drive opener and any tape volume that is mounted.

Q/TDM also shows mount requests in real-time with a configurable color change to get your attention if the mount request is active for a set amount of time, which is also configurable.  Never let an unresolved mount request halt your backup runs again.

When there is a situation where you have to take action on a tape mount or tape drive configuration you can perform all TAPEMOUNT and TAPEDRIVE Mediacom commands from the Q/TDM window with the click of a mouse.  How convenient is that!?

For more information about Q/TDM and our other solutions, visit our web site at WWW.QSA.COM, email us at info@qsa.com or give us a call at 703-771-9447.

Where we are in The World...

Join XYPRO at these upcoming Events in 2014

Stay Connected with XYPRO

PeruseWeb 2014: A new Product version is available from River Rock Software

PeruseWeb 2014 allows spoolfiles to be viewed using the most popular web browsers. A user's spoolfiles are displayed in a 'Job List' webpage. Choose the appropriate spoolfile and it will be downloaded displaying the entire contents in a 132 character wide scrollable window. The new features added in this release are:

1.      Supported web browsers; Internet Explorer, Firefox, Chrome, Safari, and Opera.

2.      Supported devices are desktops, laptops, tablets, and smartphones.

3.      Configure PeruseWeb 2014 to run under NonStop SSL.

4.      Spoolfiles can be downloaded to the Job List webpage or a new web browser tab.

5.      A server, client, or floating license can be purchased.

6.      A PDF help file has been added that can easily be modified per a customer’s requirements.

PeruseWeb 2014 is on sale through October 31, 2014. The web interface can be 'branded' to match a customer's website or to a customer's specification free of charge.

The only products required are TCP/IP and a web browser. All Guardian releases on S-Series, Itanium, and Blade platforms are supported. Installation is typically completed in 15 minutes.

Download a product brief or free demo at: http://www.RiverRockSoftware.com/PeruseWeb.html and click the 'Download Now’ button.  The demo expires September 30, 2014.

For more information contact: sales@RiverRockSoftware.com or call us at  +1 916 797-6746

XYPRO’s Top 10 List of NonStop Security Fundamentals #2

• Monitor compliance with Corporate Security Policy and Standards.
• Systematically review security settings vs. NonStop best practices.
• Assess compliance with applicable government or industry regulations (e.g., PCI, SOX, HIPAA).
• Monitor security configuration changes.
• Enable security compliance alerting.
• Conduct periodic integrity checking of operating system and application object files to ensure that only authorized and tested versions are in use.
• Obtain file access maps for Safeguard, Guardian, and access management software , such as XYGATE Object Security (XOS) and XYGATE Access Control (XAC).
• Report compliance with key regulations (like PCI DSS, SOX or HIPAA) and your own information security policy.

Stay Connected with XYPRO

Denicratic Republic of Congo Partners With BankServaAfrica to Use Tango System

(Johannesburg) — The Democratic Republic of Congo (DRC) has partnered with BankservAfrica to become the first African client outside of South Africa to deploy the TANGO solution to implement an in-country national payment switch. BankservAfrica recently revealed a partnership with Lusis Payments to provide TANGO, a payment switching and processing software solution, in South Africa and across the African continent. BankservAfrica’s interoperable switching platform has been running on TANGO software since April 2012, and as a result BankservAfrica became a re-seller in early 2014. “Today South Africa has a trusted payments platform, with enhanced flexibility and responsiveness. This truly scalable and proven architecture can translate into lower costs for low-volume clients,” said Anton van der Merwe of BankservAfrica.  “Tango allows for individual scalability for clients large and small, while reducing costs.”

“The opportunity to expand Tango’s payments reach beyond South Africa, into other parts of Africa, is exciting,” said Philippe Preval, president of Lusis Payments. “Tango is a sophisticated payments system and will continue to serve BankservAfrica and the DRC’s needs.”

Read the complete press release HERE.

For more information about TANGO contact Brian Miller at brian.miller@lusispayments.com or visit http://www.lusispayments.com

Electronic Payment Systems Provider Depends on OmniPayments Preauthorization Services for Fraud Reduction

One of Latin America’s largest suppliers of electronic transactions now counts on Opsol Integrators’ OmniPayments solution for preauthorization services.  The EPS provider’s financial-transaction network runs on HP NonStop servers and routes credit- and debit-card transactions for authorization to the banks that issued the cards. Card transactions originate at ATMs or point-of-sale (POS) terminals and are captured by the acquiring banks that manage the ATM or POS-terminal networks. Based on various parameters such as available credit and usage history, the issuing banks authorize or deny transactions. These determinations are returned to the ATMs or POS terminals to complete or void the transactions. At day’s end, all completed transactions are sent to the acquiring and issuing banks for settlement and clearing. 

A specialized function offered by the EPS provider is preauthorization.  It is a popular service and allows banks to preauthorize transactions based on fraud parameters of their choosing. The preauthorization rules can apply to individual cardholders, groups of cardholders, individual retailers, groups of retailers, or any other classification of transaction sources such as individual cards.  Only if a transaction passes the rules is it forwarded to the issuing bank for approval.  Rule requests are collected during the day and are updated every night via a batch run.

The EPS provider’s preauthorization function was large and complex.  In addition, the provider wanted to add significant functionality that could not be supported easily by its financial-transaction switch.  It therefore decided to move the preauthorization function to an external preauthorization solution.  After researching options, the provider replaced its older, massive preauthorization system with Opsol’s newer, simpler, yet even more effective OmniPayments’ Preauthorization Engine. 

OmniPayments is a comprehensive architecture by which financial institutions acquire, authenticate, route, switch and authorize transactions across multiple input channels such as ATMs, POS terminals, kiosks, IVRs and the Internet. It supplies a full set of functionalities to support payment transactions. Based on a modern Service Oriented Architecture (SOA), OmniPayments consists of several service components, all built for the HP NonStop platform. 

One of those components is the OmniPayments Preauthorization Engine.  In the case of the Latin American EPS provider, OmniPayments seamlessly interfaces to the provider’s financial-transaction switch via an Opsol-created custom support module (CSM).  The switch routes all financial transactions to OmniPayments for preauthorization prior to submitting the transactions to the issuing banks for final approval. This amounts to almost 200 million transactions per month. 

With successful implementations at many customer sites, OmniPayments is just one member of the Opsol family of solutions for the financial industry. Opsol Integrators specializes in NonStop mission-critical applications and offers customers all the requisite functionality to manage credit/debit-card transactions. OmniPayments is easily expandable to provide additional functionality when needed.

OmniPayments supplies complete security functions for every financial transaction that it handles, including encryption-at-rest and encryption-in-flight. Available around the clock, OmniPayments will survive any single fault, requires no downtime for maintenance or upgrades, and supports a range of disaster-recovery solutions. For further information, visit www.omnipayments.com. Contact Yash Kapadia at +1 408-446-9274 or at yash@omnipayments.com.  Visit our booth at the upcoming NonStop Technical Boot Camp in San Jose, California, USA (16 – 19 November). 

Availability Digest Explains How the Internet Hit a Capacity Limit on August 12, 2014

Blame it on the Border Gateway Protocol (BGP). The BGP is the Internet highway. It routes data and other information across the Internet and makes it possible for ISPs to connect to each other. BGP became an Internet standard in 1989. It is the only protocol that was designed to map a network the size of the Internet. Changes to the network in one part of the world propagate globally within seconds.

Early BGP routers, many of which are still in use, were configured to handle a maximum capacity of 512 thousand routes. This long-known limit was rapidly approaching, and older routers that had not been upgraded by ISPs, corporations, and universities were in danger of crashing if the 512K limit was exceeded. Enter Verizon Communications. On August 12th, Verizon launched 15,000 new routes into the Internet, inadvertently exceeding the 512K limit and bringing the Internet to its knees. “The Internet Hits a Capacity Limit” describes what happened next and what can be done to avoid future crashes.

In addition to “The Internet Hits a Capacity Limit,” read the following articles in the Digest’s August issue:

OpenVMS Support to Continue Indefinitely – HP has reversed course on last year’s announcement to sunset OpenVMS on future HP server generations. VMS Software Inc. (VSI) recently completed a perpetual, exclusive licensing agreement with HP to port OpenVMS to new systems and to support OpenVMS indefinitely.

Is It Safe to Use the Cloud for Your Critical Applications? – Guest Author Paul Holenstein, Executive Vice President of Gravic, Inc., discusses the challenges faced by companies who for cost-savings purposes want to move their applications to public cloud providers, which struggle to achieve even three nines of availability. Paul offers a hybrid alternative that uses data replication to connect critical applications running on fault-¬tolerant, in-house servers to less critical, cloud-based applications.

Attunity Replicate – Attunity Replicate from Attunity Ltd. is a powerful data replication engine that synchronizes both homogeneous and heterogeneous databases. It supports active/active systems for continuous availability and integrates on-premise systems to cloud services. Attunity Replicate is multi-threaded to provide scalability, can meet any capacity requirement, and is redundant to avoid single points of failure in the replication channel.

@availabilitydig – The Twitter Feed of Outages - This article highlights some of the @availabilitydig tweets that made headlines in recent days. If you currently are not following @availabilitydig, consider making our Twitter presence a daily read.

The Availability Digest offers one-day and multi-day seminars on High Availability: Concepts and Practices. Seminars are given both onsite and online and are tailored to an organization’s specific needs. We also offer technical and marketing writing services as well as consulting services.

Published monthly, the Digest is free and lives at www.availabilitydigest.com. Please visit our Continuous Availability Forum on LinkedIn. We’re at 650 members and counting. Follow us on Twitter @availabilitydig. Digest Managing Editor Dr. Bill Highleyman will speak at MATUG on 25 September in Philadelphia, PA USA.