Node.js on the HP NonStop Server A Bank's Crisis Migration to a New Data Replication Solution November – December 2014 | Volume 35, No. 6 XYGATE Data Protection All the benefits of SecureData No application changes TM Secure Stateless Tokenization Format Preserving Encryption Standards Based AES Stateless Key Management Learn more at xypro.com/XDP 00 01 10 01 01 11 10 01 01 11 01 10 10 00 11 11 00 10 10 01 01 01 10 11 10 11 01 10 01 00 00 01 11 00 00 01 00 10 10 01 11 11 00 01 01 11 00 11 11 01 10 00 01 00 10 00 10 00 11 10 10 01 00 10 11 11 10 01 11 10 01 00 01 01 10 10 10 11 11 11 10 10 11 00 01 10 00 00 11 11 00 01 11 11 01 01 10 10 10 00 01 10 10 11 11 00 10 01 10 10 10 01 01 10 10 00 10 10 01 00 00 10 00 10 01 11 10 00 11 11 10 00 00 00 11 11 01 00 00 10 10 11 11 00 00 10 00 00 11 10 00 01 11 10 00 11 10 00 00 11 10 00 01 00 01 00 10 10 10 10 01 00 01 01 11 00 00 11 10 01 00 01 1 10 01 01 00 00 01 11 10 10 11 11 00 10 00 00 10 00 00 11 11 01 00 01 10 10 00 11 11 1 11 01 10 10 00 11 01 11 00 01 10 01 10 01 01 10 00 10 00 00 10 000 100 011 111 110 101 100 11 01 1 Replicate 100% of Your SQL/MP Database DDL Changes. With 0% Headaches, Hassles or Human Error. A LT E R N AT I V E T H I N K I N G A B O U T DATA B A S E R E P L I C AT I O N: Introducing HP NonStop SDR: the industry’s only off-the-shelf solution for replicating changes made to the structure of your SQL/MP databases. How many hours per month does your staff spend making tedious database structural changes? What are the costs of inevitable human error? What if there was a way to automate database DDL replication to eliminate these headaches, hassles and costs? Enter: HP NonStop SQL DDL Replicator (SDR) – the industry’s only solution for automated SQL/MP DDL database replication. Only NonStop SDR ensures that after performing DDL operations – creating a table, adding a column, or moving a partition – changes will automatically be replicated and implemented at the correct point in the audit stream. Now, routine changes no longer require downtime. And best of all: Since everything’s automated, the risk of human error is eliminated. HP NONSTOP SDR Which means you can “set it and forget it” – while you reduce downtime, remove risk, and free up your staff for much more important work. And what’s not to love about that? • Designed to work seamlessly with NonStop RDF Technology for better business outcomes. • Supports DDL replication for non-TMF-audited tables • Automatic replication of NonStop SQL/MP DDL operations • Minimal setup or operator management • Essential NonStop fault-tolerant design Contact your HP representative or partner for a FREE 60-day trial. Visit www.hp.com/go/nonstopcontinuity ©2009 Hewlett-Packard Development Company, L.P. Table of Contents News from HP's NonStop Enterprise Division................................. Page 5 Advocacy:The Connection Publishes New Guidelines........................... Page 8 2014 Connect Board of Directors By Dr. Bill Highleyman Community Resource: When planned or unplanned downtime has to be zero–the HP Shadowbase product suite keeps you running............. Page 10 By Joe Androlowicz NonStop Innovations Deep Dive: Spotlight on a New Company Called 3Qube Technologies..................................... Page 12 PRESIDENT Henk Pomper Plusine ICT By Gabrielle Guerrera The Smarts Behind EMV Smart Cards Part 2 – Offline Transaction Processing.................................................... Page 16 By Yash Kapadia NonStop Misperceptions: New "Dummies" Book Dispels Myths – a Q&A with Thomas Burg......................................................... Page 22 By Thomas Burg, Randy Budde Node.js on the HP NonStop Server................................................ Page 24 By David Finnie, Neil Coleman A Bank's Crisis Migration to a New Data Replication Solution............ Page 29 VICE PRESIDENT Rob Lesan XYPRO By Paul J. Holenstein The Renewed Need for Secure Managed File Transfer...................... Page 34 By Richard Buckle OmniPayment's Yash Kapadia Was Happily Retired Until His Wife Demanded He Return To Work................................... Page 40 By Janice Reeder Highleyman Back For More........................................................................... Page 44 By Richard Buckle PAST PRESIDENT Steve Davidek City of Sparks The Connection The Connection is the official magazine of Connect, an independent, not-for-profit, userrun organization. Kristi Elizondo.....................Chief Executive Officer Stacie Neall......................................Managing Editor Kelly Luna.......................................Event Marketing Manager Keith McLemore..........................Membership Director Janice Reeder-Highleyman���������������...Editor at Large Dr. Bill Highleyman......... ...Technical Review Board Joseph Androlowicz Thomas Burg Bill Honaker Justin Simonds Joseph A. Garza��������������������������������������Art Director We welcome article submissions to the The Connection. We encourage writers of technical and management information articles to submit their work. To submit an article and to obtain a list of editorial guidelines email or write: The Connection E-mail: sneall@connect-community.org Connect P.O. Box 204086 Austin, TX 78720-4086 USA Telephone: +1.800.807.7560 Fax: 1.512.592.7602 We accept advertisements in The Connection. For rate and size information contact: E-mail: info@connect-community.org To obtain Connect membership and The Connection subscription information, contact: Connect Worldwide, Inc. P.O. Box 204086 Austin, TX 78720-4086 USA Telephone: +1.800.807.7560 Fax: +1.512.592.7602 E-mail: info@connect-community.org Only Connect members are free to quote from The Connection with proper attribution. The Connection is not to be copied, in whole or in part, without prior written consent of the managing editor. For a fee, you can obtain additional copies of The Connection or parts thereof by contacting Connect Headquarters at the above address. The Connection often runs paid advertisements and articles expressing user views of products. Articles and advertisements should not be construed as product endorsements. The Connection (ISSN 15362221) is published bimonthly by Connect. Periodicals postage paid at Austin, TX. POSTMASTER: Send address changes to The Connection, Connect Worldwide, Inc., P.O. Box 204086, Austin, TX 78720-4086 USA. © 2012 by Connect All company and product names are trademarks of their respective companies. SECRETARY/TREASURER Glen Kuykendall Xerox DIRECTOR Michael Scroggins Washington State Community College CHIEF EXECUTIVE OFFICER Kristi Elizondo Connect Worldwide www.connect-community.org 3 Break Free of Enscribe! Now from comForte – Escort SQL Learn how moving to a NonStop SQL database: Empowers end-users Enables Open development Yields significant average cost saving per year Budgets are too tight to design and build everything from scratch – leveraging industry standards and Open Source is a must. With Enscribe, you are locked into an expensive, proprietary world… unless you break free with comForte Escort SQL! comForte Escort SQL replaces Enscribe files with well designed NonStop SQL tables. At runtime, comForte Escort SQL’s intercept library captures Enscribe I/O calls and translates them in realtime to efficient SQL statements. Applications are unaware and unaffected by the substitution. Replace some or all your files, at your pace, without re-programming. With a 100% success rate, comForte Escort SQL has been turning expensive ‘Tandem’ applications into Open, modern, NonStop applications since 1996. FREE comForte Escort SQL evaluation available for qualified companies. www.comforte.com ® NonStop is a trademark of Hewlett-Packard Development Company, LP. All other trademarks are acknowledged. © 2014 comForte 21 GmbH. All rights reserved. Jan22_2014 News from HP’s NonStop Enterprise Division E very time you use an ATM, shop online, or make a call on your cell phone, there’s most likely an HP NonStop system behind the scenes making that transaction happen. This year, we are celebrating the 40th anniversary of NonStop. After all this time, HP still continues to be the platform of choice for industries that never stop. All of us at HP are immensely proud of this heritage and of our loyal customers who require continuous access to information, support for highvolumes of online transactions, and rational infrastructure and operational costs. Our strategy is clear - HP is committed to providing choice, value and investment protection to our mission-critical customers. To that end, we are offering the 100% fault-tolerant solutions our customers rely upon on x86. This means that customers will have the choice of HP NonStop on either Intel Itanium or x86 architecture – the only flexible approach to a 100% fault-tolerant infrastructure in the industry. This is yet another example of how HP is listening to our customers and innovating solutions that deliver business outcomes. In the last year alone, we introduced six new HP Integrity NonStop Itanium-based systems. At the high end, the HP Integrity NonStop BladeSystem NB56000c and NB56000c-cg offer up to a 50% performance capacity increase over the previous model and provide an in-rack upgrade path for all NonStop BladeSystem customers. We also introduced four new models of our latest entry-class servers, the HP Integrity NonStop NS2300 and NS2400 server family. These systems provide the most affordable price point available on NonStop, and are designed to meet the most demanding needs of emerging markets and standalone applications. We designed and fully integrated these systems from the ground up to achieve the highest levels of availability, deliver fault tolerance out-of-the-box for high-volume transaction processing environments, and provide data integrity that ensures data accuracy and data security. Some of our other exciting new offerings over the past year addressed customer requirements in the areas of data protection and business continuity. The BackBox Virtual Tape Controller (VTC) allows you to protect your NonStop server’s data by backing it up to a storage device or storage management system. While the BackBox VTC can be used as a stand-alone virtual tape system with internal storage, its real strength is the integration with HP StoreOnce or when used with another centralized management solution. The BackBox software that runs on the VTC and the NonStop server host is part of the ETI-NET family of virtual tapebased products for HP NonStop systems. And we didn’t stop there. We have also recently announced the availability of the HP Shadowbase product suite that provides a business continuity solution to meet the most stringent business requirements, including low-latency and data replication between homogeneous and heterogeneous systems, as well as databases with scalability, selectivity, and sophisticated data transformation and mapping facilities. For more information on this latest development in our strategic partnership with Gravic, see Joe Androlowicz’s discussion with Ajaya Gummadi in this issue. The most exciting development, however, is the upcoming launch of NonStop X. HP is redefining the availability and scalability of x86 applications by extending the 100% faulttolerant HP Integrity NonStop system to x86 architecture. NonStop X will be delivered with the fully-integrated software and fault-tolerant hardware that runs the world’s mostdemanding business process. As a result, customers will now have the flexibility and choice of the best platform to achieve the highest availability, massive scalability, and lowest TCO in its class. For more information, join us at HP Discover Barcelona where I’ll be talking to customers and analysts about our entire Mission Critical portfolio. If you can’t attend, be sure to look for Digital Discover replays of the event at www.hp.com/go/discover. Finally, I just returned from this year’s Connect NonStop Technical Boot Camp in San Jose. What a fantastic event! As a long time performer, I always get a kick out of a standing room only crowd and this one was certainly no exception. Special congratulations to MasterCard, who was named the overall 20-year winner of the last ever Connect NonStop Availability Award - they have retired the trophy! Randy Meyer Vice President & General Manager, HP Mission Critical Systems www.connect-community.org 5 Celebrating 40 Years of HP NonStop! 6 Nov/Dec 2014 Mexican Grocery Chain Modernizes Acquiring Infrastructure with OmniPayments Active/Active Technology Casa Ley is one of Mexico’s largest, privately held grocery-store chains. The company has over 22,000 employees and operates 300 supermarkets that serve more than forty cities in Mexico. The retailer’s multipurpose point-ofsale (POS) terminals, owned and managed by Casa Ley, offer many services to customers. In addition to enabling in-store purchases via credit cards and debit cards, customers also can top off cellphone minutes, make bank deposits, and pay bills – all accomplished at the cash register. Key to making such services available is the OmniPayments Transaction Authorization Switch. OmniPayments, Inc. 1566 La Pradera Drive Campbell, CA 95008 USA PHONE: +1 408 364 9915 sales@omnipayments.com www.omnipayments.com OmniPayments is a comprehensive architecture by which financial institutions acquire, encrypt, switch and authorize transactions across multiple input channels such as ATMs, POS terminals, kiosks, IVRs and the Internet. It supplies a full set of functionalities to support payment transactions. Based on a modern Service Oriented Architecture (SOA), OmniPayments consists of several service components, all built for the HP NonStop platform. In the Casa Ley configuration, two OmniPayments HP NonStop servers are configured as an active/active system. One server is located at the retailer’s Mexican headquarters, and the other is a virtual server located 500 miles away in the cloud. Both servers are actively processing transactions, and the transaction load is normally split between them. Should one server fail, all transactions are immediately routed to the surviving server, thus ensuring the continuous availability of transaction authorization services to Casa Ley stores. The redundant communication services required to support this configuration are provided by Telmex, the dominant fixed-line phone carrier in Mexico. Special Feature Brought to You by OmniPayments Each NonStop server is responsible for authorizing the transactions routed to it. Each sends its transaction requests to the appropriate issuing banks via either the PROSA or E-Global transaction authorization network and returns the responses to the POS terminals that originated them. Both servers log their own transaction activities. However, to ensure the durability of transactions in the event of a server failure, the transaction logs on the two servers are synchronized via bidirectional data replication. Whenever a transaction is entered into the transaction log of one server, it is immediately replicated to the transaction log of the other server. Thus, each server has a record of all transactions made by both servers. This replication within the OmniPayments system is performed by the OmniReplicator. No thirdparty data-replication engine is required. In addition to rapid failover responses to outages, Casa Ley’s OmniPayments solution provides PCI-DSS compliance; EMV Smart Card compatibility; fraud reduction; the delivery of a positive customer experience (CX) via standardized, efficient procedures at the POS terminals; industry-standard communication protocols; and significantly reduced licensing costs. Opsol’s pricing model is based not on transaction volume but instead on a one-time software license. This results in huge savings! About Opsol Integrators and OmniPayments OmniPayments is a switching solution for the financial industry. It is deployed on NonStop for the highest availability and offers customers all the requisite functionality to manage credit/debit-card transactions. OmniPayments is easily expandable to provide additional functionality when needed. It supplies complete security functions for every financial transaction that it handles, including encryption-at-rest and encryptionin-flight. OmniPayments will survive any single fault, requires no downtime for maintenance or upgrades, and supports a range of disaster recovery solutions. *Paid Advertisement ADVOCACY The Connection Publishes New Guidelines Dr. Bill Highleyman Chairman The Connection Review Committee Articles Articles published in The Connection may or may not be technical in nature, but they will be relevant to the HP NonStop community. We welcome the following types of content: Educational Articles Educational articles provide useful information to the NonStop community. Examples of typical topics include security, availability, disaster recovery, networking, database, system management, modernization, application development, solutions, big data, and cloud computing. Case Studies Case studies explain how customers use NonStop technology to meet their application needs. Solutions are described with emphasis on NonStop attributes that were required by the applications. The benefits that the solutions provided to the customers, the savings that were realized, and what the customers are able to do now that they couldn’t do before is presented. Business-Continuity and Disaster-Recovery Stories T he Connection magazine is one of the primary benefits of being a member of Connect, your Independent HP Business Technology Community. Under the guidance of Stacie Neall, the Connection Managing Editor, the publication has a multiyear history of producing informative articles and columns on all things related to HP NonStop systems. The Connection depends upon two methods of support from the NonStop user and partner communities – article submissions and advertising. Over the last few years, our article-submission guidelines have slowly migrated to meet changing needs. These modifications have not resulted in problems for our authors or advertisers – they occurred slowly and have reflected our changing policies. In this article, I would like to summarize The Connection’s latest publishing guidelines as it affects both authors and partners. My intent is to ensure that there are no misunderstandings concerning what we will publish, what incentives there are for partners, and what content is inappropriate. Understanding the guidelines also will give our readers assurance that the time they spend reading The Connection is time well-spent. 8 Nov/Dec 2014 Business-continuity and-disaster recovery stories describe some sort of disaster that severely impacted the operation of a NonStop application, such as a data center fire or a serious operator error. The articles explain how the customers handled their challenges and present suggestions for process improvement to prevent similar challenges in the future. Publication of disaster-recovery stories can be a major aid to other NonStop users. HP Articles HP publishes Connection articles that describe new NonStop solutions, products, enhancements to existing products, and educational information on the use and deployment of HP products and technologies for the NonStop community. Partner Promotional Opportunities As a general statement, The Connection will not publish articles that focus on a specific partner or on its products. This is what advertisements are for. However, having said that, there are opportunities for partners to promote themselves, as defined in the following guidelines: Educational Articles If a partner submits an educational article, it is acceptable for the partner to include at the end of the article a brief description of its company and its products that are related to the article. The biography of the author that is included with every Connection article may provide further information. These policies are intended to encourage partners to submit articles. Our experience has shown that a good number of our best articles have been those submitted by partners in their areas of expertise. If an author mentions one or more companies who are clients of the author, there shall be a disclaimer accompanying the article disclosing these relationships. Case Histories Article Submission In a case study, the partner products that the customer uses to meet its application needs may be mentioned. However, the narrative should focus on the customer usage and not on product details. Business-Continuity and Disaster-Recovery Stories In a disaster-recovery story, the products being used by the customer may be mentioned as well as any products employed to resolve the customer’s issue. However, in no case shall the article contain derogatory information about a named partner or product; and there may be no recommendation for use of a particular partner product. Partner History Articles An advertising partner may submit an article that describes the partner’s history, why it entered the NonStop arena, what led to its NonStop products, and where it sees its future. An advertising partner is one that has committed itself to full-page advertising in The Connection for at least six consecutive issues. This policy is intended to incentivize partners to advertise in The Connection. Partner or Product Promotional Articles Articles that are partner-specific or product-specific will not be accepted as Connection articles except as advertorials. These articles may be no longer than one page in length, will be disclosed as advertorials, and will bear a cost equal to that of an equivalent-sized advertisement. Restrictions Product Comparisons If a product is mentioned in an article, the author is encouraged to mention competing products that might be considered for the same task. In no case will promotional language be used, such as “the leading product,” even in a customer statement. In addition, no promotional comparison between the partner’s product and competing products shall be made. Disclosures Articles for a particular issue must be submitted by the submission deadline established by The Connection. Articles typically range from 1,500 to 2,500 words. Larger articles can be broken into two or more parts for publication in successive issues. An issue of The Connection may focus on a specific topic. Preference will be given to those articles that fall within the focus of the issue. Submissions will be reviewed by The Connection editorial review committee for adherence to the magazine policies and to provide feedback to the authors for required amendments or changes to the article prior to approval for printing. The Connection provides article bylines. The author should submit his background information with the article, including his name, title, company, contact information, and a brief biography (typically 50 words or less). For Further Information … A copy of The Connection Publishing Guidelines can be obtained from Stacie Neall, Managing Editor of The Connection, at sneall@connect-community.org. Stacie also can be contacted for information on advertising. Your Connect Advocacy Program The Connection is only one limb of the Connect Community’s Advocacy Program. As well as having a presence at major HP events, the main events sponsored by Connect are its Boot Camps. The HP NonStop Technical Boot Camp was held this year from November 16 to November 19 in San Jose, California, USA. Hundreds of users, partners, and HP specialists and executives from around the world attended to mingle, share ideas, and party. You also can meet with your peers at the Regional User Group meetings held around the world. Join the user group in your area to share your experience and to learn from the experience of others. Your Advocacy Program seeks to determine issues of importance to the user community and to escalate these concerns to HP for consideration. Issues can be submitted via the Regional User Groups and through Special Interest Groups (SIGs) that meet at the Boot Camps and at HP Discover, HP’s massive conference held each June in Las Vegas. It’s your Advocacy Program – Let your voice be heard. Dr. Bill Highleyman is the Managing Editor of The Availability Digest (www.availabilitydigest.com), a monthly, online publication and a resource of information on high- and continuous availability topics. His years of experience in the design and implementation of mission-critical systems have made him a popular seminar speaker and a sought-after technical writer. Dr. Highleyman is a past chairman of ITUG, the former HP NonStop Users’ Group, the holder of numerous U.S. patents, the author of Performance Analysis of Transaction Processing Systems, and the co-author of the three-volume series, Breaking the Availability Barrier. Did You Know? Legacy NonStop S-Series Hardware and G-Series Software After a long run of productive use and support, HP NonStop is finally sunsetting S-Series hardware and the G-series software that runs on it. Effective September 30th, 2015, support for the last S-Series hardware will end and the product will be declared Obsolete. Software end of support for these platforms will follow and come to an end on December 30th, 2015. HP wants to thank the many customers who purchased and loved this platform and we stand ready to work with you to help you migrate to a later, faster and fully supported NonStop platform. www.connect-community.org 9 Community Resource Blogger | Joe Androlowicz When planned or unplanned downtime has to be zero — the HP Shadowbase product suite keeps you running To follow the rest of the NonStop Social Media blogging team, go to the Mission Critical Computing blog site at: http://bit.ly/aAlO6c H P NonStop recently announced a new strategic partnership with Gravic, Inc. and as a result HP will now be offering a new set of industry leading products in the business continuity space. Just days ago HP released this new set of products and once again reset the bar in highavailability enterprise computing. I recently spoke with HP’s worldwide product manager for NonStop database and business continuity products, Ajaya Gummadi. During the conversation I asked her how we were able to improve upon something that was already great, and what it means for our customers. Below are some highlights from that discussion. I hope you find them as interesting as I did! So, Ajaya, why is HP NonStop coming out with a new Business Continuity solution? Well Joe, there are a lot of reasons we wanted to move forward in this area, but what it comes down to is our customers. The technology world is changing rapidly and driving their businesses to ever higher levels of SLAs. What used to be acceptable downtime to maintain your IT infrastructure is no longer available to you in a 24x7 world. NonStop platforms have for decades been at the very center of the always-available business environment. This is part of the reason we are announcing a new replication and data integration solution with HP Shadowbase. Doesn’t HP already offer NonStop Remote Database Facility (RDF) to cover requirements like this? Customers with strict downtime requirements have traditionally used HP NonStop RDF to configure a backup environment that is ready to do an instantaneous-takeover should a disaster strike the primary data center. This solution worked well for many environments, but it had some limitations. For example, only one node could be actively updating the database and was uni-directional. The backup node received and applied the changes but the database was available read-only to applications running on the backup node. NonStop customers are now coming up with more complex requirements – for example both primary and backup nodes have applications running and updating databases that should be resilient. That’s why we are introducing the Shadowbase product suite and it nicely complements NonStop RDF. Does HP Shadowbase extend the capabilities of RDF? Yes, Shadowbase operates in active/passive as well as active/active, both uni and bi-directionally giving you the option to select your levels of resiliency. It can detect data collisions between active nodes and gives you programmatic interfaces to detect and deal with them. Shadowbase also integrates data and applications to help customers 10 Nov/Dec 2014 build a real-time environment. It is a functionally rich product suite. What about customers with mixed-environments that need to share NonStop data with other platforms? Shadowbase products are actually available for a broad range of platforms in addition to NonStop, and they support multiple databases. This product suite has been designed with NonStop fundamentals for scale and availability and has been further hardened to meet HP’s software requirements. This is not a new or immature technology. Gravic is a long time HP AllianceOne Partner and HP has entered into a strategic relationship to resell and support the Shadowbase product line that has been in use by customers worldwide for over 20 years. So why do customers no longer have any tolerance for planned downtime, when that has always been the norm? These days, customers are shying away from a large window of downtime to upgrade or migrate to newer releases or platforms. With their businesses staying open for their users 24x7, they do not have the luxury of downtime any more. We recognized this need and that’s why we are introducing HP Shadowbase Zero Downtime migration as part of the Shadowbase product suite. In other words, you’re saying customers don’t like to become headlines… Exactly! Disaster Recovery may not be very exciting to many people until it is needed. It’s actually one of the most critical functions of your enterprise. Lost revenue, lost customers, lost brand reputation due to business not being available keeps CIOs awake at nights. HP Shadowbase helps you avoid becoming the next headline. I actually have an article describing this in more detail in the previous issue of The Connection magazine. So what’s driving this need for less downtime and better integration? In the last few decades, many technologies have evolved, lived their life cycle, and gone away. But some customer apps continue living for a very long time. These apps manage a lot of critical data. We wanted to find a way to move this data and make it available to next generation apps and more importantly, do it in real-time. This is the idea behind the HP Shadowbase Data and Application integration capabilities. It takes data from your most critical applications and integrates it with newer business apps that customers are developing to keep up with new demands on their business. So what is the effort involved to move in this direction using HP Shadowbase solutions? We wanted an easy way to help customers get started on this journey so we have new Discovery Workshops and Consulting Services to help you walk through the entire process. These really help clarify your business SLAs and requirements to come up with an implementation plan that can make your business more resilient against any type of disaster utilizing these new state-of-the-art technologies. Thanks Ajaya, I didn’t realize just how small the windows are getting for upgrading and migrating applications or platforms these days. How can people find more information about these new products? We have new information available and posted on the NonStop business continuity web pages (www.hp.com/go/ nonstopcontinuity), and I would also direct customers to their NonStop sales representative for more information. I just finished training all of them, so I know they’re eager to talk more about the Shadowbase technologies! You can also find out more detail by attending the upcoming Connect NonStop Technical Boot Camp November 16-19 in San Jose where we will have some featured sessions on business continuity and the Shadowbase technologies. I look forward to seeing you there! Joe Androlowicz is a Technical Communications and Marketing manager in HP’s NonStop Product Division. Joe is a 25 year journeyman in information systems design, instructional technologies and multimedia development. He previously managed the program management team for the NonStop Education and Training Center, drove the development and creation of the NonStop Certification programs and is the guy behind the curtains for the Go HP NonStop mobile application. www.connect-community.org 11 NonStop Innovations Deep Dive Spotlight on a New Company Called 3Qube Technologies Gabrielle Guerrera NuWave Technologies What Is 3Qube? 3Qube Technologies™ is a new cloud solutions and services company with roots in mission-critical computing. Many of you have worked with, or at least know of 3Qube’s affiliated company, Tributary Systems, and its CEO Shawn Sabanayagam. With this knowledge, you have to agree that 3Qube is in good hands. As the chairman and CEO of Tributary, Shawn—whom you’ve probably met at a NonStop event at some point—has managed that organization to new heights over the past couple of decades, and continues to do so. As one of the founders of 3Qube, his experience, market knowledge, energy, tenacity, and sense of humor will all be assets to the startup. On top of that, 3Qube utilizes some of Tributary’s intellectual property, as well as IP from cutting-edge cloud solutions providers. 3Qube has already assembled an impressive portfolio of data protection solutions for large enterprises and mid-market companies, which encompasses the vast majority of companies running on NonStop. The start-up is focusing on providing turnkey services and solutions that allow customers to migrate from conventional data center environments to both private and hybrid cloud architectures. 3Qube has two distinct products: infni Qube™, which is a BaaS (backup as a service) solution that can minimize the time to restore by twothirds, and infni Scale™, which is a hyper-converged infrastructure solution that combines the server tier with storage in a modular building block design. infni Qube allows users running on NonStop or any other platform to back up their critical data, in a secure and encrypted fashion, into a hybrid cloud at a very fast rate. The speed to back up and restore this data is actually derived from the type of architecture that 3Qube leverages, but I’ll explain that in more detail later. The start-up also offers unique consulting services, including IT strategy consulting, technology innovation, and cloud transformation. Just out of curiosity, I asked the founders about the significance of the company name and received a very thoughtful response: The number three represents the three principal founders, and cubes were included in the name (with a playful spelling) because you can create a larger cube only if you have the right number of smaller cubes. This represents 3Qube’s philosophy of solving business problems by bringing the right pieces of a solution together through innovations in technology and services. Additionally, a cube cannot be formed without all of the underlying cubes being shaped perfectly, symbolizing their drive toward perfection. 12 Nov/Dec 2014 Who are the Three Qubes? 3Qube was launched in April by three highly technical, intelligent and interesting principals, all with diverse backgrounds. In addition to Shawn Sabanayagam, the other founders include Vinod Muthuswamy, the CTO of 3Qube, who has exceptional experience in industry-leading cloud technology and managed services, and Jimmy Mathews, chief sales officer, who has a gift for elevating sales performance at apparently any organization, in any industry. Vinod previously worked for NEC Corporation of America, a multi-billion dollar Japanese conglomerate. At their American headquarters Vinod started their managed services branch from scratch and built it to where it is today. In his first four years there, he helped create their flagship service, a root cause analysis engine that from an infrastructure perspective reduces false positives to minimize the number of events. In fact, almost six million events were eliminated on a monthly basis from a large number of devices, encompassing the network and servers across platforms and systems, including Windows, UNIX, and virtual environments. Creation of this flagship service resulted in NEC being recognized by Gartner three years in a row, starting in 2009, when Gartner forced them into the Magic Quadrant. Vinod met with one of Gartner’s research VPs, and remembers him saying “I’m going to add you into the Magic Quadrant, whether you guys like it or not.” (They liked it!) NEC was initially in the niche quadrant, but in the second and third years they jumped into the challenger spot for managed services. As VP of managed services, Vinod helped NEC go from offering managed services for networks and infrastructures, to extending that platform to automate the cloud infrastructure; and then in 2010 launching their cloud services across four different areas: Enterprise applications, allowing enterprises to move their applications into a private cloud; media in the cloud, which made NEC one of the first providers of desktop-as-a-service; collaboration in the cloud; and consulting services around cloud transformation. “Moving an organization from professional services to completely transforming customers’ businesses through managed services, while reducing their operational costs, improving their agility, and lowering their upfront costs was the journey that I went through at NEC,” reflects Vinod. “I also got to work with a lot of enterprise customers, both in the US and around the world.” His experience at NEC is a big reason why 3Qube has a cloud focus and offers consulting around managed services and cloud transformation. Jimmy Mathews brings a very different, yet very relevant background and skill set to the table, including about 17 years of sales and marketing experience. Jimmy graduated from Boston University with a degree in finance and marketing, began his career in sales for Eli Lilly, then moved to HR, and was a general manager for market research, plus training and development. In 2002, Jimmy went into sales management leadership roles, spending time in pharmaceuticals, metals, logistics, and now IT. In all of his previous experience, Jimmy has taken both bottomperforming to average-performing teams to tops in the nation. Due primarily to his leadership skills, Jimmy motivated an Eli Lilly sales team that was in the top 10% to the top 1% in the nation. He has consistently had success with motivating sales teams and making them better. Jimmy also has experience with pre-start-ups in metals, real estate, and distribution. Jimmy claims that although he’s done sales and marketing for a long time, at his core he is an entrepreneur. “I’ve always wanted to be involved in ownership and leading a company, and I had good success at the three start-ups that I worked with, which were all profitable.” Jimmy’s last position was leading the high-tech sales teams at Pegasus Logistics. He had tremendous success there for three-and-ahalf years, helping to double the business twice, and then in his last year, further increasing revenue almost 70 percent. While he was there, he also gained experience with the datacenter space. A lot of his clients were big names like HP, SCI, Crate Computers, and Ohio Data, so he got the IT exposure that he would soon need at 3Qube. Getting more in-depth experience with IT, including datacenters and operations, led to the desire to take all of his cumulative experience and start 3Qube with Shawn and Vinod. Shawn first met Jimmy five years ago, and it wasn’t long before he realized that Jimmy’s strength in revenue generation transcends industry. He tried to recruit Jimmy to head sales and marketing at Tributary, but Jimmy had other ideas. They continued to build and maintain their friendship over time, but didn’t get the chance to work together for several years. Separately, Jimmy had met Vinod while Vinod was working for NEC. The trio wanted to start a company that would leverage the existing customer base, experience, IP, and infrastructure of Tributary Systems, while building the next generation technology. They also wanted to address the up-and-coming markets of cloud services, cloud migrations, and solutions in the cloud; the combination of which allows enterprises to move their IT to the cloud. This, in turn, pushes the burden from a company’s balance sheets to a cloud provider, simplifying their cost structure, and giving them economies of scale and a shared infrastructure. Along with the accumulation of aaS acronyms like SaaS, IaaS, DBaaS, and now the up-and-coming BaaS (backup as a service), all three founders have recognized that cloud solutions and services are the future of IT. As I mentioned, 3Qube utilizes a lot of Tributary’s resources and IP, but the start-up also has a specific approach to growing the business and its human resources in a cost-effective manner. They have a set of resources that are common to 3Qube and Tributary, as well as a pool of sales and engineering talent that has been hired exclusively to serve and develop IP for 3Qube, and a third group of service providers who are contract employees and serve as outside consultants. They are chosen to work on an opportunistic basis with specific customers. Tributary and 3Qube are located in adjacent connecting suites in Dallas, Texas, so there is a free flow of resources and ideas. Shared staff perform many of the overhead functions, including human resources, finance, and administration. The founders are trying to foster an environment with a heavy exchange of ideas and a cross-pollination of cultures, since the two companies’ cultures are so different from one another. Shawn explains that because Tributary’s resources are more experienced and have been in the industry longer, they are very familiar with NonStop and other enterprise platforms, while 3Qube’s employees are younger, energetic Generation Xers and Millennials, so it is an interesting mix. According to Jimmy, “There is a legacy of success at Tributary, and the energy and excitement of a start-up at 3Qube, so we’re working on extending those cultures to both organizations over time. Both companies benefit from each other’s experience and diversity.” Even at Tributary’s Austin, Texas location, which focuses on IP development, there is a great deal of excitement and synergy. Tributary’s employees were excited to leverage a platform that was developed there, to create 3Qube’s own IP; and they are also excited to work with 3Qube’s CTO. What Do Cubes Have to Do With NonStop? Tributary is in the business of data backup for enterprises utilizing NonStop and other high-availability missioncritical computing platforms; and 3Qube’s founders wanted to utilize Tributary’s synergistic and proven resources that have been developed over the last 24 years. However, 3Qube’s primary focus is on open platforms, open architecture, and open environments, because the principals believe that that is where the primary growth in the industry will be. 3Qube will benefit from Tributary’s long and storied history on the HP NonStop platform, including the fact that Tributary has a great working relationship with HP NED and its management group, as well as a large number of customers. These are all things that 3Qube wants to leverage as they begin serving this market. All of 3Qube’s founders recognize the importance of obtaining recognition from the NonStop community. Every time a business gets formed to serve a strategic enterprise group of customers, the most business-critical applications still run on proprietary, closed, fault-tolerant environments; and those environments are headed by HP NonStop. In Shawn’s words, “It would be foolish for 3Qube to ignore the high-end of enterprises who want their mission-critical applications to run on highavailability platforms.” “I foresee NonStop customers having concerns about moving to x86 and changing their infrastructure environment,” says Vinod, “and I think 3Qube will come into play in enabling customers to www.connect-community.org 13 transform their datacenter architectures from 10 gigabyte to 40 gigabyte networks, and then extend that across the datacenter to implement a private cloud or hybrid cloud architecture.” The company is also exploring the use of the infni Qube data backup solution as a backend cloud architecture for Helion, HP’s hybrid cloud platform, which would benefit NonStop customers as well as HP. 3Qube’s team is currently investigating product compatibility with HP’s interface, to determine if they can bring Helion into the mix of backend infrastructure for NonStop customers. Does Your Data Deserve the Fastest Restoration Time? As promised, I’ll explain why infni Qube provides the fastest data backup and restoration that you can get, and then you can decide whether your data should be restored quickly or not. With 3Qube’s unique approach, they can push the data to the local instance that is nearest to the customer’s location so they can quickly move it into the cloud and then to a file location. And because it uses a hybrid cloud model, infni Qube reduces the time to restore by two-thirds when compared to nearly any other cloud service, including pure-play ones like Amazon and Rackspace. Even when 3Qube’s product is compared to most local data protection environments, which use local targets, it is much faster, simply because of the data consumption and ingestion technologies that it utilizes. infni Qube leverages a trademarked disk stripping technology called InfiniCache® that allows instant writes at the fastest rate with compression and encryption. This allows customers to be compliant with smaller backup windows and frees up resources at the front-end hosts, improving the overall availability and efficiency of the front-end host systems. For infni Qube or any other solution, the actual restoration time depends on the retention timeframe, the volume of data, and where a customer wants to move its information. For prospective customers, 3Qube can demonstrate their expected recovery time with a use case. In the case of a local disaster, whether it’s failed hardware or corrupted data, customers have specific recovery time objectives (RTOs), and they need to restore data in the near past. In most cases, customers back up two weeks' worth of data, but the infni Qube Cloud Connect appliance can be sized to hold any amount of data. For NonStop customers, scalability is always a key feature. infni Qube is more scalable than existing solutions because it uses unique caching technology to achieve a much more efficient cloud delivery model. Most cloud providers describe their method as “pushing” data directly into the cloud, but that prevents them from scaling beyond a certain volume because it isn’t possible to push large volumes of data directly into the cloud. Instead of pushing data into the cloud, infni Qube always has a cache running via infni Qube Cloud Connect, allowing customers to scale locally and move data into the cloud more effectively. Another important feature for NonStop users, if not the most important, is security. Is the data secure? Who holds the data? And who has access to the data while it is in transit and once it is in the cloud? infni Qube backs up data in a secure and encrypted fashion, and since it encrypts the data at the source and that encryption is controlled by the customer, the data sitting in the cloud cannot be decrypted without the customer’s permission. Data is also encrypted at rest and in transit, which allows customers to be compliant with the most stringent security requirements. infni Qube leverages the same software solutions for HP NonStop environments, IBM mainframe environments, and open systems, so it allows NonStop customers to consolidate data across all of their proprietary and open platforms. The solution can seamlessly integrate into the existing infrastructure as it moves data to the cloud. infni Qube also has the ability to connect with 3Qube’s backend clouds, open stack clouds, Amazon cloud, and any other cloud infrastructure that has a compatible interface. However, customers don’t have to manage infni Qube through 3Qube’s interface: they can use their own backup application, reducing the complexity from a customer perspective. Because infni Qube will be targeted at x86 customers, its release is set for the end of Q1 2015, which coincides with the release of the x86 platform. All three founders will attend this year’s Advanced Technical Boot Camp in San Jose, where Vinod and Jimmy will present on the infni Qube product. To learn more about 3Qube, visit www.3qubetechnologies.com. Gabrielle is the author of the NonStop Innovations blog, which, as the name suggests, highlights the latest innovations in the HP NonStop space. Some of the latest topics have been “Achieving 2,500 TPS for Two Days Straight”, “Do You Have the HP NonStop Mobile App?”, and “Tributary Systems Moves to the Cloud.” The blog can be found at www.nuwavetech.com/hp-nonstop-innovations. Did You Know? Did You Know? NonStop Virtual Tape Controller with BackBox Did you know the Virtual Tape Controller allows you to send and store NonStop data on a wide variety of storage solutions? Nearly every model of HP StoreOnce is supported as are other storage options including those offered by other vendors. Migrating SQL/MX Did you know that there is an HP NonStop SQL/MX Upgrade and Migration: FAQ now available? It can help customers plan their migration from older and mature SQL Releases 2.3.4, 3.0, and 3.1 to the latest 3.2.1 Release. Contact your HP Nonstop sales representative for more information. www.connect-community.org 15 The Smarts Behind EMV Smart Cards Part 2 – Offline Transaction Processing Yash Kapadia CEO OmniPayments, Inc I t seems that every month comes with an announcement of another hack in which the data of millions of payment cards has been stolen. This data is used to clone credit cards and debit cards, which are then sold in the underground Internet. Is there any protection available to us to thwart such attacks? The answer is yes – smart cards. A smart card, also called a chip card or an integrated-circuit card (ICC), includes an embedded computer chip that employs cryptographic and risk-management features. In conjunction with a smart-card POS or ATM terminal, these features are designed to thwart skimming, card-cloning, cardcounterfeiting, and other fraudulent attacks. A decade or more ago, a consortium of card issuers comprising Europay, MasterCard, and Visa (EMV) began the specification of smart cards or as they are formally known today, EMV cards. EMV card technology has been adopted by most of the countries on all continents in the world except for the United States. The United States is the laggard. Representing almost half of all payment cards and terminals in the world, the U.S. still runs its paymentcard services on outdated magnetic-stripe technology. However, this is about to change. The U.S. payment-card industry has mandated that all merchants be EMV-compatible by October, 2015 (except for gas stations, which have until 2017) or face a “liability shift.” If a merchant does not process at least 75% of its transactions through an EMV-enabled terminal (whether via chip-cards or magnetic-stripe cards) and accepts a disputed or fraudulent card payment, the merchant will be liable for the transaction rather than the issuer. Most card-payment networks include one or more HP NonStop servers. It is therefore important that the NonStop community understand smart-card technology, which is becoming an important component in all financial networks. In this article, we describe how smart cards add significant security to payment-card transactions. Part 1 in the September/October issue of The Connection covered the methods for authorizing EMV transactions online with the issuing bank. In Part 2, we discuss the procedures for securely authorizing EMV transactions offline without direct issuer involvement. online with the issuer or offline with no issuer involvement. Once this decision has been made, processing splits into two distinct flows – one for online transactions and one for offline transactions. Part 1 of this article described the common processing flow and the online processing flow. Part 2 describes the offline processing flow. Most transactions will be processed online, sending the transaction data to the issuer for authorization. However, in some cases, a transaction may be processed offline with no issuer involvement. This can take place if there is no communication link (for instance, terminals used in airplanes to sell food, drinks, and other items), if the communication link between the terminal and the issuer should fail (allowing a retailer to continue to service customer payments at its own risk), or for very small transactions. The processing of an offline transaction as shown in Figure 1 is a bit more complicated than the processing of an online transaction but follows similar steps. Offline Transactions The processing of an EMV card transaction is shown in Figure 1. It comprises several steps, with interaction between the card, the terminal, and the issuer. Processing time for an EMV transaction is comparable to that for a magnetic-stripe transaction, where communication delays account for the majority of the time. EMV transaction processing begins with some preliminary steps that help determine whether the transaction should be handled 16 Nov/Dec 2014 Figure 1: EMV Processing Flow Issuer Parameters Stored on the Card The processing of online and offline transactions is controlled by parameters stored on the card by the issuing bank. These parameters are described by a three-byte bit-encoded designator and include: Byte 1: Card Data Input Capability Manual key entry Magnetic stripe IC (integrated circuit) with contacts Byte 2: Cardholder Verification Method (CVM) Plaintext PIN for ICC verification Enciphered PIN for online verification Signature (paper) Enciphered PIN for offline verification No CVM required Byte 3: Security Capability SDA DDA CDA (These capabilities are described later) Table 1: EMV POS Terminal Capabilities Cardholder Verification As with online transactions, if the transaction is to be processed offline, the person presenting the card must be verified as the legitimate cardholder. Offline cardholder verification is also accomplished via the Cardholder Verification Method (CVM) that the issuer has specified in its parameters stored on the card (Table 1). Four methods can be used for offline cardholder verification: • offline encrypted PIN • offline plaintext PIN • signature • no CVM The methods selected by the issuer may be arranged in priority order, or they may be selected according to other transaction parameters. For instance, a transaction at an attended POS terminal such as in a store may require both a PIN and a signature. An ATM may require a PIN but no signature. A terminal with no PIN pad may require just a cardholder signature. A small transaction may require no cardholder verification. If an encrypted PIN is selected, the cardholder enters his PIN into the terminal’s PIN pad. The PIN pad encrypts the PIN with the card’s PIN public key and sends it to the card via the POS terminal. The card decrypts the PIN with its PIN private key and compares the PIN entered by the cardholder to the PIN value stored in its secret data. If the PIN is wrong, the terminal is informed. According to a PIN counter, the cardholder may be given additional opportunities to enter his PIN. If he reaches a specified limit, the transaction is rejected. The card is blocked and can no longer be used. If a plaintext PIN is selected, the process is the same as for an encrypted PIN except that the PIN entered into the PIN pad by the cardholder is sent to the card unencrypted. Card Validation An extra step required for offline transactions is that the terminal must validate the card to ensure that the card is not counterfeit or is not a clone of another card. For online transactions, card validation is the responsibility of the issuer. Three techniques for offline card validation provide incrementally improved security – SDA, DDA, and CDA, as described next. The technique to use is specified in the issuer’s parameters stored on the card (see Table 1). Typically, DDA or CDA is selected. Static Data Authentication (SDA) Static Data Authentication proves that the card is a valid card prepared by the issuer. Included in the static data that the terminal reads from the card is the card’s Static Application Data, encrypted with the issuer’s private key. This cryptogram includes all of the static data that the issuer has entered into the card at the time the card was produced (PAN, cardholder name, public keys, Application IDs, etc.) The terminal also reads the issuer’s public key from the static data on the card. The terminal decrypts the Static Application Data cryptogram with the issuer’s public key and compares the signed static data to the static data that it has read from the card. If the data sets match, the terminal has verified that the card was the card prepared by the issuer. It the data doesn’t match, the transaction is rejected. SDA validates the card’s authenticity, but it does not prevent cloning. If an attacker somehow manages to clone an EMV card, the static data including its cryptogram will still pass the SDA test. Dynamic Data Authentication (DDA) Dynamic Data Authentication adds cloning protection to the counterfeit protection afforded by SDA. The key to DDA is that the card carries variable data that changes with each transaction. For instance, a transaction counter is incremented with each card insertion into a terminal. For DDA card validation, the card encrypts its variable data with its private key and sends this dynamic data cryptogram to the terminal. Using the card’s public key, the terminal decrypts the variable data contained in the cryptogram and compares it to the variable data that it has read from the card. If the data sets match, the terminal knows that this data has come from the original card and not from a clone because the clone would not have the card’s private key (a secret data item that will be erased if an attempt were made to access it). Furthermore, an attacker cannot simply add its own card public key and private key to the card to fool the terminal. The terminal will discover that the attacker’s public key is not a valid key when it checks the key against the key’s presumed Certificate Authority, as found in the card’s static data. Thus, between the SDA and the DDA, the terminal can determine that the card is neither counterfeit nor a clone. It is a valid card. Combined DDA/Application Cryptogram (CDA) SDA and DDA do not protect against an unlikely but sophisticated attack known as a wedge attack. In a wedge attack, a real EMV card is inserted into the terminal so that the SDA and DDA validation tests are passed. The attacker then substitutes the real card with a device that acts like the card but is under control of the attacker. The attacker can force the acceptance of a transaction that the card otherwise would have declined. To protect against this kind of attack, an application cryptogram (AC), generated by the card’s private key, is included with the SDA and DDA cryptograms. The AC’s purpose is to inform the terminal of the card’s ultimate decision as to whether to process the transaction online, to process the transaction offline, or to decline the transaction (see the section entitled Card Action Analysis in Part 1 of this article). The wedge attacker cannot generate a valid AC because it does not know the card’s private key. www.connect-community.org 17 HILTON ELEVATED DISCUSSIONS by Hilton Worldwide We’re very pleased to announce the long-anticipated launch of Hilton Elevated Discussions, a growing collection of short videos of customers and Hilton Worldwide subject experts sharing insights on specific topics that are relevant to the Connect+ audience. Currently we have 25 clips that include the ROI of meetings and events, procuring grants and sponsorships, negotiating Wi-Fi, effective contracting, planning hybrid live/virtual meetings, and much more. To view the content, please visit Hilton Elevated Discussions To learn more about Hilton Worldwide’s unique suite of customer solutions, please contact: Rocco LaForgia Director of Sales Technology Associations p. 212-820-1715 e. rocco.laforgia@hilton.com hiltonworldwide.com/connectplus ©2014 Hilton Worldwide Offline Terminal Risk Management For offline transactions, the card and the terminal must cooperate to manage the risk of a transaction, a function performed by the issuer for online transactions. This function is executed under the control of a variety of risk parameters stored on the card. These parameters include a lower floor limit, an upper floor limit, an offline transaction-count limit, and an offline amount limit. Except for unusual conditions, a transaction can be authorized offline only if its amount is below the lower floor limit. For instance, if the lower floor limit is five dollars, only transactions that are at or below five dollars can be authorized offline. Note that if the lower floor limit is zero, all transactions must be authorized online. An exception to this rule occurs if the communication between the terminal and the issuer is interrupted. In such an event, transactions can be authorized offline as long as they are below the upper floor limit. The upper floor limit allows retailers to continue to service most of their customers if their POS terminals should go offline. In this case, the merchant is typically responsible for disputed or fraudulent transactions, but it is a risk most retailers are willing to take to maintain customer satisfaction. The issuer can limit the number or amount of offline transactions that can be authorized before the terminal must go online with a transaction. This is accomplished via the offline transaction-count limit and the offline amount limit. This restriction limits the use of the card to fraudulently make unlimited, small, offline purchases that are below the lower floor limit. A further protection against the offline use of a fraudulent card is that the card randomly forces online authorization for a transaction that otherwise qualifies for offline authorization. Offline Transaction Authorization If all tests prove positive – cardholder verification, card validation, and risk management, the transaction can be authorized offline. The card informs the terminal via a TC cryptogram (see the section entitled First Card-Action Analysis in Part 1 of this article) to authorize the transaction. If a signature is required for an authorized transaction, the cardholder is asked to sign a copy of the transaction receipt. If any test proves negative, the card must be authorized online by the issuer. The terminal stores the transaction data. According to rules established by the issuer, the terminal will periodically send batches of offline transaction data to the issuer. In the case of a communication failure, this will typically occur as soon as communication between the terminal and the issuer is restored. Protections In addition to the SDA/DDA/CDA protections described above for offline transactions, EMV technology provides several other protections. Swiping The data from the card cannot be read by an attacker because all data transfers between the card and the terminal are protected by the card’s secret private keys. Cloning Even if card data could be compromised, it cannot be used to clone a magnetic-stripe card, which will still be in use for some time to come. This is because the cloned card data will not include the CVC1 code that needs to be written in the magnetic stripe. Without the proper CVC1 code, a magnetic-stripe transaction will be rejected. Another protection against cloning is the transaction counter. Every time a card is inserted into a terminal, its transaction counter is incremented. If a cloned card were also being used, the issuer would note that the transaction counters were out of synchronization and would disable the card account number. Counterfeiting One concern is that an attacker could obtain a batch of blank EMV cards and a personalization machine and create what appear to be valid cards for offline transaction purposes. To protect against this, every batch of blank cards has embedded in the cards a unique symmetric key known only to the issuer. Therefore, only the issuer can create usable EMV cards. Card-Not-Present-Fraud For Internet transactions, there is no terminal to read the card and to apply the risk management tests. To compensate for this, a private handheld reader may be required by some online merchants. The customer has his own private handheld reader. When he wants to make an Internet purchase, he inserts his EMV card into his reader. The reader generates a one-time unique passcode, which the customer enters into a field provided on the merchant’s checkout page. This passcode verifies to the issuer that the customer is in possession of the EMV card being used. Using Smart Cards at Dumb Terminals Until all POS terminals have become EMV terminals and magnetic stripes have been eliminated from smart cards, there will always be cases in which smart cards with magnetic stripes are used at “dumb” POS terminals that read only magnetic stripes. In these cases, all the vulnerabilities of magnetic stripes that we deal with today still exist. A skimming device or skimming malware can send the card data and PIN to an attacker, who can clone the card as a magnetic-stripe-only card that can be used at POS terminals whether they are EMV-capable or not. This is because, for a while to come, all EMV POS terminals must still be able to process magnetic-stripe cards. The EMV Specifications The first EMV specifications were developed by a consortium comprising Europay, MasterCard, and Visa – thus the name EMV. The primary members of the consortium now include MasterCard (which acquired Europay), Visa, American Express, Discover, JCB (Japan), and UnionPay (China). Most other payment- card organizations, banks, major merchants, payment processors, and other industry stakeholders support the ongoing specification effort. The EMV Specifications are contained in four books: • Book 1: Application Independent ICC to Terminal Interface Requirements • Book 2: Security and Key Management • Book 3: Application Specification • Book 4: Cardholder, Attendant, and Acquirer Interface Requirements The EMV Specifications can be obtained from the EVMCo web site, http://www.emvco.com/specifications.aspx. www.connect-community.org 19 SQLXPress Not just another pretty face An integrated SQL Database Manager for HP NonStop. Single solution providing database management, visual query planner, query advisor, SQL whiteboard, performance monitoring, MXCS management, execution plan management, data import and export, data browsing, and more... With full support for both SQL/MP and SQL/MX Learn more at xypro.com/SQLXPress The OmniPayments Financial Transaction Switch OmniPayments (www.omnipayments.com) from Opsol Inc. (www.opsol.com) is an HP NonStop-based financial transaction switch that interconnects POS terminals, ATMs, acquiring banks, and issuing banks via any of the various financial transaction networks. OmniPayments supports all features required to process EMV smart-card transactions, from support of EMV POS terminals and ATMs to the protocols required to communicate with the issuing and acquiring banks. OmniPayments is currently handling EMV transactions with its international banking installations and is ready to handle these transactions with U.S. systems as EMV technology takes hold in the United States. OmniPayments architecture is based on modern Service Oriented Architecture (SOA). SOA enables new functionality to be easily added to OmniPayments to meet specific needs of its customers. The core of OmniPayments is a set of Business Logic Modules, or BLMs. Each BLM is tasked with providing a specific service for OmniPayments. For instance, OmniATM controls ATMs, OmniPOS controls POS devices, Transaction Screening offers preauthorization services, and OmniAuth provides stand-in authorization services. Figure 2: The OmniPayments Financial Transaction Switch A set of adapters connects the external entities to which OmniPayments must connect to the BLMs. Acquirer adapters are supplied for both EMV and non-EMV ATMs, POS devices, IVR systems, the Internet, and bank tellers. Issuer adapters are provided for local host bank communications and for the variety of financial interchange switches with which OmniPayments must interface. Traffic between acquirer BLMs and issuer BLMs is routed via OmniDirector. OmniDirector is a rules-based routing engine that forwards On-Us transactions to the bank’s core systems and Not-On-Us transactions to the appropriate interchange switch. It provides format conversion between different message protocols and is responsible for much of OmniPayment’s logging functions. OmniDirector also manages the failover/retry mechanisms in OmniPayments. OmniPayments provides complete logging of all transactions. The logs contain the transaction information needed at the end of each day for clearing and settlement. It is this processing function that transfers funds from the card-issuing banks to merchant accounts held by their acquiring banks to reflect the day’s sales activities. OmniPayments is fault-tolerant. Running on an HP NonStop server, all processes are persistent and are automatically restarted should they abort. All database functions such as logging, card parameters, and so on are maintained by a NonStop SQL/MP relational database. With successful implementations at many customer sites, OmniPayments is just one member of the Opsol family of solutions for the financial industry. Opsol Integrators specializes in NonStop mission-critical applications and is HP NonStop’s largest system integrator. Summary Magnetic-stripe cards will become a thing of the past as EMV technology is adopted worldwide. This is almost the case now in countries around the world except for the United States. However, within a few years, it is expected that the U.S. will catch up. Magnetic-stripe cards have been proven over and over again by major hacks to be terribly insecure. Their data is easy to skim, the cards are easy to clone, and cloned cards have an active market in the underground Internet. EMV technology provides strong protection against cardskimming, card-cloning, card-counterfeiting, and man-in-themiddle attacks. Once EMV technology is universally accepted, our card-payment systems will become significantly more secure. The OmniPayments financial transaction switch supports EMV POS terminals and ATMs and the EMV protocols for communication between EMV terminals, acquirers, and issuers. OmniPayments brings the entire suite of EMV security protection to an organization’s financial switching network. It is said that hackers are smarter than security professionals. Whenever a security vulnerability is patched, hackers rapidly find a way around it. However, it will take an extremely sophisticated hacker to break through the protective barriers of EMV. Yash Kapadia is the founder and CEO of OmniPayments Inc., a leading HP NonStop System Integrator for Telco and Financial Services. Opsol's OmniPayments solution is used by Banks and Retailers for Base24 replacement. Yash and his team provide several products and remote managed services for NonStop customers. Yash can be reached at Yash@ OmniPayments.com and +14086669927. Did You Know? OmniPayments is New Host of ITUGLIB OmniPayments Inc. has volunteered to host ITUGLIB, a resource of user-contributed freeware, both legacy NonStop and Open Source. The OmniPayments financialtransaction switch provides a comprehensive solution for routing transactions over payment networks. http://ituglib-opsol.xid.com/apps/Ituglib/HomePage.jsf www.connect-community.org 21 NonStop Misperceptions: New “Dummies” Book Dispels Myths—a Q&A with Thomas Burg Thomas Burg, CISSP Chief Technical Officer comForte 21 GmbH Randy Budde Writer & Marketing Consultant Active Slant Introduction In these days of 24/7 tech hype and new buzzwords emerging on a seemingly hourly basis, why write a book on the HP NonStop platform? While it is based on technologies that are decades old, the HP NonStop platform, and the way it gets deployed, has seen significant change. In order to provide a fresh look at the platform, several technical experts teamed up to write a new booklet called “HP NonStop for Dummies,” which was just published by John Wiley & Sons. In this article, freelance writer Randy Budde interviews Thomas Burg, one of the booklet’s coauthors, to uncover more information about the booklet and why it was written. RB: Why did you decide to write a “Dummies” booklet for HP NonStop? TB: The booklet was written by Werner Alexi, Bill Sempf, and myself, with the help of a number of other contributors and reviewers. We have all been working with the HP NonStop platform for years. We at comForte are ardent fans of the product, and big believers in its potential, both today and in the long term. Over the course of my years working with comForte, a company with a long track record of bringing innovative offerings to the HP NonStop community, I’d often be struck by the need for this kind of publication. Ultimately, we set out to make it happen. RB: What do you hope readers will get out of reading the booklet? TB: In developing this booklet, we had two key objectives. First, we wanted to provide a positive introduction for audiences that were new to HP NonStop. Second, we wanted to correct common misperceptions that many people have about the platform. RB: What do you think are some of the key aspects that someone who’s never heard of the platform should know about? TB: I’d point to three key areas: availability, scalability, and cost of ownership. In terms of availability, if a business is running critical applications that can’t go down or can’t afford to lose transactions—applications like ATMs, mobile phone infrastructure, emergency phone services, point-of-sale systems, and the like—HP NonStop has been and remains one of the best platforms to employ. The platform is a self-healing system, 22 Nov/Dec 2014 featuring integrated hardware and software that are highly fault tolerant. This means that, even if a CPU or some other critical element should fail, services won’t go down and transactions won’t be lost. Scalability is the second key element. The HP NonStop platform is relied upon in demanding industries, such as the financial services and telecom sectors, where the platform has proven its ability to process thousands of transactions a second, and to do so for years on end. The platform is built on an architecture that provides linear scalability, which means IT teams looking to accommodate increased processing demands can keep adding more hardware, without encountering any architectural or system limits. Total cost of ownership is the third key aspect. For organizations running intensive, complex applications, the solution provides unmatched value. RB: What are some of the most common misperceptions about the HP NonStop platform that you encounter? TB: I continue to see five common myths that seem to keep being perpetuated. Myth #1 is that the HP NonStop platform is a closed, proprietary system. In fact, the platform is now very open. Today, an IT team running HP NonStop can work with Java, C++, JSON/REST, and other modern, open standards for integration and development. Myth #2 is that HP NonStop is an inflexible system. The reality is that IT teams working with HP NonStop have a wide range of options. They can integrate the platform with a number of different systems, applications, and workflows. They can easily support a number of form factors, and even make applications accessible to mobile users. Further, the platform itself offers tremendous flexibility. For example, where in years past IT teams would have been stuck with a single, proprietary database, they can now choose from several databases, including SQL/MX. With SQL/MX, organizations can leverage a modern relational database that is compatible with open ANSI SQL standards. Myth #3 is that it’s hard to develop applications for HP NonStop. On the contrary, developing NonStop applications today is just as easy as with other environments. If you were going to write an application for a mobile phone, you wouldn’t do any coding on your phone. Instead, you’d use an integrated development environment (IDE), develop the code, and port into the required platform for testing, deployment, and use. The same is true for HP NonStop. Developers can use the Eclipse IDE, the front-runner of enterprise IDEs, for managing NonStop application development. In addition, they can code using standard languages like C, C++, COBOL, Java, Python, and Perl. Myth #4 is that it’s hard to address security requirements. Security in HP NonStop environments is a critical aspect, as these platforms are often responsible for managing sensitive, highly regulated data. IT teams running HP NonStop can most certainly address the most rigorous security requirements. For starters, the platform has inherent security advantages. For example, these platforms don’t need virus scanners. In addition, security teams can also efficiently address the requirements of relevant policies and mandates, including the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS). Security teams can now encrypt data at rest on the HP NonStop platform, without having to modify application code. Myth #5 is that the HP NonStop platform is expensive to run. If an executive compares a small NonStop implementation with a server cluster running on the Linux or Windows platform, investing in the HP NonStop platform may look prohibitively costly. However, when you start to compare the cost associated with getting these Windows or Linux systems to achieve uptime and scalability characteristics that are similar to those of HP NonStop, you instead see that HP NonStop systems provide unmatched value. For more information, I’d encourage readers to see a detailed TCO study1 that is available at: https://www.comforte.com/ns4d/TCO_study-2014.pdf. RB: Why do you think these misperceptions persist? TB: I think there are a few reasons. First, people’s perceptions aren’t typically shaped by the platform itself, they are shaped by the applications running on the platform. Often, legacy applications are running on HP NonStop. If the application running on top of HP NonStop is costly to support and inflexible, those are the characteristics that will be linked with the platform. By modernizing their applications, IT teams can capitalize on all the flexibility that the platform now offers, while enjoying the advantages people traditionally expect, like availability and scalability. Another key factor is that HP NonStop often doesn’t get the visibility it deserves in enterprise IT organizations. Many large enterprises are running a number of platforms side by side, including HP NonStop, IBM mainframes, large UNIX systems, and Linux and Windows platforms. Of these, HP NonStop is clearly the only system that can run a huge application that processes massive amounts of data—and continue to do so with very few people managing the platform. Basically, if your application is stable, it can run undisturbed for years on HP NonStop. As a result, HP NonStop will not be the focus of the triage and “all hands on deck” meetings that occur when issues and outages occur. Ironically, these meetings serve to keep other platforms at the top of executives’ minds—which can make it easier to get new staffing and resources to support these systems. On the other hand, HP NonStop tends to hum along quietly, with very little assistance, so, from an executive standpoint, this is the platform that may be more likely to get reduced staffing and budget support. I also think inertia plays a role in the persistence of these myths. After working with the platform for decades, many people have come to feel the platform they’re running is “good enough.” As a result, they may be less inclined to learn new skills or stay up on the latest advancements. Further, because they’re working on increasingly lean teams, they don’t have time for these added efforts and they’re understandably reluctant to disrupt the status quo. These mindsets can serve to perpetuate the myths I’ve outlined. RB: Where do you see some of the most promising advancements happening in the future? TB: Some organizations have begun to leverage the HP NonStop platform in cloud and hybrid environments, and these approaches provide enormous potential. For example, HP NonStop can serve as a database backend for a web application that is provisioned in a public or private cloud. In this way, organizations can capitalize on the agility of cloud services, while extending their HP NonStop investments. In addition, the announcement that HP NonStop will be coming to X86 hardware, without compromising any of the platform’s core attributes, will represent an immense opportunity for customers in the long term. Conclusion Whether you’ve been working with HP NonStop for decades, or this is your first time hearing about the platform, “HP NonStop for Dummies” will offer value. Experienced readers can get a fresh perspective on how the platform has evolved, and the myriad opportunities offered by its new capabilities. Those new to the platform can get a lively, informative introduction to a platform that offers unique and compelling advantages to today’s enterprises. If you’re interested, you can visit the following URL, where you can learn more about the booklet and register to download your copy: http://www.comforte.com/ns4dummies Thomas Burg, CISSP, Chief Technical Officer, comForte 21 GmbH Thomas Burg has an extensive background in systems programming, networking, and security. For more than 30 years, Thomas has worked with a range of computing platforms, including Windows, UNIX, and HP NonStop. At comForte, he has helped guide the company’s strategic product direction and orchestrated a range of technology initiatives, such as the company’s SSL/SSH encryption suite, which was ultimately adopted by HP within the NonStop OS. Randy Budde, Writer and Marketing Consultant, Active Slant Randy Budde is a freelance writer and marketing consultant. Randy has worked in the enterprise software segment for almost 20 years, and has written on a range of topics pertaining to the HP NonStop platform, including security, application modernization, and big data. 1 Pyalla Technologies, “Research Note: NonStop offers the lowest TCO in its class for complex mission-critical applications,” Richard Buckle www.connect-community.org 23 Node.js on the HP NonStop Server David Finnie Neil Coleman VP, Development CTO InfrasoftInfrasoft W ith the introduction of Intel x86-64 support, potential opportunities arise for expansion of usage of NonStop Servers throughout organisations that already rely on the characteristics of fault-tolerance and massive scalability inherent to the NonStop platform. Further, organisations that have previously dismissed the NonStop may well take a second look. Modernization of existing HP NonStop Server applications has been a strong theme for the past few years – both HP and a number of third-party vendors can point to successful and effective products and services in this area. For the last 18 months, Node.js has been gaining popularity as underlying technology for enterprise applications. Large organisations including Wal-Mart, eBay, PayPal, MasterCard, and LinkedIn have all rolled out Node.js applications. Why? For many candidates for both increased usage and new adoption of the HP NonStop, modernisation of existing applications is no longer the challenge. The Node.js platform has the potential to support applications that meet a wide range of business requirements and is something that everybody should consider. What is Node.js? Node.js enables JavaScript to be executed on the server. It is built around Google’s V8 JavaScript engine, and promotes building applications using an event-driven, non-blocking I/O architecture. V8 is Google's open source JavaScript engine, which is written in C++ and is used in Google Chrome, the open source browser from Google. V8 was publicly released on September 2, 2008, which was the same date that Chrome’s first release was announced. V8 compiles JavaScript (ECMAScript as specified in the ECMA262 standard) to native machine code before executing it, instead of interpreting bytecode or compiling whole program to machine code and executing it from a filesystem. The compiled code may be additionally optimized dynamically at runtime, based on heuristics of the code's execution profile. The benefit is that it is much faster than ‘interpreted’ code. In 2009, an employee of Joyent (www.joyent.com) named Ryan Dahl was working on a project that involved making the browser aware of how much time was left for an upload process. Dahl used JavaScript and V8 to develop an event-driven non-blocking application, which was the beginning of Node.js. Node.js and its libuv sub-project are also open sourced – V8 and libuv under the BSD license, and Node.js under the MIT license. Why has Node.js become popular? Node.js presents a combination of attributes which arguably provide some unique advantages. First it offers greater performance but the real benefit comes in uniting what have been the war zones of client/server or browser/server if you prefer. Development has 24 Nov/Dec 2014 Node.js on LUW occurred in silos depending on which side you were on. Node.js provides a common language creating a peer-to-peer environment. This greatly accelerates development. Let’s look at some details. Performance The main idea of Node.js is to support applications that require concurrent operations via non-blocking I/O and asynchronous events. This can be contrasted to concurrency via threads. Threading is typically done to enhance efficiency within a program. If a process is waiting (blocked), it can start an additional thread to pipeline other processing. This increases efficiency but at the cost of complexity. The more threads the harder the code is to create, manage and support. As we ramp up cores (IPUs) at some point threading will become untenable based on complexity. When comparing Node.js to a threaded model where each connection (request) spawns a new thread, less system resources are dedicated to Node.js – less memory is required to service each new request because a new thread is not required, and less nonproductive work occurs performing thread context switching. Node.js enables programmers to write efficient, non-blocked code – code that is much simpler to write, manage and support. You can see why major businesses are jumping on this bandwagon. An application that is data-intensive, relying on I/O to a data source (for example, a SQL database) spends most of its time (per request) waiting for the I/O to complete. An event-driven model lends itself to building such applications in a manner which achieves high throughput and high scalability, as a large number of simultaneous requests can be supported. From Kiran Prasad, Director of Engineering, Mobile at LinkedIn[1]… On the server side, our entire mobile software stack is completely built in Node. One reason was scale. The second is Node showed us huge performance gains. Platforms The instruction sets currently supported by V8 are IA-32 (x86 32-bit), x86-64, ARM, MIPS, and PowerPC. V8 does not currently support the instruction set for IA-64, the Intel Itanium architecture. Note that in November 2013, IBM announced a release of Node. js and V8 running on PowerPC, using either Linux or AIX. The operating systems currently supported by Node.js and V8 are Windows (XP or later), Mac OS X (10.5 or later), and Linux/Unix. Productivity There is no question that JavaScript has its detractors. Enter “JavaScript is not for real programmers” into Google and you get almost 2,500,000 hits. It is eerily familiar to that which Assembler programmers said of C, C programmers said of COBOL, and both C and COBOL programmers said of Java. Of course, only time will tell us how much future adoption will occur. For an interesting rebuttal to JavaScript detractors, one should read the article “JavaScript: The World’s Most Misunderstood Programming Language” by Douglas Crockford (who authored the original JSON specification) at http://www.crockford.com/ javascript/javascript.html. As an aside, ECMAScript-6 (spec. ratification is targeted for December 2014) includes a number of new features that many “real programmers” will find attractive – in particular explicit support for classes and constructors (that is, in addition to the existing protypical inheritance). In reality many organisations are seeing increased programmer productivity using JavaScript in general, and Node.js in particular, when compared to C/C++ and Java based platforms. This is largely attributed to the simpler programming requirements of the Node.js concurrency model. In a threaded environment, a data race occurs when two threads access the same location in memory at the same time, and at least one of the accesses is a write. The "reader" thread may get the old value or the new value, depending on which thread "wins the race". Handling data races in general requires some programming discipline to correctly manage accesses to shared data – via mutex locks, condition variables, semaphores, etc., and is often hard to get right. From Subbu Allamarju, Principal Member, Technical Staff at eBay[1]… Node’s evented I/O model freed us from worrying about locking and concurrency issues that are common with multithreaded async I/O. From Jeff Harrell, Director of Engineering at PayPal[1]… Node.js powers our web applications and has allowed our teams to move much faster in bringing their designs to life. We've happily embraced the power of JavaScript. Common Skills JavaScript dominates the Internet. It has seen off Java Applets, VBScript, and Flash as client-side languages. It’s impossible to replace JavaScript without breaking millions of web pages. Node.js allows JavaScript language and philosophies to be used for both client and server development. So what? Well, anyone who has done much work integrating disparate technologies will readily agree that any advantage helps. Developers, and users, who understand each other and can easily communicate with each other, will always provide better, faster results. From Seth Pollack, (previously Lead Program Manager, Internet Information Server, at Microsoft) co-Founder at RivalIQ[2]… Sure, JavaScript has its warts, but it is great to have one language that spans your product front to back. Why is this important? Because having a highly functioning team of full-stack developers is dramatically easier that way. In a previous life, I ran an engineering team that had Java on the server and Flex (Flash) on the client. Despite a talented team, we had an absolute divide between front-end and back-end; it was pulling teeth to get developers on one side to even look at the code across the chasm, and this hurt our productivity. From Renauld Waldura, Sr. Product Manager, Cocktails Project at Yahoo![1]... Node.js is the execution core of Manhattan. Allowing developers to build one code base using one language – that is the nirvana for developers. Community The open source communities are key to both longevity of the subject project, and to organisations being able to find required skills. The Node.js community has been in existence for 4-5 years. In that time, roughly the same number of packages has been published as by the Python community over 22 years and roughly half the number of packages as by the Ruby community over 18 years. While this doesn’t tell us anything about the quality and usefulness of the Node.js packages, or indeed the quality and usefulness of the Python and Ruby packages, it does tell us that a vibrant Node.js community exists and is growing. From Brian Corrigan, CEO at Mad Glory[1]… We specialize in building custom service platforms and web applications that scale to tens of millions of users. The ability to use a single language on both front-end and back-end, the great tooling support, the thriving module ecosystem, and the evented programming model make Node our go-to tool for anything that requires massive scale. The best part? The community is wonderfully supportive and shares a common interest in moving the web forward. Who is using Node.js? Organisations currently using applications built with Node.js include Wal-Mart, PayPal, eBay, MasterCard, LinkedIn, Groupon, Dow Jones, Yahoo!, HBO, DirectTV, and The New York Times. Wal-Mart At http://thechangelog.com/116 an interview with Eran Hammer has been posted. Hammer is the leader of the Wal-Mart Labs team which is responsible for the Node.js software used by Wal-Mart for its “Mobile Services Infrastructure”. According to Hammer, it is an “orchestration layer for mobiles – a glorified proxy www.connect-community.org 25 with data manipulation”. In essence, it provides a uniform API to mobile clients that want to access a number of Wal-Mart services, from AS/400-based services to “legacy” SOAP services. Wal-Mart developed their own Node.js HTTP Server framework, christened “Hapi”, to support their requirements. The Hapi-based Mobile Services Infrastructure deployment began in April 2013 and was handling 100% of mobile traffic to Wal-Mart web sites by June 2013. Wal-Mart received much publicity in the Node.js world in late 2013 for handling all mobile traffic without any issues on the “Black Friday” shopping day following Thanksgiving in the United States, with claims of 200,000,000 users. Wal-Mart have open-sourced Hapi. Other known users of Hapi include MasterCard (see below), and the publisher Conde Nast. MasterCard At http://www.joyent.com/developers/videos/node-summitnode-js-in-the-enterprise an interview with a number of people on December 4 2013, including Scott Anderson, Director and Software Engineer, MasterCard Worldwide, has been posted. Anderson discusses the Node.js application that MasterCard has built using Wal-Mart’s Hapi as the supporting framework. The MasterCard application operates as a RESTful service that integrates with Hardware Security Modules (HSMs) to perform requested cryptographic operations. When asked why use Node.js, Anderson replied that although the service “already existed as a Java implementation and worked fine”, they did some proof-of-concepts using Node.js and determined that future requirements would be better met using Node.js. Why is the HP NonStop Server a perfect match? The Node.js model of event-driven, non-blocking I/O that is particularly suited to I/O bound applications, may have almost been dictated by the fundamental concepts of writing a highperformance OLTP application running on the NSK operating system. Current implementations of Node.js, obviously, do not possess the level of fault tolerance and scalability that software running on the HP NonStop Server can offer. Event-driven Model NonStop programmers will be familiar with the way Node. js is architected and open-source folk that do not know NonStop will find a platform that is well-suited to this programming methodology. There is a marked similarity between Node.js and a multi-tasking NSK application that uses the Guardian AWAITIO() call, or OSS select() call, to complete nowaited (non-blocking) I/O operations to any file, either timed or untimed (wait forever), and then invokes appropriate logic to handle the completion event. Node.js specifically architects a callback model to handle events. SMP…not! Node.js does not rely on SMP threads to process multiple requests concurrently. This allows simplicity without sacrificing efficiency. Although OSS can support POSIX Threads, albeit at a “user level” which is not pre-emptive, generally NSK-based applications do not rely on a SMP environment. This maps to 26 Nov/Dec 2014 original NonStop coding recommendations to keep things simple and focused within an application. Break things into small, selfcontained applications that work together instead of creating one monolithic application. Keep it simple. What does Node.js offer to the HP NonStop Server? To paraphrase the 1992 US presidential campaign slogan, “It’s the applications, stupid”. A number of large organisations are already relying on Node.js in a range of environments, including Web / Mobile development, Big Data work, NoSQL database work, financial services, retail services, and cloud-based applications. Porting Node.js to the HP NonStop Server Porting the software required to support Node.js on the HP NonStop Server, so that JavaScript code that runs with a Windows or Linux/Unix Node.js environment should not need to be modified to run with a NSK Node.js environment, is a significant undertaking. The most complex part of a port is V8. To enable V8 to work on the HP NonStop Server requires support for generation of machine code from JavaScript for the target architecture. In addition, V8 needs to use the NSK OSS environment, and needs to be compiled with the appropriate NSK C/C++ compilers (note: gcc is used to build Linux/Unix variants). The Node.js core code and the libuv sub-project code need to be ported to utilise OSS. So, can I run Node.js on the HP NonStop Server? Infrasoft has completed a “deep port” of Node.js to NSK. As some background, we initially ported V8 and Node.js to the MIPS-based S-series as a proof-of-concept. Only after proving that we could successfully run the exact same JavaScript on both existing Node.js implementations and NSK, did we commence the NSK x86-64 port. Note that the S-series version will not be available for customer use – only the NSK x86-64 version. We have elected to make this available as an executable to simplify installation – some variants rely on the user building the executable themselves. Node.js core already supports TCP and UDP socket I/O, HTTP, and some forms of IPC (for example, pipes, FIFO). Although we view supporting “vanilla” Node.js applications on NSK as mandatory, adding value is critically important to increase NonStop Server adoption. Node.js will be made available on a continuously available platform. Major companies should want the server/peer to be available to the client/peer 24x7. One of the attractive attributes of Node.js is its ease of extensibility. Areas that we have extended, especially those that will be familiar to NSK users, include… • Process-pair support so that Node.js runs non-stop, without any extra work by the application. • Enabling Node.js to run as a TS/MP serverclass, transparently providing the inherent scalability and persistence that TS/MP offers. • Providing a simple JavaScript Pathsend interface so that a Node.js application can front-end TS/MP. • Extensive operational control and diagnostic capabilities built-in to simplify usage and contribute to maintaining availability. Hold on a minute…what about SQL/MX? There are many JavaScript applications that do not require database services. Newer ones may take advantage of the new quick and dirty NoSQL databases that are constantly being developed, but as JavaScript becomes more popular it will require for some applications a solid, scalable, ACID relational database system. Any new software platform for NSK must address integration with the HP NonStop RDBMS, SQL/MX. In addition to the above extensions to leverage NSK fundamentals, Node.js on NSK will allow existing, or new, JavaScript applications to access SQL/MX using the same code they use to access Oracle, MS SQL, IBM DB2, MySQL, PostgreSQL, etc. Knowledgeable readers may question the capability of an environment architected on non-blocking I/O, single event-loop and handling multiple concurrent transactions to work successfully with database drivers that don’t support asynchronous semantics. In a vanilla Node.js environment, access to a database is achieved using “worker threads”. Under the covers, in addition to the main thread which operates as an event-based dispatcher, Node.js maintains a thread-pool for use for blocked I/O. In a typical SMP environment, a worker thread that does the database work will not block the Node.js main thread. Once the work is complete, the JavaScript application’s callback function is eventually invoked. Note that from the application’s point of view, the work is still asynchronous and the application is free to service other requests concurrently. Importantly, from the application programmer’s point of view – threads are not exposed. In a NSK Node.js environment, SQL/MX integration will leverage TS/MP. Instead of “worker threads”, use will be made of “DB serverclass worker instances” (the executable will be part Node.js on NSK of the NSK Node.js distribution). Under the covers, the NSK Node.js software will (via Pathsend) distribute SQL/MX work to the appropriate TS/MP serverclass. Once the work is complete (and the serverclass has replied), the JavaScript application’s callback function is eventually invoked exactly as it is in a vanilla Node.js environment. Again, from the application’s point of view, the work is still asynchronous and the application is free to service other requests concurrently. The DB serverclass is not exposed to the application. The implementation on NonStop continued on page 39 https://cruise.connect-community.org/ THE PREMIERE SECURITY EVENT FOR IT PROFESSIONALS IN 2015! Join Connect and the Cloud Security Alliance for the maiden voyage of the Security on the High Seas Conference. Conference attendees will receive TWO FULL DAYS of Security Training, INCLUDING Cloud Computing Security Knowledge (CCSK) Training, and hot topic presentations from leading IT security experts. SECURITY EDUCATION FROM THE EXPERTS! KEYNOTE PRESENTATION: Jim Reavis, Cloud Security Alliance Security Lessons Learned from Enterprise Adoption of Cloud LEGAL UPDATE: Linda Luckie-Anderson, Attorney at Law When Cyber Pirates Attack: Current Trends, Legal Consequences and Strategies for Protecting Your Organization INNOVATION: Yash Kapadia, OmniPayments The Smarts Behind EMV Smart Cards TECHNOLOGY: Stefan Haertelt, T-Systems North America Security and Big Data – New Opportunities and Challenges with Paradigm Shifting Technologies STRATEGY: Dr. Bill Highleyman, Availability Digest DDoS Attacks Can Take Down your Online Services www.connect-community.org 27 News from CTUG This year's CTUG conference on October 9th, 2014 was an overwhelming success, with record attendance. The feedback from the vendors was very positive and said to be "the envy of all chapters of the ITUG community". Education Day enrollment exceeded expectations for the OSS Fundamentals course, by Roland Lemoine(HP). We were very fortunate to have Karen Copeland (Manager, NonStop WW Production Management Team and Tom Moylan (Director, Americas NonStop Enterprise Division) provide very informative updates for HP's roadmap for NonStop. The keynote presentation "The Internet of things" by Justin Simonds (HP), was captivating and complemented this year's theme, "Opening a World of New Possibilities". All vendor booths were allocated and we were pleased to have 3 new vendors, WebAction, Mapador and Infobal. All 9 vendor tracks were well attended. A brief update was given by CONNECT's CEO Kristi Elizondo. A reception was held after the conference where vendors and attendees were able to socialize. A Bank’s Crisis Migration to a New Data Replication Solution Paul J. Holenstein Executive Vice President Gravic, Inc D uring a system upgrade project, a major bank found itself squeezed between either paying a large increase in license fees for its current data replication engine or having those licenses terminated. With only two weeks to go, the bank turned to Gravic, Inc., for help. The Gravic technical team configured, installed, and tested its Shadowbase data replication product in time to replace the bank’s existing replicator before the licenses expired. The bank is now extending its use of the Shadowbase product suite to satisfy all of its data replication needs. The Bank’s Heterogeneous Online Banking Systems RAK and BASE24™ The bank is recognized as one of the most important global systemic banks, one whose operations are a major underpinning to the world’s financial community. It serves 50 million clients in 40 countries. The bank has been a user of HP NonStop systems for decades, dating back to the Tandem days before Tandem Computer’s ultimate acquisition by HP. Figure 1 depicts the bank’s online banking applications as well as the bank’s ACI BASE24 environment for managing its ATMs. The Real-time Authorization Kernel (RAK) is a home-grown application that furnishes online customer services including account-balance queries, fund transfers between internal accounts, and fund transfers between customer accounts and external accounts. RAK also provides online authorization services for the bank’s credit cards and debit cards. The RAK database is primarily HP’s SQL/MP. The ACI BASE24 Classic system administers the bank’s ATMs. It receives and manages the authorization of ATM withdrawals by sending transactions to the banks issuing the cards that are used at the ATMs. The BASE24 environment is primarily an Enscribe environment and employs HP’s AutoTMF to audit and protect the Enscribe data files. All ATM transactions are recorded in an Enscribe log file. RAK and BASE24 run on their respective HP NonStop systems, which are configured as active/passive pairs for business continuity purposes. One system in each pair is the production system that performs all of the processing, while the other serves as its backup. The database of each backup is kept synchronized with its production counterpart via data replication. (Replication is not shown in Figure 1.) In this way, the backup system is available to take over processing if the production system fails. The AIX/Oracle Reconciliation System The bank’s RAK and BASE24 systems interoperate with an IBM/ AIX Unix system that uses an Oracle Real Application Clusters (RAC) database. Online banking transactions and payment card transactions must be sent from the NonStop RAK system to the AIX system for reconciliation. Likewise, completed ATM transactions must be sent from the BASE24 system to the AIX system for analytical processing. The AIX system supports fraud detection and in-depth business analysis and intelligence as well as many other offline functions. The Bank’s Use of Data Replication Figure 1 – The Bank's NonStop Systems The bank uses data replication for several purposes. HP NonStop RDF replicates changes in an active/passive architecture from a NonStop production database to its backup database. RDF is utilized both by the RAK system and the BASE24 system to keep their backup systems synchronized with their production systems. Data replication is also employed to replicate data from the RAK and BASE24 systems to the AIX/Oracle environment. RAK uses SQL/MP tables, and BASE24 uses Enscribe files. Changes to these databases must be replicated in real time to the Oracle relational databases on the AIX system. Thus, data replication is highly heterogeneous. The source databases and the target databases are from different vendors. With respect to BASE24, replication must occur from nonrelational www.connect-community.org 29 Enscribe files to relational SQL tables. Data must be cleansed, filtered, validated, and transformed as it is being replicated. Data aggregation is also necessary when data from multiple source databases is replicated to a single target database, which requires the combining of fields and columns from differing files and tables into a single target row. Likewise, data deaggregation is used to send data changes from a single data source to multiple target databases. Significant data normalization is employed to redefine data formats between the source and target databases and to convert the use of arrays and redefines between the databases. For example, for the BASE24 system, the primary task is to convert and replicate the variable length and format of Enscribe ATM transaction log records to the table schemas used in the AIX/Oracle analytics and reconciliation database. The transaction and I/O rates of the SQL/MP tables (RAK) and the Enscribe files (BASE24) are quite high, and they can spike to several times the normal load during peak periods (for example, holiday season). The replication engine must be able to handle these high data replication volumes and to scale as the bank’s business grows. The Licensing Crisis The bank planned to upgrade its NonStop systems to the new NB54000 NonStop BladeSystems. The plan was for RAK to run on a pair of eight-CPU NonStop NB54000 BladeSystems and for BASE24 to run on a pair of ten-CPU NonStop NB54000 BladeSystems. All systems would be dual-core, though the NB54000 NonStop servers easily could be upgraded to quad-core without requiring an application outage. Because of the migration to the new version of NonStop servers, the bank had to obtain updated licenses for its replication products. For many years, the bank had been using a third-party data replication engine to replicate data between its RAK and BASE24 NonStop systems and its AIX/Oracle system. Although the bank periodically had issues with the third-party’s offshore support organization, the bank had no immediate intention of moving off its current replication engine. The bank originally expected to migrate its existing licenses to the new NonStop hardware when the upgrade occurred. As it turned out, the renegotiation process stalled, and significant licensing issues arose as time was running out. In the end, the bank was able to negotiate a one-year extension of its BASE24 to AIX/Oracle replication licenses under its previously similar terms. Unfortunately, the bank discovered that the data replication vendor required a substantial increase in its license fees for the data replication engine needed for the RAK system. The fees were partly based upon the use of quad-core NB54000 blades; there was no price break for the bank using dualcore blades. The bank considered the new license fee proposal to be cost-prohibitive and rejected it. The Bank’s Options The bank was faced with limited options to continue the mandatory operation of its RAK system, and it did not have much time to spare. The last-ditch alternative was to renew the RAK license with the existing data replication vendor for the prohibitive license fee. To avoid this unacceptable option, the bank initiated an intense development effort to build its own file-transfer facility so that 30 Nov/Dec 2014 RAK periodically could refresh the AIX/Oracle database with new data changes made to the RAK SQL/MP database. However, the transformations required to map the SQL/MP source database to the Oracle target database introduced significant complexity, and the batch nature of the data-refresh process meant that the target environment would be working on stale data most of the time. With time running out, the bank turned to HP for help. HP’s response was to bring in Gravic and its Shadowbase data replication product. The Shadowbase replication engine supports SQL/MP, Enscribe, and Oracle (among many other databases) and comes with a broad range of data cleansing, filtering, and transformation functions. In addition, Shadowbase user exits allow the rapid creation of custom transformations that are not already in the Shadowbase repertoire. The Shadowbase license fees were well within budget for the bank. The bank decided to give Gravic the go-ahead to install the Shadowbase replication engine, provided that the installation and testing could be completed before the current RAK licenses expired. The Race Against Time By this point, only two weeks remained until RAK license termination. Gravic assembled a team of its experienced software engineers and began the installation effort. In order to configure the Shadowbase transformation facilities, Gravic had to know the transformations that were needed, requiring close coordination with the bank’s technical staff. Major challenges quickly emerged: • a bank requirement that all testing be physically performed at the bank’s central European facilities; • coordinating access to the key bank personnel, who were heavily involved in their own day-to-day responsibilities; • and implementing and testing the myriad functions that perform the actual data transformations during replication of events from the NonStop server to the Oracle target environment. Starting with the bank’s development environments, the needed functions were quickly implemented and were tested with customer test data. The effort then moved into the bank’s User Acceptance Testing (UAT) facility. However, this environment was significantly scaled back from the full-blown production environment, meaning that data loading and testing could be simulated but could not be completely performed until production roll-out. The team validated the Shadowbase implementation in the UAT environment by running it in parallel with the existing data replication solution. The target database tables between the two systems were compared to verify that they did indeed match and were processing the source data in the same way for the same types of application events. Once the Shadowbase UAT environment was validated, the bank scheduled the production roll-out. A Friday afternoon was selected to allow sufficient time for monitoring the new solution over the weekend, during which periodic full-daily processing cycles were performed, including load scale up/down functions. By the end of the weekend, all functions had been confirmed, and full production processing continued the following week. The result included long hours by the bank and Gravic staff to obtain the information they needed, to configure the Shadowbase replication engine to meet the replication requirements, and to thoroughly test and deploy the Shadowbase solution. These steps demanded considerable onsite effort from the Gravic team. With great relief on the part of the bank, the Shadowbase effort was successful. In just two weeks, the Shadowbase replication engine was installed and was working in production, replicating data from the RAK system to the AIX system. The bank avoided having to purchase an expensive license for the upgrade and began its efforts to consolidate and base its replication solutions on the Shadowbase product suite. Lesson Learned Of course, performing a migration from one product to another can be a risky endeavor even under the best of circumstances. Typically, projects such as these should be undertaken when there is sufficient time to fully plan the effort, fully test the new solution, and then fully deploy the replacement solution on your schedule and not an artificial one imposed by a nearly impossible-to-meet license expiration deadline. Unfortunately, not leaving enough time or allocating sufficient resources to the replacement project is an all-too-often barrier to success, subsequently forcing the customer to continue along with what it has done before, working under less than desirable circumstances. The obvious lesson here is to start the planning process as early as possible with sufficient management support to see it through to the end. The Next Steps BASE24 Replication The bank was still left with the one-year data replication engine license for its BASE24 system. Should the bank extend that license or switch to the Shadowbase replication engine to replicate data from the bank’s BASE24 system to its AIX/Oracle system? It made sense to have only one replication engine product to maintain. Besides, the Shadowbase license fee cost was substantially less than the existing data replication license fee. The bank therefore decided to switch to the Shadowbase replication engine for BASE24 data replication. With only three months to go on the existing data replication license, the bank authorized Gravic to proceed with configuring the Shadowbase replication engine for the BASE24 Enscribe-to-Oracle replication task. Though more time was allocated than for the original RAK installation, a new challenge arose. The data structures for the ACI BASE24 Enscribe files required considerable scrubbing and cleansing to transform the data into the required target SQL formats. The Gravic team once again worked diligently with the bank staff to implement the conversion functions, to test the new solution, and to deploy it into production before the existing licenses expired. The bank was now completely off of the previous data replication vendor’s solutions and successfully onto Shadowbase technology. Disaster Recovery Replication The bank still uses an active/passive architecture for its disaster recovery processing. This architecture actively runs the application on one node, while the other node sits idle receiving the database changes. If a failover needs to occur, the database on the standby node must be brought into a consistent state, the application on the standby node must be started, and the network must be rerouted so that user requests can be sent to the standby node’s applications. In addition, the replication engine must be reconfigured to reverse replicate new database changes to the failed node to eventually recover it. All of this effort takes time and can be risky if one or more of the failover sequences faults. How can that occur? It turns out that failover faults, where the failover process does not go according to plan and an extended outage occurs, can happen much more frequently than expected, especially if the standby environment is not thoroughly, successfully, and periodically tested. Since testing often has to take down the production application environment, this function is usually slated for off-hours and infrequent time frames, which leads to incomplete testing when the failover does not complete within a preapproved outage window. Without complete testing, how can the configuration of the backup system be ensured to remain identical to that of the production system? Otherwise, the failover may fail. Configuration drift is a leading cause of failover faults, in which changes made to the production system fail to be made to the backup system. The way to improve on this model and to improve the bank’s overall application availability profile is to look to the more advanced business continuity architectures, including the Shadowbase Sizzling Hot Takeover (SZT) architecture and the Shadowbase active/active architecture. In an SZT architecture, the application is up and running on both nodes, although only one node is typically receiving database change requests. (The other node can be receiving and processing read-only/reporting or query requests.) The application on the “standby” node has the data files and tables open for read/write access and has made all external connections. The data replication engine is configured for bi-directional replication. The benefit of this architecture is that the application is fully running on both nodes at all times. If a failover occurs, no delay is needed to bring the database into consistency, nor to bring the standby application up. Additionally, the standby application is in a known-working state as it is already running. A best practice is to send periodic test transactions to it against test accounts. These test transactions will ensure that the application on the standby node is functional for end-to-end processing. Hence, no production application outage needs to occur to test the standby node’s application processing; and the testing can be continuous, performed at any time of the day or night. With bi-directional replication configured, the reverse replication path also validates that it is functioning. If a failover occurs, no change to the replication environment is needed, and the backup system will start to queue the database changes for the reverse replication to resynchronize the original production database once that node is recovered. Once the active/passive architecture has been replaced with an SZT architecture, a final step will be for the bank to migrate from the SZT configuration to an active/active system, one in which both nodes share the transaction load. Each system replicates its database changes to the other database so that the applications on both systems have the same view of the application state. Failover is rapid, measured in seconds, and is reliable since it is known that both systems are working properly. Both are processing transactions. Furthermore, when a failure occurs, fewer users and data are affected, as only those users connected to the failed node actually have to fail over. www.connect-community.org 31 WHEN DOES YOUR BUSINESS NEED TO BE AVAILABLE TO YOUR CUSTOMERS? ALWAYS! MAKE CONTINUOUS AVAILABILITY THE RULE! • HP NonStop technology makes localized fault-tolerance a reality. • HP Shadowbase software extends this technology to geographic fault-tolerance. • Minimize risk by selecting the right HP Shadowbase business continuity and data integration architecture to meet your business needs. • HP Shadowbase software is now directly orderable from HP. For more information on Shadowbase Total Replication Solutions®, please download our product datasheet: www.gravic.com/shadowbase/pdf/white-papers/Shadowbase-Total-Replication-Solutions-Product-Datasheet.pdf www.gravic.com/shadowbase ©2014 Gravic, Inc. All product names mentioned are trademarks of their respective owners. Specifications subject to change without notice. Summary The bank was caught off guard by a large increase in license fees for its RAK replication engine. With little time to act, it had to develop multiple contingency plans to continue in operation. These plans included relicensing the current replication engine at a significant increase in license-fee cost, building its own replication facility, or moving to another replication engine. To avoid the substantial increase in license fees, the bank first decided to build its own replication utility as a fallback plan. This option used a micro-batch refresh approach to periodically load the source database changes into the target database on a set schedule. Unfortunately, choosing this option meant that the data in the target was immediately stale after each cycle, and the application Service Level Agreements (SLAs) required current data at all times. Clearly, a real-time data replication solution was needed. Hence, the bank initiated an aggressive plan to migrate to another data replication engine. Fortunately, this effort succeeded. With only two weeks to act, the Shadowbase team of software engineers configured the Shadowbase replication engine to properly transform and replicate RAK SQL/MP data to the AIX/Oracle system. With an intensive effort constrained severely by time, Gravic was able to help the bank avoid the costly relicensing of its previous data replication engine. The bank is in the process of deploying Shadowbase replication solutions for its other data replication needs. Shadowbase software now performs the BASE24 to Oracle replication function, and the bank is investigating the enhancement of its business continuity solutions to a Shadowbase SZT model as an interim step to ultimately achieving an active/active implementation. The Shadowbase Data Replication Engine The Shadowbase data replication engine provides homogeneous and heterogeneous data replication between diverse databases and applications. Shadowbase data replication can take place between any supported source database and any supported target database. Either database may be a relational database or a non-relational database. Shadowbase business continuity solutions span the active/ passive architecture to the Sizzling-Hot-Takeover architecture, to a fully active/active architecture. Whereas these solutions help eliminate unplanned application downtime, the Shadowbase Zero Downtime Migration (ZDM) solution eliminates planned downtime for complex system, site, database, and application upgrades and conversions. In addition, Shadowbase solutions provide data integration and synchronization, as well as application integration. In these cases, data changes typically need to be replicated from one environment to another, for example to feed operational database changes into a data warehouse. Similarly, using Shadowbase technology, real-time business intelligence systems can be built by combining the output of one application with the input of another application, for example feeding a real-time fraud detection system with transactional activity flowing across a financial message switch and returning the results to flag suspicious activity. The Shadowbase data replication engine includes powerful transformation facilities that map data between the source database structures and the target database or target application structures. Shadowbase user exits allow special transformation customization functions to be embedded into the replication engine for transformations that are not directly supported. Attributes of Shadowbase data replication are low latency, high capacity, heterogeneity, powerful data transformations, flexible end points, and continuous availability. Integrating heterogeneous data resources is a formidable challenge, a challenge that is solved by Shadowbase software.1 These Shadowbase solutions are available from HP under the HP Shadowbase product name. 1 For more information, visit Gravic’s website, www.gravic.com/shadowbase/whitepapers, to see the white papers: Shadowbase® Streams for Data Integration and Choosing a Business Continuity Solution to Match Your Business Availability Requirements. Paul J. Holenstein is Executive Vice President of Gravic, Inc. He is responsible for the Shadowbase suite of products. The Shadowbase replication engine is a high-speed, unidirectional and bidirectional, homogeneous and heterogeneous data replication engine that moves data updates between enterprise systems in fractions of a second. It also provides capabilities to integrate disparate operational application information into real-time business intelligence systems. Shadowbase Total Replication Solutions® provides products to leverage this technology with proven implementations. For further information regarding Shadowbase data integration and application integration capabilities that can assist in solving big data integration problems, please refer to the companion documents Shadowbase Streams for Data Integration and Shadowbase Streams for Application Integration, or visit www.Gravic.com/ Shadowbase for more information. To contact the author, please email: SBProductManagement@gravic.com. Did You Know? iTP Secure WebServer 7.5 Did you know that HP recently released even more enhancements to the iTP Secure WebServer product with release 7.5? These features include: • Encrypting exported keys and importing already encrypted keys • Distinction between client & server root, intermediate, and leafcertificates • SHA256 Hashing Algorithm • Online update of individual serverclass configuration • Configurable HTTP(S) POST request size Contact your HP Nonstop sales representative for more information www.connect-community.org 33 The Renewed Need for Secure Managed File Transfer Richard Buckle Founder and CEO Pyalla Technologies, LLC R enaissance is a very strong word and yet, it leaves no doubt that change occurred. Technology tends to be cyclical in nature, where companies and products can be considered as having very definitive lifecycles and yet, time and again, there’s evidence of transitions taking place in response to the emergence of new cycles emerging in response to changing market needs. Astute vendors can hitch a ride on a new lifecycle and, in so doing, reinvent themselves. One such vendor is the owner of the product, DataExpress (DX); once a major contributor in the NonStop world as it capably moved files between companies, partners and agencies of late it has appeared to be in the background. However, today the headlines are dominated with stories of security breaches and compromised data so almost overnight, secure managed file transfer is a must. A resurgence in the need for DataExpress is coming at a time, too, when the NonStop community may not even be aware of the product’s capabilities. Coming off participating in user events in the mid-Atlantic and Canada, I had noticed that the NonStop product management partner slide didn’t even include DataExpress – a situation that has now been addressed – so I reached out to the management team at DataExpress for an update, together with insight into what now drives the company. What follows here comes as a result of interviews with CEO, Billy Whittington (BW), President, Michelle Marost (MM), and Senior Analyst, Susan Raye (SR). Looking all the way back into the 1990s, how did DataExpress, the company, come into being? MM: “It started out with Billy and myself doing consulting in the file transfer marketplace following stints with companies providing product. People familiar with the System Center (later Sterling Software) product Network Data Mover (NDM) may know us. In 2000, when Sterling Williams divested of his two companies (Sterling Commerce & Sterling Software), we felt that the market would be receptive to our independent technical capabilities on Sterling’s system management and file transfer products. We registered a consulting company, and stared the world in the face.” BW: “Michelle and I had worked together for a long time and trusted each other’s judgment so it was an easy call to go into business together and at the time, our skills in file transfer products seemed marketable.” MM: “Our first client, a major credit card company, was in the process of building a new infrastructure, eliminating a host of disparate communications mechanisms and consolidating them onto a new store-and-forward gateway operation, all based upon the resilience of NonStop technology. The goal was to connect with a pilot ‘member’ organization, and then rapidly migrate a select group of endpoints in order to prove the solution. As the solution was similar to a previous project we undertook in South Africa some years before, it was reasonably simple to understand the desired end result.” BW: “When it comes to deciding who does what, working for this credit card company, we literally transitioned from one role to another as the need demanded, and this was to put us in a very good position when later we became a product company.” What then did lead to you becoming a product company and how did you manage to turn this into a successful endeavor? MM: “At first, we were retained to support the Sterling Commerce file transfer product but we intentionally increased our knowledge of the adjacent products and disciplines until we had a favorable understanding of the entire deliverable. Working in close harmony with specialists across multiple disciplines, we were able to assist with bringing the credit card company’s project back on target which culminated in the two of us being 50% of the ‘go live’ team. After the Pilot member was deployed, we were reengaged to stay with the project through the deployment of the top 300 connections, delivering twice-yearly planned architected enhancements to the solution along the way. This engagement enabled us to grow our team to 19 strong, and lapped over 7 years of continued participation in both development and production support.” 34 Nov/Dec 2014 BW: “There is no denying that the experience gained with this first project not only put us in a good position knowledgewise, but further developed our business skills. Simply being re-engaged twice was a significant milestone of itself.” MM: “During this time, the ‘traffic cop’ at the core of the solution, DataExpress for NonStop, came up for acquisition and it made perfect sense for us, as a company, to invest in the product itself. This increased its foothold, its customer base and put its experienced technicians to great use. In 2004 the acquisition was completed with two products, DataExpress for NonStop (DXNS) and DataExpress for Open Platform (DXOP). Since then our company underwent the metamorphosis from being a consulting company into a product development and support entity, DataExpress, with a marquis customer base. Our continued investment in the products has seen these products grow to meet the technology enhancements, requirements and demands that make for a robust product offering.” Purchasing both a NonStop product line as well as an Open Platform offering, was there just one code base? A common or shared architecture, or were the products aimed for different use-case scenarios? BW: “Looking back at the decisions we took at the time it seemed rather routine – two products, two teams. Michelle continued with the NonStop product whereas I took on oversight for the Open Platform product. Very quickly, we came to understand the culture and philosophy of our target audience very well. And it was very different – the mature operations focused NonStop users versus the less structured ‘it’s just Windows’ attitude of the Open Platform community. The products were different and that was deliberate as it was a reflection on where in the customers’ business the two products resided. While it had been acceptable to directly connect NonStop to the WAN networks of the day, with the arrival of the Internet, customers preferred to front-end all network connections rather than having the NonStop system exposed to the global web.” MM: “When we bought DataExpress we added 24 customers essentially overnight and just as other vendors working with primarily Financial Institutions (FIs), we were impacted by the frenetic Merger and Acquisition activities of the past decade, but even as some customers were consumed by others we were still able to add new customers. Furthermore, with the experience we had and with the knowledge we accumulated from our consulting days, we were well positioned to build a lot of add-on features that we introduced into the install base. These were all aimed at supporting different customer requirements, but the choice of platforms NonStop and Open Platforms (Windows, Linux, OSX and Unix) and their role within the data center / network dictated that we maintained different products.” Today you are a company focused on secure managed file transfer – a far cry from what others may view as leading edge or exotic. Clearly, with what we have seen in the media, the highlight of 2004 for you has had to have been security – and is that what continues to make product development interesting today? BW: “When we started, it was all about making sure we could move a file from one place to another in a managed way. That is, our customers could schedule a file transfer and they could track the transfer as needed and all the time, be assured that the file would arrive at the right destination and on time. We also saw how many companies made the assumption that this was an easy task to complete. More often than not, when it came to implementing completely new applications, getting data to where it was needed was often overlooked until the very end of the project oftentimes jeopardizing the entire project. Our focus has remained on ensuring the ever-growing complexity appears "easy" in the eyes of the user.” MM: “I think the answer here is security, knowing where any file is at any time. Since early DX customers were the banks, it was critical to know where each file was in the flow. DX tracks each file as it arrives and as it is delivered. Originally, DX was designed on NonStop to handle the legacy modem communications via Async, Bisync, and SNA but today, DX provides IP connections as well along with a full suite of encryption protocols to support current requirements for file transmissions, all in a single application. And yes, we work with other NonStop partners and take advantage of their product offerings, and comForte is one such vendor.” BW: “I agree, what makes DXNS and DXOP so interesting today is the increasing element of security. We have gone to great lengths to make sure you don’t need to be worried about security when it comes time for your company to move anything at all. With as many headlines as we have today featuring break-ins with data stolen and personal information compromised, businesses in every market are, or should be, very concerned about moving files even when the mesh of interconnectivity and dependence is escalating, particularly when it includes government regulation.” MM: “Another feature that differentiates DX from other products is our scheduling and tracking. This is especially important for financial data with Service Level Agreement (SLA) requirements where the penalty for failing to meet them has a direct financial impact to your bottom line. You need to know exactly where the data is at all times and our product can reach out to you if it isn’t where it should be, at the time it should be there. DX also allows remote sites to send in data using one method and deliver the data using another. For www.connect-community.org 35 SEARCH C2 / Crunching Big Data SMARTER Tap into the incredible network of the HP Enterprise User Marketplace brought to you by Connect. The Marketplace enables busy HP business technology professionals like you to cut through the clutter of traditional search engines. Perform targeted searches for industry related products and services all from one convenient place. Vendors– Interested in reaching your target market 365 days a year? Call 1-(800) 816-6710 or send an inquiry to connect@multiview.com for more information. START YOURS & MAKE IT A FAVORITE PAGE: HPEnterpriseUserMarketplace.com OR SCAN THE QR CODE TO THE RIGHT 30 example, the remote can send data to DX using HTTP/s, with DX forwarding the data to the backend host via SSH. In this case, the backend host does not need to be able to handle HTTPS, DX provides the single point of entry with the internet and limiting the site’s exposure to the outside world. The original DX runs on the NonStop platform and has provided a reliable gateway for data transmissions for over 25 years. However, with more and more IP traffic, security departments are requiring traffic to flow through a DMZ site rather than directly to the Nonstop. This is where our DXOP product bridges the gap. DXOP runs both, at the DMZ, via a Secure Gateway, and behind the firewall, where files are securely stored and forwarded to the Line of Business for processing. SR: “This is the year of security. What I am seeing within the customer base is a recognition that you can’t just pull down a security module and believe you are alright. You have to install it, you need to maintain it, and at every step, you need to be vigilant. This is our area of core competence and we continue to listen to our customers as they consider anything new that appears in the marketplace.” BW: “For us, what really makes it an interesting area to be working in and why we are seeing a renewed interest in our company has to do with the sum of all the little things we have done to protect the data within the files our customers have to move. Whether it is a bank transferring sizable sums of money or a medical center passing on patient records, no business wants to have the data compromised nor do they want to find out that the file simply disappeared. And here’s where I see NonStop systems having a distinct advantage reflecting the maturity you find in their operations center. With our DX product, there’s likely to be one, maybe two releases a year but when it comes to DXOP, it’s a more rapid-fire type of distribution methodology as the landscape changes much faster. Again, NonStop customers are exhibiting a desire to be ‘leading edge, conservatively’ – they want to be seen to be a leading edge FI but not at the expense of security.” No conversation can be complete of course without a look at what is in the works – when it comes to moving files, what are you now bringing to market? SR: “Clearly, what we are doing now that excites us has to do with the world of email. Society in general and business particularly, is becoming over-reliant on email attachments. DataExpress now has two new components, DXOP Impulse and DXOP Email Interceptor. DXOP Impulse is where we started – giving users a browser-based ability to identify files to be distributed to one or more recipients via HTTP/s and where emails are automatically created, notifying intended receivers. However, with the dialogues we had with customers, this led to DXOP Interceptor which allows businesses to control email attachments.” MM: “Yes, our latest addition provides for secure handling of email attachments, an area of high security risks. Today everyone has spam filters on their incoming email, checking for junk or malicious intent, normally unbeknown to the average corporate user, yet nobody has that type of filtering silently protecting their outbound attachments – until now. DXOP also provides for ad-hoc file transmissions: you enjoy the security and tracking capabilities of standard DXOP jobs without the requirement to set up an individual job each time you need to send files securely. And yes, the source files can originate on NonStop systems and leverage the presence of DXOP as a frontend satisfying all the needs that security staff have today.” BW: “‘If we didn’t have fraud, I wouldn’t have a job,’ I was recently told and it’s a reflection on the state of technology today. As I look at what is in the works, I cannot ignore what’s happening in the world at large. In America, we have the changes in healthcare brought about by the current administration and this is impacting healthcare providers across the nation – it’s forcing the entire healthcare industry to up their investments in infrastructure, including IT. And front and center of such infrastructure upgrades is the secure file transfer of patient information. And of course, the sheer volume of emails that attract the hackers of this world opens the door wider for even greater opportunity for our company.” Like many in the NonStop community, I suspect I simply overlooked the need to secure and manage file transfers. The increasing reliance on SLAs and the huge penalties that are levied should timeframes be missed – current penalties when dealing with the U.S. Federal Reserve can run into the millions of dollars – mandate sophisticated, mature, resilient solutions and for the NonStop community, these are at hand and available from DataExpress. Like many, too, I am not easily moved by the latest gee-whiz technology but when it does come to having something of mine moved I don’t want the world looking over my shoulder! And yes, I truly see the new development by DataExpress moving into the world of managing email attachments as an example of technology spawning a brand new lifecycle! Richard Buckle is the founder and CEO of Pyalla Technologies, LLC. He has enjoyed a long association with the IT industry as a user, vendor, and more recently, as an industry commentator. Richard has over 25 years of research experience with HP’s NonStop platform, including eight years working at Tandem Computers, followed by just as many years at InSession Inc. and ACI Worldwide. Well known to the user communities of HP and IBM, Richard served as a Director of ITUG (2000- 2006), as its Chairman (2004-2005), and as the Director of Marketing of the IBM user group, SHARE, (2007-2008). Richard provides industry commentary and opinions through his community blog and you can follow him at www.itug-connection. blogspot.com, as well as through his industry association and vendor blogs, web publications and eNewsletters. The quotes come from some of Richard’s clients including HP, Integrated Research, comForte, DataExpress, WebAction, Inc., InfraSoft, and OmniPayments, Inc. www.connect-community.org 37 Thank you to the NonStop Advanced Technical Boot Camp Sponsors 2014 NonStop Technical Boot Camp Sponsors DIAMOND Sponsor PLATINUM Sponsor GOLD Sponsor SILVER Sponsor www.connect-community.org Node.js on the HP NonStop Server continued from page 27 using serverclass instead of threads makes it a less complex way of handling waited I/O than the creation and usage of “worker threads”. It also provides easier and better elasticity since serverclass instances are under the control of TS/MP and effectively the Node.js application can “assume” a limitless number of available “worker threads”. Using a DB serverclass introduces the possibility of different techniques of DB access – for example, a DB serverclass that uses dynamic SQL and the SQL/MX CLI directly, or a DB serverclass that relies on ODBC/MX and the SQL/MX Connectivity Services (MXCS). Finally, although not specifically related, it should be noted that an existing TS/MP serverclass that uses embedded SQL should be accessible to JavaScript applications using a Pathsend API – the message flowing across that API of course being specific to the application. Last but not least - a sincere vote of thanks This project would not have been possible without the guidance and knowledge provided by various staff members of HP, particularly individuals from the America’s NonStop Consulting group, the ATC, and Development. References [1] http://nodejs.org/industry [2] http://blog.rivaliq.com/develop-double-time-node-plusstreamline Bibliography http://nodegeek.net/2013/12/nodejs-v8-history http://code.google.com/p/v8/ https://developers.google.com/v8/ http://nodejs.org http://blog.nodejs.org/2011/09/23/libuv-status-report/ Mike Cantelon, et al. Node.js in Action. ISBN 9781617290572. Manning Publications Co. 2014. http://www.crockford.com/javascript/javascript.html http://www.ecma.international.org http://blog.rivaliq.com http://docs.nodejitsu.com http://thechangelog.com/116 http://www.joyent.com/developers/videos/node-summit-node-jsin-the-enterprise David Finnie is VP, Development at Infrasoft. Finnie has over 25 years of designing and developing software for NonStop systems, with an emphasis on high performance middle-ware. He has worked at customer sites and at ISV's on a variety of projects and products, on a range of operating systems and platforms. Finnie is a co-founder of Infrasoft Pty Ltd. Neil Coleman is CTO, Infrasoft. Coleman has over 30 years of designing and developing software for NonStop systems, with an emphasis on high performance middle-ware. He has worked at customer sites and at ISV's on a variety of projects and products. Coleman is a co-founder of Infrasoft Pty Ltd. Do you have your Library Card? Get your Card from HP Education Services and start checking out the Security User Awareness Training Library HP offers computer-based training (CBT) that has advantages like: • The ability to scale the training across your organization. • Users can take training as per their schedule. • It ensures that your program communicates a standardized message. • It is easier to track who took the training, which is often required for compliance purposes. Free 21 Day Trial Available Now Library Card Available January 2015 Why choose HP Security User Awareness training? • More than 40 engaging modules. • Available in 28 languages.1 • Sharable Content Object Reference Model (SCORM) compliant. • U.S. Federal 508 compliant for compliance with the Americans with Disabilities Act. • Regularly reviewed and updated. • Global content for global enterprises. Get your Card...Get Secure. Learn more at hp.com/learn/securityawareness www.connect-community.org 39 OmniPayment’s Yash Kapadia Was Happily Retired Until His Wife Demanded He Return to Work Janice Reeder-Highleyman Principal Reeders & Writers Introduction Leave it to the spouse to know what is best for the family. Back in 2003, Yash Kapadia and his Opsol Integrators performed so well with a fixed-price contract that Yash was able to retire and devote 24x7 attention to his family. Six months later, retired life ended abruptly when Yash’s wife insisted he return to work. So back Yash went from nonstop at home to the NonStop environment where he had thrived for years. Just in time to create OmniPayments. Opsol and OmniPayments were the Brainchildren of a Tandem Developer OmniPayments (www.omnipayments. com) is an HP NonStop-based financialtransaction switch that offers customers all the requisite functionality to manage credit-card and debit-card transactions. It is Yash Kapadia one member of the Opsol family of NonStop mission-critical solutions for the financial industry. Opsol was founded by Yash in 1995, shortly after he left Tandem Computers. During his tenure at Tandem, Yash assumed numerous responsibilities. Originally a member of the NonStop Kernel Group, Yash next worked as a developer within the OSS environment. A position with Tandem Information Services (TIS) led to Yash managing a 150-person team that developed specialized applications for customers such as United Airlines and John Deere. When Bill Heil, at the time a Tandem product manager, needed a developer to build a Tandem-based web server, Yash volunteered. Within six weeks, he completed what soon became known as the iTP WebServer, a port to Tandem from an open-source Internet server. The Founding of Opsol Integrators Within the IT industry, it is common for the staff of major technology organizations to leave employment in order to develop solutions and services that complement those of the companies they departed. When Yash left Tandem, he didn’t abandon the NonStop platform. Instead, he founded Opsol Integrators Inc. (www.opsol.com). Opsol is short for “Open Solutions,” and the company addressed customer interest in what was then the new development model of open source. More specifically, Opsol specialized in porting open-source solutions to NonStop servers running under OSS (Open System Services). Opsol’s first customer was a major U.S. bank. Opsol helped the bank to reengineer and re-architect its NonStop Guardian ATM applications to run under Tuxedo and NonStop OSS. In the late 1990s, Tuxedo was the predominant transaction monitor. The bank intended to migrate its applications to Tuxedo so that the applications could interoperate with Tuxedo applications on other systems. Today, the bank’s Tuxedo-based applications remain in use and process 1.8 million daily transactions. 40 Nov/Dec 2014 During this time, Yash maintained close ties with Tandem. He became a certified Tandem instructor and taught classes all over the world in subjects such as TS/MP, TM/MP, OSS, iTP WebServer, and later Java. Opsol Takes a Risk with Fixed-Price Contracts Fixed-price contracts are unpredictable. Deadlines may be missed by wide margins, and costs can escalate quickly beyond original estimates. It is the vendor that carries the risk, and that is why so many vendors are unwilling to absorb unforeseen costs and time overruns. Nonetheless, Yash is a risk taker. He decided early on that multiple NonStop opportunities existed for a partner who was willing to undertake fixed-price application development. A. G. Edwards, a major U.S. broker-dealer, was Opsol’s first fixed-price customer. The contract stipulated the development of a trading application to be ported from an IBM mainframe to a Tandem system. If the port was successful, A. G. Edwards would purchase a Tandem system and would pay Opsol the agreed-upon fixed price. If the port did not work, A. G. Edwards paid nothing. The customer set a specific benchmark for Opsol. The system had to support 8,000 brokers and process seventy transactions per second, a significant transaction volume back then. To reinforce its development efforts, Opsol acquired its own Tandem system and successfully executed on time and within budget the port of the trading application to run under OSS. Opsol was now firmly established in the fixed-price business, and more customers signed on. Yash and his team developed financial applications for Citbank of Mexico (Banamex); and Citibank was the first to purchase OmniCrypto, Opsol’s encryption software. A new financial trading system running under NonStop OSS was built for the Bourse de Paris (now Euronext Paris). A major ISP (Internet Service Provider) turned to Opsol for OSS application-development services when the ISP became one of Tandem’s largest customers. NonStop and Opsol – Perfect Together People who worked on the NonStop platform are often linked to NonStop forever. That certainly is the case with Yash. During Opsol’s early years, Yash negotiated an outsourcing agreement with Tandem to perform application development for Atalla, a Tandem subsidiary that served as Tandem’s encryption arm. Atalla provided hardware security modules (HSMs), external devices that performed all at-rest and in-flight data encryption functions, and key management for Tandem Yash and Ajaya Gummadi, Worldwide applications. Product Manager for NonStop Products Yet another Tandem/Opsol collaboration was the execution of ZLE for Tandem. ZLE, or Zero Latency Enterprise, was a Gartner Group term for any strategy that combined information across technical boundaries (operating systems, database management systems, programming languages, etc.) to enable real-time business benefits. Tandem asked Opsol to assist with the development of custom software for Tandem’s ZLE version, which allowed disparate data to be moved in real time and in a common format to an Operational Data Store (ODS). There the data was available immediately. Tandem succeeded in displaying to a large retailer the power of ZLE, but the ZLE implementation stalled at that point. Yash believed that there was more potential for ZLE than Tandem realized, so Opsol negotiated the acquisition of Tandem ZLE’s intellectual property rights. Soon after, ZLE was reborn as Opsol’s OmniHub, a NonStop data integration solution for companies requiring IT infrastructure integration in order to capture a single view of their customers’ transactional activities. Yet Another Fixed-Price Opportunity Paves the Way for Yash’s Early Retirement OmniMessaging from Opsol evolved from yet another intellectual property acquisition. In the early 2000s, with Tandem via Compaq now under the umbrella of HP, Opsol successfully negotiated the rights to HP’s NonStop Internet Messaging solution. Internet Messaging delivered secure, reliable, and scalable messaging services for telcos, mobile operators, governments, and large enterprises. OmniMessaging became the name of the newly acquired product, and Yash found a promising opportunity with a major Japanese telecommunications operator. The telco had been using a Sun server for its messaging system, and the system had proven unreliable as the telco’s subscriber base expanded. As a result, the telco was eager to consider alternatives, one of them being the fault-tolerant HP NonStop. Opsol was able to secure a fixed-price development contract. However, the contract’s terms and acceptance test criteria were onerous for Opsol. Build on HP NonStop a reliable OmniMessaging platform that integrates successfully with the telco’s existing applications, or get paid nothing. Few vendors would have exposed their businesses to such potential for failure. But Yash and his staff, by this time fixed-price veterans, were confident that the risks in terms of deliverables, quality, and schedule could be managed. The project proved to be far more challenging than Yash had anticipated. Yet in 2003, all acceptance test criteria were met; and the telco adopted the OmniMessaging platform on NonStop. With huge risks come huge rewards. The telco’s payment to Opsol was so lucrative that Yash Kapadia was able to retire. “A Retired Husband is Like Having a Grand Piano in the Kitchen” To quote from television’s long-running hit The Cosby Show, "A retired husband is like having a grand piano in the kitchen. It looks good, but the damn thing is always in the way." We will never know what exchanges took place between Yash and his wife, but retirement for Yash lasted a mere six months. With his company still intact and with his relationship with HP still strong, Yash reentered the work force with an eye to focusing Opsol’s talents on solutions for the payments industry. Opsol already was heavily involved with Citbank of Mexico, and Rabobank in the Netherlands was now an Opsol customer. The U.S. bank that had been Opsol’s first customer had early on adopted BASE24, the electronic retail payment switch from ACI Worldwide. Widely deployed in the financial payments industry, BASE24 ran on the bank’s NonStop servers. The bank maintains a network of 15,000 ATMs and thousands of retail POS (point-of-sale devices). It decided to add consumer-friendly, personalized ATM services and selected Opsol to build a new ATM-management system. Yash and his team installed Opsol’s OmniATM solution to manage the enhanced ATM network and interfaced OmniATM with the BASE24 transaction switch. The bank was so satisfied with Opsol’s performance that it recommended Opsol to another U.S. bank. Soon after, that bank became an Opsol customer as well. BASE24’s Sunset on NonStop Heralds the Birth of OmniPayments In 2008, ACI Worldwide announced the sunset of its BASE24 financial-transaction switch on NonStop servers. Ending as well would be ACI’s support for existing NonStop BASE24 applications. The sunset of such a popular product furnished Opsol with a huge opportunity. Yash observed the dilemma posed to NonStop users by BASE24’s exit. Users could migrate to BASE24 on IBM mainframes; they could upgrade on NonStop to ACI’s BASE24-eps, a completely different product; or they could consider the use of other vendors’ solutions. Yash decided that Opsol should be one of those other vendors and introduced a new transaction-authorization switch, OmniPayments, to serve as a BASE24 replacement. Opsol already had a head-start on OmniPayments’ development. OmniATM, OmniCrypto, OmniHub, and OmniMessaging were installed in numerous locations worldwide; and the four products formed the basis for the OmniPayments solution. Additional modules, including OmniDirector, OmniOffender, OmniPOS, OmniReplicator, OmniStandin, OmniLogger, OmniConsole, and OmniDash, completed the OmniPayments layered design. Some components can be purchased separately and are used by Opsol to develop custom applications. All modules are SOA (service-oriented architecture) compatible. In 2009, an OmniPayments pilot project was initiated with the U.S. bank where OmniATM already was installed as the ATM management system. The project was immediately successful, the bank was thrilled, and Opsol was now in the BASE24 replacement business. So large was the potential market for OmniPayments that Opsol decided to set up OmniPayments as a separate corporation. Opsol Integrators Inc. is now the services arm, and OmniPayments Inc. is the product arm, focusing on payment transactions. A typical BASE24 replacement takes about four months. The OmniPayments license fee is not based on transaction volume but instead on a one-time software license. OmniPayments’ Presence in Latin America Although Opsol Integrators serves a global audience, OmniPayments has focused its efforts to-date on North America and Latin America. The company has achieved considerable success south of the U.S. border, in great part incumbent upon the capable leadership of Mauricio Meir. Mauricio joined Opsol Integrators in 2009 as Vice President of Sales for Latin America. He, like Yash, is a former Tandem/Compaq/HP employee and held numerous management positions. Under Maurico’s guidance and with the strong support of Alejandro Mendoza Perez, Opsol’s Vice President of Services in Latin America, OmniPayments has implemented a large installed base in several Latin www.connect-community.org 41 Biometrics Operator - To control fraud and drug cartel money laundering, Colombia established a national database of fingerprints for all of its citizens. The parties to any large cash or debit-card transaction must be authenticated by their fingerprints. To manage fingerprint authorization for debit cards, Colombia has designated Biometric Operators, who act as authorization agents. Carvajal has been designated a Biometric Operator. It uses OmniPayments as the transaction switch between debit-card transactions entered at POS terminals and the national fingerprint database, used to authenticate those transactions. The Future is in the Cloud Yash, Mauricio and Fernando Gomez, Banelco American countries, notably Colombia. In countries where HP NonStop does not offer 24x7 support, Opsol provides managed services. Omnipayments success stories in Latin America include: Colombia’s Families-In-Action program - The Colombian government has put into place a social safety net for poor mothers who have difficulty caring for their children. Familias en Acción offers semimonthly cash payments to the poorest of Colombia’s mothers. The OmniPayments financial-transaction switch serves as the link between mothers and Colombia’s national bank, Banco Agrario, for the distribution of cash subsidies. Casa Ley - Casa Ley is one of Mexico’s largest, privately held grocerystore chains. It uses OmniPayments in a continuously available active/ active configuration to handle payment-card transactions. The backup for this system is provided by the OmniPayments cloud. Correspondent Banking Services – In several Latin American countries, OmniPayments provides correspondent banking services to remote regions that cannot support bank branches. Correspondent banks are village merchants to which Opsol supplies POS terminals connected to the bank’s OmniPayments switch. Local residents use the merchants’ POS terminals for a variety of banking services. The Dominican Republic deploys OmniPayments as its countrywide financial-transaction switch. Preauthorization Services - One of Latin America’s largest suppliers of electronic transactions counts on OmniPayments for preauthorization services. The OmniPayments Preauthorization Engine seamlessly interfaces to the EPS (Electronic Payment Systems) provider’s financial-transaction switch via an Opsol-created custom support module. The switch routes all financial transactions to OmniPayments for preauthorization prior to submitting the transactions to the issuing banks for final approval. This amounts to almost 200 million transactions per month. Carvajal is a major technology consulting and services company. Its goal is to create the predominant financial-transaction network in Latin America. For years, many of the region’s financial-transaction networks have depended upon a Unix-based transaction switch implemented on commodity servers. This switch has not provided the reliability required by the Latin American banks, has been unable to support new functional requirements, and is expensive. Carvajal selected the OmniPayments financial-transaction switch as the foundation for its transaction networks. Having already failed at early retirement, Yash has no plans to stop working in the near future. Instead, his next objective is to build OmniPayments clouds in North America and Latin America. Already, an OmniPayments cloud based in Northern California serves as the backup for several customers in an active/active financial-transaction switch configuration. Yash also intends to establish several generic clouds for general use. His first cloud in this category hosts ITUGLIB, Connect’s library of user-contributed freeware and other software utilities. OmniPayments provides at no cost to Connect the processing capacity, maintenance, power, and bandwidth. The Secret Sauce in the Opsol/OmniPayments Recipe for Success Yash credits the success of his companies to several ingredients. One is his willingness to take on fixed-price contracts, whether for the development of custom applications or for enhancements to OmniPayments. Yash confesses that he initially agreed to this uncertain payment option because he was “young, stupid, and willing to take a risk.” Years later, with numerous fixed-price successes on his resume, he is confident that his team of approximately 100 NonStop programmers can complete just about any development project within six months. His programmers are the second ingredient in his secret sauce, and their skills afford Opsol a competitive advantage when it comes to custom work. The third ingredient is Yash’s pricing model. Privately owned, Opsol and OmniPayments possess tremendous flexibility in adjusting quotes to attract potential customers. This is evidenced by Opsol’s successful bidding of NonStop systems against Unix and Windows competitors. Even more impressive is Yash’s guarantee that the OmniPayments financial-transaction switch will save a company at least 50% of its current transaction processing costs. The final ingredient is Yash’s wife. Her unwillingness to have Yash constantly in her way at home – like the grand piano in the kitchen – drove Yash out of an early retirement and back into the world of product development. A big shout-out to Mrs. Kapadia comes from those companies who made strategic investments in Opsol/OmniPayments technology. Opsol Integrators and OmniPayments maintain a presence in several locations. They include company headquarters in California, development facilities in India, and offices in Houston, Mexico, and Colombia. Janice Reeder-Highleyman loves to jump from high places. She skydived from planes long before she learned to fly them, and bungy jumping from New Zealand’s Kawarau Bridge was just too short a trip to the water below. To Janice, jumping is a calculated risk. In that sense, she has something in common with Yash Kapadia, the CEO of Opsol Integrators and OmniPayments. As this article demonstrates, Yash’s measured risks with fixed-price contracts have resulted in lucrative successes for his companies. Janice is a communications specialist and former ITUG chair. Contact her at jreederhi@gmail.com. 42 Nov/Dec 2014 YOUR INDEPENDENT HP BUSINESS TECHNOLOGY COMMUNITY HP Contacts Have you downloaded the Connect iPhone App yet? Visit the App Store & search for "Connect- Your Independent HP business technology community" HP office location information can be found at: http://welcome.hp.com/country/us/en/contact/ww_office_locs.html The NonStop™ server Web site can be found at http://h71033.www7.hp.com HP telephone numbers in select regions and countries: Argentina 5411.4787.7100 Australia 13.13.47 Brazil 11.4197.8000 Canada 1.905.206.4725 Chile 562.290.3310 Czech Republic 420.2.613.07.111 Denmark 4812.1000 Finland 0205.350 France 0.820.211.211 Germany 0.70.31.14.0 Hungary 06.1.382.1111 Italy 02.9212 Mexico 55.5258.4000 Middle East 009714.3916000 New Zealand 09.9189555 Norway 47.24.09.70.00 Poland 22.566.60.00 Singapore 1.800.278.8100 South Africa 27.0.11.785.1000 Sweden 08.524.910.00 United Kingdom 01344.360000 United States +1.800.282.6672 For NonStop price quotes and presales questions, call 1.800.282.6672. www.connect-community.org 43 Back for More… Richard Buckle CEO Pyalla Technologies, LLC. R eturning to Boulder, Colorado, following three weeks on the road is both a relief and a wake-up call – snow was falling in the mountains. However, what struck me this morning was not just the view of the continental divide draped in snow but the car satellite radio station playing the theme from the surfing movie, Endless Summer. What a contradiction and yet, as incongruous as it appeared, perhaps it wasn’t all that strange as half the world was heading into summer and there was likely a part of the audience here in the U.S. looking forward to heading to warmer latitudes. For almost a month it has been NonStop user groups that have occupied much of my waking hours as I participated in a couple of them presenting on behalf of one of my clients. This had taken me to the east coast where I had the opportunity to catch up with folks from HP as well as the vendor community. I was also able to observe practices quite foreign to me that will more than likely be referenced in upcoming posts to a number of blogs – already, the post “The long and ‘cash-is-required’ road …” has been published on the industry website, ATMmarketplace.com, and there will be more shortly on other sites. Having to go inside Canadian gas station as the pumps wouldn’t accept my non-chip credit card was a nuisance, but carrying a Ziploc bag full of coins for the tollways in the U.S. was even more annoying. It was former ITUG Chairman, Bill Honaker, who agreed that, yes “the Northeast is the most complex” when it comes to tolls, but he also pointed out that there’s NonStop working hard “supporting software registration of customers (with rental cars) on EZ Pass.” Cash is still very much a part of our daily lives and even though there are many instances where cards suffice, we still have ways to go before we are truly a cashless society, so much so, I am not all that sure we will make it. Consider this; cash cannot be hacked as there’s no direct way into my real wallet other than by old school pickpockets, and today I am more at ease with dealing with the prospect of losing a little cash to those individuals than losing all my money to faceless criminals in whoknows-what country! For several years now I have maintained a small supply of Canadian banknotes, and while their number diminishes with each trip, it doesn’t entirely go away and I suspect that when it comes time to return to Canada next year, I will still be depending on cash. As incongruous as it was to hear the tunes of summer coming from my satellite radio station as I peered out onto snow-covered mountains, it’s maybe more strange to realize how dependent we remain on the venerable ATM. No matter where we are in the world, we can insert a piece of plastic and retrieve a stack of notes in the currency of the land. Wonderful! And behind the ATM, merrily moving the money is a NonStop system, or two, and even after forty years, Financial 44 Nov/Dec 2014 Institutions (FIs) exhibit little enthusiasm for using anything other than a NonStop system. If there was just one message coming from the user events I attended that I want to share with everyone in the NonStop community then it’s the message of NonStop’s resilience. The attributes we associate with NonStop systems today remain the same that they were forty years ago – availability, scalability, data integrity – but now we can consider the overall architecture as resilient in a way few in IT could have ever imagined in the late 1970s. Hardware will simply improve over time so why would anyone need to pay a premium for fault tolerance? It was car manufacturer’s Lotus founder, Colin Chapman, who credited his success in motor racing to his company’s skill in “adding less weight”. Furthermore, it was Lotus who were credited, too, with saying, “simplicate and add lightness”. It’s always been incongruous to me that you can build a better fault tolerant system by adding more components just as it’s impossible to believe that something can be bolted-on to a working system that will improve its reliability – anyone familiar with the math behind MTBF (Mean Time Between Failure) is fully aware that adding components (even with lengthier MTBFs) only leads to a reduced MTBF for the complete system. During operation, you cannot add something to ensure longer uptime, you can only remove something, and this is lost on many systems architects even today. As an example, in a recent blog posting forwarded to me, the blogger noted that, “at scale a lot of things can break. In the course of this experiment, we have seen nodes going away due to network connectivity issues, the Linux kernel spinning in a loop, or nodes pausing due to memory defrag.” However, the blogger then noted how fault tolerance had been added to the implementation and it was able to recover from failures. This too struck me as being incongruous; if it were only that simple – did you download the fault tolerance module before starting the process? The resilience of NonStop as an architecture will came through during the presentations at the just-held NonStop Boot Camp. ATMs may have been around a little longer, but their history is very much tied to the success of NonStop and with cash continuing to circulate, ATMs will remain a feature of the consumer landscape for many years to come - and along with the ATMs, there will be NonStop. We may not all agree that the best financial security will be having cash under the bed but these days, an argument can be made for doing so. What we can all agree upon, is that the “simplicity and lightness” of NonStop is inescapable and even today, remains without peer. The Industry’s First and Fastest... Cloud Backup Automation and Virtualization Solution For HP Nonstop Backup and Recovery made simple and affordable. An all-in-one solution that reduces complexity, cost and time by integrating software, storage and cloud technology. Cloud Intergration into Amazon S3 Compatible Clouds and Openstack Compatible Clouds Physical Tape HP-UX, Open VMS, NonStop NAS/NFS/CIFS Infrastructure IBM Power iSeries, AIX, Linux, Pure Systems Deduplication Infrastructure IBM zOS, Mainframe, zLinux Replication & DR Windows, Linux, Solaris Integrates with all backup applications • An any host platform to any storage media or device solution that virtualizes and consolidates backup storage in any heterogeneous datacenter • Intelligently scales storage locally and into the cloud 75% of organizations face tape failures every year 64% of organizations need their data protected from natural disasters • Designed for fault-tolerant, high availability computing environments • Meets or exceeds most data backup requirements for speed, capacity, compatibility, and reliability 62% of organizations want to store data in a highly secure environment 59% of customers want to eliminate single point of failure www.3qubetechnologies.com info@3qubetechnologies.com Looking to enhance your hp nonstop systems and applications? comForte solutions improve your NonStop’ness! Turn to comForte – we have the people, products, and the track record that you can rely on to make your modernization initiatives a success. Modernization comForte provides proven and innovative middleware, connectivity, and security solutions for users of HP NonStop systems. We care about our customers and the HP NonStop platform, offering an unrivaled and unmatched portfolio of software products in the NonStop industry. Security With customer value in mind, it is comForte’s goal to deliver best-in-class products and solutions and to provide customers with the best support possible. Read the interview with comForte inside this issue of The Connection. Infrastructure www.comforte.com BASE24 is a trademark of ACI Worldwide. All other trademarks are acknowledged. © 2014 comForte 21 GmbH. All rights reserved. August20/2014 ®