Node.js on the HP
NonStop Server
A Bank's Crisis
Migration to a New Data
Replication Solution
November – December 2014 | Volume 35, No. 6
XYGATE Data Protection
All the benefits of SecureData
No application changes
TM
Secure Stateless Tokenization
Format Preserving Encryption
Standards Based AES
Stateless Key Management
Learn more at
xypro.com/XDP
00
01
10 01
01 11
10 01 01
11 01 10
10 00 11 11
00 10 10 01
01 01 10 11 10
11 01 10 01 00
00 01 11 00 00 01
00 10 10 01 11 11
00 01 01 11 00 11 11
01 10 00 01 00 10 00
10 00 11 10 10 01 00 10
11 11 10 01 11 10 01 00
01 01 10 10 10 11 11 11 10
10 11 00 01 10 00 00 11 11
00 01 11 11 01 01 10 10 10 00
01 10 10 11 11 00 10 01 10 10
10 01 01 10 10 00 10 10 01 00 00
10 00 10 01 11 10 00 11 11 10 00
00 00 11 11 01 00 00 10 10 11 11 00
00 10 00 00 11 10 00 01 11 10 00 11
10 00 00 11 10 00 01 00 01 00 10 10 10
10 01 00 01 01 11 00 00 11 10 01 00 01 1
10 01 01 00 00 01 11 10 10 11 11 00 10 00
00 10 00 00 11 11 01 00 01 10 10 00 11 11 1
11 01 10 10 00 11 01 11 00 01 10 01 10 01 01
10 00 10 00 00 10 000 100 011 111 110 101 100 11 01 1
Replicate 100% of Your SQL/MP
Database DDL Changes.
With 0% Headaches, Hassles
or Human Error.
A LT E R N AT I V E T H I N K I N G A B O U T DATA B A S E R E P L I C AT I O N:
Introducing HP NonStop SDR: the industry’s only
off-the-shelf solution for replicating changes made
to the structure of your SQL/MP databases.
How many hours per month does your staff spend making
tedious database structural changes? What are the costs
of inevitable human error?
What if there was a way to automate database DDL
replication to eliminate these headaches, hassles and costs?
Enter: HP NonStop SQL DDL Replicator (SDR) – the industry’s
only solution for automated SQL/MP DDL database replication.
Only NonStop SDR ensures that after performing DDL
operations – creating a table, adding a column, or moving
a partition – changes will automatically be replicated and
implemented at the correct point in the audit stream.
Now, routine changes no longer require downtime. And best
of all: Since everything’s automated, the risk of human error
is eliminated.
HP NONSTOP SDR
Which means you can “set it and forget it” – while you reduce
downtime, remove risk, and free up your staff for much more
important work. And what’s not to love about that?
• Designed to work seamlessly with NonStop RDF
Technology for better business outcomes.
• Supports DDL replication for non-TMF-audited tables
• Automatic replication of NonStop SQL/MP
DDL operations
• Minimal setup or operator management
• Essential NonStop fault-tolerant design
Contact your HP representative or partner for a FREE 60-day trial.
Visit www.hp.com/go/nonstopcontinuity
©2009 Hewlett-Packard Development Company, L.P.
Table of Contents
News from HP's NonStop Enterprise Division................................. Page 5
Advocacy:The Connection Publishes New Guidelines........................... Page 8
2014 Connect
Board of Directors
By Dr. Bill Highleyman
Community Resource: When planned or unplanned downtime has to
be zero–the HP Shadowbase product suite keeps you running............. Page 10
By Joe Androlowicz
NonStop Innovations Deep Dive: Spotlight on a
New Company Called 3Qube Technologies..................................... Page 12
PRESIDENT
Henk Pomper
Plusine ICT
By Gabrielle Guerrera
The Smarts Behind EMV Smart Cards Part 2
– Offline Transaction Processing.................................................... Page 16
By Yash Kapadia
NonStop Misperceptions: New "Dummies" Book Dispels Myths
– a Q&A with Thomas Burg......................................................... Page 22
By Thomas Burg, Randy Budde
Node.js on the HP NonStop Server................................................ Page 24
By David Finnie, Neil Coleman
A Bank's Crisis Migration to a New Data Replication Solution............ Page 29
VICE PRESIDENT
Rob Lesan
XYPRO
By Paul J. Holenstein
The Renewed Need for Secure Managed File Transfer...................... Page 34
By Richard Buckle
OmniPayment's Yash Kapadia Was Happily Retired
Until His Wife Demanded He Return To Work................................... Page 40
By Janice Reeder Highleyman
Back For More........................................................................... Page 44
By Richard Buckle
PAST PRESIDENT
Steve Davidek
City of Sparks
The Connection
The Connection is the official magazine of
Connect, an independent, not-for-profit, userrun organization.
Kristi Elizondo.....................Chief Executive Officer
Stacie Neall......................................Managing Editor
Kelly Luna.......................................Event Marketing Manager
Keith McLemore..........................Membership Director
Janice Reeder-Highleyman���������������...Editor at Large
Dr. Bill Highleyman......... ...Technical Review Board
Joseph Androlowicz
Thomas Burg
Bill Honaker
Justin Simonds
Joseph A. Garza��������������������������������������Art Director
We welcome article submissions to the The
Connection. We encourage writers of technical
and management information articles to submit
their work. To submit an article and to obtain a
list of editorial guidelines email or write:
The Connection
E-mail: sneall@connect-community.org
Connect
P.O. Box 204086
Austin, TX 78720-4086 USA
Telephone: +1.800.807.7560
Fax: 1.512.592.7602
We accept advertisements in The Connection.
For rate and size information contact:
E-mail: info@connect-community.org
To obtain Connect membership and The
Connection subscription information, contact:
Connect Worldwide, Inc.
P.O. Box 204086
Austin, TX 78720-4086 USA
Telephone: +1.800.807.7560
Fax: +1.512.592.7602
E-mail: info@connect-community.org
Only Connect members are free to quote
from The Connection with proper attribution.
The Connection is not to be copied, in whole
or in part, without prior written consent of
the managing editor. For a fee, you can obtain
additional copies of The Connection or parts
thereof by contacting Connect Headquarters at
the above address.
The Connection often runs paid advertisements
and articles expressing user views of products.
Articles and advertisements should not be
construed as product endorsements.
The Connection (ISSN 15362221) is published
bimonthly by Connect. Periodicals postage
paid at Austin, TX. POSTMASTER: Send
address changes to The Connection, Connect
Worldwide, Inc., P.O. Box 204086, Austin, TX
78720-4086 USA.
© 2012 by Connect
All company and product names are
trademarks of their respective companies.
SECRETARY/TREASURER
Glen Kuykendall
Xerox
DIRECTOR
Michael Scroggins
Washington State Community College
CHIEF EXECUTIVE OFFICER
Kristi Elizondo
Connect Worldwide
www.connect-community.org
3
Break Free of Enscribe!
Now from comForte – Escort SQL
Learn how moving to a NonStop
SQL database:
Empowers end-users
Enables Open development
Yields significant average cost saving
per year
Budgets are too tight to design and
build everything from scratch –
leveraging industry standards and
Open Source is a must. With Enscribe,
you are locked into an expensive,
proprietary world… unless you break
free with comForte Escort SQL!
comForte Escort SQL replaces Enscribe
files with well designed NonStop SQL
tables. At runtime, comForte Escort
SQL’s intercept library captures
Enscribe I/O calls and translates them
in realtime to efficient SQL statements.
Applications are unaware and unaffected by the substitution.
Replace some or all your files, at your
pace, without re-programming.
With a 100% success rate, comForte
Escort SQL has been turning expensive
‘Tandem’ applications into Open, modern, NonStop applications since 1996.
FREE comForte Escort SQL evaluation
available for qualified companies.
www.comforte.com
®
NonStop is a trademark of Hewlett-Packard Development Company, LP. All other trademarks are acknowledged. © 2014 comForte 21 GmbH. All rights reserved. Jan22_2014
News from HP’s NonStop
Enterprise Division
E
very time you use an ATM, shop online, or make a call on
your cell phone, there’s most likely an HP NonStop system
behind the scenes making that transaction happen.
This year, we are celebrating the 40th anniversary of
NonStop. After all this time, HP still continues to be the
platform of choice for industries that never stop. All of us at HP
are immensely proud of this heritage and of our loyal customers
who require continuous access to information, support for highvolumes of online transactions, and rational infrastructure and
operational costs.
Our strategy is clear - HP is committed to providing choice,
value and investment protection to our mission-critical customers.
To that end, we are offering the 100% fault-tolerant solutions
our customers rely upon on x86. This means that customers will
have the choice of HP NonStop on either Intel Itanium or x86
architecture – the only flexible approach to a 100% fault-tolerant
infrastructure in the industry. This is yet another example of how
HP is listening to our customers and innovating solutions that
deliver business outcomes.
In the last year alone, we introduced six new HP Integrity
NonStop Itanium-based systems. At the high end, the HP Integrity
NonStop BladeSystem NB56000c and NB56000c-cg offer up to a
50% performance capacity increase over the previous model and
provide an in-rack upgrade path for all NonStop BladeSystem
customers. We also introduced four new models of our latest
entry-class servers, the HP Integrity NonStop NS2300 and
NS2400 server family. These systems provide the most affordable
price point available on NonStop, and are designed to meet the
most demanding needs of emerging markets and standalone
applications. We designed and fully integrated these systems
from the ground up to achieve the highest levels of availability,
deliver fault tolerance out-of-the-box for high-volume transaction
processing environments, and provide data integrity that ensures
data accuracy and data security.
Some of our other exciting new offerings over the past year
addressed customer requirements in the areas of data protection
and business continuity. The BackBox Virtual Tape Controller
(VTC) allows you to protect your NonStop server’s data by backing
it up to a storage device or storage management system. While the
BackBox VTC can be used as a stand-alone virtual tape system
with internal storage, its real strength is the integration with HP
StoreOnce or when used with another centralized management
solution. The BackBox software that runs on the VTC and the
NonStop server host is part of the ETI-NET family of virtual tapebased products for HP NonStop systems.
And we didn’t stop there. We have also recently announced the
availability of the HP Shadowbase product suite that provides a
business continuity solution to meet the most stringent business
requirements, including low-latency and data replication between
homogeneous and heterogeneous systems, as well as databases with
scalability, selectivity, and sophisticated data transformation and
mapping facilities. For more information on this latest development
in our strategic partnership with Gravic, see Joe Androlowicz’s
discussion with Ajaya Gummadi in this issue.
The most exciting development, however, is the upcoming
launch of NonStop X. HP is redefining the availability and
scalability of x86 applications by extending the 100% faulttolerant HP Integrity NonStop system to x86 architecture.
NonStop X will be delivered with the fully-integrated software
and fault-tolerant hardware that runs the world’s mostdemanding business process. As a result, customers will now
have the flexibility and choice of the best platform to achieve the
highest availability, massive scalability, and lowest TCO in its
class. For more information, join us at HP Discover Barcelona
where I’ll be talking to customers and analysts about our entire
Mission Critical portfolio. If you can’t attend, be sure to look for
Digital Discover replays of the event at www.hp.com/go/discover.
Finally, I just returned from this year’s Connect NonStop
Technical Boot Camp in San Jose. What a fantastic event! As a
long time performer, I always get a kick out of a standing room
only crowd and this one was certainly no exception. Special
congratulations to MasterCard, who was named the overall 20-year
winner of the last ever Connect NonStop Availability Award - they
have retired the trophy!
Randy Meyer
Vice President & General Manager,
HP Mission Critical Systems
www.connect-community.org
5
Celebrating
40
Years
of HP NonStop!
6
Nov/Dec 2014
Mexican Grocery Chain
Modernizes Acquiring
Infrastructure with
OmniPayments
Active/Active Technology
Casa Ley is one of Mexico’s
largest, privately held grocery-store
chains. The company has over
22,000 employees and operates
300 supermarkets that serve more
than forty cities in Mexico. The
retailer’s multipurpose point-ofsale (POS) terminals, owned and
managed by Casa Ley, offer many
services to customers. In addition
to enabling in-store purchases
via credit cards and debit cards,
customers also can top off cellphone minutes, make bank deposits,
and pay bills – all accomplished
at the cash register. Key to
making such services available is
the OmniPayments Transaction
Authorization Switch.
OmniPayments, Inc.
1566 La Pradera Drive
Campbell, CA 95008 USA
PHONE: +1 408 364 9915
sales@omnipayments.com
www.omnipayments.com
OmniPayments is a
comprehensive architecture by
which financial institutions acquire,
encrypt, switch and authorize
transactions across multiple input
channels such as ATMs, POS
terminals, kiosks, IVRs and the
Internet. It supplies a full set of
functionalities to support payment
transactions. Based on a modern
Service Oriented Architecture (SOA),
OmniPayments consists of several
service components, all built for the
HP NonStop platform.
In the Casa Ley configuration,
two OmniPayments HP NonStop
servers are configured as an
active/active system. One server
is located at the retailer’s Mexican
headquarters, and the other
is a virtual server located 500
miles away in the cloud. Both
servers are actively processing
transactions, and the transaction
load is normally split between
them. Should one server fail,
all transactions are immediately
routed to the surviving server, thus
ensuring the continuous availability
of transaction authorization services
to Casa Ley stores. The redundant
communication services required
to support this configuration are
provided by Telmex, the dominant
fixed-line phone carrier in Mexico.
Special Feature Brought to You by
OmniPayments
Each NonStop server is
responsible for authorizing the
transactions routed to it. Each
sends its transaction requests
to the appropriate issuing banks
via either the PROSA or E-Global
transaction authorization network
and returns the responses to the
POS terminals that originated them.
Both servers log their own
transaction activities. However, to
ensure the durability of transactions
in the event of a server failure, the
transaction logs on the two servers
are synchronized via bidirectional
data replication. Whenever a
transaction is entered into the
transaction log of one server, it
is immediately replicated to the
transaction log of the other server.
Thus, each server has a record
of all transactions made by both
servers. This replication within the
OmniPayments system is performed
by the OmniReplicator. No thirdparty data-replication engine is
required.
In addition to rapid failover
responses to outages, Casa Ley’s
OmniPayments solution provides
PCI-DSS compliance; EMV Smart
Card compatibility; fraud reduction;
the delivery of a positive customer
experience (CX) via standardized,
efficient procedures at the POS
terminals; industry-standard
communication protocols; and
significantly reduced licensing costs.
Opsol’s pricing model is based not
on transaction volume but instead
on a one-time software license.
This results in huge savings!
About Opsol Integrators and OmniPayments
OmniPayments is a switching solution for the financial industry. It is deployed on
NonStop for the highest availability and offers customers all the requisite functionality
to manage credit/debit-card transactions. OmniPayments is easily expandable to
provide additional functionality when needed. It supplies complete security functions for
every financial transaction that it handles, including encryption-at-rest and encryptionin-flight. OmniPayments will survive any single fault, requires no downtime for
maintenance or upgrades, and supports a range of disaster recovery solutions.
*Paid Advertisement
ADVOCACY
The Connection Publishes New Guidelines
Dr. Bill Highleyman
Chairman
The Connection Review Committee
Articles
Articles published in The Connection may or may not be
technical in nature, but they will be relevant to the HP NonStop
community. We welcome the following types of content:
Educational Articles
Educational articles provide useful information to the NonStop
community. Examples of typical topics include security, availability,
disaster recovery, networking, database, system management,
modernization, application development, solutions, big data, and
cloud computing.
Case Studies
Case studies explain how customers use NonStop technology to
meet their application needs. Solutions are described with emphasis
on NonStop attributes that were required by the applications. The
benefits that the solutions provided to the customers, the savings
that were realized, and what the customers are able to do now that
they couldn’t do before is presented.
Business-Continuity and Disaster-Recovery Stories
T
he Connection magazine is one of the primary benefits
of being a member of Connect, your Independent HP
Business Technology Community. Under the guidance of
Stacie Neall, the Connection Managing Editor, the publication has
a multiyear history of producing informative articles and columns
on all things related to HP NonStop systems.
The Connection depends upon two methods of support from the
NonStop user and partner communities – article submissions and
advertising. Over the last few years, our article-submission guidelines
have slowly migrated to meet changing needs. These modifications
have not resulted in problems for our authors or advertisers – they
occurred slowly and have reflected our changing policies.
In this article, I would like to summarize The Connection’s latest
publishing guidelines as it affects both authors and partners. My
intent is to ensure that there are no misunderstandings concerning
what we will publish, what incentives there are for partners, and
what content is inappropriate. Understanding the guidelines also
will give our readers assurance that the time they spend reading
The Connection is time well-spent.
8
Nov/Dec 2014
Business-continuity and-disaster recovery stories describe
some sort of disaster that severely impacted the operation of
a NonStop application, such as a data center fire or a serious
operator error. The articles explain how the customers
handled their challenges and present suggestions for process
improvement to prevent similar challenges in the future.
Publication of disaster-recovery stories can be a major aid to
other NonStop users.
HP Articles
HP publishes Connection articles that describe new NonStop
solutions, products, enhancements to existing products, and
educational information on the use and deployment of HP
products and technologies for the NonStop community.
Partner Promotional Opportunities
As a general statement, The Connection will not publish
articles that focus on a specific partner or on its products. This is
what advertisements are for. However, having said that, there are
opportunities for partners to promote themselves, as defined in
the following guidelines:
Educational Articles
If a partner submits an educational article, it is acceptable for
the partner to include at the end of the article a brief description
of its company and its products that are related to the article. The
biography of the author that is included with every Connection
article may provide further information. These policies are
intended to encourage partners to submit articles. Our experience
has shown that a good number of our best articles have been
those submitted by partners in their areas of expertise.
If an author mentions one or more companies who are clients
of the author, there shall be a disclaimer accompanying the article
disclosing these relationships.
Case Histories
Article Submission
In a case study, the partner products that the customer uses
to meet its application needs may be mentioned. However, the
narrative should focus on the customer usage and not on product
details.
Business-Continuity and Disaster-Recovery Stories
In a disaster-recovery story, the products being used by the
customer may be mentioned as well as any products employed
to resolve the customer’s issue. However, in no case shall the
article contain derogatory information about a named partner
or product; and there may be no recommendation for use of a
particular partner product.
Partner History Articles
An advertising partner may submit an article that describes
the partner’s history, why it entered the NonStop arena, what
led to its NonStop products, and where it sees its future. An
advertising partner is one that has committed itself to full-page
advertising in The Connection for at least six consecutive issues.
This policy is intended to incentivize partners to advertise in
The Connection.
Partner or Product Promotional Articles
Articles that are partner-specific or product-specific will
not be accepted as Connection articles except as advertorials.
These articles may be no longer than one page in length, will be
disclosed as advertorials, and will bear a cost equal to that of an
equivalent-sized advertisement.
Restrictions
Product Comparisons
If a product is mentioned in an article, the author is encouraged
to mention competing products that might be considered for the
same task. In no case will promotional language be used, such as
“the leading product,” even in a customer statement. In addition,
no promotional comparison between the partner’s product and
competing products shall be made.
Disclosures
Articles for a particular issue must be submitted by the
submission deadline established by The Connection. Articles
typically range from 1,500 to 2,500 words. Larger articles can be
broken into two or more parts for publication in successive issues.
An issue of The Connection may focus on a specific topic.
Preference will be given to those articles that fall within the focus
of the issue. Submissions will be reviewed by The Connection
editorial review committee for adherence to the magazine policies
and to provide feedback to the authors for required amendments or
changes to the article prior to approval for printing.
The Connection provides article bylines. The author should
submit his background information with the article, including his
name, title, company, contact information, and a brief biography
(typically 50 words or less).
For Further Information …
A copy of The Connection Publishing Guidelines can be
obtained from Stacie Neall, Managing Editor of The Connection,
at sneall@connect-community.org. Stacie also can be contacted for
information on advertising.
Your Connect Advocacy Program
The Connection is only one limb of the Connect Community’s
Advocacy Program. As well as having a presence at major HP
events, the main events sponsored by Connect are its Boot Camps.
The HP NonStop Technical Boot Camp was held this year from
November 16 to November 19 in San Jose, California, USA.
Hundreds of users, partners, and HP specialists and executives
from around the world attended to mingle, share ideas, and party.
You also can meet with your peers at the Regional User Group
meetings held around the world. Join the user group in your area
to share your experience and to learn from the experience of others.
Your Advocacy Program seeks to determine issues of importance
to the user community and to escalate these concerns to HP for
consideration. Issues can be submitted via the Regional User Groups and
through Special Interest Groups (SIGs) that meet at the Boot Camps and
at HP Discover, HP’s massive conference held each June in Las Vegas.
It’s your Advocacy Program – Let your voice be heard.
Dr. Bill Highleyman is the Managing Editor of The Availability Digest (www.availabilitydigest.com), a monthly, online publication and a resource of
information on high- and continuous availability topics. His years of experience in the design and implementation of mission-critical systems have
made him a popular seminar speaker and a sought-after technical writer. Dr. Highleyman is a past chairman of ITUG, the former HP NonStop
Users’ Group, the holder of numerous U.S. patents, the author of Performance Analysis of Transaction Processing Systems, and the co-author of
the three-volume series, Breaking the Availability Barrier.
Did You Know?
Legacy NonStop S-Series Hardware and G-Series Software
After a long run of productive use and support, HP NonStop is finally sunsetting S-Series hardware and the G-series software that runs on it. Effective September 30th, 2015, support for the last S-Series hardware will end and the product
will be declared Obsolete. Software end of support for these platforms will follow and come to an end on December 30th,
2015. HP wants to thank the many customers who purchased and loved this platform and we stand ready to work with
you to help you migrate to a later, faster and fully supported NonStop platform.
www.connect-community.org
9
Community Resource
Blogger | Joe Androlowicz
When planned or unplanned downtime has to be zero — the HP Shadowbase
product suite keeps you running
To follow the rest of the NonStop Social Media blogging team, go to the Mission Critical Computing blog site at: http://bit.ly/aAlO6c
H
P NonStop recently announced a new strategic
partnership with Gravic, Inc. and as a result HP will
now be offering a new set of industry leading products
in the business continuity space. Just days ago HP released
this new set of products and once again reset the bar in highavailability enterprise computing. I recently spoke with HP’s
worldwide product manager for NonStop database and business
continuity products, Ajaya Gummadi. During the conversation
I asked her how we were able to improve upon something that
was already great, and what it means for our customers. Below
are some highlights from that discussion. I hope you find them as
interesting as I did!
So, Ajaya, why is HP NonStop coming out with a new Business
Continuity solution?
Well Joe, there are a lot of reasons we wanted to move forward
in this area, but what it comes down to is our customers. The
technology world is changing rapidly and driving their businesses
to ever higher levels of SLAs. What used to be acceptable
downtime to maintain your IT infrastructure is no longer
available to you in a 24x7 world. NonStop platforms have for
decades been at the very center of the always-available business
environment. This is part of the reason we are announcing a new
replication and data integration solution with HP Shadowbase.
Doesn’t HP already offer NonStop Remote Database Facility
(RDF) to cover requirements like this?
Customers with strict downtime requirements have
traditionally used HP NonStop RDF to configure a backup
environment that is ready to do an instantaneous-takeover
should a disaster strike the primary data center. This solution
worked well for many environments, but it had some limitations.
For example, only one node could be actively updating the
database and was uni-directional. The backup node received and
applied the changes but the database was available read-only to
applications running on the backup node. NonStop customers are
now coming up with more complex requirements – for example
both primary and backup nodes have applications running
and updating databases that should be resilient. That’s why we
are introducing the Shadowbase product suite and it nicely
complements NonStop RDF.
Does HP Shadowbase extend the capabilities of RDF?
Yes, Shadowbase operates in active/passive as well as active/active,
both uni and bi-directionally giving you the option to select your
levels of resiliency. It can detect data collisions between active nodes
and gives you programmatic interfaces to detect and deal with them.
Shadowbase also integrates data and applications to help customers
10
Nov/Dec 2014
build a real-time environment. It is a functionally rich product suite.
What about customers with mixed-environments that need to
share NonStop data with other platforms?
Shadowbase products are actually available for a broad
range of platforms in addition to NonStop, and they support
multiple databases. This product suite has been designed with
NonStop fundamentals for scale and availability and has been
further hardened to meet HP’s software requirements.
This is not a new or immature technology. Gravic is a long
time HP AllianceOne Partner and HP has entered into a strategic
relationship to resell and support the Shadowbase product line
that has been in use by customers worldwide for over 20 years.
So why do customers no longer have any tolerance for planned
downtime, when that has always been the norm?
These days, customers are shying away from a large window
of downtime to upgrade or migrate to newer releases or
platforms. With their businesses staying open for their users
24x7, they do not have the luxury of downtime any more.
We recognized this need and that’s why we are introducing
HP Shadowbase Zero Downtime migration as part of the
Shadowbase product suite.
In other words, you’re saying customers don’t like to become
headlines…
Exactly! Disaster Recovery may not be very exciting to many
people until it is needed. It’s actually one of the most critical
functions of your enterprise. Lost revenue, lost customers, lost
brand reputation due to business not being available keeps CIOs
awake at nights. HP Shadowbase helps you avoid becoming the
next headline. I actually have an article describing this in more
detail in the previous issue of The Connection magazine.
So what’s driving this need for less downtime and better
integration?
In the last few decades, many technologies have evolved, lived
their life cycle, and gone away. But some customer apps continue
living for a very long time. These apps manage a lot of critical
data. We wanted to find a way to move this data and make it
available to next generation apps and more importantly, do it in
real-time. This is the idea behind the HP Shadowbase Data and
Application integration capabilities. It takes data from your most
critical applications and integrates it with newer business apps
that customers are developing to keep up with new demands on
their business.
So what is the effort involved to move in this direction using
HP Shadowbase solutions?
We wanted an easy way to help customers get started on this journey
so we have new Discovery Workshops and Consulting Services to
help you walk through the entire process. These really help clarify your
business SLAs and requirements to come up with an implementation
plan that can make your business more resilient against any type of
disaster utilizing these new state-of-the-art technologies.
Thanks Ajaya, I didn’t realize just how small the windows are
getting for upgrading and migrating applications or platforms
these days. How can people find more information about these
new products?
We have new information available and posted on the
NonStop business continuity web pages (www.hp.com/go/
nonstopcontinuity), and I would also direct customers to their
NonStop sales representative for more information. I just finished
training all of them, so I know they’re eager to talk more about the
Shadowbase technologies! You can also find out more detail by
attending the upcoming Connect NonStop Technical Boot Camp
November 16-19 in San Jose where we will have some featured
sessions on business continuity and the Shadowbase technologies. I
look forward to seeing you there!
Joe Androlowicz is a Technical Communications and Marketing manager in HP’s NonStop Product Division. Joe is a 25 year journeyman in information
systems design, instructional technologies and multimedia development. He previously managed the program management team for the NonStop
Education and Training Center, drove the development and creation of the NonStop Certification programs and is the guy behind the curtains for the Go
HP NonStop mobile application.
www.connect-community.org
11
NonStop Innovations Deep Dive
Spotlight on a New Company Called 3Qube Technologies
Gabrielle Guerrera
NuWave Technologies
What Is 3Qube?
3Qube Technologies™ is a new cloud solutions and services
company with roots in mission-critical computing. Many of you
have worked with, or at least know of 3Qube’s affiliated company,
Tributary Systems, and its CEO Shawn Sabanayagam. With this
knowledge, you have to agree that 3Qube is in good hands. As the
chairman and CEO of Tributary, Shawn—whom you’ve probably met
at a NonStop event at some point—has managed that organization to
new heights over the past couple of decades, and continues to do so.
As one of the founders of 3Qube, his experience, market knowledge,
energy, tenacity, and sense of humor will all be assets to the startup. On top of that, 3Qube utilizes some of Tributary’s intellectual
property, as well as IP from cutting-edge cloud solutions providers.
3Qube has already assembled an impressive portfolio of data
protection solutions for large enterprises and mid-market companies,
which encompasses the vast majority of companies running on
NonStop. The start-up is focusing on providing turnkey services and
solutions that allow customers to migrate from conventional data
center environments to both private and hybrid cloud architectures.
3Qube has two distinct products: infni Qube™, which is a BaaS (backup
as a service) solution that can minimize the time to restore by twothirds, and infni Scale™, which is a hyper-converged infrastructure
solution that combines the server tier with storage in a modular
building block design. infni Qube allows users running on NonStop
or any other platform to back up their critical data, in a secure and
encrypted fashion, into a hybrid cloud at a very fast rate. The speed
to back up and restore this data is actually derived from the type of
architecture that 3Qube leverages, but I’ll explain that in more detail
later. The start-up also offers unique consulting services, including IT
strategy consulting, technology innovation, and cloud transformation.
Just out of curiosity, I asked the founders about the significance
of the company name and received a very thoughtful response: The
number three represents the three principal founders, and cubes
were included in the name (with a playful spelling) because you can
create a larger cube only if you have the right number of smaller
cubes. This represents 3Qube’s philosophy of solving business
problems by bringing the right pieces of a solution together
through innovations in technology and services. Additionally, a
cube cannot be formed without all of the underlying cubes being
shaped perfectly, symbolizing their drive toward perfection.
12
Nov/Dec 2014
Who are the Three Qubes?
3Qube was launched in April by three highly technical,
intelligent and interesting principals, all with diverse backgrounds.
In addition to Shawn Sabanayagam, the other founders include
Vinod Muthuswamy, the CTO of 3Qube, who has exceptional
experience in industry-leading cloud technology and managed
services, and Jimmy Mathews, chief sales officer, who has a gift
for elevating sales performance at apparently any organization, in
any industry. Vinod previously worked for NEC Corporation of
America, a multi-billion dollar Japanese conglomerate. At their
American headquarters Vinod started their managed services
branch from scratch and built it to where it is today. In his first four
years there, he helped create their flagship service, a root cause
analysis engine that from an infrastructure perspective reduces
false positives to minimize the number of events. In fact, almost
six million events were eliminated on a monthly basis from a large
number of devices, encompassing the network and servers across
platforms and systems, including Windows, UNIX, and virtual
environments. Creation of this flagship service resulted in NEC
being recognized by Gartner three years in a row, starting in 2009,
when Gartner forced them into the Magic Quadrant. Vinod met
with one of Gartner’s research VPs, and remembers him saying “I’m
going to add you into the Magic Quadrant, whether you guys like it
or not.” (They liked it!) NEC was initially in the niche quadrant, but
in the second and third years they jumped into the challenger spot
for managed services.
As VP of managed services,
Vinod helped NEC go from
offering managed services for
networks and infrastructures,
to extending that platform to
automate the cloud infrastructure;
and then in 2010 launching their
cloud services across four different
areas: Enterprise applications,
allowing enterprises to move
their applications into a private
cloud; media in the cloud, which made NEC one of the first
providers of desktop-as-a-service; collaboration in the cloud; and
consulting services around cloud transformation. “Moving an
organization from professional services to completely transforming
customers’ businesses through managed services, while reducing
their operational costs, improving their agility, and lowering their
upfront costs was the journey that I went through at NEC,” reflects
Vinod. “I also got to work with a lot of enterprise customers, both
in the US and around the world.” His experience at NEC is a big
reason why 3Qube has a cloud focus and offers consulting around
managed services and cloud transformation.
Jimmy Mathews brings a very different, yet very relevant
background and skill set to the table, including about 17 years of
sales and marketing experience. Jimmy graduated from Boston
University with a degree in finance and marketing, began his
career in sales for Eli Lilly, then moved to HR, and was a general
manager for market research, plus training and development.
In 2002, Jimmy went into sales management leadership roles,
spending time in pharmaceuticals, metals, logistics, and now IT.
In all of his previous experience, Jimmy has taken both bottomperforming to average-performing teams to tops in the nation.
Due primarily to his leadership skills, Jimmy motivated an Eli
Lilly sales team that was in the top 10% to the top 1% in the
nation. He has consistently had success with motivating sales
teams and making them better. Jimmy also has experience with
pre-start-ups in metals, real estate, and distribution. Jimmy
claims that although he’s done sales and marketing for a long
time, at his core he is an entrepreneur. “I’ve always wanted to be
involved in ownership and leading a company, and I had good
success at the three start-ups that I worked with, which were all
profitable.”
Jimmy’s last position was leading
the high-tech sales teams at Pegasus
Logistics. He had tremendous
success there for three-and-ahalf years, helping to double the
business twice, and then in his last
year, further increasing revenue
almost 70 percent. While he was
there, he also gained experience
with the datacenter space. A lot of
his clients were big names like HP,
SCI, Crate Computers, and Ohio Data, so he got the IT exposure that
he would soon need at 3Qube. Getting more in-depth experience
with IT, including datacenters and operations, led to the desire to
take all of his cumulative experience and start 3Qube with Shawn
and Vinod.
Shawn first met Jimmy five years ago, and it wasn’t long
before he realized that Jimmy’s strength in revenue generation
transcends industry. He tried to recruit Jimmy to head sales
and marketing at Tributary, but Jimmy had other ideas. They
continued to build and maintain their friendship over time,
but didn’t get the chance to work together for several years.
Separately, Jimmy had met Vinod while Vinod was working for
NEC. The trio wanted to start a company that would leverage
the existing customer base, experience, IP, and infrastructure
of Tributary Systems, while building the next generation
technology. They also wanted to address the up-and-coming
markets of cloud services, cloud migrations, and solutions in
the cloud; the combination of which allows enterprises to move
their IT to the cloud. This, in turn, pushes the burden from a
company’s balance sheets to a cloud provider, simplifying their
cost structure, and giving them economies of scale and a shared
infrastructure. Along with the accumulation of aaS acronyms
like SaaS, IaaS, DBaaS, and now the up-and-coming BaaS
(backup as a service), all three founders have recognized that
cloud solutions and services are the future of IT.
As I mentioned, 3Qube utilizes a lot of Tributary’s resources
and IP, but the start-up also has a specific approach to growing the
business and its human resources in a cost-effective manner. They
have a set of resources that are common to 3Qube and Tributary,
as well as a pool of sales and engineering talent that has been hired
exclusively to serve and develop IP for 3Qube, and a third group
of service providers who are contract employees and serve as
outside consultants. They are chosen to work on an opportunistic
basis with specific customers. Tributary and 3Qube are located in
adjacent connecting suites in Dallas, Texas, so there is a free flow
of resources and ideas. Shared staff perform many of the overhead
functions, including human resources, finance, and administration.
The founders are trying to foster an environment with a heavy
exchange of ideas and a cross-pollination of cultures, since the
two companies’ cultures are so different from one another. Shawn
explains that because Tributary’s resources are more experienced and
have been in the industry longer, they are very familiar with NonStop
and other enterprise platforms, while 3Qube’s employees are younger,
energetic Generation Xers and Millennials, so it is an interesting mix.
According to Jimmy, “There is a legacy of success at Tributary, and
the energy and excitement of a start-up at 3Qube, so we’re working
on extending those cultures to both organizations over time. Both
companies benefit from each other’s experience and diversity.”
Even at Tributary’s Austin, Texas location, which focuses on
IP development, there is a great deal of excitement and synergy.
Tributary’s employees were excited to leverage a platform that was
developed there, to create 3Qube’s own IP; and they are also excited
to work with 3Qube’s CTO.
What Do Cubes Have to Do With NonStop?
Tributary is in the business
of data backup for enterprises
utilizing NonStop and other
high-availability missioncritical computing platforms;
and 3Qube’s founders wanted
to utilize Tributary’s synergistic
and proven resources that have
been developed over the last 24
years. However, 3Qube’s primary
focus is on open platforms, open
architecture, and open environments, because the principals
believe that that is where the primary growth in the industry will
be. 3Qube will benefit from Tributary’s long and storied history
on the HP NonStop platform, including the fact that Tributary has
a great working relationship with HP NED and its management
group, as well as a large number of customers. These are all things
that 3Qube wants to leverage as they begin serving this market.
All of 3Qube’s founders recognize the importance of
obtaining recognition from the NonStop community. Every
time a business gets formed to serve a strategic enterprise group
of customers, the most business-critical applications still run
on proprietary, closed, fault-tolerant environments; and those
environments are headed by HP NonStop. In Shawn’s words, “It
would be foolish for 3Qube to ignore the high-end of enterprises
who want their mission-critical applications to run on highavailability platforms.”
“I foresee NonStop customers having concerns about moving
to x86 and changing their infrastructure environment,” says Vinod,
“and I think 3Qube will come into play in enabling customers to
www.connect-community.org
13
transform their datacenter architectures from 10 gigabyte to 40
gigabyte networks, and then extend that across the datacenter
to implement a private cloud or hybrid cloud architecture.” The
company is also exploring the use of the infni Qube data backup
solution as a backend cloud architecture for Helion, HP’s hybrid
cloud platform, which would benefit NonStop customers as well as
HP. 3Qube’s team is currently investigating product compatibility
with HP’s interface, to determine if they can bring Helion into the
mix of backend infrastructure for NonStop customers.
Does Your Data Deserve the Fastest Restoration Time?
As promised, I’ll explain why infni Qube provides the fastest
data backup and restoration that you can get, and then you can
decide whether your data should be restored quickly or not.
With 3Qube’s unique approach, they can push the data to the
local instance that is nearest to the customer’s location so they
can quickly move it into the cloud and then to a file location.
And because it uses a hybrid cloud model, infni Qube reduces
the time to restore by two-thirds when compared to nearly any
other cloud service, including pure-play ones like Amazon and
Rackspace. Even when 3Qube’s product is compared to most local
data protection environments, which use local targets, it is much
faster, simply because of the data consumption and ingestion
technologies that it utilizes. infni Qube leverages a trademarked
disk stripping technology called InfiniCache® that allows instant
writes at the fastest rate with compression and encryption. This
allows customers to be compliant with smaller backup windows
and frees up resources at the front-end hosts, improving the overall
availability and efficiency of the front-end host systems.
For infni Qube or any other solution, the actual restoration
time depends on the retention timeframe, the volume of data, and
where a customer wants to move its information. For prospective
customers, 3Qube can demonstrate their expected recovery time
with a use case. In the case of a local disaster, whether it’s failed
hardware or corrupted data, customers have specific recovery time
objectives (RTOs), and they need to restore data in the near past.
In most cases, customers back up two weeks' worth of data, but
the infni Qube Cloud Connect appliance can be sized to hold any
amount of data.
For NonStop customers, scalability is always a key feature.
infni Qube is more scalable than existing solutions because it uses
unique caching technology to achieve a much more efficient cloud
delivery model. Most cloud providers describe their method as
“pushing” data directly into the cloud, but that prevents them from
scaling beyond a certain volume because it isn’t possible to push
large volumes of data directly into the cloud. Instead of pushing
data into the cloud, infni Qube always has a cache running via infni
Qube Cloud Connect, allowing customers to scale locally and move
data into the cloud more effectively.
Another important feature for NonStop users, if not the most
important, is security. Is the data secure? Who holds the data? And
who has access to the data while it is in transit and once it is in the
cloud? infni Qube backs up data in a secure and encrypted fashion,
and since it encrypts the data at the source and that encryption
is controlled by the customer, the data sitting in the cloud cannot
be decrypted without the customer’s permission. Data is also
encrypted at rest and in transit, which allows customers to be
compliant with the most stringent security requirements.
infni Qube leverages the same software solutions for HP
NonStop environments, IBM mainframe environments, and open
systems, so it allows NonStop customers to consolidate data across
all of their proprietary and open platforms. The solution can
seamlessly integrate into the existing infrastructure as it moves
data to the cloud. infni Qube also has the ability to connect with
3Qube’s backend clouds, open stack clouds, Amazon cloud, and any
other cloud infrastructure that has a compatible interface. However,
customers don’t have to manage infni Qube through 3Qube’s
interface: they can use their own backup application, reducing the
complexity from a customer perspective.
Because infni Qube will be targeted at x86 customers, its release
is set for the end of Q1 2015, which coincides with the release of the
x86 platform. All three founders will attend this year’s Advanced
Technical Boot Camp in San Jose, where Vinod and Jimmy will
present on the infni Qube product. To learn more about 3Qube,
visit www.3qubetechnologies.com.
Gabrielle is the author of the NonStop Innovations blog, which, as the name suggests, highlights the latest innovations in the HP NonStop space. Some
of the latest topics have been “Achieving 2,500 TPS for Two Days Straight”, “Do You Have the HP NonStop Mobile App?”, and “Tributary Systems Moves
to the Cloud.” The blog can be found at www.nuwavetech.com/hp-nonstop-innovations.
Did You Know?
Did You Know?
NonStop Virtual Tape Controller with BackBox
Did you know the Virtual Tape Controller allows you
to send and store NonStop data on a wide variety of
storage solutions? Nearly every model of HP StoreOnce
is supported as are other storage options including
those offered by other vendors.
Migrating SQL/MX
Did you know that there is an HP NonStop SQL/MX
Upgrade and Migration: FAQ now available? It can help
customers plan their migration from older and mature
SQL Releases 2.3.4, 3.0, and 3.1 to the latest 3.2.1
Release. Contact your HP Nonstop sales representative
for more information.
www.connect-community.org
15
The Smarts Behind EMV Smart Cards
Part 2 – Offline Transaction Processing
Yash Kapadia
CEO
OmniPayments, Inc
I
t seems that every month comes with an announcement of
another hack in which the data of millions of payment cards
has been stolen. This data is used to clone credit cards and debit
cards, which are then sold in the underground Internet. Is there any
protection available to us to thwart such attacks?
The answer is yes – smart cards. A smart card, also called a chip
card or an integrated-circuit card (ICC), includes an embedded
computer chip that employs cryptographic and risk-management
features. In conjunction with a smart-card POS or ATM terminal,
these features are designed to thwart skimming, card-cloning, cardcounterfeiting, and other fraudulent attacks.
A decade or more ago, a
consortium of card issuers comprising
Europay, MasterCard, and Visa
(EMV) began the specification of
smart cards or as they are formally
known today, EMV cards. EMV card
technology has been adopted by most
of the countries on all continents in the world except for the United
States. The United States is the laggard. Representing almost half of all
payment cards and terminals in the world, the U.S. still runs its paymentcard services on outdated magnetic-stripe technology.
However, this is about to change. The U.S. payment-card
industry has mandated that all merchants be EMV-compatible by
October, 2015 (except for gas stations, which have until 2017) or
face a “liability shift.” If a merchant does not process at least 75%
of its transactions through an EMV-enabled terminal (whether
via chip-cards or magnetic-stripe cards) and accepts a disputed
or fraudulent card payment, the merchant will be liable for the
transaction rather than the issuer.
Most card-payment networks include one or more HP NonStop
servers. It is therefore important that the NonStop community
understand smart-card technology, which is becoming an important
component in all financial networks. In this article, we describe how
smart cards add significant security to payment-card transactions.
Part 1 in the September/October issue of The Connection covered the
methods for authorizing EMV transactions online with the issuing
bank. In Part 2, we discuss the procedures for securely authorizing
EMV transactions offline without direct issuer involvement.
online with the issuer or offline with no issuer involvement. Once
this decision has been made, processing splits into two distinct flows
– one for online transactions and one for offline transactions. Part 1
of this article described the common processing flow and the online
processing flow. Part 2 describes the offline processing flow.
Most transactions will be processed online, sending the
transaction data to the issuer for authorization. However, in
some cases, a transaction may be processed offline with no issuer
involvement. This can take place if there is no communication link
(for instance, terminals used in airplanes to sell food, drinks, and
other items), if the communication link between the terminal and the
issuer should fail (allowing a retailer to continue to service customer
payments at its own risk), or for very small transactions.
The processing of an offline transaction as shown in Figure 1 is
a bit more complicated than the processing of an online transaction
but follows similar steps.
Offline Transactions
The processing of an EMV card transaction is shown in Figure
1. It comprises several steps, with interaction between the card, the
terminal, and the issuer. Processing time for an EMV transaction
is comparable to that for a magnetic-stripe transaction, where
communication delays account for the majority of the time.
EMV transaction processing begins with some preliminary steps
that help determine whether the transaction should be handled
16
Nov/Dec 2014
Figure 1: EMV Processing Flow
Issuer Parameters Stored on the Card
The processing of online and offline transactions is controlled
by parameters stored on the card by the issuing bank. These
parameters are described by a three-byte bit-encoded designator
and include:
Byte 1: Card Data
Input Capability
Manual key entry
Magnetic stripe
IC (integrated circuit)
with contacts
Byte 2: Cardholder
Verification Method
(CVM)
Plaintext PIN for ICC
verification
Enciphered PIN for
online verification
Signature (paper)
Enciphered PIN for
offline verification
No CVM required
Byte 3: Security
Capability
SDA
DDA
CDA
(These capabilities
are described later)
Table 1: EMV POS Terminal Capabilities
Cardholder Verification
As with online transactions, if the transaction is to be processed
offline, the person presenting the card must be verified as the
legitimate cardholder. Offline cardholder verification is also
accomplished via the Cardholder Verification Method (CVM) that
the issuer has specified in its parameters stored on the card (Table
1). Four methods can be used for offline cardholder verification:
• offline encrypted PIN
• offline plaintext PIN
• signature
• no CVM
The methods selected by the issuer may be arranged in priority
order, or they may be selected according to other transaction
parameters. For instance, a transaction at an attended POS terminal
such as in a store may require both a PIN and a signature. An ATM
may require a PIN but no signature. A terminal with no PIN pad
may require just a cardholder signature. A small transaction may
require no cardholder verification.
If an encrypted PIN is selected, the cardholder enters his PIN
into the terminal’s PIN pad. The PIN pad encrypts the PIN with the
card’s PIN public key and sends it to the card via the POS terminal.
The card decrypts the PIN with its PIN private key and compares the
PIN entered by the cardholder to the PIN value stored in its secret
data. If the PIN is wrong, the terminal is informed. According to a
PIN counter, the cardholder may be given additional opportunities
to enter his PIN. If he reaches a specified limit, the transaction is
rejected. The card is blocked and can no longer be used.
If a plaintext PIN is selected, the process is the same as for an
encrypted PIN except that the PIN entered into the PIN pad by the
cardholder is sent to the card unencrypted.
Card Validation
An extra step required for offline transactions is that the
terminal must validate the card to ensure that the card is
not counterfeit or is not a clone of another card. For online
transactions, card validation is the responsibility of the issuer.
Three techniques for offline card validation provide
incrementally improved security – SDA, DDA, and CDA, as
described next. The technique to use is specified in the issuer’s
parameters stored on the card (see Table 1). Typically, DDA or
CDA is selected.
Static Data Authentication (SDA)
Static Data Authentication proves that the card is a valid
card prepared by the issuer. Included in the static data that the
terminal reads from the card is the card’s Static Application Data,
encrypted with the issuer’s private key. This cryptogram includes
all of the static data that the issuer has entered into the card at the
time the card was produced (PAN, cardholder name, public keys,
Application IDs, etc.)
The terminal also reads the issuer’s public key from the static
data on the card. The terminal decrypts the Static Application
Data cryptogram with the issuer’s public key and compares the
signed static data to the static data that it has read from the card.
If the data sets match, the terminal has verified that the card was
the card prepared by the issuer. It the data doesn’t match, the
transaction is rejected.
SDA validates the card’s authenticity, but it does not prevent
cloning. If an attacker somehow manages to clone an EMV card,
the static data including its cryptogram will still pass the SDA test.
Dynamic Data Authentication (DDA)
Dynamic Data Authentication adds cloning protection to the
counterfeit protection afforded by SDA. The key to DDA is that
the card carries variable data that changes with each transaction.
For instance, a transaction counter is incremented with each card
insertion into a terminal.
For DDA card validation, the card encrypts its variable data
with its private key and sends this dynamic data cryptogram to
the terminal. Using the card’s public key, the terminal decrypts
the variable data contained in the cryptogram and compares
it to the variable data that it has read from the card. If the data
sets match, the terminal knows that this data has come from the
original card and not from a clone because the clone would not
have the card’s private key (a secret data item that will be erased if
an attempt were made to access it).
Furthermore, an attacker cannot simply add its own card
public key and private key to the card to fool the terminal. The
terminal will discover that the attacker’s public key is not a valid
key when it checks the key against the key’s presumed Certificate
Authority, as found in the card’s static data.
Thus, between the SDA and the DDA, the terminal can
determine that the card is neither counterfeit nor a clone. It is a
valid card.
Combined DDA/Application Cryptogram (CDA)
SDA and DDA do not protect against an unlikely but
sophisticated attack known as a wedge attack. In a wedge attack,
a real EMV card is inserted into the terminal so that the SDA and
DDA validation tests are passed. The attacker then substitutes the
real card with a device that acts like the card but is under control of
the attacker. The attacker can force the acceptance of a transaction
that the card otherwise would have declined.
To protect against this kind of attack, an application cryptogram
(AC), generated by the card’s private key, is included with the
SDA and DDA cryptograms. The AC’s purpose is to inform the
terminal of the card’s ultimate decision as to whether to process the
transaction online, to process the transaction offline, or to decline
the transaction (see the section entitled Card Action Analysis in
Part 1 of this article). The wedge attacker cannot generate a valid
AC because it does not know the card’s private key.
www.connect-community.org
17
HILTON ELEVATED
DISCUSSIONS by Hilton Worldwide
We’re very pleased to announce the long-anticipated launch of
Hilton Elevated Discussions, a growing collection of short videos of
customers and Hilton Worldwide subject experts sharing insights on
specific topics that are relevant to the Connect+ audience. Currently we
have 25 clips that include the ROI of meetings and events, procuring grants
and sponsorships, negotiating Wi-Fi, effective contracting, planning hybrid
live/virtual meetings, and much more.
To view the content, please visit Hilton Elevated Discussions
To learn more about Hilton Worldwide’s unique
suite of customer solutions, please contact:
Rocco LaForgia
Director of Sales Technology Associations
p. 212-820-1715 e. rocco.laforgia@hilton.com
hiltonworldwide.com/connectplus
©2014 Hilton Worldwide
Offline Terminal Risk Management
For offline transactions, the card and the terminal must
cooperate to manage the risk of a transaction, a function
performed by the issuer for online transactions. This function is
executed under the control of a variety of risk parameters stored
on the card. These parameters include a lower floor limit, an
upper floor limit, an offline transaction-count limit, and an offline
amount limit.
Except for unusual conditions, a transaction can be authorized
offline only if its amount is below the lower floor limit. For instance,
if the lower floor limit is five dollars, only transactions that are at or
below five dollars can be authorized offline. Note that if the lower
floor limit is zero, all transactions must be authorized online.
An exception to this rule occurs if the communication between
the terminal and the issuer is interrupted. In such an event,
transactions can be authorized offline as long as they are below the
upper floor limit. The upper floor limit allows retailers to continue
to service most of their customers if their POS terminals should
go offline. In this case, the merchant is typically responsible for
disputed or fraudulent transactions, but it is a risk most retailers
are willing to take to maintain customer satisfaction.
The issuer can limit the number or amount of offline
transactions that can be authorized before the terminal must go
online with a transaction. This is accomplished via the offline
transaction-count limit and the offline amount limit. This
restriction limits the use of the card to fraudulently make unlimited,
small, offline purchases that are below the lower floor limit.
A further protection against the offline use of a fraudulent
card is that the card randomly forces online authorization for a
transaction that otherwise qualifies for offline authorization.
Offline Transaction Authorization
If all tests prove positive – cardholder verification, card validation,
and risk management, the transaction can be authorized offline. The
card informs the terminal via a TC cryptogram (see the section entitled
First Card-Action Analysis in Part 1 of this article) to authorize the
transaction. If a signature is required for an authorized transaction, the
cardholder is asked to sign a copy of the transaction receipt.
If any test proves negative, the card must be authorized online by
the issuer.
The terminal stores the transaction data. According to rules
established by the issuer, the terminal will periodically send
batches of offline transaction data to the issuer. In the case of
a communication failure, this will typically occur as soon as
communication between the terminal and the issuer is restored.
Protections
In addition to the SDA/DDA/CDA protections described above for
offline transactions, EMV technology provides several other protections.
Swiping
The data from the card cannot be read by an attacker because all
data transfers between the card and the terminal are protected by
the card’s secret private keys.
Cloning
Even if card data could be compromised, it cannot be used to
clone a magnetic-stripe card, which will still be in use for some time
to come. This is because the cloned card data will not include the
CVC1 code that needs to be written in the magnetic stripe. Without
the proper CVC1 code, a magnetic-stripe transaction will be rejected.
Another protection against cloning is the transaction counter.
Every time a card is inserted into a terminal, its transaction
counter is incremented. If a cloned card were also being used,
the issuer would note that the transaction counters were out of
synchronization and would disable the card account number.
Counterfeiting
One concern is that an attacker could obtain a batch of blank EMV
cards and a personalization machine and create what appear to be valid
cards for offline transaction purposes. To protect against this, every batch
of blank cards has embedded in the cards a unique symmetric key known
only to the issuer. Therefore, only the issuer can create usable EMV cards.
Card-Not-Present-Fraud
For Internet transactions, there is no terminal to read the card and
to apply the risk management tests. To compensate for this, a private
handheld reader may be required by some online merchants. The
customer has his own private handheld reader. When he wants to
make an Internet purchase, he inserts his EMV card into his reader.
The reader generates a one-time unique passcode, which the
customer enters into a field provided on the merchant’s checkout
page. This passcode verifies to the issuer that the customer is in
possession of the EMV card being used.
Using Smart Cards at Dumb Terminals
Until all POS terminals have become EMV terminals and magnetic
stripes have been eliminated from smart cards, there will always be
cases in which smart cards with magnetic stripes are used at “dumb”
POS terminals that read only magnetic stripes. In these cases, all the
vulnerabilities of magnetic stripes that we deal with today still exist.
A skimming device or skimming malware can send the card data and
PIN to an attacker, who can clone the card as a magnetic-stripe-only
card that can be used at POS terminals whether they are EMV-capable
or not. This is because, for a while to come, all EMV POS terminals
must still be able to process magnetic-stripe cards.
The EMV Specifications
The first EMV specifications were developed by a consortium
comprising Europay, MasterCard, and Visa – thus the name EMV.
The primary members of the consortium now include MasterCard
(which acquired Europay), Visa, American Express, Discover,
JCB (Japan), and UnionPay (China). Most other payment- card
organizations, banks, major merchants, payment processors, and
other industry stakeholders support the ongoing specification effort.
The EMV Specifications are contained in four books:
• Book 1: Application Independent ICC to Terminal Interface
Requirements
• Book 2: Security and Key Management
• Book 3: Application Specification
• Book 4: Cardholder, Attendant, and Acquirer Interface
Requirements
The EMV Specifications can be obtained from the EVMCo web
site, http://www.emvco.com/specifications.aspx.
www.connect-community.org
19
SQLXPress
Not just another pretty face
An integrated SQL Database Manager for HP NonStop.
Single solution providing database management,
visual query planner, query advisor, SQL whiteboard,
performance monitoring, MXCS management,
execution plan management, data import and export,
data browsing, and more...
With full support for both SQL/MP and SQL/MX
Learn more at
xypro.com/SQLXPress
The OmniPayments Financial Transaction Switch
OmniPayments (www.omnipayments.com) from Opsol Inc.
(www.opsol.com) is an HP NonStop-based financial transaction
switch that interconnects POS terminals, ATMs, acquiring banks,
and issuing banks via any of the various financial transaction
networks. OmniPayments supports all features required to
process EMV smart-card transactions, from support of EMV POS
terminals and ATMs to the protocols required to communicate
with the issuing and acquiring banks. OmniPayments is currently
handling EMV transactions with its international banking
installations and is ready to handle these transactions with U.S.
systems as EMV technology takes hold in the United States.
OmniPayments architecture is based on modern Service
Oriented Architecture (SOA). SOA enables new functionality to
be easily added to OmniPayments to meet specific needs of its
customers. The core of OmniPayments is a set of Business Logic
Modules, or BLMs. Each BLM is tasked with providing a specific
service for OmniPayments. For instance, OmniATM controls
ATMs, OmniPOS controls POS devices, Transaction Screening
offers preauthorization services, and OmniAuth provides stand-in
authorization services.
Figure 2: The OmniPayments Financial Transaction Switch
A set of adapters connects the external entities to which
OmniPayments must connect to the BLMs. Acquirer adapters
are supplied for both EMV and non-EMV ATMs, POS devices,
IVR systems, the Internet, and bank tellers. Issuer adapters are
provided for local host bank communications and for the variety
of financial interchange switches with which OmniPayments
must interface.
Traffic between acquirer BLMs and issuer BLMs is routed via
OmniDirector. OmniDirector is a rules-based routing engine
that forwards On-Us transactions to the bank’s core systems
and Not-On-Us transactions to the appropriate interchange
switch. It provides format conversion between different message
protocols and is responsible for much of OmniPayment’s
logging functions. OmniDirector also manages the failover/retry
mechanisms in OmniPayments.
OmniPayments provides complete logging of all transactions.
The logs contain the transaction information needed at the end
of each day for clearing and settlement. It is this processing
function that transfers funds from the card-issuing banks to
merchant accounts held by their acquiring banks to reflect the
day’s sales activities.
OmniPayments is fault-tolerant. Running on an HP NonStop
server, all processes are persistent and are automatically restarted
should they abort. All database functions such as logging, card
parameters, and so on are maintained by a NonStop SQL/MP
relational database.
With successful implementations at many customer sites,
OmniPayments is just one member of the Opsol family of
solutions for the financial industry. Opsol Integrators specializes
in NonStop mission-critical applications and is HP NonStop’s
largest system integrator.
Summary
Magnetic-stripe cards will become a thing of the past as EMV
technology is adopted worldwide. This is almost the case now in
countries around the world except for the United States. However,
within a few years, it is expected that the U.S. will catch up.
Magnetic-stripe cards have been proven over and over again by
major hacks to be terribly insecure. Their data is easy to skim, the
cards are easy to clone, and cloned cards have an active market in
the underground Internet.
EMV technology provides strong protection against cardskimming, card-cloning, card-counterfeiting, and man-in-themiddle attacks. Once EMV technology is universally accepted, our
card-payment systems will become significantly more secure. The
OmniPayments financial transaction switch supports EMV POS
terminals and ATMs and the EMV protocols for communication
between EMV terminals, acquirers, and issuers. OmniPayments
brings the entire suite of EMV security protection to an
organization’s financial switching network.
It is said that hackers are smarter than security professionals.
Whenever a security vulnerability is patched, hackers rapidly find
a way around it. However, it will take an extremely sophisticated
hacker to break through the protective barriers of EMV.
Yash Kapadia is the founder and CEO of OmniPayments Inc., a leading
HP NonStop System Integrator for Telco and Financial Services. Opsol's
OmniPayments solution is used by Banks and Retailers for Base24
replacement. Yash and his team provide several products and remote
managed services for NonStop customers. Yash can be reached at Yash@
OmniPayments.com and +14086669927.
Did You Know?
OmniPayments is New Host of ITUGLIB
OmniPayments Inc. has volunteered to host ITUGLIB,
a resource of user-contributed freeware, both legacy
NonStop and Open Source. The OmniPayments financialtransaction switch provides a comprehensive solution for
routing transactions over payment networks.
http://ituglib-opsol.xid.com/apps/Ituglib/HomePage.jsf
www.connect-community.org
21
NonStop Misperceptions: New “Dummies”
Book Dispels Myths—a Q&A with Thomas Burg
Thomas Burg, CISSP
Chief Technical Officer
comForte 21 GmbH
Randy Budde
Writer & Marketing Consultant
Active Slant
Introduction
In these days of 24/7 tech hype and new buzzwords emerging
on a seemingly hourly basis, why write a book on the HP
NonStop platform? While it is based on technologies that are
decades old, the HP NonStop platform, and the way it gets
deployed, has seen significant change. In order to provide a fresh
look at the platform, several technical experts teamed up to write
a new booklet called “HP NonStop for Dummies,” which was just
published by John Wiley & Sons. In this article, freelance writer
Randy Budde interviews Thomas Burg, one of the booklet’s coauthors, to uncover more information about the booklet and why
it was written.
RB: Why did you decide to write a “Dummies” booklet for
HP NonStop?
TB: The booklet was written by Werner
Alexi, Bill Sempf, and myself, with the
help of a number of other contributors and
reviewers. We have all been working with
the HP NonStop platform for years. We at
comForte are ardent fans of the product,
and big believers in its potential, both today
and in the long term. Over the course of my
years working with comForte, a company
with a long track record of bringing
innovative offerings to the HP NonStop
community, I’d often be struck by the need
for this kind of publication. Ultimately, we
set out to make it happen.
RB: What do you hope readers will get out
of reading the booklet?
TB: In developing this booklet, we
had two key objectives. First, we wanted
to provide a positive introduction for
audiences that were new to HP NonStop.
Second, we wanted to correct common
misperceptions that many people have
about the platform.
RB: What do you think are some of the key aspects that
someone who’s never heard of the platform should know about?
TB: I’d point to three key areas: availability, scalability,
and cost of ownership. In terms of availability, if a business is
running critical applications that can’t go down or can’t afford
to lose transactions—applications like ATMs, mobile phone
infrastructure, emergency phone services, point-of-sale systems,
and the like—HP NonStop has been and remains one of the
best platforms to employ. The platform is a self-healing system,
22
Nov/Dec 2014
featuring integrated hardware and software that are highly fault
tolerant. This means that, even if a CPU or some other critical
element should fail, services won’t go down and transactions
won’t be lost.
Scalability is the second key element. The HP NonStop
platform is relied upon in demanding industries, such as the
financial services and telecom sectors, where the platform
has proven its ability to process thousands of transactions a
second, and to do so for years on end. The platform is built on
an architecture that provides linear scalability, which means IT
teams looking to accommodate increased processing demands
can keep adding more hardware, without encountering any
architectural or system limits.
Total cost of ownership is the third key aspect. For organizations
running intensive, complex applications, the
solution provides unmatched value.
RB: What are some of the most common
misperceptions about the HP NonStop
platform that you encounter?
TB: I continue to see five common myths
that seem to keep being perpetuated.
Myth #1 is that the HP NonStop platform
is a closed, proprietary system. In fact,
the platform is now very open. Today, an
IT team running HP NonStop can work
with Java, C++, JSON/REST, and other
modern, open standards for integration and
development.
Myth #2 is that HP NonStop is an
inflexible system. The reality is that IT
teams working with HP NonStop have a
wide range of options. They can integrate
the platform with a number of different
systems, applications, and workflows. They
can easily support a number of form factors,
and even make applications accessible to
mobile users. Further, the platform itself
offers tremendous flexibility. For example, where in years past
IT teams would have been stuck with a single, proprietary
database, they can now choose from several databases, including
SQL/MX. With SQL/MX, organizations can leverage a modern
relational database that is compatible with open ANSI SQL
standards.
Myth #3 is that it’s hard to develop applications for HP
NonStop. On the contrary, developing NonStop applications
today is just as easy as with other environments. If you were
going to write an application for a mobile phone, you wouldn’t
do any coding on your phone. Instead, you’d use an integrated
development environment (IDE), develop the code, and port
into the required platform for testing, deployment, and use. The
same is true for HP NonStop. Developers can use the Eclipse
IDE, the front-runner of enterprise IDEs, for managing NonStop
application development. In addition, they can code using
standard languages like C, C++, COBOL, Java, Python, and Perl.
Myth #4 is that it’s hard to address security requirements.
Security in HP NonStop environments is a critical aspect, as
these platforms are often responsible for managing sensitive,
highly regulated data. IT teams running HP NonStop can most
certainly address the most rigorous security requirements. For
starters, the platform has inherent security advantages. For
example, these platforms don’t need virus scanners. In addition,
security teams can also efficiently address the requirements of
relevant policies and mandates, including the Health Insurance
Portability and Accountability Act (HIPAA) and the Payment
Card Industry Data Security Standard (PCI DSS). Security
teams can now encrypt data at rest on the HP NonStop platform,
without having to modify application code.
Myth #5 is that the HP NonStop platform is expensive to run.
If an executive compares a small NonStop implementation with
a server cluster running on the Linux or Windows platform,
investing in the HP NonStop platform may look prohibitively
costly. However, when you start to compare the cost associated
with getting these Windows or Linux systems to achieve uptime
and scalability characteristics that are similar to those of HP
NonStop, you instead see that HP NonStop systems provide
unmatched value. For more information, I’d encourage readers
to see a detailed TCO study1 that is available at:
https://www.comforte.com/ns4d/TCO_study-2014.pdf.
RB: Why do you think these misperceptions persist?
TB: I think there are a few reasons. First, people’s perceptions
aren’t typically shaped by the platform itself, they are shaped
by the applications running on the platform. Often, legacy
applications are running on HP NonStop. If the application
running on top of HP NonStop is costly to support and
inflexible, those are the characteristics that will be linked with
the platform. By modernizing their applications, IT teams can
capitalize on all the flexibility that the platform now offers,
while enjoying the advantages people traditionally expect, like
availability and scalability.
Another key factor is that HP NonStop often doesn’t get the
visibility it deserves in enterprise IT organizations. Many large
enterprises are running a number of platforms side by side,
including HP NonStop, IBM mainframes, large UNIX systems,
and Linux and Windows platforms. Of these, HP NonStop is
clearly the only system that can run a huge application that
processes massive amounts of data—and continue to do so
with very few people managing the platform. Basically, if your
application is stable, it can run undisturbed for years on HP
NonStop. As a result, HP NonStop will not be the focus of
the triage and “all hands on deck” meetings that occur when
issues and outages occur. Ironically, these meetings serve to
keep other platforms at the top of executives’ minds—which
can make it easier to get new staffing and resources to support
these systems. On the other hand, HP NonStop tends to hum
along quietly, with very little assistance, so, from an executive
standpoint, this is the platform that may be more likely to get
reduced staffing and budget support.
I also think inertia plays a role in the persistence of these
myths. After working with the platform for decades, many
people have come to feel the platform they’re running is “good
enough.” As a result, they may be less inclined to learn new
skills or stay up on the latest advancements. Further, because
they’re working on increasingly lean teams, they don’t have time
for these added efforts and they’re understandably reluctant to
disrupt the status quo. These mindsets can serve to perpetuate
the myths I’ve outlined.
RB: Where do you see some of the most promising
advancements happening in the future?
TB: Some organizations have begun to leverage the HP NonStop
platform in cloud and hybrid environments, and these approaches
provide enormous potential. For example, HP NonStop can serve
as a database backend for a web application that is provisioned in
a public or private cloud. In this way, organizations can capitalize
on the agility of cloud services, while extending their HP NonStop
investments. In addition, the announcement that HP NonStop
will be coming to X86 hardware, without compromising any of the
platform’s core attributes, will represent an immense opportunity
for customers in the long term.
Conclusion
Whether you’ve been working with HP NonStop for decades,
or this is your first time hearing about the platform, “HP NonStop
for Dummies” will offer value. Experienced readers can get a fresh
perspective on how the platform has evolved, and the myriad
opportunities offered by its new capabilities. Those new to the
platform can get a lively, informative introduction to a platform
that offers unique and compelling advantages to today’s enterprises.
If you’re interested, you can visit the following URL, where you can
learn more about the booklet and register to download your copy:
http://www.comforte.com/ns4dummies
Thomas Burg, CISSP, Chief Technical Officer, comForte 21 GmbH
Thomas Burg has an extensive background in systems programming, networking, and security. For more than 30 years, Thomas has worked with
a range of computing platforms, including Windows, UNIX, and HP NonStop. At comForte, he has helped guide the company’s strategic product
direction and orchestrated a range of technology initiatives, such as the company’s SSL/SSH encryption suite, which was ultimately adopted by HP
within the NonStop OS.
Randy Budde, Writer and Marketing Consultant, Active Slant
Randy Budde is a freelance writer and marketing consultant. Randy has worked in the enterprise software segment for almost 20 years, and has written
on a range of topics pertaining to the HP NonStop platform, including security, application modernization, and big data.
1
Pyalla Technologies, “Research Note: NonStop offers the lowest TCO in its class for complex mission-critical applications,” Richard Buckle
www.connect-community.org
23
Node.js on the HP NonStop Server
David Finnie
Neil Coleman
VP, Development
CTO
InfrasoftInfrasoft
W
ith the introduction of Intel x86-64 support, potential
opportunities arise for expansion of usage of NonStop
Servers throughout organisations that already rely
on the characteristics of fault-tolerance and massive scalability
inherent to the NonStop platform. Further, organisations that have
previously dismissed the NonStop may well take a second look.
Modernization of existing HP NonStop Server applications
has been a strong theme for the past few years – both HP and a
number of third-party vendors can point to successful and effective
products and services in this area.
For the last 18 months, Node.js has been gaining popularity
as underlying technology for enterprise applications. Large
organisations including Wal-Mart, eBay, PayPal, MasterCard, and
LinkedIn have all rolled out Node.js applications. Why?
For many candidates for both increased usage and new adoption
of the HP NonStop, modernisation of existing applications is
no longer the challenge. The Node.js platform has the potential
to support applications that meet a wide range of business
requirements and is something that everybody should consider.
What is Node.js?
Node.js enables JavaScript to be executed on the server. It is
built around Google’s V8 JavaScript engine, and promotes building
applications using an event-driven, non-blocking I/O architecture.
V8 is Google's open source JavaScript engine, which is written
in C++ and is used in Google Chrome, the open source browser
from Google. V8 was publicly released on September 2, 2008,
which was the same date that Chrome’s first release was announced.
V8 compiles JavaScript (ECMAScript as specified in the ECMA262 standard) to native machine code before executing it, instead
of interpreting bytecode or compiling whole program to machine
code and executing it from a filesystem. The compiled code may be
additionally optimized dynamically at runtime, based on heuristics
of the code's execution profile. The benefit is that it is much faster
than ‘interpreted’ code.
In 2009, an employee of Joyent (www.joyent.com) named Ryan
Dahl was working on a project that involved making the browser
aware of how much time was left for an upload process. Dahl
used JavaScript and V8 to develop an event-driven non-blocking
application, which was the beginning of Node.js.
Node.js and its libuv sub-project are also open sourced – V8 and
libuv under the BSD license, and Node.js under the MIT license.
Why has Node.js become popular?
Node.js presents a combination of attributes which arguably
provide some unique advantages. First it offers greater performance
but the real benefit comes in uniting what have been the war zones
of client/server or browser/server if you prefer. Development has
24
Nov/Dec 2014
Node.js on LUW
occurred in silos depending on which side you were on. Node.js
provides a common language creating a peer-to-peer environment.
This greatly accelerates development. Let’s look at some details.
Performance
The main idea of Node.js is to support applications that require
concurrent operations via non-blocking I/O and asynchronous
events. This can be contrasted to concurrency via threads.
Threading is typically done to enhance efficiency within a
program. If a process is waiting (blocked), it can start an additional
thread to pipeline other processing. This increases efficiency but at
the cost of complexity. The more threads the harder the code is to
create, manage and support. As we ramp up cores (IPUs) at some
point threading will become untenable based on complexity.
When comparing Node.js to a threaded model where each
connection (request) spawns a new thread, less system resources
are dedicated to Node.js – less memory is required to service each
new request because a new thread is not required, and less nonproductive work occurs performing thread context switching.
Node.js enables programmers to write efficient, non-blocked code
– code that is much simpler to write, manage and support. You can
see why major businesses are jumping on this bandwagon.
An application that is data-intensive, relying on I/O to a data
source (for example, a SQL database) spends most of its time
(per request) waiting for the I/O to complete. An event-driven
model lends itself to building such applications in a manner which
achieves high throughput and high scalability, as a large number of
simultaneous requests can be supported.
From Kiran Prasad, Director of Engineering, Mobile at
LinkedIn[1]…
On the server side, our entire mobile software stack is completely
built in Node. One reason was scale. The second is Node showed us
huge performance gains.
Platforms
The instruction sets currently supported by V8 are IA-32 (x86
32-bit), x86-64, ARM, MIPS, and PowerPC.
V8 does not currently support the instruction set for IA-64, the
Intel Itanium architecture.
Note that in November 2013, IBM announced a release of Node.
js and V8 running on PowerPC, using either Linux or AIX.
The operating systems currently supported by Node.js and V8 are
Windows (XP or later), Mac OS X (10.5 or later), and Linux/Unix.
Productivity
There is no question that JavaScript has its detractors. Enter
“JavaScript is not for real programmers” into Google and you get
almost 2,500,000 hits. It is eerily familiar to that which Assembler
programmers said of C, C programmers said of COBOL, and both
C and COBOL programmers said of Java. Of course, only time will
tell us how much future adoption will occur.
For an interesting rebuttal to JavaScript detractors, one should
read the article “JavaScript: The World’s Most Misunderstood
Programming Language” by Douglas Crockford (who authored
the original JSON specification) at http://www.crockford.com/
javascript/javascript.html.
As an aside, ECMAScript-6 (spec. ratification is targeted for
December 2014) includes a number of new features that many “real
programmers” will find attractive – in particular explicit support
for classes and constructors (that is, in addition to the existing
protypical inheritance).
In reality many organisations are seeing increased
programmer productivity using JavaScript in general, and
Node.js in particular, when compared to C/C++ and Java based
platforms. This is largely attributed to the simpler programming
requirements of the Node.js concurrency model. In a threaded
environment, a data race occurs when two threads access the
same location in memory at the same time, and at least one of
the accesses is a write. The "reader" thread may get the old value
or the new value, depending on which thread "wins the race".
Handling data races in general requires some programming
discipline to correctly manage accesses to shared data – via
mutex locks, condition variables, semaphores, etc., and is often
hard to get right.
From Subbu Allamarju, Principal Member, Technical Staff at
eBay[1]…
Node’s evented I/O model freed us from worrying about locking and
concurrency issues that are common with multithreaded async I/O.
From Jeff Harrell, Director of Engineering at PayPal[1]…
Node.js powers our web applications and has allowed our teams
to move much faster in bringing their designs to life. We've happily
embraced the power of JavaScript.
Common Skills
JavaScript dominates the Internet. It has seen off Java Applets,
VBScript, and Flash as client-side languages. It’s impossible to
replace JavaScript without breaking millions of web pages.
Node.js allows JavaScript language and philosophies to be used
for both client and server development. So what? Well, anyone
who has done much work integrating disparate technologies will
readily agree that any advantage helps. Developers, and users, who
understand each other and can easily communicate with each
other, will always provide better, faster results.
From Seth Pollack, (previously Lead Program Manager, Internet
Information Server, at Microsoft) co-Founder at RivalIQ[2]…
Sure, JavaScript has its warts, but it is great to have one language
that spans your product front to back. Why is this important?
Because having a highly functioning team of full-stack developers is
dramatically easier that way. In a previous life, I ran an engineering
team that had Java on the server and Flex (Flash) on the client.
Despite a talented team, we had an absolute divide between front-end
and back-end; it was pulling teeth to get developers on one side to
even look at the code across the chasm, and this hurt our productivity.
From Renauld Waldura, Sr. Product Manager, Cocktails Project
at Yahoo![1]...
Node.js is the execution core of Manhattan. Allowing developers
to build one code base using one language – that is the nirvana for
developers.
Community
The open source communities are key to both longevity of the
subject project, and to organisations being able to find required
skills.
The Node.js community has been in existence for 4-5 years. In
that time, roughly the same number of packages has been published
as by the Python community over 22 years and roughly half the
number of packages as by the Ruby community over 18 years.
While this doesn’t tell us anything about the quality and usefulness
of the Node.js packages, or indeed the quality and usefulness of the
Python and Ruby packages, it does tell us that a vibrant Node.js
community exists and is growing.
From Brian Corrigan, CEO at Mad Glory[1]…
We specialize in building custom service platforms and web
applications that scale to tens of millions of users. The ability to
use a single language on both front-end and back-end, the great
tooling support, the thriving module ecosystem, and the evented
programming model make Node our go-to tool for anything that
requires massive scale. The best part? The community is wonderfully
supportive and shares a common interest in moving the web forward.
Who is using Node.js?
Organisations currently using applications built with Node.js
include Wal-Mart, PayPal, eBay, MasterCard, LinkedIn, Groupon,
Dow Jones, Yahoo!, HBO, DirectTV, and The New York Times.
Wal-Mart
At http://thechangelog.com/116 an interview with Eran
Hammer has been posted. Hammer is the leader of the Wal-Mart
Labs team which is responsible for the Node.js software used by
Wal-Mart for its “Mobile Services Infrastructure”. According to
Hammer, it is an “orchestration layer for mobiles – a glorified proxy
www.connect-community.org
25
with data manipulation”. In essence, it provides a uniform API to
mobile clients that want to access a number of Wal-Mart services,
from AS/400-based services to “legacy” SOAP services.
Wal-Mart developed their own Node.js HTTP Server
framework, christened “Hapi”, to support their requirements. The
Hapi-based Mobile Services Infrastructure deployment began in
April 2013 and was handling 100% of mobile traffic to Wal-Mart
web sites by June 2013.
Wal-Mart received much publicity in the Node.js world in late
2013 for handling all mobile traffic without any issues on the “Black
Friday” shopping day following Thanksgiving in the United States,
with claims of 200,000,000 users. Wal-Mart have open-sourced
Hapi. Other known users of Hapi include MasterCard (see below),
and the publisher Conde Nast.
MasterCard
At http://www.joyent.com/developers/videos/node-summitnode-js-in-the-enterprise an interview with a number of people on
December 4 2013, including Scott Anderson, Director and Software
Engineer, MasterCard Worldwide, has been posted. Anderson
discusses the Node.js application that MasterCard has built using
Wal-Mart’s Hapi as the supporting framework.
The MasterCard application operates as a RESTful service that
integrates with Hardware Security Modules (HSMs) to perform
requested cryptographic operations.
When asked why use Node.js, Anderson replied that although
the service “already existed as a Java implementation and
worked fine”, they did some proof-of-concepts using Node.js and
determined that future requirements would be better met using
Node.js.
Why is the HP NonStop Server a perfect match?
The Node.js model of event-driven, non-blocking I/O that is
particularly suited to I/O bound applications, may have almost
been dictated by the fundamental concepts of writing a highperformance OLTP application running on the NSK operating
system.
Current implementations of Node.js, obviously, do not possess
the level of fault tolerance and scalability that software running on
the HP NonStop Server can offer.
Event-driven Model
NonStop programmers will be familiar with the way Node.
js is architected and open-source folk that do not know NonStop
will find a platform that is well-suited to this programming
methodology. There is a marked similarity between Node.js and a
multi-tasking NSK application that uses the Guardian AWAITIO()
call, or OSS select() call, to complete nowaited (non-blocking) I/O
operations to any file, either timed or untimed (wait forever), and
then invokes appropriate logic to handle the completion event.
Node.js specifically architects a callback model to handle events.
SMP…not!
Node.js does not rely on SMP threads to process multiple
requests concurrently. This allows simplicity without sacrificing
efficiency. Although OSS can support POSIX Threads, albeit at
a “user level” which is not pre-emptive, generally NSK-based
applications do not rely on a SMP environment. This maps to
26
Nov/Dec 2014
original NonStop coding recommendations to keep things simple
and focused within an application. Break things into small, selfcontained applications that work together instead of creating one
monolithic application. Keep it simple.
What does Node.js offer to the HP NonStop Server?
To paraphrase the 1992 US presidential campaign slogan, “It’s
the applications, stupid”.
A number of large organisations are already relying on Node.js
in a range of environments, including Web / Mobile development,
Big Data work, NoSQL database work, financial services, retail
services, and cloud-based applications.
Porting Node.js to the HP NonStop Server
Porting the software required to support Node.js on the HP
NonStop Server, so that JavaScript code that runs with a Windows
or Linux/Unix Node.js environment should not need to be
modified to run with a NSK Node.js environment, is a significant
undertaking.
The most complex part of a port is V8. To enable V8 to work on
the HP NonStop Server requires support for generation of machine
code from JavaScript for the target architecture. In addition, V8
needs to use the NSK OSS environment, and needs to be compiled
with the appropriate NSK C/C++ compilers (note: gcc is used to
build Linux/Unix variants).
The Node.js core code and the libuv sub-project code need to be
ported to utilise OSS.
So, can I run Node.js on the HP NonStop Server?
Infrasoft has completed a “deep port” of Node.js to NSK.
As some background, we initially ported V8 and Node.js to the
MIPS-based S-series as a proof-of-concept. Only after proving that
we could successfully run the exact same JavaScript on both existing
Node.js implementations and NSK, did we commence the NSK
x86-64 port. Note that the S-series version will not be available for
customer use – only the NSK x86-64 version. We have elected to
make this available as an executable to simplify installation – some
variants rely on the user building the executable themselves.
Node.js core already supports TCP and UDP socket I/O, HTTP,
and some forms of IPC (for example, pipes, FIFO). Although
we view supporting “vanilla” Node.js applications on NSK as
mandatory, adding value is critically important to increase NonStop
Server adoption. Node.js will be made available on a continuously
available platform. Major companies should want the server/peer to
be available to the client/peer 24x7.
One of the attractive attributes of Node.js is its ease of
extensibility. Areas that we have extended, especially those that will
be familiar to NSK users, include…
• Process-pair support so that Node.js runs non-stop,
without any extra work by the application.
• Enabling Node.js to run as a TS/MP serverclass,
transparently providing the inherent scalability and
persistence that TS/MP offers.
• Providing a simple JavaScript Pathsend interface so that a
Node.js application can front-end TS/MP.
• Extensive operational control and diagnostic capabilities
built-in to simplify usage and contribute to maintaining
availability.
Hold on a minute…what about SQL/MX?
There are many JavaScript applications that do not require
database services. Newer ones may take advantage of the new
quick and dirty NoSQL databases that are constantly being
developed, but as JavaScript becomes more popular it will require
for some applications a solid, scalable, ACID relational database
system. Any new software platform for NSK must address
integration with the HP NonStop RDBMS, SQL/MX. In addition
to the above extensions to leverage NSK fundamentals, Node.js on
NSK will allow existing, or new, JavaScript applications to access
SQL/MX using the same code they use to access Oracle, MS SQL,
IBM DB2, MySQL, PostgreSQL, etc.
Knowledgeable readers may question the capability of an
environment architected on non-blocking I/O, single event-loop
and handling multiple concurrent transactions to work successfully
with database drivers that don’t support asynchronous semantics.
In a vanilla Node.js environment, access to a database is
achieved using “worker threads”. Under the covers, in addition
to the main thread which operates as an event-based dispatcher,
Node.js maintains a thread-pool for use for blocked I/O. In a
typical SMP environment, a worker thread that does the database
work will not block the Node.js main thread. Once the work
is complete, the JavaScript application’s callback function is
eventually invoked. Note that from the application’s point of
view, the work is still asynchronous and the application is free
to service other requests concurrently. Importantly, from the
application programmer’s point of view – threads are not exposed.
In a NSK Node.js environment, SQL/MX integration will
leverage TS/MP. Instead of “worker threads”, use will be made
of “DB serverclass worker instances” (the executable will be part
Node.js on NSK
of the NSK Node.js distribution). Under the covers, the NSK
Node.js software will (via Pathsend) distribute SQL/MX work to
the appropriate TS/MP serverclass. Once the work is complete
(and the serverclass has replied), the JavaScript application’s
callback function is eventually invoked exactly as it is in a vanilla
Node.js environment. Again, from the application’s point of
view, the work is still asynchronous and the application is free
to service other requests concurrently. The DB serverclass is not
exposed to the application. The implementation on NonStop
continued on page 39
https://cruise.connect-community.org/
THE PREMIERE SECURITY EVENT FOR IT PROFESSIONALS IN 2015!
Join Connect and the Cloud Security Alliance for the maiden voyage of the Security on the
High Seas Conference. Conference attendees will receive TWO FULL DAYS of Security
Training, INCLUDING Cloud Computing Security Knowledge (CCSK) Training, and hot topic
presentations from leading IT security experts.
SECURITY EDUCATION FROM THE EXPERTS!
KEYNOTE PRESENTATION: Jim Reavis, Cloud Security Alliance
Security Lessons Learned from Enterprise Adoption of Cloud
LEGAL UPDATE: Linda Luckie-Anderson, Attorney at Law
When Cyber Pirates Attack: Current Trends, Legal Consequences and Strategies for
Protecting Your Organization
INNOVATION: Yash Kapadia, OmniPayments
The Smarts Behind EMV Smart Cards
TECHNOLOGY: Stefan Haertelt, T-Systems North America
Security and Big Data – New Opportunities and Challenges with Paradigm Shifting
Technologies
STRATEGY: Dr. Bill Highleyman, Availability Digest
DDoS Attacks Can Take Down your Online Services
www.connect-community.org
27
News from CTUG
This year's CTUG
conference on October
9th, 2014 was an
overwhelming success,
with record attendance.
The feedback from the
vendors was very positive
and said to be "the envy of all chapters
of the ITUG community". Education
Day enrollment exceeded expectations
for the OSS Fundamentals course, by
Roland Lemoine(HP).
We were very fortunate to have
Karen Copeland (Manager, NonStop
WW Production Management Team
and Tom Moylan (Director, Americas
NonStop Enterprise Division) provide
very informative updates for HP's
roadmap for NonStop. The keynote
presentation "The Internet of things"
by Justin Simonds (HP), was captivating
and complemented this year's theme,
"Opening a World of New Possibilities".
All vendor booths were allocated and we
were pleased to have 3 new vendors,
WebAction, Mapador and Infobal. All
9 vendor tracks were well attended. A
brief update was given by CONNECT's
CEO Kristi Elizondo.
A reception was held after the
conference where vendors and
attendees were able to socialize.
A Bank’s Crisis Migration to a
New Data Replication Solution
Paul J. Holenstein
Executive Vice President
Gravic, Inc
D
uring a system upgrade project, a major bank found itself
squeezed between either paying a large increase in license
fees for its current data replication engine or having those
licenses terminated. With only two weeks to go, the bank turned
to Gravic, Inc., for help. The Gravic technical team configured,
installed, and tested its Shadowbase data replication product in
time to replace the bank’s existing replicator before the licenses
expired. The bank is now extending its use of the Shadowbase
product suite to satisfy all of its data replication needs.
The Bank’s Heterogeneous Online Banking Systems
RAK and BASE24™
The bank is recognized as one of the most important global
systemic banks, one whose operations are a major underpinning
to the world’s financial community. It serves 50 million clients in
40 countries. The bank has been a user of HP NonStop systems
for decades, dating back to the Tandem days before Tandem
Computer’s ultimate acquisition by HP. Figure 1 depicts the bank’s
online banking applications as well as the bank’s ACI BASE24
environment for managing its ATMs.
The Real-time Authorization Kernel (RAK) is a home-grown
application that furnishes online customer services including
account-balance queries, fund transfers between internal accounts,
and fund transfers between customer accounts and external
accounts. RAK also provides online authorization services for the
bank’s credit cards and debit cards. The RAK database is primarily
HP’s SQL/MP.
The ACI BASE24 Classic system administers the bank’s ATMs.
It receives and manages the authorization of ATM withdrawals by
sending transactions to the banks issuing the cards that are used
at the ATMs. The BASE24 environment is primarily an Enscribe
environment and employs HP’s AutoTMF to audit and protect
the Enscribe data files. All ATM transactions are recorded in an
Enscribe log file.
RAK and BASE24 run on their respective HP NonStop systems,
which are configured as active/passive pairs for business continuity
purposes. One system in each pair is the production system
that performs all of the processing, while the other serves as its
backup. The database of each backup is kept synchronized with
its production counterpart via data replication. (Replication is not
shown in Figure 1.) In this way, the backup system is available to
take over processing if the production system fails.
The AIX/Oracle Reconciliation System
The bank’s RAK and BASE24 systems interoperate with an IBM/
AIX Unix system that uses an Oracle Real Application Clusters
(RAC) database. Online banking transactions and payment
card transactions must be sent from the NonStop RAK system
to the AIX system for reconciliation. Likewise, completed ATM
transactions must be sent from the BASE24 system to the AIX
system for analytical processing. The AIX system supports fraud
detection and in-depth business analysis and intelligence as well as
many other offline functions.
The Bank’s Use of Data Replication
Figure 1 – The Bank's NonStop Systems
The bank uses data replication for several purposes. HP
NonStop RDF replicates changes in an active/passive architecture
from a NonStop production database to its backup database. RDF
is utilized both by the RAK system and the BASE24 system to keep
their backup systems synchronized with their production systems.
Data replication is also employed to replicate data from the RAK
and BASE24 systems to the AIX/Oracle environment. RAK uses
SQL/MP tables, and BASE24 uses Enscribe files. Changes to these
databases must be replicated in real time to the Oracle relational
databases on the AIX system.
Thus, data replication is highly heterogeneous. The source
databases and the target databases are from different vendors. With
respect to BASE24, replication must occur from nonrelational
www.connect-community.org
29
Enscribe files to relational SQL tables. Data must be cleansed,
filtered, validated, and transformed as it is being replicated. Data
aggregation is also necessary when data from multiple source
databases is replicated to a single target database, which requires
the combining of fields and columns from differing files and tables
into a single target row. Likewise, data deaggregation is used to
send data changes from a single data source to multiple target
databases. Significant data normalization is employed to redefine
data formats between the source and target databases and to
convert the use of arrays and redefines between the databases. For
example, for the BASE24 system, the primary task is to convert
and replicate the variable length and format of Enscribe ATM
transaction log records to the table schemas used in the AIX/Oracle
analytics and reconciliation database.
The transaction and I/O rates of the SQL/MP tables (RAK) and
the Enscribe files (BASE24) are quite high, and they can spike to
several times the normal load during peak periods (for example,
holiday season). The replication engine must be able to handle
these high data replication volumes and to scale as the bank’s
business grows.
The Licensing Crisis
The bank planned to upgrade its NonStop systems to the
new NB54000 NonStop BladeSystems. The plan was for RAK
to run on a pair of eight-CPU NonStop NB54000 BladeSystems
and for BASE24 to run on a pair of ten-CPU NonStop NB54000
BladeSystems. All systems would be dual-core, though the
NB54000 NonStop servers easily could be upgraded to quad-core
without requiring an application outage. Because of the migration
to the new version of NonStop servers, the bank had to obtain
updated licenses for its replication products.
For many years, the bank had been using a third-party data
replication engine to replicate data between its RAK and BASE24
NonStop systems and its AIX/Oracle system. Although the bank
periodically had issues with the third-party’s offshore support
organization, the bank had no immediate intention of moving off its
current replication engine. The bank originally expected to migrate
its existing licenses to the new NonStop hardware when the upgrade
occurred. As it turned out, the renegotiation process stalled, and
significant licensing issues arose as time was running out.
In the end, the bank was able to negotiate a one-year extension
of its BASE24 to AIX/Oracle replication licenses under its
previously similar terms. Unfortunately, the bank discovered that
the data replication vendor required a substantial increase in its
license fees for the data replication engine needed for the RAK
system. The fees were partly based upon the use of quad-core
NB54000 blades; there was no price break for the bank using dualcore blades. The bank considered the new license fee proposal to be
cost-prohibitive and rejected it.
The Bank’s Options
The bank was faced with limited options to continue the
mandatory operation of its RAK system, and it did not have much
time to spare. The last-ditch alternative was to renew the RAK
license with the existing data replication vendor for the prohibitive
license fee.
To avoid this unacceptable option, the bank initiated an intense
development effort to build its own file-transfer facility so that
30
Nov/Dec 2014
RAK periodically could refresh the AIX/Oracle database with new
data changes made to the RAK SQL/MP database. However, the
transformations required to map the SQL/MP source database to
the Oracle target database introduced significant complexity, and
the batch nature of the data-refresh process meant that the target
environment would be working on stale data most of the time.
With time running out, the bank turned to HP for help. HP’s
response was to bring in Gravic and its Shadowbase data replication
product. The Shadowbase replication engine supports SQL/MP,
Enscribe, and Oracle (among many other databases) and comes
with a broad range of data cleansing, filtering, and transformation
functions. In addition, Shadowbase user exits allow the rapid
creation of custom transformations that are not already in the
Shadowbase repertoire.
The Shadowbase license fees were well within budget for the
bank. The bank decided to give Gravic the go-ahead to install the
Shadowbase replication engine, provided that the installation and
testing could be completed before the current RAK licenses expired.
The Race Against Time
By this point, only two weeks remained until RAK license
termination. Gravic assembled a team of its experienced software
engineers and began the installation effort. In order to configure
the Shadowbase transformation facilities, Gravic had to know the
transformations that were needed, requiring close coordination
with the bank’s technical staff. Major challenges quickly emerged:
• a bank requirement that all testing be physically performed
at the bank’s central European facilities;
• coordinating access to the key bank personnel, who were
heavily involved in their own day-to-day responsibilities;
• and implementing and testing the myriad functions that
perform the actual data transformations during replication
of events from the NonStop server to the Oracle target
environment.
Starting with the bank’s development environments, the needed
functions were quickly implemented and were tested with customer
test data. The effort then moved into the bank’s User Acceptance
Testing (UAT) facility. However, this environment was significantly
scaled back from the full-blown production environment, meaning
that data loading and testing could be simulated but could not be
completely performed until production roll-out. The team validated
the Shadowbase implementation in the UAT environment by
running it in parallel with the existing data replication solution.
The target database tables between the two systems were compared
to verify that they did indeed match and were processing the source
data in the same way for the same types of application events.
Once the Shadowbase UAT environment was validated, the
bank scheduled the production roll-out. A Friday afternoon was
selected to allow sufficient time for monitoring the new solution
over the weekend, during which periodic full-daily processing
cycles were performed, including load scale up/down functions. By
the end of the weekend, all functions had been confirmed, and full
production processing continued the following week.
The result included long hours by the bank and Gravic staff to
obtain the information they needed, to configure the Shadowbase
replication engine to meet the replication requirements, and to
thoroughly test and deploy the Shadowbase solution. These steps
demanded considerable onsite effort from the Gravic team.
With great relief on the part of the bank, the Shadowbase effort
was successful. In just two weeks, the Shadowbase replication
engine was installed and was working in production, replicating
data from the RAK system to the AIX system. The bank avoided
having to purchase an expensive license for the upgrade and began
its efforts to consolidate and base its replication solutions on the
Shadowbase product suite.
Lesson Learned
Of course, performing a migration from one product to another
can be a risky endeavor even under the best of circumstances.
Typically, projects such as these should be undertaken when there
is sufficient time to fully plan the effort, fully test the new solution,
and then fully deploy the replacement solution on your schedule
and not an artificial one imposed by a nearly impossible-to-meet
license expiration deadline. Unfortunately, not leaving enough time
or allocating sufficient resources to the replacement project is an
all-too-often barrier to success, subsequently forcing the customer
to continue along with what it has done before, working under less
than desirable circumstances. The obvious lesson here is to start the
planning process as early as possible with sufficient management
support to see it through to the end.
The Next Steps
BASE24 Replication
The bank was still left with the one-year data replication engine
license for its BASE24 system. Should the bank extend that license
or switch to the Shadowbase replication engine to replicate data
from the bank’s BASE24 system to its AIX/Oracle system? It made
sense to have only one replication engine product to maintain.
Besides, the Shadowbase license fee cost was substantially less than
the existing data replication license fee. The bank therefore decided
to switch to the Shadowbase replication engine for BASE24 data
replication. With only three months to go on the existing data
replication license, the bank authorized Gravic to proceed with
configuring the Shadowbase replication engine for the BASE24
Enscribe-to-Oracle replication task.
Though more time was allocated than for the original RAK
installation, a new challenge arose. The data structures for the
ACI BASE24 Enscribe files required considerable scrubbing and
cleansing to transform the data into the required target SQL
formats. The Gravic team once again worked diligently with
the bank staff to implement the conversion functions, to test
the new solution, and to deploy it into production before the
existing licenses expired. The bank was now completely off of
the previous data replication vendor’s solutions and successfully
onto Shadowbase technology.
Disaster Recovery Replication
The bank still uses an active/passive architecture for its
disaster recovery processing. This architecture actively runs the
application on one node, while the other node sits idle receiving
the database changes. If a failover needs to occur, the database
on the standby node must be brought into a consistent state,
the application on the standby node must be started, and the
network must be rerouted so that user requests can be sent to
the standby node’s applications. In addition, the replication
engine must be reconfigured to reverse replicate new database
changes to the failed node to eventually recover it.
All of this effort takes time and can be risky if one or more
of the failover sequences faults. How can that occur? It turns
out that failover faults, where the failover process does not
go according to plan and an extended outage occurs, can
happen much more frequently than expected, especially if
the standby environment is not thoroughly, successfully, and
periodically tested. Since testing often has to take down the
production application environment, this function is usually
slated for off-hours and infrequent time frames, which leads to
incomplete testing when the failover does not complete within
a preapproved outage window. Without complete testing, how
can the configuration of the backup system be ensured to
remain identical to that of the production system? Otherwise,
the failover may fail. Configuration drift is a leading cause of
failover faults, in which changes made to the production system
fail to be made to the backup system.
The way to improve on this model and to improve the
bank’s overall application availability profile is to look to the
more advanced business continuity architectures, including the
Shadowbase Sizzling Hot Takeover (SZT) architecture and the
Shadowbase active/active architecture. In an SZT architecture,
the application is up and running on both nodes, although only
one node is typically receiving database change requests. (The
other node can be receiving and processing read-only/reporting
or query requests.) The application on the “standby” node has
the data files and tables open for read/write access and has
made all external connections. The data replication engine is
configured for bi-directional replication.
The benefit of this architecture is that the application is fully
running on both nodes at all times. If a failover occurs, no delay
is needed to bring the database into consistency, nor to bring
the standby application up. Additionally, the standby application
is in a known-working state as it is already running. A best
practice is to send periodic test transactions to it against test
accounts. These test transactions will ensure that the application
on the standby node is functional for end-to-end processing.
Hence, no production application outage needs to occur to test
the standby node’s application processing; and the testing can be
continuous, performed at any time of the day or night.
With bi-directional replication configured, the reverse
replication path also validates that it is functioning. If a failover
occurs, no change to the replication environment is needed, and
the backup system will start to queue the database changes for
the reverse replication to resynchronize the original production
database once that node is recovered.
Once the active/passive architecture has been replaced with
an SZT architecture, a final step will be for the bank to migrate
from the SZT configuration to an active/active system, one
in which both nodes share the transaction load. Each system
replicates its database changes to the other database so that
the applications on both systems have the same view of the
application state. Failover is rapid, measured in seconds, and
is reliable since it is known that both systems are working
properly. Both are processing transactions. Furthermore, when
a failure occurs, fewer users and data are affected, as only those
users connected to the failed node actually have to fail over.
www.connect-community.org
31
WHEN DOES YOUR BUSINESS NEED TO
BE AVAILABLE TO YOUR CUSTOMERS?
ALWAYS!
MAKE CONTINUOUS
AVAILABILITY THE RULE!
• HP NonStop technology makes
localized fault-tolerance a reality.
• HP Shadowbase software extends
this technology to geographic
fault-tolerance.
• Minimize risk by selecting the right
HP Shadowbase business continuity
and data integration architecture
to meet your business needs.
• HP Shadowbase software
is now directly orderable from HP.
For more information on
Shadowbase Total Replication Solutions®, please download our product datasheet:
www.gravic.com/shadowbase/pdf/white-papers/Shadowbase-Total-Replication-Solutions-Product-Datasheet.pdf
www.gravic.com/shadowbase
©2014 Gravic, Inc. All product names mentioned are trademarks of their respective owners. Specifications subject to change without notice.
Summary
The bank was caught off guard by a large increase in license
fees for its RAK replication engine. With little time to act, it had
to develop multiple contingency plans to continue in operation.
These plans included relicensing the current replication engine
at a significant increase in license-fee cost, building its own
replication facility, or moving to another replication engine.
To avoid the substantial increase in license fees, the bank first
decided to build its own replication utility as a fallback plan. This
option used a micro-batch refresh approach to periodically load the
source database changes into the target database on a set schedule.
Unfortunately, choosing this option meant that the data in the
target was immediately stale after each cycle, and the application
Service Level Agreements (SLAs) required current data at all times.
Clearly, a real-time data replication solution was needed.
Hence, the bank initiated an aggressive plan to migrate
to another data replication engine. Fortunately, this effort
succeeded. With only two weeks to act, the Shadowbase team
of software engineers configured the Shadowbase replication
engine to properly transform and replicate RAK SQL/MP data
to the AIX/Oracle system. With an intensive effort constrained
severely by time, Gravic was able to help the bank avoid the
costly relicensing of its previous data replication engine.
The bank is in the process of deploying Shadowbase
replication solutions for its other data replication needs.
Shadowbase software now performs the BASE24 to Oracle
replication function, and the bank is investigating the
enhancement of its business continuity solutions to a
Shadowbase SZT model as an interim step to ultimately
achieving an active/active implementation.
The Shadowbase Data Replication Engine
The Shadowbase data replication engine provides homogeneous
and heterogeneous data replication between diverse databases and
applications. Shadowbase data replication can take place between any
supported source database and any supported target database. Either
database may be a relational database or a non-relational database.
Shadowbase business continuity solutions span the active/
passive architecture to the Sizzling-Hot-Takeover architecture,
to a fully active/active architecture. Whereas these solutions help
eliminate unplanned application downtime, the Shadowbase
Zero Downtime Migration (ZDM) solution eliminates planned
downtime for complex system, site, database, and application
upgrades and conversions.
In addition, Shadowbase solutions provide data integration
and synchronization, as well as application integration. In
these cases, data changes typically need to be replicated from
one environment to another, for example to feed operational
database changes into a data warehouse. Similarly, using
Shadowbase technology, real-time business intelligence systems
can be built by combining the output of one application with
the input of another application, for example feeding a real-time
fraud detection system with transactional activity flowing across
a financial message switch and returning the results to flag
suspicious activity.
The Shadowbase data replication engine includes powerful
transformation facilities that map data between the source
database structures and the target database or target application
structures. Shadowbase user exits allow special transformation
customization functions to be embedded into the replication
engine for transformations that are not directly supported.
Attributes of Shadowbase data replication are low latency, high
capacity, heterogeneity, powerful data transformations, flexible
end points, and continuous availability. Integrating heterogeneous
data resources is a formidable challenge, a challenge that is
solved by Shadowbase software.1 These Shadowbase solutions are
available from HP under the HP Shadowbase product name.
1
For more information, visit Gravic’s website, www.gravic.com/shadowbase/whitepapers, to see the white papers: Shadowbase® Streams for Data Integration and Choosing a Business Continuity
Solution to Match Your Business Availability Requirements.
Paul J. Holenstein is Executive Vice President of Gravic, Inc. He is responsible for the Shadowbase suite of products. The Shadowbase replication engine
is a high-speed, unidirectional and bidirectional, homogeneous and heterogeneous data replication engine that moves data updates between enterprise
systems in fractions of a second. It also provides capabilities to integrate disparate operational application information into real-time business intelligence
systems. Shadowbase Total Replication Solutions® provides products to leverage this technology with proven implementations. For further information
regarding Shadowbase data integration and application integration capabilities that can assist in solving big data integration problems, please refer to
the companion documents Shadowbase Streams for Data Integration and Shadowbase Streams for Application Integration, or visit www.Gravic.com/
Shadowbase for more information. To contact the author, please email: SBProductManagement@gravic.com.
Did You Know?
iTP Secure WebServer 7.5
Did you know that HP recently released even more enhancements to the iTP Secure WebServer product with release
7.5? These features include:
•
Encrypting exported keys and importing already encrypted keys
•
Distinction between client & server root, intermediate, and leafcertificates
•
SHA256 Hashing Algorithm
•
Online update of individual serverclass configuration
•
Configurable HTTP(S) POST request size
Contact your HP Nonstop sales representative for more information
www.connect-community.org
33
The Renewed Need for Secure
Managed File Transfer
Richard Buckle
Founder and CEO
Pyalla Technologies, LLC
R
enaissance is a very strong word and yet, it leaves no
doubt that change occurred. Technology tends to be
cyclical in nature, where companies and products can
be considered as having very definitive lifecycles and yet,
time and again, there’s evidence of transitions taking place in
response to the emergence of new cycles emerging in response
to changing market needs. Astute vendors can hitch a ride on
a new lifecycle and, in so doing, reinvent themselves. One
such vendor is the owner of the product, DataExpress (DX);
once a major contributor in the NonStop world as it capably
moved files between companies, partners and agencies of late
it has appeared to be in the background. However, today the
headlines are dominated with stories of security breaches and
compromised data so almost overnight, secure managed file
transfer is a must.
A resurgence in the need for DataExpress is coming at a
time, too, when the NonStop community may not even be
aware of the product’s capabilities. Coming off participating in
user events in the mid-Atlantic and Canada, I had noticed that
the NonStop product management partner slide didn’t even
include DataExpress – a situation that has now been addressed
– so I reached out to the management team at DataExpress
for an update, together with insight into what now drives the
company. What follows here comes as a result of interviews
with CEO, Billy Whittington (BW), President, Michelle
Marost (MM), and Senior Analyst, Susan Raye (SR).
Looking all the way back into the 1990s, how did
DataExpress, the company, come into being?
MM: “It started out with Billy and myself doing consulting
in the file transfer marketplace following stints with companies
providing product. People familiar with the System Center
(later Sterling Software) product Network Data Mover (NDM)
may know us. In 2000, when Sterling Williams divested of his
two companies (Sterling Commerce & Sterling Software), we
felt that the market would be receptive to our independent
technical capabilities on Sterling’s system management and file
transfer products. We registered a consulting company, and
stared the world in the face.”
BW: “Michelle and I had worked together for a long time
and trusted each other’s judgment so it was an easy call to go
into business together and at the time, our skills in file transfer
products seemed marketable.”
MM: “Our first client, a major credit card company, was in
the process of building a new infrastructure, eliminating a host
of disparate communications mechanisms and consolidating
them onto a new store-and-forward gateway operation, all
based upon the resilience of NonStop technology. The goal was
to connect with a pilot ‘member’ organization, and then rapidly
migrate a select group of endpoints in order to prove the
solution. As the solution was similar to a previous project we
undertook in South Africa some years before, it was reasonably
simple to understand the desired end result.”
BW: “When it comes to deciding who does what, working
for this credit card company, we literally transitioned from
one role to another as the need demanded, and this was to put
us in a very good position when later we became a product
company.”
What then did lead to you becoming a product company
and how did you manage to turn this into a successful
endeavor?
MM: “At first, we were retained to support the Sterling
Commerce file transfer product but we intentionally
increased our knowledge of the adjacent products and
disciplines until we had a favorable understanding of the
entire deliverable. Working in close harmony with specialists
across multiple disciplines, we were able to assist with
bringing the credit card company’s project back on target
which culminated in the two of us being 50% of the ‘go live’
team. After the Pilot member was deployed, we were reengaged to stay with the project through the deployment of
the top 300 connections, delivering twice-yearly planned
architected enhancements to the solution along the way.
This engagement enabled us to grow our team to 19 strong,
and lapped over 7 years of continued participation in both
development and production support.”
34
Nov/Dec 2014
BW: “There is no denying that the experience gained with
this first project not only put us in a good position knowledgewise, but further developed our business skills. Simply being
re-engaged twice was a significant milestone of itself.”
MM: “During this time, the ‘traffic cop’ at the core of the
solution, DataExpress for NonStop, came up for acquisition
and it made perfect sense for us, as a company, to invest in the
product itself. This increased its foothold, its customer base
and put its experienced technicians to great use. In 2004 the
acquisition was completed with two products, DataExpress for
NonStop (DXNS) and DataExpress for Open Platform (DXOP).
Since then our company underwent the metamorphosis from
being a consulting company into a product development and
support entity, DataExpress, with a marquis customer base. Our
continued investment in the products has seen these products
grow to meet the technology enhancements, requirements and
demands that make for a robust product offering.”
Purchasing both a NonStop product line as well as an Open
Platform offering, was there just one code base? A common or
shared architecture, or were the products aimed for different
use-case scenarios?
BW: “Looking back at the decisions we took at the time it
seemed rather routine – two products, two teams. Michelle
continued with the NonStop product whereas I took on
oversight for the Open Platform product. Very quickly, we
came to understand the culture and philosophy of our target
audience very well. And it was very different – the mature
operations focused NonStop users versus the less structured
‘it’s just Windows’ attitude of the Open Platform community.
The products were different and that was deliberate as it was a
reflection on where in the customers’ business the two products
resided. While it had been acceptable to directly connect
NonStop to the WAN networks of the day, with the arrival
of the Internet, customers preferred to front-end all network
connections rather than having the NonStop system exposed to
the global web.”
MM: “When we bought DataExpress we added 24 customers
essentially overnight and just as other vendors working with
primarily Financial Institutions (FIs), we were impacted by the
frenetic Merger and Acquisition activities of the past decade,
but even as some customers were consumed by others we
were still able to add new customers. Furthermore, with the
experience we had and with the knowledge we accumulated
from our consulting days, we were well positioned to build
a lot of add-on features that we introduced into the install
base. These were all aimed at supporting different customer
requirements, but the choice of platforms NonStop and Open
Platforms (Windows, Linux, OSX and Unix) and their role
within the data center / network dictated that we maintained
different products.”
Today you are a company focused on secure managed file
transfer – a far cry from what others may view as leading
edge or exotic. Clearly, with what we have seen in the media,
the highlight of 2004 for you has had to have been security
– and is that what continues to make product development
interesting today?
BW: “When we started, it was all about making sure we
could move a file from one place to another in a managed way.
That is, our customers could schedule a file transfer and they
could track the transfer as needed and all the time, be assured
that the file would arrive at the right destination and on time.
We also saw how many companies made the assumption that
this was an easy task to complete. More often than not, when
it came to implementing completely new applications, getting
data to where it was needed was often overlooked until the
very end of the project oftentimes jeopardizing the entire
project. Our focus has remained on ensuring the ever-growing
complexity appears "easy" in the eyes of the user.”
MM: “I think the answer here is security, knowing where any
file is at any time. Since early DX customers were the banks,
it was critical to know where each file was in the flow. DX
tracks each file as it arrives and as it is delivered. Originally,
DX was designed on NonStop to handle the legacy modem
communications via Async, Bisync, and SNA but today, DX
provides IP connections as well along with a full suite of
encryption protocols to support current requirements for file
transmissions, all in a single application. And yes, we work with
other NonStop partners and take advantage of their product
offerings, and comForte is one such vendor.”
BW: “I agree, what makes DXNS and DXOP so interesting
today is the increasing element of security. We have gone
to great lengths to make sure you don’t need to be worried
about security when it comes time for your company to move
anything at all. With as many headlines as we have today
featuring break-ins with data stolen and personal information
compromised, businesses in every market are, or should be,
very concerned about moving files even when the mesh of
interconnectivity and dependence is escalating, particularly
when it includes government regulation.”
MM: “Another feature that differentiates DX from other
products is our scheduling and tracking. This is especially
important for financial data with Service Level Agreement
(SLA) requirements where the penalty for failing to meet them
has a direct financial impact to your bottom line. You need to
know exactly where the data is at all times and our product
can reach out to you if it isn’t where it should be, at the time
it should be there. DX also allows remote sites to send in data
using one method and deliver the data using another. For
www.connect-community.org
35
SEARCH
C2 / Crunching Big Data
SMARTER
Tap into the incredible network of the HP Enterprise User Marketplace brought
to you by Connect. The Marketplace enables busy HP business technology
professionals like you to cut through the clutter of traditional search engines.
Perform targeted searches for industry related products and services all from one
convenient place.
Vendors– Interested in reaching your target market 365 days a year? Call 1-(800)
816-6710 or send an inquiry to connect@multiview.com for more information.
START YOURS & MAKE IT A FAVORITE PAGE:
HPEnterpriseUserMarketplace.com
OR SCAN THE QR CODE TO THE RIGHT
30
example, the remote can send data to DX using HTTP/s, with
DX forwarding the data to the backend host via SSH. In this
case, the backend host does not need to be able to handle
HTTPS, DX provides the single point of entry with the internet
and limiting the site’s exposure to the outside world. The
original DX runs on the NonStop platform and has provided
a reliable gateway for data transmissions for over 25 years. However, with more and more IP traffic, security departments
are requiring traffic to flow through a DMZ site rather than
directly to the Nonstop. This is where our DXOP product
bridges the gap. DXOP runs both, at the DMZ, via a Secure
Gateway, and behind the firewall, where files are securely stored
and forwarded to the Line of Business for processing.
SR: “This is the year of security. What I am seeing within the
customer base is a recognition that you can’t just pull down a
security module and believe you are alright. You have to install
it, you need to maintain it, and at every step, you need to be
vigilant. This is our area of core competence and we continue
to listen to our customers as they consider anything new that
appears in the marketplace.”
BW: “For us, what really makes it an interesting area to
be working in and why we are seeing a renewed interest in
our company has to do with the sum of all the little things we
have done to protect the data within the files our customers
have to move. Whether it is a bank transferring sizable sums
of money or a medical center passing on patient records, no
business wants to have the data compromised nor do they want
to find out that the file simply disappeared. And here’s where
I see NonStop systems having a distinct advantage reflecting
the maturity you find in their operations center. With our
DX product, there’s likely to be one, maybe two releases a
year but when it comes to DXOP, it’s a more rapid-fire type of
distribution methodology as the landscape changes much faster.
Again, NonStop customers are exhibiting a desire to be ‘leading
edge, conservatively’ – they want to be seen to be a leading edge
FI but not at the expense of security.”
No conversation can be complete of course without a look at
what is in the works – when it comes to moving files, what are
you now bringing to market?
SR: “Clearly, what we are doing now that excites us has to
do with the world of email. Society in general and business
particularly, is becoming over-reliant on email attachments.
DataExpress now has two new components, DXOP Impulse and
DXOP Email Interceptor. DXOP Impulse is where we started
– giving users a browser-based ability to identify files to be
distributed to one or more recipients via HTTP/s and where
emails are automatically created, notifying intended receivers.
However, with the dialogues we had with customers, this led
to DXOP Interceptor which allows businesses to control email
attachments.”
MM: “Yes, our latest addition provides for secure handling
of email attachments, an area of high security risks. Today
everyone has spam filters on their incoming email, checking for
junk or malicious intent, normally unbeknown to the average
corporate user, yet nobody has that type of filtering silently
protecting their outbound attachments – until now. DXOP also
provides for ad-hoc file transmissions: you enjoy the security
and tracking capabilities of standard DXOP jobs without the
requirement to set up an individual job each time you need to
send files securely. And yes, the source files can originate on
NonStop systems and leverage the presence of DXOP as a frontend satisfying all the needs that security staff have today.”
BW: “‘If we didn’t have fraud, I wouldn’t have a job,’ I was
recently told and it’s a reflection on the state of technology
today. As I look at what is in the works, I cannot ignore
what’s happening in the world at large. In America, we have
the changes in healthcare brought about by the current
administration and this is impacting healthcare providers
across the nation – it’s forcing the entire healthcare industry
to up their investments in infrastructure, including IT. And
front and center of such infrastructure upgrades is the secure
file transfer of patient information. And of course, the sheer
volume of emails that attract the hackers of this world opens
the door wider for even greater opportunity for our company.”
Like many in the NonStop community, I suspect I simply
overlooked the need to secure and manage file transfers.
The increasing reliance on SLAs and the huge penalties that
are levied should timeframes be missed – current penalties
when dealing with the U.S. Federal Reserve can run into the
millions of dollars – mandate sophisticated, mature, resilient
solutions and for the NonStop community, these are at hand
and available from DataExpress. Like many, too, I am not
easily moved by the latest gee-whiz technology but when it
does come to having something of mine moved I don’t want
the world looking over my shoulder! And yes, I truly see the
new development by DataExpress moving into the world of
managing email attachments as an example of technology
spawning a brand new lifecycle!
Richard Buckle is the founder and CEO of Pyalla Technologies, LLC. He has enjoyed a long association with the IT industry as a user, vendor, and more
recently, as an industry commentator. Richard has over 25 years of research experience with HP’s NonStop platform, including eight years working at
Tandem Computers, followed by just as many years at InSession Inc. and ACI Worldwide.
Well known to the user communities of HP and IBM, Richard served as a Director of ITUG (2000- 2006), as its Chairman (2004-2005), and as the
Director of Marketing of the IBM user group, SHARE, (2007-2008). Richard provides industry commentary and opinions through his community
blog and you can follow him at www.itug-connection. blogspot.com, as well as through his industry association and vendor blogs, web publications
and eNewsletters.
The quotes come from some of Richard’s clients including HP, Integrated Research, comForte, DataExpress, WebAction, Inc., InfraSoft, and OmniPayments, Inc.
www.connect-community.org
37
Thank you to the NonStop Advanced Technical Boot Camp Sponsors
2014 NonStop Technical Boot Camp Sponsors
DIAMOND
Sponsor
PLATINUM
Sponsor
GOLD
Sponsor
SILVER
Sponsor
www.connect-community.org
Node.js on the HP NonStop Server
continued from page 27
using serverclass instead of threads makes it a less complex
way of handling waited I/O than the creation and usage of
“worker threads”. It also provides easier and better elasticity
since serverclass instances are under the control of TS/MP
and effectively the Node.js application can “assume” a limitless
number of available “worker threads”.
Using a DB serverclass introduces the possibility of different
techniques of DB access – for example, a DB serverclass that uses
dynamic SQL and the SQL/MX CLI directly, or a DB serverclass that
relies on ODBC/MX and the SQL/MX Connectivity Services (MXCS).
Finally, although not specifically related, it should be noted that an
existing TS/MP serverclass that uses embedded SQL should be accessible
to JavaScript applications using a Pathsend API – the message flowing
across that API of course being specific to the application.
Last but not least - a sincere vote of thanks
This project would not have been possible without the
guidance and knowledge provided by various staff members of HP,
particularly individuals from the America’s NonStop Consulting
group, the ATC, and Development.
References
[1] http://nodejs.org/industry
[2] http://blog.rivaliq.com/develop-double-time-node-plusstreamline
Bibliography
http://nodegeek.net/2013/12/nodejs-v8-history
http://code.google.com/p/v8/
https://developers.google.com/v8/
http://nodejs.org
http://blog.nodejs.org/2011/09/23/libuv-status-report/
Mike Cantelon, et al. Node.js in Action. ISBN 9781617290572.
Manning Publications Co. 2014.
http://www.crockford.com/javascript/javascript.html
http://www.ecma.international.org
http://blog.rivaliq.com
http://docs.nodejitsu.com
http://thechangelog.com/116
http://www.joyent.com/developers/videos/node-summit-node-jsin-the-enterprise
David Finnie is VP, Development at Infrasoft. Finnie has over 25 years of designing and developing software for NonStop systems, with an emphasis on
high performance middle-ware. He has worked at customer sites and at ISV's on a variety of projects and products, on a range of operating systems and
platforms. Finnie is a co-founder of Infrasoft Pty Ltd.
Neil Coleman is CTO, Infrasoft. Coleman has over 30 years of designing and developing software for NonStop systems, with an emphasis on high
performance middle-ware. He has worked at customer sites and at ISV's on a variety of projects and products. Coleman is a co-founder of Infrasoft Pty Ltd.
Do you have
your Library
Card?
Get your Card from HP Education
Services and start checking out the
Security User Awareness Training Library
HP offers computer-based training (CBT) that has advantages like:
• The ability to scale the training across your organization.
• Users can take training as per their schedule.
• It ensures that your program communicates a standardized message.
• It is easier to track who took the training, which is often required for
compliance purposes.
Free 21 Day Trial Available Now
Library Card Available January 2015
Why choose HP Security User Awareness training?
• More than 40 engaging modules.
• Available in 28 languages.1
• Sharable Content Object Reference Model (SCORM)
compliant.
• U.S. Federal 508 compliant for compliance with the
Americans with Disabilities Act.
• Regularly reviewed and updated.
• Global content for global enterprises.
Get your Card...Get Secure.
Learn more at
hp.com/learn/securityawareness
www.connect-community.org
39
OmniPayment’s Yash Kapadia Was Happily Retired
Until His Wife Demanded He Return to Work
Janice Reeder-Highleyman
Principal
Reeders & Writers
Introduction
Leave it to the spouse to know what is best for the family. Back
in 2003, Yash Kapadia and his Opsol Integrators performed so well
with a fixed-price contract that Yash was able to retire and devote
24x7 attention to his family. Six months later, retired life ended
abruptly when Yash’s wife insisted he return to work. So back Yash
went from nonstop at home to the NonStop environment where he
had thrived for years. Just in time to create OmniPayments.
Opsol and OmniPayments were
the Brainchildren of a Tandem
Developer
OmniPayments (www.omnipayments.
com) is an HP NonStop-based financialtransaction switch that offers customers
all the requisite functionality to manage
credit-card and debit-card transactions. It is
Yash Kapadia
one member of the Opsol family of NonStop
mission-critical solutions for the financial industry. Opsol was
founded by Yash in 1995, shortly after he left Tandem Computers.
During his tenure at Tandem, Yash assumed numerous
responsibilities. Originally a member of the NonStop Kernel Group,
Yash next worked as a developer within the OSS environment. A
position with Tandem Information Services (TIS) led to Yash
managing a 150-person team that developed specialized applications
for customers such as United Airlines and John Deere. When Bill
Heil, at the time a Tandem product manager, needed a developer
to build a Tandem-based web server, Yash volunteered. Within
six weeks, he completed what soon became known as the iTP
WebServer, a port to Tandem from an open-source Internet server.
The Founding of Opsol Integrators
Within the IT industry, it is common for the staff of major technology
organizations to leave employment in order to develop solutions and
services that complement those of the companies they departed. When
Yash left Tandem, he didn’t abandon the NonStop platform. Instead,
he founded Opsol Integrators Inc. (www.opsol.com). Opsol is short for
“Open Solutions,” and the company addressed customer interest in what
was then the new development model of open source. More specifically,
Opsol specialized in porting open-source solutions to NonStop servers
running under OSS (Open System Services).
Opsol’s first customer was a major U.S. bank. Opsol helped the bank
to reengineer and re-architect its NonStop Guardian ATM applications
to run under Tuxedo and NonStop OSS. In the late 1990s, Tuxedo was
the predominant transaction monitor. The bank intended to migrate its
applications to Tuxedo so that the applications could interoperate with
Tuxedo applications on other systems. Today, the bank’s Tuxedo-based
applications remain in use and process 1.8 million daily transactions.
40
Nov/Dec 2014
During this time, Yash maintained close ties with Tandem. He became
a certified Tandem instructor and taught classes all over the world in
subjects such as TS/MP, TM/MP, OSS, iTP WebServer, and later Java.
Opsol Takes a Risk with Fixed-Price Contracts
Fixed-price contracts are unpredictable. Deadlines may be
missed by wide margins, and costs can escalate quickly beyond
original estimates. It is the vendor that carries the risk, and that is
why so many vendors are unwilling to absorb unforeseen costs and
time overruns. Nonetheless, Yash is a risk taker. He decided early
on that multiple NonStop opportunities existed for a partner who
was willing to undertake fixed-price application development.
A. G. Edwards, a major U.S. broker-dealer, was Opsol’s first
fixed-price customer. The contract stipulated the development of
a trading application to be ported from an IBM mainframe to a
Tandem system. If the port was successful, A. G. Edwards would
purchase a Tandem system and would pay Opsol the agreed-upon
fixed price. If the port did not work, A. G. Edwards paid nothing.
The customer set a specific benchmark for Opsol. The system had
to support 8,000 brokers and process seventy transactions per
second, a significant transaction volume back then. To reinforce its
development efforts, Opsol acquired its own Tandem system and
successfully executed on time and within budget the port of the
trading application to run under OSS.
Opsol was now firmly established in the fixed-price business,
and more customers signed on. Yash and his team developed
financial applications for Citbank of Mexico (Banamex); and
Citibank was the first to purchase OmniCrypto, Opsol’s encryption
software. A new financial trading system running under NonStop
OSS was built for the Bourse de Paris (now Euronext Paris). A
major ISP (Internet Service Provider) turned to Opsol for OSS
application-development services when the ISP became one of
Tandem’s largest customers.
NonStop and Opsol – Perfect Together
People who worked on the NonStop platform are often linked
to NonStop forever. That certainly is the case with Yash. During
Opsol’s early years, Yash negotiated an outsourcing agreement with
Tandem to perform application development for Atalla, a Tandem
subsidiary that served as
Tandem’s encryption arm.
Atalla provided hardware
security modules (HSMs),
external devices that performed
all at-rest and in-flight data
encryption functions, and
key management for Tandem
Yash and Ajaya Gummadi, Worldwide
applications.
Product Manager for NonStop Products
Yet another Tandem/Opsol collaboration was the execution of ZLE
for Tandem. ZLE, or Zero Latency Enterprise, was a Gartner Group
term for any strategy that combined information across technical
boundaries (operating systems, database management systems,
programming languages, etc.) to enable real-time business benefits.
Tandem asked Opsol to assist with the development of custom
software for Tandem’s ZLE version, which allowed disparate data to be
moved in real time and in a common format to an Operational Data
Store (ODS). There the data was available immediately.
Tandem succeeded in displaying to a large retailer the power
of ZLE, but the ZLE implementation stalled at that point. Yash
believed that there was more potential for ZLE than Tandem
realized, so Opsol negotiated the acquisition of Tandem ZLE’s
intellectual property rights. Soon after, ZLE was reborn as Opsol’s
OmniHub, a NonStop data integration solution for companies
requiring IT infrastructure integration in order to capture a single
view of their customers’ transactional activities.
Yet Another Fixed-Price Opportunity Paves the Way
for Yash’s Early Retirement
OmniMessaging from Opsol evolved from yet another
intellectual property acquisition. In the early 2000s, with Tandem
via Compaq now under the umbrella of HP, Opsol successfully
negotiated the rights to HP’s NonStop Internet Messaging solution.
Internet Messaging delivered secure, reliable, and scalable
messaging services for telcos, mobile operators, governments, and
large enterprises. OmniMessaging became the name of the newly
acquired product, and Yash found a promising opportunity with
a major Japanese telecommunications operator. The telco had
been using a Sun server for its messaging system, and the system
had proven unreliable as the telco’s subscriber base expanded. As
a result, the telco was eager to consider alternatives, one of them
being the fault-tolerant HP NonStop.
Opsol was able to secure a fixed-price development contract.
However, the contract’s terms and acceptance test criteria were
onerous for Opsol. Build on HP NonStop a reliable OmniMessaging
platform that integrates successfully with the telco’s existing
applications, or get paid nothing. Few vendors would have exposed
their businesses to such potential for failure. But Yash and his staff,
by this time fixed-price veterans, were confident that the risks in
terms of deliverables, quality, and schedule could be managed.
The project proved to be far more challenging than Yash had
anticipated. Yet in 2003, all acceptance test criteria were met; and
the telco adopted the OmniMessaging platform on NonStop. With
huge risks come huge rewards. The telco’s payment to Opsol was so
lucrative that Yash Kapadia was able to retire.
“A Retired Husband is Like Having a Grand Piano in
the Kitchen”
To quote from television’s long-running hit The Cosby Show, "A
retired husband is like having a grand piano in the kitchen. It looks
good, but the damn thing is always in the way." We will never know
what exchanges took place between Yash and his wife, but retirement
for Yash lasted a mere six months. With his company still intact and
with his relationship with HP still strong, Yash reentered the work force
with an eye to focusing Opsol’s talents on solutions for the payments
industry. Opsol already was heavily involved with Citbank of Mexico,
and Rabobank in the Netherlands was now an Opsol customer.
The U.S. bank that had been Opsol’s first customer had early on
adopted BASE24, the electronic retail payment switch from ACI
Worldwide. Widely deployed in the financial payments industry,
BASE24 ran on the bank’s NonStop servers. The bank maintains a
network of 15,000 ATMs and thousands of retail POS (point-of-sale
devices). It decided to add consumer-friendly, personalized ATM
services and selected Opsol to build a new ATM-management
system. Yash and his team installed Opsol’s OmniATM solution
to manage the enhanced ATM network and interfaced OmniATM
with the BASE24 transaction switch. The bank was so satisfied with
Opsol’s performance that it recommended Opsol to another U.S.
bank. Soon after, that bank became an Opsol customer as well.
BASE24’s Sunset on NonStop Heralds the Birth of
OmniPayments
In 2008, ACI Worldwide announced the sunset of its BASE24
financial-transaction switch on NonStop servers. Ending as well would
be ACI’s support for existing NonStop BASE24 applications. The sunset
of such a popular product furnished Opsol with a huge opportunity.
Yash observed the dilemma posed to NonStop users by BASE24’s exit.
Users could migrate to BASE24 on IBM mainframes; they could upgrade
on NonStop to ACI’s BASE24-eps, a completely different product; or
they could consider the use of other vendors’ solutions. Yash decided
that Opsol should be one of those other vendors and introduced a new
transaction-authorization switch, OmniPayments, to serve as a BASE24
replacement.
Opsol already had a head-start on OmniPayments’ development.
OmniATM, OmniCrypto, OmniHub, and OmniMessaging were
installed in numerous locations worldwide; and the four products
formed the basis for the OmniPayments solution. Additional modules,
including OmniDirector, OmniOffender, OmniPOS, OmniReplicator,
OmniStandin, OmniLogger, OmniConsole, and OmniDash, completed
the OmniPayments layered design. Some components can be purchased
separately and are used by Opsol to develop custom applications. All
modules are SOA (service-oriented architecture) compatible.
In 2009, an OmniPayments pilot project was initiated with the U.S.
bank where OmniATM already was installed as the ATM management
system. The project was immediately successful, the bank was thrilled,
and Opsol was now in the BASE24 replacement business. So large was
the potential market for OmniPayments that Opsol decided to set up
OmniPayments as a separate corporation. Opsol Integrators Inc. is now
the services arm, and OmniPayments Inc. is the product arm, focusing
on payment transactions.
A typical BASE24 replacement takes about four months. The
OmniPayments license fee is not based on transaction volume but
instead on a one-time software license.
OmniPayments’ Presence in Latin America
Although Opsol Integrators serves a global audience, OmniPayments
has focused its efforts to-date on North America and Latin America. The
company has achieved considerable success south of the U.S. border,
in great part incumbent upon the capable leadership of Mauricio Meir.
Mauricio joined Opsol Integrators in 2009 as Vice President of Sales
for Latin America. He, like Yash, is a former Tandem/Compaq/HP
employee and held numerous management positions.
Under Maurico’s guidance and with the strong support of Alejandro
Mendoza Perez, Opsol’s Vice President of Services in Latin America,
OmniPayments has implemented a large installed base in several Latin
www.connect-community.org
41
Biometrics Operator - To control fraud and drug cartel money
laundering, Colombia established a national database of fingerprints for
all of its citizens. The parties to any large cash or debit-card transaction
must be authenticated by their fingerprints. To manage fingerprint
authorization for debit cards, Colombia has designated Biometric
Operators, who act as authorization agents. Carvajal has been designated
a Biometric Operator. It uses OmniPayments as the transaction switch
between debit-card transactions entered at POS terminals and the
national fingerprint database, used to authenticate those transactions.
The Future is in the Cloud
Yash, Mauricio and Fernando Gomez, Banelco
American countries, notably Colombia. In countries where HP NonStop
does not offer 24x7 support, Opsol provides managed services.
Omnipayments success stories in Latin America include:
Colombia’s Families-In-Action program - The Colombian
government has put into place a social safety net for poor mothers
who have difficulty caring for their children. Familias en Acción
offers semimonthly cash payments to the poorest of Colombia’s
mothers. The OmniPayments financial-transaction switch serves
as the link between mothers and Colombia’s national bank, Banco
Agrario, for the distribution of cash subsidies.
Casa Ley - Casa Ley is one of Mexico’s largest, privately held grocerystore chains. It uses OmniPayments in a continuously available active/
active configuration to handle payment-card transactions. The backup
for this system is provided by the OmniPayments cloud.
Correspondent Banking Services – In several Latin American
countries, OmniPayments provides correspondent banking services
to remote regions that cannot support bank branches. Correspondent
banks are village merchants to which Opsol supplies POS terminals
connected to the bank’s OmniPayments switch. Local residents use
the merchants’ POS terminals for a variety of banking services.
The Dominican Republic deploys OmniPayments as its countrywide financial-transaction switch.
Preauthorization Services - One of Latin America’s largest
suppliers of electronic transactions counts on OmniPayments for
preauthorization services. The OmniPayments Preauthorization
Engine seamlessly interfaces to the EPS (Electronic Payment
Systems) provider’s financial-transaction switch via an Opsol-created
custom support module. The switch routes all financial transactions
to OmniPayments for preauthorization prior to submitting the
transactions to the issuing banks for final approval. This amounts to
almost 200 million transactions per month.
Carvajal is a major technology consulting and services company.
Its goal is to create the predominant financial-transaction network in
Latin America. For years, many of the region’s financial-transaction
networks have depended upon a Unix-based transaction switch
implemented on commodity servers. This switch has not provided
the reliability required by the Latin American banks, has been unable
to support new functional requirements, and is expensive. Carvajal
selected the OmniPayments financial-transaction switch as the
foundation for its transaction networks.
Having already failed at early retirement, Yash has no plans to
stop working in the near future. Instead, his next objective is to
build OmniPayments clouds in North America and Latin America.
Already, an OmniPayments cloud based in Northern California
serves as the backup for several customers in an active/active
financial-transaction switch configuration.
Yash also intends to establish several generic clouds for general
use. His first cloud in this category hosts ITUGLIB, Connect’s
library of user-contributed freeware and other software utilities.
OmniPayments provides at no cost to Connect the processing
capacity, maintenance, power, and bandwidth.
The Secret Sauce in the Opsol/OmniPayments
Recipe for Success
Yash credits the success of his companies to several ingredients.
One is his willingness to take on fixed-price contracts, whether for
the development of custom applications or for enhancements to
OmniPayments. Yash confesses that he initially agreed to this uncertain
payment option because he was “young, stupid, and willing to take a
risk.” Years later, with numerous fixed-price successes on his resume, he
is confident that his team of approximately 100 NonStop programmers
can complete just about any development project within six months. His
programmers are the second ingredient in his secret sauce, and their skills
afford Opsol a competitive advantage when it comes to custom work.
The third ingredient is Yash’s pricing model. Privately owned,
Opsol and OmniPayments possess tremendous flexibility in
adjusting quotes to attract potential customers. This is evidenced
by Opsol’s successful bidding of NonStop systems against Unix and
Windows competitors. Even more impressive is Yash’s guarantee
that the OmniPayments financial-transaction switch will save a
company at least 50% of its current transaction processing costs.
The final ingredient is Yash’s wife. Her unwillingness to have
Yash constantly in her way at home – like the grand piano in the
kitchen – drove Yash out of an early retirement and back into the
world of product development. A big shout-out to Mrs. Kapadia
comes from those companies who made strategic investments in
Opsol/OmniPayments technology.
Opsol Integrators and OmniPayments maintain a presence
in several locations. They include company headquarters in
California, development facilities in India, and offices in Houston,
Mexico, and Colombia.
Janice Reeder-Highleyman loves to jump from high places. She skydived from planes long before she learned to fly them, and bungy jumping from New
Zealand’s Kawarau Bridge was just too short a trip to the water below. To Janice, jumping is a calculated risk. In that sense, she has something in common
with Yash Kapadia, the CEO of Opsol Integrators and OmniPayments. As this article demonstrates, Yash’s measured risks with fixed-price contracts have
resulted in lucrative successes for his companies. Janice is a communications specialist and former ITUG chair. Contact her at jreederhi@gmail.com.
42
Nov/Dec 2014
YOUR INDEPENDENT HP BUSINESS
TECHNOLOGY COMMUNITY
HP Contacts
Have you downloaded the
Connect iPhone App yet?
Visit the App Store & search for
"Connect- Your Independent HP
business technology community"
HP office location information can be found at:
http://welcome.hp.com/country/us/en/contact/ww_office_locs.html
The NonStop™ server Web site can be found at
http://h71033.www7.hp.com
HP telephone numbers in select regions and countries:
Argentina
5411.4787.7100
Australia
13.13.47
Brazil
11.4197.8000
Canada
1.905.206.4725
Chile
562.290.3310
Czech Republic
420.2.613.07.111
Denmark
4812.1000
Finland
0205.350
France
0.820.211.211
Germany
0.70.31.14.0
Hungary
06.1.382.1111
Italy
02.9212
Mexico
55.5258.4000
Middle East
009714.3916000
New Zealand
09.9189555
Norway
47.24.09.70.00
Poland
22.566.60.00
Singapore
1.800.278.8100
South Africa
27.0.11.785.1000
Sweden
08.524.910.00
United Kingdom
01344.360000
United States
+1.800.282.6672
For NonStop price quotes and presales questions, call
1.800.282.6672.
www.connect-community.org
43
Back for More…
Richard Buckle
CEO
Pyalla Technologies, LLC.
R
eturning to Boulder, Colorado, following three weeks on the
road is both a relief and a wake-up call – snow was falling in
the mountains. However, what struck me this morning was
not just the view of the continental divide draped in snow but the
car satellite radio station playing the theme from the surfing movie,
Endless Summer. What a contradiction and yet, as incongruous as
it appeared, perhaps it wasn’t all that strange as half the world was
heading into summer and there was likely a part of the audience
here in the U.S. looking forward to heading to warmer latitudes.
For almost a month it has been NonStop user groups that have
occupied much of my waking hours as I participated in a couple of
them presenting on behalf of one of my clients. This had taken me
to the east coast where I had the opportunity to catch up with folks
from HP as well as the vendor community. I was also able to observe
practices quite foreign to me that will more than likely be referenced in
upcoming posts to a number of blogs – already, the post “The long and
‘cash-is-required’ road …” has been published on the industry website,
ATMmarketplace.com, and there will be
more shortly on other sites.
Having to go inside Canadian gas
station as the pumps wouldn’t accept my
non-chip credit card was a nuisance, but
carrying a Ziploc bag full of coins for
the tollways in the U.S. was even more
annoying. It was former ITUG Chairman,
Bill Honaker, who agreed that, yes “the
Northeast is the most complex” when it
comes to tolls, but he also pointed out that
there’s NonStop working hard “supporting
software registration of customers (with rental cars) on EZ Pass.”
Cash is still very much a part of our daily lives and even though there
are many instances where cards suffice, we still have ways to go before
we are truly a cashless society, so much so, I am not all that sure we will
make it. Consider this; cash cannot be hacked as there’s no direct way
into my real wallet other than by old school pickpockets, and today I
am more at ease with dealing with the prospect of losing a little cash to
those individuals than losing all my money to faceless criminals in whoknows-what country! For several years now I have maintained a small
supply of Canadian banknotes, and while their number diminishes with
each trip, it doesn’t entirely go away and I suspect that when it comes
time to return to Canada next year, I will still be depending on cash.
As incongruous as it was to hear the tunes of summer coming from
my satellite radio station as I peered out onto snow-covered mountains,
it’s maybe more strange to realize how dependent we remain on the
venerable ATM. No matter where we are in the world, we can insert
a piece of plastic and retrieve a stack of notes in the currency of the
land. Wonderful! And behind the ATM, merrily moving the money
is a NonStop system, or two, and even after forty years, Financial
44
Nov/Dec 2014
Institutions (FIs) exhibit little enthusiasm for using anything other than
a NonStop system. If there was just one message coming from the user
events I attended that I want to share with everyone in the NonStop
community then it’s the message of NonStop’s resilience.
The attributes we associate with NonStop systems today remain
the same that they were forty years ago – availability, scalability,
data integrity – but now we can consider the overall architecture
as resilient in a way few in IT could have ever imagined in the late
1970s. Hardware will simply improve over time so why would
anyone need to pay a premium for fault tolerance? It was car
manufacturer’s Lotus founder, Colin Chapman, who credited
his success in motor racing to his company’s skill in “adding less
weight”. Furthermore, it was Lotus who were credited, too, with
saying, “simplicate and add lightness”.
It’s always been incongruous to me that you can build a better
fault tolerant system by adding more components just as it’s
impossible to believe that something can be bolted-on to a working
system that will improve its reliability –
anyone familiar with the math behind
MTBF (Mean Time Between Failure)
is fully aware that adding components
(even with lengthier MTBFs) only leads
to a reduced MTBF for the complete
system. During operation, you cannot add
something to ensure longer uptime, you
can only remove something, and this is lost
on many systems architects even today.
As an example, in a recent blog posting
forwarded to me, the blogger noted that,
“at scale a lot of things can break. In the course of this experiment,
we have seen nodes going away due to network connectivity
issues, the Linux kernel spinning in a loop, or nodes pausing due
to memory defrag.” However, the blogger then noted how fault
tolerance had been added to the implementation and it was able
to recover from failures. This too struck me as being incongruous;
if it were only that simple – did you download the fault tolerance
module before starting the process?
The resilience of NonStop as an architecture will came through
during the presentations at the just-held NonStop Boot Camp.
ATMs may have been around a little longer, but their history is very
much tied to the success of NonStop and with cash continuing to
circulate, ATMs will remain a feature of the consumer landscape
for many years to come - and along with the ATMs, there will be
NonStop. We may not all agree that the best financial security
will be having cash under the bed but these days, an argument
can be made for doing so. What we can all agree upon, is that the
“simplicity and lightness” of NonStop is inescapable and even today,
remains without peer.
The Industry’s First and Fastest...
Cloud Backup Automation
and Virtualization Solution
For HP Nonstop
Backup and Recovery made simple and affordable.
An all-in-one solution that reduces complexity, cost and time by
integrating software, storage and cloud technology.
Cloud Intergration into Amazon S3 Compatible Clouds
and Openstack Compatible Clouds
Physical Tape
HP-UX, Open VMS,
NonStop
NAS/NFS/CIFS
Infrastructure
IBM Power iSeries, AIX,
Linux, Pure Systems
Deduplication
Infrastructure
IBM zOS, Mainframe,
zLinux
Replication & DR
Windows, Linux,
Solaris
Integrates with all
backup applications
• An any host platform to any storage media or
device solution that virtualizes and consolidates
backup storage in any heterogeneous datacenter
• Intelligently scales storage locally and into the cloud
75%
of organizations face tape
failures every year
64%
of organizations need their data
protected from natural disasters
• Designed for fault-tolerant, high availability computing
environments
• Meets or exceeds most data backup requirements for
speed, capacity, compatibility, and reliability
62%
of organizations want to store data
in a highly secure environment
59%
of customers want to eliminate
single point of failure
www.3qubetechnologies.com
info@3qubetechnologies.com
Looking to enhance your hp nonstop systems and applications?
comForte solutions improve your NonStop’ness!
Turn to comForte – we have the people,
products, and the track record that you
can rely on to make your modernization
initiatives a success.
Modernization
comForte provides proven and innovative
middleware, connectivity, and security
solutions for users of HP NonStop systems.
We care about our customers and the
HP NonStop platform, offering an unrivaled
and unmatched portfolio of software
products in the NonStop industry.
Security
With customer value in mind, it is comForte’s
goal to deliver best-in-class products and
solutions and to provide customers with the
best support possible.
Read the interview with comForte inside
this issue of The Connection.
Infrastructure
www.comforte.com
BASE24 is a trademark of ACI Worldwide. All other trademarks are acknowledged. © 2014 comForte 21 GmbH. All rights reserved. August20/2014
®