Data Analysis and Distribution with Cypress

For Easy Legacy Data Analysis & Distribution – the answer is Cypress

cypress_lg

Compiling and leveraging legacy data to help your business can be a challenge at times. The disparate document and data types stored, that need to be accessed and integrated into cohesive and comprehensible information, can make this task seem daunting. But fear not, help is on the way in the name of Cypress. Continue reading

Modernization Productivity- Part 3

III Measuring Modernization Productivity – measuring metrics for tangible benefits

Being able to show quantifiable progress and positive results for any undertaking is a good thing. In IT, obtaining data that shows a development project is on the right track to help the business is a great thing. And, when benefits may be measured both during a project’s development process, and after, to assist the company’s effort, that’s an extraordinary thing…

Implementing a mainframe application modernization project can have clear advantages and immediate impact. For both the IT group in particular, and the business in general, the results are beneficial and many. Especially when an innovative automation tool suite specifically designed for the job is brought to bear. Continue reading

Application Rationalization

Application Rationalization 101

imagescaojxf86

Application Rationalization is a managed process that reviews and evaluates applications in the IT Application Portfolio on a rational basis, to determine which should be preserved and enhanced, redeveloped and re-platformed, replaced with alternative solutions, or simply retired.

The goal of application rationalization is two fold.

  1. To Identify candidate applications for modernization action that might include enhancing, transforming or migrating to newer technology platforms, replacing with new solutions available as COTS or Cloud offerings, or simply retiring with no replacement.
  2. To initiate action based on the rationalization plan, and begin the modernization effort.

What follows is a brief discussion of application rationalization, beginning with scoping, and following through to taking action on the rationalization plan.

Scoping

To begin the rationalization process, you and TIC Software develop an action plan to decide on the scope of the application rationalization effort, considering such drivers as:
imagescafujf1s

  • Which business unit generates the highest IT costs?
  • What class of technology generates highest support costs, (e.g. NonStop)?
  • Which Line of Business (LOB) was most recently acquired and is now least integrated with the balance of the portfolio?

Then, we capture the following information, used to scope the Application Rationalization effort:

  • A count of applications to be reviewed,
  • The quantity and availability of supporting application documentation and support records
  • The report and presentation process that will follow from the rationalization effort (high-level, high-impact supported by detail roll-up

We will be grading applications on their cost, and the value they deliver, both now and in the future. Therefore we will need your agreement on how forward-looking we should be.

Rationalizing

imagescafbx311

The key drivers for the rationalization are typically

  • Enabling a “do more with less” attitude by identifying IT portfolio bloat and reducing it, thereby freeing funds
  • Bring transparency to IT by portraying IT spend in a meaningful (e.g. business and value-oriented) way, and
  • Establishing business ownership of IT assets (applications, data) through the Application Rationalization effort

To understand cost and value, we will gather and evaluate information within the scope of the effort. Here are some examples of what we would examine…

  • Where is your organization or individual business unit, if that is our scope going as a business
  • What are the desired principles of IT’s operation to support client’s business direction
  • What is the history and projection of annual support, license, and enhancement costs (people and technology) by application, considering direct costs first, and indirect from client’s rational basis of overhead allocation
  • What do Business and Technical Stakeholders think about the application suites under review, compiled through interviews and completed surveys

Understanding

whereis-resized-600The Application Rationalization process gives insight into the value that applications deliver and the costs and risks associated with that delivery. Delivered value can be understood as profits derived from business functions directly supported by application suites under review. However, there is a deeper meaning to delivered value, having to do with key strategic alignments, discussed following.

Alignment between Business Processes and Applications

Proper alignment means that the time and effort you spend running your business is devoted to productive work, not work-around. Misalignment means extra work such:

  • Is each business process is supported by multiple applications? This gives insight into redundant user interfaces among applications, identifies the use of application integration, and also identifies the number of applications that must be modified when the business process changes.
  • Are business activities are supported by a single application?
  • Are critical business processes/activities supported by different applications than the noncritical business processes/activities? This helps to identify less critical applications that might be replaced or retired
  • Does each application’s functionality support at least one business process activity? Applications that play no role in supporting the business should disappear

Alignment between Business Processes and their Data

Business and Data alignment means that business people have the information they need – accurate information, with the right level of detail, and on time. Misalignments make it difficult to get information that is relevant for the business.

We perform a technology and business process review to answer questions such as…

  • Is every data attributes used by at least by one business process?
  • Are all data entities meaningful to their business users?
  • Is the organization using standard, off the shelf applications for generating ad-hoc reports, inquiries, and graphs, or are custom-written applications doing this work?
  • How well is data lineage (origin, and update path) of data entities tracked?
  • Are business people responsible for overseeing the quality and relevance of data content?
  • Does the organization use an Information Architecture with published principles and rules? If so, which data entities are in compliance, and which are not?

Alignment between Applications and Data

Application and Data alignment means that IT experts expend coding effort coding business functions and logic, rather than on data repair, conflation, and extra transformation. We perform a technology and business process review to answer questions such as…

  • Is data entity managed by only one application? This means that entities are identified, created and reused by a single application, simplifying information management
  • Are data entities created with null values present, or with plugged values, when real values are not available?
  • Are there vocabulary and semantics organization standards so data from one business entity can be easily shared with others?
  • Do standards exist for data interchange formats across the organization? Are they used, or ignored?

Acting

imagesca431vbc

Our application rationalization offering brings focus on the business value delivered by client application suites vs. the cost and risk associated with that value delivery.

No matter how complete the go-forward plan, or how compelling the analysis for modernization, retirement, or replacement of applications, clients will only derive real benefit by putting the rationalization plan into action. Successful implementation of a rationalization plan will require buy-in from all in-scope business and technology stakeholders. Therefore, selecting the right initial application suite, engaging stakeholders, and selecting the right modernization partner, are all crucial to success.


moreinfo_icon
To learn more about TIC, Application Rationalization, Modernization with BluAge, and what it means for your NonStop environment, schedule a conversation by emailing us to TIC Sales .

Feedback please

Do you find this tutorial blog helpful? Let us know what you think, and how we can make it even better. Don’t forget, you can subscribe to our blogs (top right-hand corner of this page) to get automatic email notification when a new blog is available.

stu_selip-resized-600Stuart Selip owns and operates Principal Consulting, LLC, an IT Strategy consulting firm that is a business partner of TIC Software. Prior, as the Chief Executive Officer of Luxoft’s Consulting Strategies unit, he managed delivery of IT Strategy consulting to Fortune 500/Global 2000 firms in the Financial Services, Insurance, and Media industries.

Fix it before it breaks – Modernize now!

Fix_it_logo

Some people may believe in: “If it ain’t broke, don’t fix it.” Unfortunately, this saying undermines the importance of investing in strategic options with foresight to avoid pending disasters.

A couple of cases in point:

oldpcI started my first job in the 1970’s with an intelligent terminal company called Sycor , which was eventually acquired by Northern Telecomm. In those days, Sycor terminals were used for Source Data Entry (key to disk), and its programming language was called – ironically – TAL for Terminal Application Language. It was an Assembler/Macro like language, which required one to work with registers, memory addresses and screen fields. When Sycor introduced the Sycor 440 machine in 1976, it had a whopping 64K of memory, a 10 MB hard disk, and a COBOL compiler. Surprisingly, I was one of the very few field personnel that knew COBOL at the time. When I asked some of the more senior Sycor analysts about COBOL, their response was: “Why would we need COBOL? Assembler language is faster and uses less memory!” Well, we all know that the world has moved past Sycor TAL and assembler programming languages.

talscreenFast forward to 2001: I was giving a web Enabling workshop to a NonStop customer in Chicago, when one of the senior COBOL programmers raised his hand and asked: “ COBOL works perfectly well for us. Why would we want do any of this web stuff?” That company was later acquired and sadly, they no longer use NonStop. None of the NonStop developers was asked to stay to work in the new IT environment, which was Unix, Java and totally web-based.

Today, the NonStop has a lot of modern technologies available, including support for SQL, web server, Java, Eclipse, SOAP and others. Yet, a lot of users still haven’t taken advantage of some or all of these new technologies. In many cases, they are still developing COBOL applications that use 6530 terminals, Enscribe files and interface with other platforms using FTP. Seriously, it is in your best interest to start considering options to modernize your NonStop environment.

“Why should I be interested in modernizing?”

top3reasons

  • Prevent self-obsolescence
    Working with new technologies will expand your current and future employment opportunities.
  • It could make your job easier
    There are a lot of facilities, tools and utilities available in Java, Apache, SOAP, and other new technologies that are “off-the-shelf” which you can leverage without any coding
  • Build a stronger and more dynamic team
    If you are a manager, adapting new technology will create positive challenges for your current team, and make it easier to hire new staff.

“What should I do?”

learn

  • Make time
    I know that all of us are very busy at work, barely keeping our head above water. I encourage you to check out this blog “Create Time to Change Your Life.”
  • Pick one topic to start
    Any topic: Java, Web Service, Apache, etc. Instead of trying to learn everything about all the modern tools, pick just one thing to start learning. Start slowly but work on it consistently. If you are looking for a recommendation, I would suggest Java. Why? Because it is easy to set up and learn on your desktop, and you can test your programs on the NonStop very easily. In my next blog, I will cover more on Java and NonStop, and the benefits that it offers.
  • Look for free tutorials
    There are many excellent tutorial blogs and YouTube videos available. Here are some examples:

Also, visit our blog (http://www.ticsoftware.com/blog) for an upcoming series of Modernization Tutorial blogs and vides.

do_it_nowDon’t Wait. Start today.

In the history of IT, complacency and shortsightedness usually lead to obsolescence in applications, platforms and people. It may not be “broke” right now, but you can’t afford to wait for it to be broken before you try to fix it. By then, it will be too late.

help-resized-600Need professional service help? Contact TIC Software

If you need help to get started, you can benefit from our Workshops or Quick Start Service. TIC Software is ready to help you modernize your NonStop applications and develop new software solutions. Check out our Modernization Service suite on our web site.

Feedback please

Do you find this tutorial blog helpful? Let us know what you think, and how we can make it even better. Don’t forget, you can subscribe to our blogs (top right-hand corner of this page) to get automatic email notification when a new blog is available.

Phil LyPhil Ly is the president and founder of TIC Software, a New York-based company specializing in software and services that integrate NonStop with the latest technologies, including Web Services, .NET and Java. Prior to founding TIC in 1983, Phil worked for Tandem Computer in technical support and software development.

 

My NonStop system is hack-proof?

hp-data-centre

This Guest Blog is written by Thomas Burg, CTO of comForte, a leading provider of security solutions for HP NonStop systems. This is part of the TIC blog series on A.I.M. (“Assess”, “Innovate”, “Modernize”). This particular article focuses on Assessing your Security”.

security_lock-resized-600

How secure is your NonStop?

While there is a plethora of publicized stories about other platforms being breached, there is no public record of a HP NonStop system being breached. Given the high value of the typical data stored on a NonStop system (credit card transaction logs, healthcare data, high-value financial transactions) this seems somewhat surprising. So why is it that no NonStop system has been hacked?

The writer of these lines thinks it is a combination of obscurity of the platform as well as the fact that so far other platforms have been so much easier to breach. However, this should not become a reason for complacency: with increasing regulatory pressure (PCI, HIPAA, …) other platforms are made more secure which might have attackers reconsider which platforms to target in the first place. For an outsider, there are powerful hacking tools such as ‘nmap’ which will allow them to fully map the server landscape and then go after targets; for an insider the presence of NonStop is often fully known.

hacked

“We’ll never get hacked”

The web site http://www.privacyrights.org/data-breach lists publicized data breaches since 2005. These days, there is a about a breach per day (!) – most probably the companies having joined this ‘list of shame’ did not exactly plan to get this kind of publicity.

Why are we seeing so much more incidents? First, the tools for an attacker have become more and more sophisticated over the years: these days it is rather common for an attack to consist of multiple stages. Starting with discovery, typically at first a single PC is ‘taken over’ and can then be remote-controlled from the attacker for long period of times. From that PC, other PCs and/or servers are then attacked and taken over – making defense much harder. Second, the attackers themselves are becoming more as well as better organized. Cyber-crime is relatively low risk and high reward; also these days there is more and more state-sponsored cyber crime.

All that said, there are reasons why well-written security standards (such as PCI) implement “defense in depth”, namely a combination of security practices which ensure the best possible security even if individual components have already been broken. If defense in depth is properly implemented, the unfortunate victims of attacks such as The New York Times, Sony or RSA would not have been under “enemy remote control” for extended period of times.

no_time_sign

“I don’t have the time/budget to do all this”

Unfortunately, the bad guys out there have all the time in the world and your data is virtual money to them. So, think again! Think about your total yearly budget for running your NonStop system – just adding a small percentage to better secure the system will in time go a long way on the journey towards better security.

security

Applying defense in depth to NonStop security

Here are several security concepts which all should be part of properly securing a NonStop system:

  • Have a security policy in place. Live the policy
  • Have a firewall in place between your PCs and your NonStop system.
  • Encrypt all network traffic to/from your NonStop system
  • Run network-based intrusion detection systems with the sensor being close to the NonStop system
  • Use Safeguard. Put proper ACLs in place for critical files
  • Ensure security-relevant events of your NonStop system are logged to a central logging system (SIEM)
  • Have an active alerting system which reacts to relevant events (repeated password failure for any user, specifically for SUPER users)
  • Track SUPER user usage
  • Record keystrokes of users (ideally all, at least SUPER user group)
  • Have secure passwords. Change them regularly
  • Have periodic security audit. Ideally, these are not only “paper audits” but include penetration testing

Feedback please

moreinfo_icon
Do you find this blog helpful? Let us know what you think, and how we can make it even better. Don’t forget, you can subscribe to our blogs (top right-hand corner of this page) to get automatic email notification when a new blog is available.
Thomas_Burg
Thomas Burg has an extensive background in systems programming, networking, and security. For more than 30 years, Thomas has worked with a range of computing platforms, including Windows, UNIX, and HP NonStop. Burg is Chief Technology Officer for comForte, a software vendor specializing in security, connectivity, and modernization solutions for the HP NonStop market. At comForte, he has helped guide the company’s strategic product direction and orchestrated a range of technology initiatives, such as the company’s SSL/SSH encryption suite, which was ultimately adopted by HP within the NonStop OS.