1.Arcati Mainframe Yearbook 20072011 Mainframe strategyThe Arcati Mainframe Yearbook 2011The independent annual guide for users ofIBM mainframe systemsSPONSORED BY:PUBLISHED BY: Arcati Limited 19 Ashbourne Way Thatcham Berks RG19 3SJ UK Phone: +44 (0) 7717 858284 Fax: +44 (0) 1635 881717 Web: http://www.arcati.com E-mail: mainframe@arcati.com Arcati Ltd, 20111

2. Arcati Mainframe Yearbook 2011Mainframe strategyContentsWelcome to the Arcati Mainframe Yearbook 2011 ............................................................ 3XML and SOAP data binding for enterprise applications ................................................. 4DataKinetics solutions for mergers and acquisitions .................................................... 10Thinking outside the box monitoring DB2 security on z/OS ....................................... 15CA Mainframe Chorus ...................................................................................................... 25The 2011 Mainframe User Survey ................................................................................... 30An analysis of the profile, plans, and priorities of mainframe usersVendor Directory ............................................................................................................... 54Vendors, consultants, and service providers in the z/OS and OS/390 environmentA media guide for IBM mainframers .............................................................................. 117Information resources, publications, and user groups for the z/OS environmentGlossary of Terminology ................................................................................................ 120Definitions of some mainframe-related termsTechnical information ..................................................................................................... 146Hardware tables z196, z10; mainframe hardware timeline 1952-2011;mainframe operating system developmentSPONSORSAction Software 47 EZLegacy 74CA25, 60 Higobi Systems 77Canam Software 4, 60 Type8015, 113DataKinetics10, 682 Arcati Ltd, 2011 3. Arcati Mainframe Yearbook 20072011Mainframe strategyby Mark Lillycrop, Publisher Welcome to the Arcati Mainframe Yearbook 2011Welcome to the 2011 edition of the Arcati Mainframe Yearbook. Id like to take this opportunity to thank those people andorganizations that contributed articles for the Mainframe Strategy section of the Yearbook, and those who took the timeto complete our mainframe user survey. As always, the results make very interesting reading. And, of course, I mustthank the advertisers and sponsors, without whose support this Yearbook would not beavailable for mainframe professionals to freely download.2010 will probably be remembered as the year of the cloud because it was the year whencloud computing started to be taken seriously across the industry. Microsoft opened itsmega data centre in Dublin and promoted its Windows Azure environment fordevelopment, service hosting, and service management based on the cloud. Googleworked with VMware to develop a new operating system for the cloud, and launched aversion of the Google App Engine for enterprise users. Amazon promoted its ElasticCompute Cloud (Amazon EC2) service. And many people suggested that mainframeshave offered cloud computing all along we just called it something else!CA published a survey in September called Mainframe - The Ultimate Cloud Platform? Itrevealed that 79 per cent of European IT organizations believe the mainframe is anessential component of their cloud computing strategy. 74 per cent of respondents believe that the mainframe will havea role in any cloud computing initiative, with 70 per cent agreeing that cloud computing will sustain or extend themainframe environment. In November, CA published a second survey, this time based on responses from US-basedmainframe executives, called Mainframe as a Mainstay. 73 per cent of the respondents in this research confirmed thatthe mainframe is or will be part of their organizations cloud computing strategy.Not all research has been quite so positive, however. Only 10 per cent of mainframe sites in a BMC survey in Octobersaid that using their System z machines to run cloud computing or SaaS applications was an important priority for themin the coming year. Meanwhile, a straw poll of attendees at the November Guide Share Europe conference found mostattendees focused on what was available now that would make the business run better and their lives easier howthey could do more with less. Perhaps this indicates a difference between the attitude of mainframe staff, who want toget the job done with minimum disruption, and senior managers who are looking more strategically towards the nextstep.The battle between IBM and NEON Enterprise Software (provider of the zPrime product, which allows users to run traditional workloads on specialty processors) has rumbled on in the courts for a year without any sign of anThe Arcati Mainframe Yearbook 2011 outcome. The European Union regulators have taken IBM to task for not allowing its operating system to run on otherPublisher: Mark Lillycrophardware, and for not being fair to so-called spare-partEditor: Trevor Eddolls vendors. The first complaint came from T3 andContributors: Allan Zander, Jerry Harding, Stephen D TurboHercules, saying that IBM ties its mainframe operating system to its mainframe hardware and therebyRubin, William Buriak, Denny Yost, Canam Software destroys the emulation market. The second investigation was initiated by the Commission, alleging discriminatory 2011, Arcati Limited. behaviour towards competing suppliers of maintenance services. IBM stated that it intends to cooperate with anyAll company and product names mentioned in this EU inquiries, while denying there was any merit to thepublication remain the property of their respective complainants claims. It then alleged that the accusationsowners. were being fuelled by business rivals (its no secret that Microsoft is a minority stakeholder in T3). IBM alsoThis Yearbook is the copyright of Arcati Limited, and suggested that some of its larger competitors want tomay not be reproduced or distributed in whole or in mimic aspects of IBM mainframes without making thepart without the permission of the owner. A licence for substantial investments IBM has made and continues tointernal e-mail or intranet distribution may be obtained make.from the publisher. Please contact Arcati for details. IBM has also been acquisitive this year, as usual. Amongst this years trophies are National Interest Security Arcati Ltd, 20113 4. Arcati Mainframe Yearbook 2011 Mainframe strategyCompany, Initiate Systems, Intelliden, Cast Iron Systems, Sterling Commerce, Coremetrics, BigFix, Storwize, Datacap,Unica, OpenPages, Netezza , PSS Systems, and Clarity Systems.The big story of 2010, of course, was the launch of a new mainframe range in July. The zEnterprise 196 brings togetherthe latest mainframe technology with POWER7 and x86 IBM blade systems, giving potential users z/OS, AIX, and Linuxall on the one box. And all this is controlled from the mainframe console by the new Unified Resource Manager. Thisnew mainframe can be thought of as a virtualization hub that manages other workloads in the data centre.IBM has taken the view that data centres are running more than one set of hardware, and sites are experiencingproblems with space for the hardware, keeping control of these different systems, and even communicating betweenthem so integrating them seems like the obvious answer. The zEnterprise 196 includes 96 5.2GHz (up from 4.4GHzon the z10) quad processors (80 of which are used by the client, and the rest are used by the machine itself) and up to3TB of memory (double that of the z10). The new microprocessors offer 100 new mainframe machine codeinstructions.In terms of performance, the zEnterprise can handle 50 billion instructions per second, providing a 40-60 per centperformance increase over the z10 without using any more power. A water-cooling option could help reduce energyconsumption by up to 12 per cent by removing air heat. The system also includes the first implementation of RAIDmemory, which is like RAID for disks, and could be used to increase uptime to beyond the 99.999 availability of currentmainframe technology.The zEnterprise BladeCenter Extension (zBX) operates as a tightly-coupled extension to the mainframe through a high-performance private network. Users then add POWER7 or System x blades to four racks. The new Unified ResourceManager allows users to install, monitor, manage, optimize, diagnose, and service resources and workloads from asingle console across the entire infrastructure. The new machine also includes a DB2 accelerator, called the SmartAnalytics Optimizer, which is able to route database queries either to the mainframe DB2 system or a specialist bladeserver optimized for smart analytics. IBM estimates that complex database queries can experience up to a ten-foldperformance improvement in this environment.For people who like to know the latest version numbers and dates of major products, CICS TS 4.1 has been availablesince the middle of 2009, DB2 10 was announced earlier this year, as was z/OS 1.12, and IMS 12 should be generallyavailable early in the New Year.All in all 2010 has been a particularly busy year for the mainframe, and 2011 promises to be just as lively. As users planthe next stage of their System z growth strategy, I hope that the Mainframe Yearbook continues to be their indispensiblecompanion.XML and SOAP data applications and XML is a key component of it. Tofully utilize the potential of SOA, existingbinding for enterpriseapplications have to be modified to consume orproduce XML or SOAP messages. The challengeapplicationsof turning XML data into formats that COBOL or Capplications understand has been holding backCanam Software takes a detailed look Serviceor slowing down organizations in succeeding withOriented Architecture and how products like SOA. The more complex XML structures are, theXML Thunder can be used to maximize the greater the challenge of binding them to COBOLuse of this environment.or C.XML Thunder is a widely used solution for creatingOverviewdata binding programs between XML or SOAP, andService Oriented Architecture (SOA) has becomeCOBOL COPYBOOKS or C header files. Thisthe most popular paradigm for distributed Windows based tool consists of a visual mapper4 Arcati Ltd, 2011 5. Arcati Mainframe Yearbook 20072011Mainframe strategyand a sophisticated code generator thatgenerates complete program code for z/OS and other platforms. Lets take a closerlook at what XML Thunder offers.Parse XML content to a COPYBOOK!In the context of XML and COBOL, parsingXML consists of extracting XML content intoa format that can be stored and processedas regular COBOL data structures. TheXML document is typically received by theapplication from MQ, via HTTP or HTTPS,a web service call or even as a traditionalsequential file. Once received, the XMLdocument is moved to a buffer. This buffer,which is really just a COBOL workingFigure 1: Mapping windowstorage area, will be passed to thespecialized COBOL subprogram thatparses the XML content to COBOL fields. This Select the appropriate options and click on thespecialized subprogram is generated by XML Generate button. The Log area shows the resultsThunder and contains XML validation and parsingof the code generation. The generated COBOLlogic based on the XML-to-COBOL mapping andprogram is transferred to the runtime computingcontent rules defined at design time. Each environment and compiled as usual. See Figuresgenerated parser (in XML Thunder terminology 2 and 3.XML reader) is high performing and efficientbecause it is custom designed for the specific XMLand COBOL structures mapped using XMLApplication program using an XML readerThunder. module Now lets take a closer look at how a COBOL application program obtains the content of an XMLEasy parser development using XML Thunderdocument by calling an XML Thunder generatedAs mentioned, XML Thunders mapper allows theXML reader module .binding of COBOL fields to XML nodes. Forexample, in Figure 1 you can see that the COBOLRemember, by the time we execute the CALLfields BANK-ID, BANK-INCORPORATION-DATE, statement to the XML reader, the main applicationand BANK-NAME are mapped to XML nodes called program has already gathered the XML documentBANK-ID, BANK-Incorporation-Date, and BANK-and moved it to a buffer in working storage. In thisName respectively. This can be achieved by drag- case, we generated an XML reader with theand-drop operation or via auto-mapping when usingprogram name and id of BAXSDR.the Wizard. The names and structures of theCOBOL side do not have to match those of theCALL "BAXSDR" USINGXML. CANAM-XML-DATA CANAM-XML-BUFFEROnce the mapping is complete, the code generator CANAM-XML-STATUScan be utilized to create the desired XML reader. END-CALL. Arcati Ltd, 2011 5 6. Arcati Mainframe Yearbook 2011Mainframe strategyCANAM-XML-BUFFER contains the XMLdocument that is passed to the XML readermodule BAXSDR for parsing.On return from the call to BAXSDR,CANAM-XML-DATA will contain the contentof the XML document parsed to regularCOBOL working storage fields based onthe mapping rules. From here on, thecontent of the XML document is availablein regular COBOL fields for processing.The CANAM-XML-STATUS structurecontains return codes from the call and canbe used for error handling.COBOL encoding rules flexible andeasy to modifyWhen creating an XML reader, encodingrules for COBOL mappings areestablished. These rules are extracted from Figure 2: Generate XML parseran XML schema if one has been provided. (XML reader) moduleIn cases where a schema is not availableor does not define an encoding rule, toolsetdefaults are used. These can be changedto desired formats and lengths using aproperty sheet on the mapping window.Some examples of encodings betweenCOBOL and XML schema data types areshown in Figure 4.Feature rich XML and SOAP supportGenerate your data binding as COBOLprograms or C classes to transform thedata content of your mapped (XML orSOAP) to/from (COBOL or C) structures.Generated code includes extensive supportfor XML features thus saving developersvaluable time, improving productivity andquality. See Figure 5.Can I create XML writers?XML Thunder can also easily generate XMLFigure 3: XML reader modulewriters from mapping definitions. An XMLhas been successfully generatedwriter performs the opposite function of an6 Arcati Ltd, 2011 7. Shift into higher gear for XML and SOAP processing!Easy integration of XML and web servicesusing COBOL or C on z/OS1 Select source (XSD, DTD, WSDL, XML or COBOL/ANSI C structure)2 Map data structure to XML or SOAP3 Generate program code to create or parse XML or SOAPExceptional XML and SOAP feature support:UNION, CHOICE, ALL, NILLABLE, SEQUENCE, enumeration, ATTRIBUTES,namespace; recursive structures, simple types, complex types, imports, includesand more...More unique features:Automatic generation of readers and writers; XML PARSE support or native COBOLcode; validation; test harness; sample test XML/SOAP; and more...Request your evaluation copytoday! sales@canamsoftware.comwww.xmlthunder.com 8. Arcati Mainframe Yearbook 2011 Mainframe strategyXML Schema TypeDefault COBOL data type in XML Thunderxsd:string PIC X(N) where N is maxLength from schema otherwise use toolset defaultxsd:positiveIntegerPIC 9(N) or PIC S9(N) where N is totalDigits from the schema otherwise use toolset defaultxsd:intPIC 9(N) or PIC S9(N) where N is totalDigits from the schema otherwise 9(10) or S9(10).xsd:bytePIC 9(N) or PIC S9(N) where N is totalDigits from schema, otherwise 9(3) or S9(3)xsd:dateTime PIC X(20) with unformatted or PIC X(26) with Formatted or PIC X(32) with time zone support; customizable edit pattern with default YYYY- MM-DDTHH:MM:SS.ssssssxsd:base64Binary PIC X(N) Where N is maxLength from schema otherwise use toolset defaultFigure 4: Examples of COBOL encoding for XML schema typesXML reader: at runtime, these modules assemble100% Automated Code GenerationXML documents from the content of COBOL fields. From an XML Handler design, XML Thunder willThe call to the XML writer module is identical to generate a callable sub program containing all ofthe XML reader. The difference is that before the code needed for validating, reading and writingexecuting the call to the XML writer the CANAM- XML documents.XML-DATA structure contains data to be used forassembling a desired XML document. Upon returnFull life-cycle solutionfrom the call, CANAM-XML-BUFFER will containXML Thunder is a full life-cycle solution for boththe assembled XML document. Again, the CANAM- development and maintenance.XML-STATUS structure contains return codes.After a successful call, the application has full Very large XML document handling: XMLcontrol over what is to be done with the resultingstreamingXML message ( eg transmit the XML using MQ, Do you have a very large XML document that doescall a Web Service, update a database, etc.). not fit into memory? XML Thunders node-levelprocessing makes XML streaming easy for bothreading and writing XML.The Swiss Army knife of XML and COBOL databinding Test harness generationAuto-mapping with WizardFull test harness can be generated with test dataAn easy to use optional wizard walks you throughfor your XML binding modules.the creation of your data binding/mapping to createan XML Handler design.8 Arcati Ltd, 2011 9. Arcati Mainframe Yearbook 20072011Mainframe strategyCHOICE NamespaceUNIONRecursive structuresALLSimple typesNILLABLE Complex type (including nested complex types)SEQUENCE ImportsEnumerationIncludesELEMENTS LengthATTRIBUTES FractiondigitsCharacter and Entity reference MinLengthSchema restrictionsMaxLengthCDATATotal digitsEncoding WhiteSpace Pattern, derives max field length, pattern not enforced)and more... Figure 4: Supported featuresSample XML generation to COBOL COPYBOOKs or C header files. GetXML Thunder can not only derive an XML schema your copy today at www.xmlthunder.com!from a sample XML document but can alsogenerate a sample XML document for a givenschema. It can even validate the XML document What types of projects have used XMLagainst a schema! Thunder?There have been many different types of projectsAutomaticmapping documentationthat have used XML Thunder. From SWIFT andgenerationSEPA payment processing, through to gift registryThe mapping for your data binding is well management, vehicle licensing administration,documented and can be saved for your projecttravel industry bookings, and insurance solutionsdocumentation. organizations have successfully used XMLXML Parse support Thunder for many enterprise projects. Try XMLXML Thunder can generate either native parsingThunder out today and see how easy XML andprogram code or code that uses the XML PARSESOAP processing can be!statement.XML Thunder Lite free software forCOPYBOOK to XML conversionXML Thunder is available from Canam SoftwareLabs, Inc, 5770 Hurontario Street Suite 310,Do you have the need to convert COPYBOOKMississauga ON, L5R 3G5, Canada.structures to XML representation without needingto generate code to read and write XML? DownloadFor more information please visit our web site atXML Thunder Lite. This free development toolwww.xmlthunder.comorcontactallows conversion of COBOL structures or Csales@canamsoftware.com.header files to XML representation. And vice versa!It can also convert XML,SOA,XSD, DTD or WSDL Arcati Ltd, 2011 9 10. Arcati Mainframe Yearbook 2011Mainframe strategyDataKinetics solutions forfunctions into a stronger, single organization. It willdo this by eliminating overhead and wherevermergers and acquisitionspossible leveraging the strengths of each of themerging organizations as they existed prior to theAllan Zander, CEO at DataKinetics looks atmerger. In achieving these efficiencies, NewCoissues and best practice solutions for mergingwill position itself for the ultimate challenges.mainframe IT systems after a corporatemerger or acquisition.Ultimate challenges facing new companyGrowing market share, introducing new products,Industry objectives cost effectively reaching a broader market place,The forces driving companies into mergers and and growing earnings are the ultimate challengesacquisitions vary by industry and also by general facing NewCo. The cost efficiencies harvested ineconomic climate. Certain objectives are common the initial merger must be expanded, and NewCoacross these parameters, however; and they aremust be positioned to quickly introduce newto cost-effectively grow market share, efficientlyproducts, eliminate old ones, and respond toimprove wallet share, and leverage core competitive pressures.competencies (like operations, R&D, anddistribution channels) to accelerate growth. As The market place will expect NewCo to not onlyattractive as these high-level objectives are, thereto perform but to behave as a market leader.are also some immediate objectives that must be NewCo will be expected to drive innovation, pursuemet.new standards, and position itself to acquire yetadditional companies, technologies, andThe merged company, which we will refer to as distribution channels to continue its acceleratedNewCo, will be the melding of different culturesgrowth. The process of building a culture andwith different strengths and different customerssystems which easily integrate new enterprises,into a single enterprise that must perform better along with the process of identifying and selectingthan the arithmetic sum of the pre-merger which enterprises to acquire, ultimatelybusinesses. Actions must be taken to preserve determines the industry leader.revenues, identify and realize synergies, anddeliver improved earnings within 12 to 18 monthsUnderlying both sets of challenges is the need forof the merger being completed. These long- andsystems to be able to support NewCo, bothshort-term goals give rise to two sets of through its difficult initial challenges, as well aschallenges. during its subsequent expansion. An integrationteam will typically be assembled to identify thestrengths of each original organization and theInitial challenges facing merging companies best systems to support those strengths. Theywill then lay out a strategy to integrate thoseAs soon as the merger is announced to the marketsystems into a single platform that will supportplace, investors, and employees, a variety ofthe ultimate expansion. The skills and tools withshort-term challenges face NewCo. In order towhich these issues are addressed determine thepreserve revenues, customers must be retainedsuccess of the merger.despite differing sales and support processes. Asquickly as possible, NewCo must appear as asingle enterprise with a uniform set ofMastering the merger converged customernomenclature, rational pricing, and rationalexperiencedistribution. It must also be able to quickly realizecost reductions by consolidating redundantWithin the IT organization, the challenge is toquickly make NewCo appear as a single,10 Arcati Ltd, 2011 11. Arcati Mainframe Yearbook 20072011Mainframe strategyFigure 1: Merging companies with multiple disparate IT systemsseamlessly consolidated enterprise. Customers Typically within 18 months, NewCo must be ablemust see NewCo as an improvement on the pre-to merge the systems, demonstrate costmerger company in terms of their experience and efficiencies, and have laid the foundation for futurethe breadth of products and services they can now additional acquisitions.easily purchase. Competitors must see NewCoas both larger and more competitive than either When companies merge, usually an analysis ofof the two organizations prior to the merger. the IT systems is done, and a decision is madeInvestors must see a plan to derive earnings that whether to maintain coexisting IT infrastructures,reflect eliminated redundancy and efficient retain one, the other, or start afresh with aoperations. A key element in all of this is the completely new system. Maintaining status quounderlying systems that support these activities. is rarely the best option, as there will undoubtedlybe a significant amount of duplicate applicationsCompanies that merge enter with large amounts and data. In most cases, to minimize risk, the bestof complex customer data, different product existing applications are selected; and to these,tracking systems, different pricing mechanisms, enhancements are added to address the specificand large amounts of support related data (as capabilities of the replaced applications. Thisshown in Figure 1 below). For each of the pre-approach minimizes the amount of reworkmerger companies, these represented a required.significant value and a significant IT investment.Merging disparate databases and incompatibleFigure 2 shows the ideal end result a single,applications is a daunting challenge for any IT merged company with a completely converged ITorganization, but it is even more critical for NewCo. infrastructure, with little or no duplication of Arcati Ltd, 201111 12. Arcati Mainframe Yearbook 2011Mainframe strategy Figure 2: Merged organization with converged IT systemsspending, material or effort. The path to this endexisting table-driven systems are half-way there.is never an easy one in all cases there will be Table-driven systems are extremely flexible andsome level of rework required. Just how painful lend themselves very well to integration processesthe process is, largely depends on thelike an IT systems merger. If existing systems arecharacteristics of the original IT system not table-driven, developing new applications thatinfrastructures, and the decision-making process. are table-driven is the best approach going forward.The ability to seamlessly merge information fromA major consideration should be what the IT disparate sources, create a table-driven systeminfrastructure looks like at the end. It must bethat is easily modifiable in the future, whilecapable of accommodating future mergers and improving the speed of application execution isacquisitions to minimize the pain felt during the the special domain of DataKinetics tableBASE.current exercise in any future exercise. Any12 Arcati Ltd, 2011 13. Arcati Mainframe Yearbook 2007 2011Mainframe strategyManager, Mainframe OpsIts 5am and that batch job hasnt nishedrunning yet! What do you do? Optimize.Optimize your batch window run those critical batchapplications in 1/10 the time that they need now.Finish your batch runs in minutes, or a few hours at the most.Were optimizing batch windows for 20% of the Fortune 50, andwe can help you, too.Download our white paper, Batch Window Optimization, at Contact us:www.dkl.com/batch44/ +1-800-267-0730 info@dkl.com www.dkl.com Arcati Ltd, 201113 14. Arcati Mainframe Yearbook 2011 Mainframe strategyAchieving competitive advantageengineering their applications, the best parts ofIn order to derive the most synergy from the the existing code are combined with the table-strengths of the pre-merger companies, the new driven programming techniques to create oneIT infrastructure must be purposefully designedsingle, more efficient, more flexible application. Byto accommodate disparate business rules andhaving the business rules in memory, new sets ofdifferent product nomenclature easily. To achievebusiness rules can be added to reflect thethis, the applications must be modified to operations of new acquisitions as they arecentralize the business rules in in-memory tablesconsummated.so multiple applications can reference them andso that they can be readily changed (as shown in The story on the product side is very similar. OrderFigure 3). Implementing a DataKinetics tableBASE entry systems and service commissioningsolution embeds the logic within in-memory tables. systems can draw on disparate back-end deliveryNot only is performance improved by greatlyenvironments, but by capturing the productreducing the DASD access, but from re- information in memory can represent these products in a uniform way. Different product numbering systems, product configurators, and pricing systems can be hidden from order entry and sales personnel, simplifying their interaction with clients. As products change, the underlying tables housing the product information change but the applications do not and the user interface to the sales organization remains unchanged except for the new items. The result of putting both business rules and product information in memory is a strategy that can readily adapt to changing market conditions, can easily absorb new companies, product lines, or operations without affecting their ability to sell and support their products. The speed with which NewCo can adapt to market and technology changes provides sustainable competitive advantage. Benefits delivered by DataKinetics For over 25 years DataKinetics has been providing table management and performance optimization solutions to Fortune 500 companies. These companies have adapted and grown as markets have changed and economic conditions have varied. By using tableBASE to capture and administer account, product, and customer information, clients have been able to acquire and Figure 3: Business rules embedded in merge with other companies in record time. A good application code (top), and externalized example of this is a large US bank that acquired a into in-memory tables (bottom) West Coast regional bank. The analysts indicated14 Arcati Ltd, 2011 15. Arcati Mainframe Yearbook 20072011 Mainframe strategythat it would take almost two years to merge the capital expense, and efficient IT infrastructuresystems and provide consolidated statementsutilization. This contributed to more cost effectiveand support to their clients. Using tableBASE, theyoperation and improved earnings per share.met this objective in less than six months. Equallyimportantly, the redesigned in-memory table-oriented applications using tableBASE allowedthem to repeat this process for subsequent DataKinetics solutions are the mainframeacquisitions.optimization technologies of choice for rapidly growing market adaptive companies. ByAnother example where DataKinetics had a directleveraging existing IT investments, DataKineticsimpact on enterprise performance was in the retail optimization provides strategic business flexibilityindustry. As retailers combined and merged toand competitive advantage to industry.form new larger retail companies, tableBASE wasused to merge the product configurators and orderAllan Zander is the driving force behindentry systems and allow the new company to DataKinetics recent growth. An engineer by trade,tremendously broaden their offerings seemingly and an entrepreneur by heart, Allan has foundedimmediately after the merger.two businesses, and resurrected two others, before being asked to join DataKinetics. He hasIn all of these situations tableBASE also allowedsuccessfully added his personal energy andthe newly formed company to enjoy increasedmarketing skill to an already successful company,computing performance, reduced operational and and has brought in more new business than the company has seen in many years.Thinking outside the box The records are required to be protected according to the Federal Information Securitymonitoring DB2 security on Management Act of 2008 (FISMA, also referred to as US Senate Bill S.3474). FISMA mandates thatz/OS the underlying framework that information systems and assets rely on in processing,Jerry Harding, Stephen D Rubin, and Williamtransmitting, receiving or storing informationBuriak explain why every company is at riskelectronically have adequate security. It goes onof losing information and therefore security to say, Meaning security commensurate with themust be given the highest priority.risk and magnitude of harm from loss, misuse, or unauthorized access to or modification ofExecutive summaryinformation.The President of the United States recentlyannounced plans to develop a comprehensive Web connections to data residing on theuniversal healthcare system. This program will mainframe DB2 platform through z/OS Webrequire the highly sensitive records to be storedServices, CICS and TSO have addedon massive computers. Essentially, they will be afunctionality to legacy processing and broughtDNA footprint for millions of Americans. Securitytransaction processing to new levels. It has alsofor these records should not be thought of as after introduced a new perception of vulnerability.the fact and will require vigilant and pro-active Mainframe Security Administrators sometimesmonitoring of security regardless of the hostview it as opening up the mainframe to intruders.operating system. Arcati Ltd, 201115 16. Arcati Mainframe Yearbook 2011 Mainframe strategyThe "bad guys" are finding new inventive ways tofound to be incapable of countering security threatsobtain corporate and personal information and toof modern days. Finally it will discuss the methodsdisrupt a companys business as was done by that can be adopted to counter the latest securitysomeone holding the State of Virginias medical threats and how these tools work.records hostage and demanding a $10 milliondollar payment.BackgroundMost of the Financial, Healthcare and Security teams for z/OS DB2 commonly usePharmaceutical industries keep their vital recordssecurity products from IBM and Computeron DB2 and other databases residing on the IBMAssociates for reporting. They are the first levelsz/OS mainframe platform. Government interests of defense. These products either allow or deny ain these corporations will lead to the next wave of user access to a resource. Unlike UNIX and otherexchange of information among them and it isoperating systems security, it is a simple yes orexpected that private industries sharing database no decision. If security is denied, a violation eventinformation with the Government will soon havewill be recorded on the security log files and into comply with the FISMA guidelines.most cases a message will be issued to theprimary console. The event may go unnoticed untilBut regardless of the industry and whether or not the System Administrator runs a violation reportthey fall into the FISMA regulations, every company in response to an incident.is at risk of losing information. Security is notalways the highest priority in a corporation until it DB2 is capable of keeping a separate log file ofis named in the lead story on the evening news or events throughout its course of normal processing.Wall Street Journal and you are requested to testifyThese log files are a mainframe operating systembefore Congress.function called System Management Facility orSMF records. The DB2 SMF records containThis paper puts its focus on ways to monitor z/ information related to many different types ofOS DB2 database security by thinking outside theevents occurring within the system. The level ofbox. It will offer alternatives in developing angranularity depends on configurations of the DB2efficient security framework to monitor securityaudit trace at the individual table level. The SMFsettings and protect confidential data from badrecords provide data useful for investigatingguys in an effective and economical manner. This security events and if used in combination withpaper will also explore the tools that are availableother resources, help investigate possible attacksfor developing such a security framework. The and breaches for incident response, auditing andmain focus is placed on security tools that can becompliance purposes. The DB2 SMF records areused outside the mainframe security framework.created in binary format and are not readable by aThe stress on thinking outside the box is plain text editor, making online viewing andemphasized as the majority of the traditional tools interpretation almost impossible.that fall within the mainframe security setting havefailed to meet todays security, auditing andcompliance mandates. It will detail the steps toSeparation of dutiesbe taken when setting up log collection and securityOne of the most fundamental aspects of theanalysis programs on the mainframe by using Sarbanes-Oxley Act of 2002 was the definition ofeconomical sources readily available. However,Separation of Duties. Having the same personalong with mentioning the efficiency of this system,monitoring security and setting up security is ait will also put stress on the need for a new clear case of a violation of the Act.framework as very often traditional measures are16 Arcati Ltd, 2011 17. Arcati Mainframe Yearbook 20072011Mainframe strategyFigure 1: The Forrester Group analysis of the cost per breachThe evolving security function outside the box in a centralized repository, (b)The Security Administrators in most z/OS introduces new technologies and experience toenvironments are responsible for monitoringmainframe computer security experts wishing tosecurity. In addition to defining and maintainingexpand their careers, (c) allows non-mainframeusers and passwords, they assume the role of security technicians to become exposed to whatchasing down batch reports to answer periodicis happening inside the box, and is a win/winsecurity, auditing and compliance questions. proposition for the entire organization.Some leading mainframe installations are creatingindependent departments to actively monitor theThe cost of a security breachsecurity using SMF event information. OtherReports on the average cost per incident for ainstallations are placing z/OS security into totally computer breach vary from $1.5 million as reportedautonomous security groups that monitor Network, by the US Department of Justice to $4.8 millionUNIX, Windows and other operating systems. per breach as stated by a 2006 Ponemon InstituteRestructuring the mainframe security group (a) survey. The Forrester Group, a leading IT Securityallows mainframe events to be monitored from firm, provided the best analysis of the cost per Arcati Ltd, 2011 17 18. Arcati Mainframe Yearbook 2011Mainframe strategybreach. As the Figure 1 shows, Forrester went as One very good example of this occurred duringfar as to break down the cost per record.the performance of a network vulnerabilityGovernment Agencies, large companies hosting assessment at a large government agency. Themedical and financial databases and most network was compromised (with authority of thefinancial institutions would obviously fall into the agency) and a workstation was hacked.Company C profile. Application files related to a process running on the workstation were examined. A mainframeHypothetically using this data if a hacker unencrypted DB2 logon ID and password werecompromised information from 1,000,000 creditfound. The ID and password were then used tocards according to the Forresters charts, costlog into the DB2 application on the mainframe withestimates would be approximately $305,000,000. SYSADMIN privileges. This was just an exercise,Beyond the financial implications a compromise but if real the damages would be unlimited.of this nature would also include damage tocorporate reputation, loss of customers, andincreased regulatory scrutiny let alone the personal Weaknesses in DB2 application codedamage to the CIO and CEOThere are two major concerns regarding DB2 application code being developed and running on mainframe processors.Personal liabilityInformation security breaches may go beyondcorporate boundaries and expose the corporationto unwanted legal actions. Security exposuresderived from the theft of data has lead to threeclass action law suits against the Secretary ofVeterans Affairs. The theft was a result of databeing transferred to a laptop which was laterstolen from a private residence of a VA Contractor.The security breach affected 26.5 million recordswith a VA estimate of between $100 million and$500 million to prevent and cover possible lossesfrom data theft.The Real Security Exposure to DB2 on z/OSThe most sought after target when attacking DB2data on the mainframe is to acquire the privilegesettings of the DB2 System Administrator.Compromising it and escalating the DB2 privilegesto a common users ID allows you to attack theDB2 data virtually unnoticed. It is becoming moredifficult to do this in the modern days of DB2;1 Random checks of application code beinghowever, an emphasis should be placed on developed using mainframe Web Servicesmonitoring accesses to critical informationseems to be in line with the security guidelinesregardless of whether an individual has or doesand standards of today but you dont knownot have the correct privileges. It is not alwayswhat you dont know. Application reviews bysafe to assume that a mainframe security product the mainframe ISSO are almost non-existent.will always protect you.18 Arcati Ltd, 2011 19. Arcati Mainframe Yearbook 20072011 Mainframe strategy2 Many of the DB2 legacy applications were Common to all companies are thousands uponwritten prior to the 9/11 mentality when it wasthousands of SMF records that are written dailynot cost-justified to change them to fit into theand in many shops the SMF logs switch once asecurity conscious world we are living in today. day, twice a day or perhaps hourly, depending onThe inability to adapt these applications to the customers transaction processing volume.todays security awareness posture poses a The volume of SMF records created cause majorbig problem for many large companies and difficulties making it impossible to monitor the highgovernment agencies around the world.volume from one workstation in real-time. AnotherEspecially when one considers that the DB2 problem presented is that these SMF records areData-warehouse containing the key corporatetypically made available with time lags betweenasset data is updated, scanned, accessed reports. So for example if batch reporting on DB2continuously supporting critical businessSMF records by a bank are used to protect it fromtransactions. There reside the customer files, a security breach against credit card informationmedical information, credit card records, social and they are only available at best, on hourlysecurity data, financial records, etc., all primeincrements, it presents a window of opportunitytargets for illegal information security breaches. for a breach.The Government has responded with strictregulations under HIPAA, SOX and GrahamAnother problem regarding batch reporting on SMFLeach, along with financial penalties to records is that these historical foundations forcorporate officers who fail to comply. Under security, auditing and compliance batch reportingthese pressures it is time for corporate are not at all cost effective. In fact, the cost ofmanagement to raise the bar for security manually reviewing logs is very high. Creation ofmethodologies protecting DB2 on z/OS to thelogs with an aim to provide security is one thing,highest level. but actually manually reviewing and printing them is very expensive. Often companies seem to be reluctant in spending huge sums on reviewingUsing DB2 SMF records as event trackingthese logs. But if a company does not review aThere are over 100 different types of SMF recordslog, then what is the purpose of putting efforts inreserved by the z/OS operating system for variouscollecting them?operational functions. Record numbers above acertain level can be used for vendor products andmainframe application programs. SMF record How to implement DB2 SMF Audit Tracenumber eighty (type 80 records) are used by twoRecordsof the mainframe security products commonlySMF log analysis is very important when it comesfound on the mainframe. A third security product to monitoring DB2 security, auditing anduses an SMF number assigned to it at the compliance. One of the best ways to do it is byinstallation time of the product (commonly # 231)using the DB2 audit trace facility. The DB2 auditand DB2 auditing uses SMF record type 102. The trace facility must be turned on for each table youSMF records are written to files after the wish to monitor. This is done by using the AUDITmainframe operating system performs an event.clause at the time of the CREATE of the table.The mainframe Systems Programmer isAdditionally, Audit Trace classes must be activatedresponsible for defining the size of the primary and in order to collect the data in the DB2 SMF records.secondary SMF files. When the primary file fills,Each class is associated with the type of DB2the secondary becomes the primary and theevents you wish to monitor. The DB2 Audit Traceoriginal SMF file is archived. Classes are as follows: Arcati Ltd, 2011 19 20. Arcati Mainframe Yearbook 2011 Mainframe strategy20 Arcati Ltd, 2011 21. Arcati Mainframe Yearbook 20072011 Mainframe strategyClass One Class TenAccess attempts that DB2 denies because of(DB2 V9.1) CREATE and ALTER TRUSTEDinadequate authorization. CONTEXT statements, establish trustedconnection information and switch userClass Two information.Explicit GRANT and REVOKE statements andtheir results. This class does not trace implicit Here is a partial list of DB2 security related eventsgrants and revokes. commonly monitored: Access rightsClass Three Privilege changes, explicit privilege changes asCREATE, ALTER, and DROP statements that well as administrative changesaffect audited tables, and the results of these SYSCTRL and SYSADM activitystatements. Changes to authorization Dropping of tablesClass Four Inserting/changing recordsChanges to audited tables. Accessing data from unauthorized IDs GRANT/REVOKE statementsClass FiveAll read accesses to tables that are identified withFor some classes, other activity within the DB2the AUDIT ALL clause. audit trail information, important for computerforensics and incident response, is the actual SQLClass Six statement that was being performed at the timeThe bind of static and dynamic SQL statements of the incident. It is a fingerprint to the table, rowof the following types: and column that the user was going after at theINSERT, UPDATE, DELETE, CREATE VIEW, andtime. Unfortunately, it is buried behind a veryLOCK TABLE statements for audited tables. complex index of binary bit settings within the DB2SELECT statements on tables that are identified SMF audit trail record and difficult to interpret.with the AUDIT ALL clause.The DB2 Audit Trace facility is historically knownClass Seven for adding additional CPU overhead. DB2 hasAssignment or change of an authorization ID gotten progressively better when using this facilitybecause of the following reasons: with each new release and there has been a Changes through an exit routine (default or drastic reduction on that overhead. The latest IBM user-written)statistics indicate that it will introduce less than Changes through a SET CURRENT SQLID 10% additional CPU overhead, per transaction, if statementall of the classes are turned on. An outbound or inbound authorization ID translation An ID that is being mapped to a RACF ID fromThinking outside the box a Kerberos security ticket The mainframe operating system platform is thepremier transaction-processing machine and hasClass Eight always boasted industry-leading securityThe start of a utility job, and the end of each phase technology. During many years of service, oftenof the utility. under the most demanding conditions imaginable,it has survived. It has proven itself time and again,Class Nineand was awarded the U.S. Governments highestVarious types of records that are written to IFCIDcertification for commercial security. However, in0146 by the IFI WRITE function. Arcati Ltd, 2011 21 22. Arcati Mainframe Yearbook 2011 Mainframe strategya changing world with an increase in lost tradeThe events are expected to be condensed by agentsecrets, theft of personal identity, and wrongdoings software executing on a remote device.by employees, associates and contractors, theDB2 SMF records can be excessive in length (thestrongest security mechanisms are essential. The SQL could be 4k alone) and should be filtered ormainframe security concept of allow or notcondensed for any SEIM product. The process ofallow simply may not be enough. It needsreading the security logs and condensing themadditional safeguards that help protect users andinto warnings and alerts is expected to occur by adata with features that were not possible untilremote agent process residing on the mainframe.recently.Doing so saves network traffic overhead and expenses related to storing excess data in theThe answer to bringing mainframe security to the central repository on a mid-range disk device.next level is; integrating mainframe yes or no Commercial vendors for SEIM products such assecurity with existing network security products.NetIQ, Intellitactics, IBM, NetForensics, ArcSightThe mainframe security professional needs theand Novell often have remote batch or real-timetools to accomplish this feat in a world where the process to collect DB2 information from theReagan-era motto Trust but Verify is essential.mainframe.There are a variety of Log Management and SEIMproducts supporting DB2 that may already beOne way to leverage money already spent and todeployed within your own organizations. Theseget the employee of the month award is to thinkproducts sit outside the mainframe, on the outside the box and to integrate mainframe eventsnetwork, and collect events logging from firewalls,into one of the products that your company hasUNIX, Windows and other operating systems. Veryalready invested in.seldom does a mainframe Security Administratortap into these resources.DB2 mainframe homegrown solutions Developing a homegrown agent application to readLog Management and monitor the DB2 SMF records, non-DB2 SMFLog Management products are available from records, console messages, applicationcommercial vendors including LogLogic, Network messages and vendor products is anIntelligence, Novell, Computer Associates, IBM and overwhelming and monumental task. The DB2others. They are designed to collect raw log data. SMF records are considered to be one of the mostA partial mainframe solution is to route the console complex record formats and can only belogs directly to the Log Management software. This interrupted by a veteran Systems Programmer.is only a partial solution because the console logsNot including the DB2 SMF records in aalone do not contain all of the information required homegrown solution would produce a highlyfor fully monitoring the mainframe environment. Aineffective result.better approach to Log Management is to use thecombination of raw data from console logs, Another interesting point is that the Sarbanes-security log files and SMF data. Problems ariseOxley Act of 2002 definition of Separation of Dutieswhen you attempt to send the combinedspecifies that security personnel administrating orinformation to the Log Management software monitoring should not be writing security code. Inbecause the volume of data traveling across theessence, homegrown written code, including lognetwork creates a lag time. The information does monitors and exits written by a security personnot arrive in a timely manner as required by within the organization, is in violation of the veryregulatory mandates as a result. audit finding that it was intended to resolve.SEIM products supporting DB2 With that being said; and you decide to proceed,SEIM products collect security events from manythere are some complicated technical and designsources other than the mainframe.22 Arcati Ltd, 2011 23. Arcati Mainframe Yearbook 20072011 Mainframe strategyissues that have to be worked out before you even breach. Therefore, it is no longer efficient or safebegin. These issues include:to rely solely on batch reporting and mainframe Asynchronous timing security systems that work strictly inside the Unacceptable consumption of CPU and mainframe, only recording on incidents where Network resourcessecurity has been violated. It is now possible to Conversion of data from binary to text format use products to monitor mainframe security from Delivering the information on a timely manner outside the mainframe itself. so that it can be immediately acted upon.Among the various kinds of security products thatThe complexity and costs related to the can work sitting outside the mainframe platformdevelopment of a homegrown application is often are Log Management and SEIM (Security Eventcast aside by management when compared to and Incident Management) products supportingthe cost of purchasing proven software from DB2. Each of these products has their own prosreliably vendors. and cons and there is no one shoe fits all solution.The important point is that all these solutions aremore economical, efficient and faster than theSummary earlier models in countering new types of securityDB2 z/OS is here to stay and will only grow tothreats.accommodate data warehousing requirementsand corporate business transactions. In the pastSo, how will you choose the correct softwarethe security emphasis always seemed to be onamong the many alternatives? While choosing adistributed systems. However the newparticular security product that is able to workGovernment regulations have leveled the field tositting outside the mainframe platform, certaininclude all data, as exampled under the Federal factors have to be checked. Here are someInformation Security Management Act (FISMA) ofcriteria that you may consider when evaluating a2008. Every Government computer and network security product for your company:is essentially required to protect its confidential Scalabledata and any other types of records. These Ease of usestandards are about to spill over into the Room for lateral growthcommercial arena with the fusion of Government Real time 24/7 event monitoringand commercial entities. SOX and HIPAA have no Ease of configuration and installationcomputer boundaries regarding the compromise Small footprint of mainframe processing andof critical data. Unauthorized changes to patient minimum performance impact on mainframeinformation or accounting records are all fair game systemsin the eyes of the law.Companies should not wait for the incident toIn this paper we have addressed some importanthappen to make newspaper headlines. Althoughissues relating to security breaches. They includethe cost of protecting data effectively is high, thehow the mainframe platform works towardscost of a security breach is even highermonitoring security of records, what the pitfalls considering the new laws governing theare in the traditional methods of using DB2 SMF compromise of data. Companies can take a sighrecords for event tracking, and how the mainframe of relief now that there is cost effective andplatform can be modernized to provide improvedcomprehensive mainframe software available insecurity monitoring of important and confidential the market. These products meet the currentrecords. An attack, especially on DB2 z/OS to needs of the corporations in the area of securingobtain the privilege settings of the DB2 System confidential records of their own businesses asAdministrator, allows for a stealthy security well as of their clients, and have all the qualities Arcati Ltd, 2011 23 24. Arcati Mainframe Yearbook 2011Mainframe strategythat are required to counter todays security company and IBM Business Partner in softwarethreats. They work efficiently with existingdevelopment. He has over 25 years mainframemainframe security products and make use of systems experience and 15 years securitySMF and console messages in appropriate ways. management experience. He has worked withThey are capable of tracking DB2 audited events,NATOs Counterintelligence Lathe Gambitseveral types of insider threats, deliveringsecurity project, the US Army Counterintelligence,mainframe alerts in real time and easily integratingand other government, private and publicwith other existing security monitors.organizations. He also provides professionalservices to government agencies on mainframeSo, dont let data breaches derail your career, orand security related subjects.more importantly, your bosss. Proactivecompanies, having a track record of monitoringStephen D. Rubin is the founder and president ofsecurity logs from outside the box, are in theMMI. Under his leadership MMI has a track recordforefront of Government requirements and have of 20 years of financial success in creatinga solid framework in place to manage DB2 data business markets for information technologyand its associated risks. Doing so puts them, services (IT) across North America. Areas ofregardless of their industry, in a better competitive business include training, consulting services, andposition, with an ideal security posture that willsoftware. MMI has trained over 3,000 IT studentsallow them to participate in the very important data- representing over 400 corporations in databasesharing evolution taking place. design, information security, capacity planningand distributed application development.Professional service engagements have includedinformation security, server consolidation, and theFounded in 2002, Type80 Security Software is aauditing of capacity planning and chargebackleading producer of Mainframe security solutions. methodologies for both public and private sectors.Type80s flagship product, SMA_RT, is a Stephen has authored white papers to driverevolutionary host-based intrusion detection andmarket recognition and helped create the Unitedalert notification product for IBM mainframeStates marketplace for a European software start-computers running on the zSeries/Operatingup client.System (z/OS). Type80s products are designedto protect information stored on IBM mainframes William Buriak has over 25 years of informationby detecting the presence of unauthorized and technology experience with an extensivesuspicious activity and delivering relevant alertsbackground in financial services, healthcare, andto Log Management and SEIM products in real-technical and management consulting. Bill is atime. By allowing quick and easy access toSenior Executive with demonstrated experienceimportant Mainframe-specific security events, in planning, developing, and implementing costType80s products provide a valuable role ineffective, innovative solutions to address complexhelping organizations around the globe meet business problems. He has broad recognizedvarious Governance, Risk Management and experience in managing mainframe systems,Compliance regulations. Type80 is a privately-heldWeb based, and distributed systems. He hascorporation based in Alexandria, Virginia.extensive qualifications including vendormanagement, consensus building, and strategicPlease visit www.type80.com for further planning skills. Currently working in the Securityinformation.Engineering area of a major world bank, Mr. Buriakis responsible for compliance and control of a largeJerry Harding is CEO of Type80 Security Software, number of global products.Inc. Type80 is an emerging security technology24 Arcati Ltd, 2011 25. Arcati Mainframe Yearbook 20072011 Mainframe strategy and-error routines to find solutions to problems. IfCA Mainframe Chorusa problem recurs on an infrequent basis, theres no easy way to document the solution so it canDenny Yost takes a detailed look at CA be shared with others or quickly implemented theMainframe Chorus from CA Technologies. next time it occurs. Mainframe professionals also find themselves switching between multiple,For many large organizations throughout the world, disparate tools to perform their jobs, furthermainframe computing environments are anzapping productivity.essential business asset that continues to grow.Mission-critical applications hosted onDetermining how to leverage the expertise of themainframes process trillions of transactions aging mainframe professionals, transfer theirannually for customers of banks, insurance knowledge to the younger generation ofcompanies, brokerage houses, various professionals, increase productivity to keep costsgovernment agencies, manufacturers, and a host low, and teach the younger generation how to useof other organizations. However, if a mission- command-level mainframe tools is a significantcritical application or service isnt available, challenge for CIOs. Its a challenge that must becustomers suffer, causing significant losses inresolved soon.revenue and customer goodwill. For this reason,managing the mainframe computing environmenthas always been and will always be vital to theA new, innovative mainframe managementcontinued success and viability of many largesolutionorganizations. CA Mainframe Chorus addresses the need for easing the management of mainframe resources, provides a standardized method of knowledgeThe dilemma transfer, and increases productivity through theCIOs are facing several significant challenges touse of its role-based, unique interaction model.keep their vitally important mainframe computingassets performing at their best. Its no secret that The unique interaction model of CA Mainframemost mainframe professionals are specialists withChorus delivers a new approach to managing20 to 30 years of experience who will be retiring in mainframe computing environments for todaysthe coming years. When a problem occurs with and tomorrows information systemsz/OS, DB2, CICS, security, storage, or other professionals by combining a visual workspace,mainframe components, the speed of correctly collaboration, automation, and the ability to capturesolving the problem is critical. Yet, years of and easily share knowledge into a graphically-rich,experience and knowledge are needed to quickly integrated solution organized around the job roleknow where to look and what action to take. Theof the person using it. Heres how it works.experienced mainframe professionals have thisknowledge, but the younger generation doesnt.Getting younger mainframe professionals up toEasing mainframe managementspeed quickly is also difficult due to the CA Mainframe Chorus presents mainframemainframes text-based, command-oriented resources in an intuitive, easy to learn and useinterface in contrast to one thats graphical. graphical display known as the workspace. The workspace includes a metric panel, workspaceProductivity is another issue. While experienced tabs, and the module section (see Figure 1). Themainframe professionals possess significantmetric panel is located at the top and is aknowledge, they must still regularly reference continuously running horizontal scroll displayingmanuals, collaborate with others, and perform trial- Arcati Ltd, 2011 25 26. Arcati Mainframe Yearbook 2011Mainframe strategyFigure 1: CA Mainframe Chorus provides the base platform upon which differentrole-based management components are builtthe status of various performance variables (knownto resolve issues has been a looming questionas Metric Icons) such as system, database,for the past few years. Experienced mainframeapplication performance, and many others. These professionals know what commands to enter toperformance variables dynamically change coloridentify a problem, what actions to take tobased on thresholds to provide visual notice of implement a solution, and a host of othervarious alert conditions. When the user clicks on information. How to capture the expertise of thea performance variable, more in-depth information experienced mainframe professionals and makeis displayed in the workspace tabs area to presentit accessible to the younger generation for learningdetailed data of whats taking place. Since CAand using has been a quandary for many CIOs.Mainframe Chorus provides an integrated solution,a mainframe professional can further drilldown into CA Mainframe Chorus provides the ability toa problem through seamless interfaces to othercapture and store information. Policies,products and take the appropriate correctiveprocedures, actions, and solutions can beaction. documented, readily available, sharable, and, inmany cases, automatically performed. The resultis a standardized method for knowledge transfer,Knowledge transfermore effective management of mainframes, andCapturing the knowledge of aging, experienced easier skill development for the next generation ofmainframe professionals and the actions they take mainframe professionals.26 Arcati Ltd, 2011 27. Arcati Mainframe Yearbook 20072011 Mainframe strategy Figure 2: CA Mainframe Chorus helps users easily visualize complex DB2 relationships when navigating LPAR, subsystems, databases and other DB2 objectsGreater productivityChorus can also automate the execution ofBeing able to perform tasks quicker and easier is commands, steps or other workflow, potentiallyalways nice. Effortlessly performing repetitive and accomplishing in minutes what might take amonotonous tasks faster is awesome. mainframe professional much more time tocomplete.CA Mainframe Chorus increases productivity inseveral ways. Its intuitive interface makesperforming a wide variety of mainframeCA Mainframe Chorus for DB2 Databasemanagement functions far easier, therebyManagementimproving productivity for both experienced and CA Mainframe Chorus provides the base platforminexperienced mainframe professionals. Since theupon which different role-based managementproduct is easy to learn how to use, youngercomponents are built. The CA Mainframe Chorusmainframe professionals can quickly beplatform combined with one or more role-basedperforming tasks that would otherwise take them management components delivers a total solutionmonths to learn and master. CA Mainframeto optimize performance, simplify management, Arcati Ltd, 201127 28. Arcati Mainframe Yearbook 2011 Mainframe strategyand accelerate staff knowledge and experience. Object Tree navigation and management ofThe first role-based management componentDB2 objects: Improve productivity andbeing introduced with the base platform is CAvisualization when navigating LPARs,Mainframe Chorus for DB2 Databasesubsystems, databases and other DB2 objectsManagement (note: other roles will be introduced Alerts on DB2 threshold exceptions that providein the future).a launch point for easier troubleshooting: Focus DBAs on priority Service Level AgreementA unique user experience is delivered by CA(SLA) items and enable new DBAs to learnMainframe Chorus for DB2 Databasethese skillsManagement for z/OS Database Administrators In-context domain documentation with third-(DBAs). The product helps streamline and party integration: Increase productivity of bothautomate repetitive DBA tasks, freeing time forcurrent and next-generation mainframe IT staffmore strategic projects. An example screen isthrough centralized, in-context knowledgeshown in Figure 2. Complex DB2 for z/OS Near real-time performance monitoring withrelationships can easily be visualized, thresholds graphical displays: Manage the health of theand alerts can be proactively monitored, and DB2 system as well as currently executingperformance bottlenecks can be quickly identified, applications.diagnosed, and resolved to improve performance.Best of all, action steps to follow, documentationof actions taken, and other experiences can beeasily accessed and shared to help accelerateCA Mainframe Chorus and CA Mainframe Chorusknowledge and simplify mentoring for the nextfor DB2 Database Management are availablegeneration of DBAs.from CA Technologies, One CA Plaza, Islandia, NY 11749. Voice: 800-225-5224; Website: www.ca.com.CA Mainframe Chorus for DB2 DatabaseManagement key features: See a demo; read a White Paper; get more Time series data graphing for DB2 applicationinformation you can learn more about CAperformance data: Automate tracking andMainframe Chorus for DB2 Management bygraphing of comparative historical data analysis visiting the vendors Website at http://www.ca.com/for easier diagnosis and resolution of chorus.performance issues The 2010 Guide Share Europe UK National Conference was again held on 2nd and 3rd November at Whittlebury Hall. To help stay connected, the conference centre offered free Wi-Fi in public areas, and the conference provided 14 streams of seminars with five sessions per day - a staggering 140 presentations over the two days. In addition to the CICS, IMS, DB2, Enterprise security, large systems working group, network management working group, and software asset management streams, there were four streams for Tivoli users, DB2 LUW, zLinux, and new technologies. So there was definitely something for everyone. While management may feel that a couple of days out of the office must mean IT staff are simply enjoying themselves, the truth is these conferences help so much to share information and keep abreast of trends and new developments. Many thanks to the organizers for setting up such an excellent event, and to Mark Wilson who was conference manager for this years conference.28 Arcati Ltd, 2011 29. who can change the way themainframe is managed forever?Introducing CA Mainframe Chorus from CA Technologies.CA Mainframe Chorus dramatically simplifies mainframe management to help make your peoplemore successful and more productive while helping you maintain worldclass Quality of Service.CA Mainframe Chorus is a part of the CA Mainframe 2.0 strategy. It is both a fast on-ramp tomainframe management responsibilities and a productivity engine designed to help you getmore value from your mainframe platform.Simpler. Faster. More productive.The first management role, CA Mainframe Chorus for DB2 Database Management, isavailable today.To learn more, please visit ca.com/choruswe canCopyright 2011 ca. All rights reserved. 30. Arcati Mainframe Yearbook 20112011 user surveyby Mark Lillycrop and Trevor EddollsThe 2011 Mainframe User SurveyAn analysis of the profile, plans, and priorities of mainframe users.Many thanks to all those who took part.As usual our annual mainframe survey provides Responses from large mainframe vendors anda snapshot of the System z user communitys multiple entries from different people at the sameexisting hardware and software configuration, and site were excluded from the survey.also their plans and concerns for 2011.Respondents were from all over the world and theirThis year we have continued to track the growth distribution is shown in Chart 1. 52% were fromof mainframe integration with Web services, cloud North America and 32% from Europe, with 16%computing, and other areas of new development,from the rest of the world.as well as gauging the extent to which specialty6%2%8% North America Europe Middle East/Africa52% Asia Pacific 32% South AmericaChart 1: Distribution of respondentsengines, and Linux applications are changing theAs usual, a wide range of industry types areface of mainframe computing. In addition, we have represented in our sample (Chart 2). Notcontinued to explore relative cost in more details, surprisingly banking and IT account for a largeasking respondents how fast their distributed proportion of the organizations involved (28% andserver costs are growing relative to the mainframe. 20% respectively), with Government next with 16%.And we have investigated how important greenInsurance and retail both have 8% each. Transportissues are to the mainframe community.and other have 6% each. Health has 4%, leavingeducation and telecoms with 2% each.Profile of respondentsThe mainframe user survey was completed byA third way to categorize respondents is to look at100 individuals between the 1 November 2010 and business size. As shown in Chart 3, 44% of thethe 3 December 2010. Survey respondents werecompanies have in excess of 10,000 employeeseither contacted directly by e-mail or other Web- worldwide,Below that, with 14% of respondents,based means and invited to complete the are staff sizes of 0-200, 1001 to 5000, and 5001mainframe user survey on the Arcati Web site. to 10000. 10% of respondents had 201-500 staff,30 Arcati Ltd, 2011 31. Arcati Mainframe Yearbook 2007Arcati Mainframe Yearbook 2011 2011 user survey 2% 2%IT 4% 6% Banking 28%6%GovernmentInsurance 8%RetailTransportOther8%Health20%16% EducationChart 2: Industry sector of respondents Telecomsand four respondents didnt reveal how many staffoscillates between the two options. 4% ofworked for their company.respondents said they were working in an outsourced operation. This figure is down from82% of our respondents were involved in runninglast years value of 9%. 6% said they were partlyin-house data centres. This figure is particularly outsourced (last year 3%).interesting because it changes each year. In 2006it was 85%, in 2007 it was 77%, in 2008 it was Installed MIPS and capacity growth83%. Last year it was 76%. It is unlikely that someAs in previous surveys we have used MIPS asof our respondents outsource for a year and then the principal measure of capacity size. We askedreturn to in-house working. Perhaps the most likelyrespondents to indicate the total mainframe MIPSexplanation is that outsourcing continues to suitinstalled on their systems, and the result is shownsome people and not others and the trend in Chart 4. 50% of respondents (slightly up on last4%14% 0-20010%201-1000 1001-5000 5001-10000 44% 10000+14% no response 14% Chart 3: Number of employees woldwide in organizations surveyed Arcati Limited, 2011 31 32. Arcati Mainframe Yearbook 20112011 user survey4%12% Under 50032% 500-1000 10% 1000-10000 10000-25000 25000+ 24% No response18% Chart 4: Total mainframe MIPS installedyears 45%) said they had fewer than 1000 MIPStwo sites claiming growth in the region of 26-50%.installed, 24% fell into the mid-sized category 10% of sites are reporting a decline in mainframebetween 1000 and 10,000 MIPS (down very slightlycapacity growth (up from last years 4% and higherfrom last years 26%), and 22% were at the high than the7% reported in 2008). 18% of sites areend (down from last years 29%). As in last yearsnot expecting any kind of change in their MIPS thisresearch, we use installed MIPS later in the survey year. Looking at Chart 6, however, we can seeto identify differences between small, mid-sized, that the picture varies considerably depending onand larger users. the size of the system. All but two of the larger,more mature businesses (above 10,000 MIPS)Chart 5 shows the annual MIPS growth of are experiencing some growth, with almost equalrespondents. Two-thirds (66%) of mainframenumbers in the 0-10% and 10-25% quadrants. Forinstallations are experiencing some growth, withmid-range respondents, most were looking at6% 10% 2% Decline18%24%None 0 to 10 10 to 25 26 to 50 40% Not sureChart 5: Annual MIPS growth of respondents32 Arcati Ltd, 2011 33. Arcati Mainframe Yearbook 2007Arcati Mainframe Yearbook 2011 2011 user survey 100%90%80%70%26-50 per year60%50% 10 to 25 per year40%0 to 10% per year30%20%No growth10%0% DecliningLess than 1000-10000 Over 10000 1000 MIPSMIPS Chart 6: MIPS growth by installation sizegrowth of 10-25%, and two sites were looking at As in previous years, the mainframe marketgrowth between 25 and 50%. Two sites reported appears to be more fragmented than one mightzero growth. In terms of percentage, more mid-think. There are definitely competitive pressuresrange sites were growing by 10 to 25% than larger at the lower end of the mainframe market. This,sites. 17% of sites with less then 1000 MIPScoupled with concerns about cost and theshowed a decline in growth, although just over half availability of skills and applications, goes some(52%) showed growth of 10-25% per year. way towards explaining the mixed picture. As well 100%90%Not sure80% None installed70%60%More than 50% per year50%26-50 per year40%10 to 25 per year30% 0 to 10% per year20% No growth10% 0%Declining MainframeUnix Linux WindowsOtherIBM imainframeChart 7: Mainframe capacity growth compared with other platforms Arcati Limited, 201133 34. Arcati Mainframe Yearbook 20112011 user surveysee later in the comments section, some of the and 24% of sites are expecting growth greater thansmaller sites are moving away from mainframesthat.42% of Linux sites are expecting a growth upnot because of any particular issue with the to 25% per year and 14% are expecting growthmainframe platform, but because managers are geater than that. 40% of Windows sites areunfamiliar with its advantages. Some sites may expecting growth up to 25% per year, and 10%well be waiting for delivery of the new z196 are expecting growth in excess of that..processors, which will impact on the MIPS valuesthey report next year. Hardware and software currency The IBM mainframe hardware range continues toWe also compared the rate of growth of the receive a regular makeover, with new high-endmainframe with that of other IT platforms within and low-end systems generally being announcedthe enterprise. As shown in Chart 7, the System zon alternate years 2008 saw the addition of thelooks relatively strong in the slow-to-mediumz10 processors. And, of course, 2010 saw the newgrowth range (up to 25%). Interestingly, for the first zEnterprise processors. Delivery dates for eachyear ever, we had six respondents suggesting thatrange are provided in the Technical InformationLinux growth was declining. When the dontsection of the Yearbook.know results have been excluded, we find 68%of mainframes are experiencing a growth of 1-Our research suggests that, traditionally, users25% per year, which is well down on last yearsupgrade on a regular basis to the most recentfigure of 85%. 15.5% of Unix sites reported growth hardware to take advantage of capacity increasesgreater than 50% per year. This compared withand cost benefits. Bearing in mind that the new4.5% for Linux and just under 9% for Windows ^%z196 machines are only just being delivered, Chartof Unix, Linux, and Windows sites are predicting 8 shows that just over a third (36%) ofa decline in growth. 50% of Unix sites are respondents are currently using z10s, and aexpecting growth in the region of 1-25% per year,sllightly higher number (41%) are still on z9s. Older3% 1%zEnterprise3%3% 1%1%z10BC18% 8%z10EC z9BC 3% z9EC z9BC z990 8%z89018% z900 z800 Multiprise 300018% 15% Other IBM Other PCMChart 8: Mainframe processors installed (all responses)34 Arcati Ltd, 2011 35. Arcati Mainframe Yearbook 2007Arcati Mainframe Yearbook 20112011 user survey 2% 10%older 8%z/OS 1.76%z/OS 1.8z/OS 1.9 48%z/OS 1.10 8%z/OS 1.11z/OS 1.12 18% Chart 9: Primary mainframe operating system release in usez mainframes accounted for just under a quarter 1.11 (up from last years 4%), 18% are still using(22%) of all processors in use by respondents. It V1.10 (down from last years 27%), and about ais perhaps worth pointing out here that manythird (32%) of sites are using older versions. Lastrespondents had more than one processor in useyear 49% reported using Version 1.9, whereas thisat their site and one site had seven differentyear the figure is just 8%.processor models in use.Mainframe strategySoftware currency (Chart 9) presents a more Within the industry as a whole, opinion is clearlymixed picture and tends to lag a little behinddivided over the role of the mainframe in newhardware. This years survey finds 2% of sitesapplications. For some companies the mainframeusing Version 1.12, but 48% of sites using Versionremains a separate legacy environment while12% 6% Not sure No34% Not yet Partly 40% Fully8%Chart 10: Do your mainframe applications participate in your Web services/SOA? Arcati Limited, 201135 36. Arcati Mainframe Yearbook 2011 2011 user survey 70 60 50 40 30 20 100 DB2 CICS WASIMS SAPSiebel Other Dont know Chart 11: Which middleware are, or do you plan to enable, with Web services?others are leveraging the strengths of large planning stage). There are considerable cost andsystems by using them to deploy new workloadsmanagement benefits of consolidating distributedand technologies.Linux workloads onto the mainframe, and IBM made the IFL (Integrated Facility for Linux)We asked respondents whether their z/OSspecialty processor available in 2001. Runningsystems participate in Web services and SOALinux on a mainframe seems well on its way toenvironments, and the results are shown in Chart becoming a mainstream technology. 58% of10. 52% of organizations said that their organizations said that they are Web-enabling theirmainframes participate partly or fully in WebCICS subsystems (Chart 11), which is down fromservices. This figure seems to be stabilizing, 68% last year. 62% of sites are Web-enabling DB2,because last year it reached an all-time high of which is up from last years 59%. 26% of sites59%. Before that it was 53% in 2008 and 48% in are Web-enabling IMS, again down from last2007. It may well be that SOA and Web services years 35%, and WebSphere Application Serverhas now reached maturity because the numberrated 26% (again dropping from last years 32%.of sites planning to integrate them in the future[Bear in mind that the small percentages attachedhas increased this year to 8% (up from 5% last to SAP and Siebel probably reflect the smalleryear). number of sites using these products on the mainframe rather than a reluctance to consider30% (almost the same as last years 31%) wentWeb-service enabling.]on to say that they run Java-based applicationson the mainframe, with a further 10% planning to This year we asked about cloud computing for thedo so in the future. This value is very similar to first time. We asked whether respondentslast years 9%. Again a sign of maturity in thecurrently used their mainframe for cloudtechnology. 42% of respondents (up last years computing. Only 2% of respondents said they did.39%) said that they run Linux on the System z34% said they didnt, and the rest werent sure.(with only 2% down from last years 7% at theBearing in mind that it is still early days for a cloud36 Arcati Ltd, 2011 37. Arcati Mainframe Yearbook 2007Arcati Mainframe Yearbook 2011 2011 user surveycomputing initiative, we asked whetherRelative costrespondents were planning to adopt cloudThere are many ways of comparing the costs ofcomputing as a strategy. 22% said they werentmainframe systems with those of other platforms,at present. 8% thought some mainf ramebut none of them are straightforward and few areapplications would be cloud enabled in the future,meaningful. CIOs and finance directors all tooand a similar number thought most would be cloud- often have little experience of the factors thatenabled in the future. However, 4% didnt see a contribute to mainframe total cost of ownershipuse for cloud computing. It will be interesting toand there is still little published data available tofollow these figures in future surveys. help them make informed comparisons. It isbeyond the scope of this short survey to go intoAs for the future of legacy systems, once again detail on cost, but the following questions explorethe answer depends to a degree on the size andsome areas where financial comparisons can bematurity of the installation. As shown in Chart 12, made between large centralized systems and54.5% of the largest sites see integration as the distributed servers.way forward and predict a positive strategicdirection lower than last years figure of 68%. InWe asked respondents how fast their System z-the mid-range (between 500 and 10,000 MIPS),related expenditure is increasing, in terms of thethe pro-integration contingent drops to 46% (down technology itself and the people needed to supportfrom 54% last year) with 14% (up from last years it. In Chart 13, we compare these results with the8%) considering porting to Unix or Linux. Below growth in mainframe capacity. The vast majority500 MIPS, the picture is similar, with 44% planning of respondents said that their people andto integrate. Interestingly, only the mid-range sites technology costs were seeing single-digit growthconsidered migrating to Windows.at the most (with 11% of sites seeing a decline intechnology costs and 18% of sites seeing a100% Dont know 80% A mixture of strategies 60% Maintained and actively integrated Maintained but not integrated 40% Mostly outsourced 20% Mostly ported to Unix/Linux0% Mostly ported to Windows Less than 500 500-10,000 MIPSOver 10,000 MIPSMIPSChart 12: Legacy application plans over the next three years Arcati Limited, 2011 37 38. Arcati Mainframe Yearbook 20112011 user survey 100%90%80% Declining70%0% per year60%50% Less than 10% per year40%10-25% per year30%20% 26%-50% per year10% 0% CapacityTechnologyPeoplecosts costsChart 13: How fast is your System z-related expenditure growing annually, on thetechnology itself and on the people required to manage the technology?decline in people costs). 28% (down from 47%) reported people costs increasing above 10%.of respondents reported capacity growth higherPerhaps these sites are expecting to make savingsthan 10%, whereas only 13% reported technologyon head count through the use of more moderncosts increasing by that amount, and only 5%technology. 100%90%80%70%0% mainframe/100% distributed60% 20% mainframe/80% distributed50%40%40% mainframe/60% distributed30%60% mainframe/40% distributed20%80% mainframe/20% distributed10% 100% mainframe/0% distributed 0% What proportion of yourWhat proportion oftotal IT budget is spent on enterprise data resides mainframe-related costson the mainframe? and how much on other platforms? Chart 14: IT budget and corporate data: mainframe and distributed systems compared38 Arcati Ltd, 2011 39. Arcati Mainframe Yearbook 2007Arcati Mainframe Yearbook 20112011 user surveyWe went on to ask what proportion of the total ITbudget is absorbed by mainframe-related costs,and what proportion of enterprise data resides on 100%the mainframe (Chart 14). The result was that, 90%while more than half of our respondents use the80%mainframe to manage the lions share of the70%corporate data, their spend on the mainframe and60%distributed systems are very similar. So the50%popular perception that the System z is soaking 40%up financial resources without providing a good 30%return on investment would, yet again this year,20%seem to be firmly dismissed by these figures. 10% 0%Again this year, we asked how fast respondents IBMinon-IBMWindowsLinux Unixmainframebelieved their acquisition/maintenance and supportcosts for distributed platforms were growing Are your distributed acquisition/maintenance costsrelative to the mainframe, for an equivalent amountgrowing faster or slower than mainframe?of capacity or size of user population respectively(Chart 15). In other words, did they think that theirmainframe costs were increasing faster or more Much fasterslowly than their Unix, Linux, Windows, and IBM iA little fastercosts. Of course, these numbers have to be About the sametreated with great caution as we are askingrespondents to make direct comparisons, which, A little sloweras we have just stated, are very complex. Once Much sloweragain, this chart can be used only as an indicationof a general trend, but its a very interesting trendnevertheless! Anything above the green bar ineach column suggests higher costs for alternative 100%platforms. Again this year, a substantial numberof respondents felt that their Unix, Linux, and80%Windows user-support costs were increasingfaster than the mainframe for an equivalent60%amount of capacity or support. Similarly, andparticularly marked for Windows environments,40%their anticipated acquisition and maintenancecosts were increasing faster than for the20%mainframe.0%With the environment and environmental issuesIBMinon-IBM Windows Linux Unixgetting so much coverage in the media these mainframedays, we wanted to know whether IBMs greeninitiatives on things like power consumption and Are your distributed user support costs growing faster or slower than mainframe?cooling had made the mainframe more or lessattractive to our respondents. 72% of respondentsChart 15: Relative growth of expenditure:(the same figure as last year) said that IBMs greenmainframe versus distributedinitiatives made no difference at all. No-one said Arcati Limited, 201139 40. Arcati Mainframe Yearbook 2011 2011 user surveythat the initiative made the mainframe lesscustomers. Mainframe management is now soldattractive. 17% felt it made the mainframe a littleas a way of allowing customers to maintain themore attractive, and 11% felt it made thequality of the service they get from the mainframemainframe a lot more attractive. Clearly without the reliance on experienced mainframers.greenness isnt much of a selling point forIn other words, the software will identify a problemmainframes.and, as well as informing a less-qualified human, will take the necessary steps to negate theIBM versus the ISVsproblem. In addition, vendors are beginning to useThe mainframe independent software vendor (ISV)GUI-type screens, that younger IT people are morebusiness is continually evolving. Many of the better-familiar with, to display important informationknown names, particularly those that providesystem/data management tools and utilities, areW e asked respondents what makes themmerging or being acquired by larger companies. consider a change of vendor for their mainframeOthers are simply disappearing from what had tools and utilities. Its clear from Chart 16 that costbecome a very crowded market, although a small is by far the biggest driver, even though cheaperstream of new entrants helps to redress thetools often off er limited functionality.balance. Disappointingly for ISVs, this year 32% of respondents (up from 20%) claimed they rarelyIBM regularly argues that some ISVs are tooconsider changing mainframe software.inflexible and need to change their software pricingstrategies, while the third-party suppliers respondWe also asked how much of users mainframethat IBM is placing excessive pressure on them software budget is spent on IBM/Tivoli software,by using its size and influence to win over theirand how much on pr