Re: CA Mainframe 2.0
> -Original Message- > From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On > Behalf Of Scott Fagen > Sent: Thursday, July 23, 2009 3:15 PM > To: IBM-MAIN@bama.ua.edu > Subject: Re: CA Mainframe 2.0 > > Dave, > > The best way to obtain CA MSM is to contact the AD/AM on your account. > > On Wed, 22 Jul 2009 19:21:29 -0700, Gibney, Dave > wrote: > > Hi Scott, > > > >One question, when can we have it. We might have tried today :) Sorry to revive this thread, maybe. Scott, we made such a request that same day. No response as of yet. Dave Gibney Information Technology Services Washington State University -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
CA View/Deliver (or whatever they are called now) were famous for bypass. Not sure which CA products you had such a bad experience with; but in the 23 years I have been with CA I have never been involved with a product that required the use of BYPASS. CA-1, never. CA TLMS, never. The Sterling storage products (CA-Disk, CA-Vtape), never. There might have ben a few, but that was NOT the norm. Russell Witt CA L2 Support Manager -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
It's not so much a struggle to persuade anyone to do something. It's more of a matter of moving in a direction that makes sense, what our customers have asked for, and what supports the Mainframe 2.0 initiatives. It isn't something that happens all at once. Those solutions that are already there, have confirmed that their products are following standard SMP/E methods. The rest are following right behind the others. I'm more of a glass-half-full person, so I enjoy the ones that are already there, and look forward to the ones that will soon follow. Norman Hollander Product Manager: Mainframe 2.0 -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Russell Witt Sent: Monday, July 27, 2009 SYSN 04:46 PM To: IBM-MAIN@bama.ua.edu Subject: Re: CA Mainframe 2.0 Gil, Not sure which CA products you had such a bad experience with; but in the 23 years I have been with CA I have never been involved with a product that required the use of BYPASS. CA-1, never. CA TLMS, never. The Sterling storage products (CA-Disk, CA-Vtape), never. There might have ben a few, but that was NOT the norm. Russell Witt CA L2 Support Manager -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu]on Behalf Of Paul Gilmartin Sent: Monday, July 27, 2009 10:43 AM To: IBM-MAIN@bama.ua.edu Subject: Re: CA Mainframe 2.0 In view of CA's long tradition of requiring BYPASS, it must have been a major struggle to persuade the development groups for 45 products to abandon their entrenched bad habits. I can only imagine. (Or is that in the other 100+?) -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
On Mon, 27 Jul 2009 18:46:12 -0500, Russell Witt wrote: > >Not sure which CA products you had such a bad experience with; but in the 23 >years I have been with CA I have never been involved with a product that >required the use of BYPASS. CA-1, never. CA TLMS, never. The Sterling >storage products (CA-Disk, CA-Vtape), never. There might have ben a few, but >that was NOT the norm. > I'm not the systems programmer here; I'm merely echoing what I read on this list. CA's history of requiring BYPASS is legend. But, in (a sort of) fairness, Russell is generally regarded as an exception; CA products associated with him are considered to be well-packaged. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
Gil, Not sure which CA products you had such a bad experience with; but in the 23 years I have been with CA I have never been involved with a product that required the use of BYPASS. CA-1, never. CA TLMS, never. The Sterling storage products (CA-Disk, CA-Vtape), never. There might have ben a few, but that was NOT the norm. Russell Witt CA L2 Support Manager -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu]on Behalf Of Paul Gilmartin Sent: Monday, July 27, 2009 10:43 AM To: IBM-MAIN@bama.ua.edu Subject: Re: CA Mainframe 2.0 In view of CA's long tradition of requiring BYPASS, it must have been a major struggle to persuade the development groups for 45 products to abandon their entrenched bad habits. I can only imagine. (Or is that in the other 100+?) -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
On Thu, 2009-07-23 at 17:32 -0400, Eric Bielefeld wrote: > Did anyone else see the CA Mainframe 2.0 video? I just watched it. You can > find it at: > http://www.ca.com/lean-it-mainframe.aspx Hrm. I get: Error calling overlay.onBeforeLoad: ReferenceError: wrappper is not defined ... under FF 3.0.11. Is there a direct link? -- David Andrews A. Duda and Sons, Inc. david.andr...@duda.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
On Wed, 22 Jul 2009 20:43:56 -0500, Scott Fagen wrote: > >To the referenced contributors, I'd ask that you try the technology out >before you indict, hold in contempt, convict and sentence it. We're only at >the end of year one of a three year development cycle, but already 45 >products have been updated and released to take advantage of CA MSM r2.0. >None of these products will require BYPASS to APPLY service. Another 100+ >have been updated to take advantage of the improved, tapeless electronic >software delivery process. > The product appears to be greeted with considerable enthusiasm. Kudos. In view of CA's long tradition of requiring BYPASS, it must have been a major struggle to persuade the development groups for 45 products to abandon their entrenched bad habits. I can only imagine. (Or is that in the other 100+?) -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
Having installed several products under the Mainframe 2,0 methodology, i can state the following from my own experiences: you will get involved with HFS files if you have not before (I had not, and fought many battles with your systems folks to get unfettered access to HFS/ZFS format files sure beats the old download process where you had to create BLP tapes (which our shop forbid) all in all - i was happy - now if I could only get Ca to keep mainframe bookmanager format documentation . oh well Chris Hoelscher Senior IDMS & DB2 Database Administrator Humana Inc 502-476-2538 choelsc...@humana.com you only need to test the programs that you want to work correctly The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
GEICO has also been using the CA-MSM beta version and my co-worker who installed Compliance Manager with it after I gave him a very short introduction said it was "amazing". Another team member installed a few PTFs in about 2 minutes when I asked him to do so over the phone from another office for our security team. His comment "that's it?" almost couldn't believe he had just done the same SMP/E work that normally took him several jobs and more time. I guess a he had expected to fumble around quite a bit more not having been the original installer of the product he was being asked to service but it just wasn't that hard with MSM. You need one z/OS savy person to setup CA-MSM that can perform or coordinate network, security, USS setup, etc. Once done everyone else get use of a very time efficient tool to handle installation and service without needing to individually do any setup. They are still in full control and deployment for now is done just as it always has been. This just gets the SMP/E RECEIVE, APPLY, ACCEPT parts of the work out of the way quickly so they can move on to deployment and customization/configuration where they actually get to add value to our business. It is real standard compliant SMP/E under the hood and all the SMP/E processing output being run for you is saved and exposed through drill downs for the curious or anyone who needs to see the detail. I also allocated a hefty sized central zFS filesystem for shared workspace and CA-MSM itself. So far our teams are very impressed. Best Regards, Sam Knutson, GEICO System z Performance and Availability Management mailto:sknut...@geico.com (office) 301.986.3574 (cell) 301.996.1318 "Think big, act bold, start simple, grow fast..." -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Patrick Loftus Sent: Thursday, July 23, 2009 10:44 AM To: IBM-MAIN@bama.ua.edu Subject: Re: CA Mainframe 2.0 We've been using MSM beta version, and we're very impressed at this early stage. As an example, it took me about 2 minutes work to get VTAPE installed (not configured). Elapsed time longer obviously, due to downloading and SMP/E batch work, but you can put your feet up whilst you wait, or alternatively find some other work to be doing. Click, click, click, click, and it's done. You'll need a reasonable amount of filesystem space though. This email/fax message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this email/fax is prohibited. If you are not the intended recipient, please destroy all paper and electronic copies of the original message. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
I forgot to mention that in my last post, but yes, Al did bring up his working as a consultant for zPrime. He also mentioned that a good part of his consulting work is for IBM. He was very open about this, so I don't think he would mind my mentioning it. Eric Bielefeld Sr. Systems Programmer Milwaukee, Wisconsin 414-475-7434 - Original Message - From: "Edward Jaffe" Al has admitted to being a consultant for zPrime. I wonder if that makes him culpable? :-X -- Edward E Jaffe Phoenix Software International, Inc 5200 W Century Blvd, Suite 800 Los Angeles, CA 90045 310-338-0400 x318 edja...@phoenixsoftware.com http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
The PCI Data Security Standard only addresses the protection of cardholder information. The standard is not intended for any other data (although, in my opinion, the specification would tend towards being a good idea for any *sensitive* information that you would want to protect.) See https://www.pcisecuritystandards.org. There's an especially good dos and don'ts document at https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf It would seem that if your goal is to attain the standards, then you should have a thorough understanding of the standards. Otherwise, you might spend a lot of time looking for the right anti-virus software to run on z/OS. For CA MSM, all credentialed and sensitive information (none of which is subject to the PCI standard, by the way) is passed via HTTPS. The only data passed via FTP are CA assets, product ESD files and solutions, passed back to you via FTP originating from your z/OS image. It also happens to be anonymous FTP, so the only 'credential' that is passed is the user's email address. The security and interactions are exactly the same as those that would be performed if you were to connect to support.ca.com and do your downloads to your PC. Scott Fagen Principal Architect Mainframe 2.0 CA On Thu, 23 Jul 2009 07:51:14 -0500, Jeff Grigg wrote: >We started looking at using this but soon found out it does not support >secure FTP so that came to a quick halt. CA has said this may come in the >future. With PCI requirements SFTP is a must for us. On Thu, 23 Jul 2009 09:15:03 -0500, Hal Merritt wrote: >I could be wrong (and often am) but I think PCI only cares about cardholder data and some ancillary processes (like system security). > >A documented (and management approved) exception with compensating controls ought to be sufficient. Of course, much depends on the quality of the auditors. On Thu, 23 Jul 2009 09:36:20 -0600, Jerry Whitteridge wrote: >Agreed -- we are allowed no unsecured file transfer to the mainframe due >to PCI. Our preference is FTPS but we could (for certain kludges) work >with SFTP. All vendors need to be reconsidering their supported >protocols. > >Jerry Whitteridge >Mainframe Engineering >Safeway Inc >925 951 4184 >jerry.whitteri...@safeway.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
Eric Bielefeld wrote: I attended the Midwest Computer Measurement Group (MCMG) meeting in Milwaukee last Friday. Al Sherkow gave 2 good sessions on IBM's pricing by workload license charging, and about ziip and zaap processors. I believe he mentioned several times how complicated their pricing is getting. He didn't like it the way their pricing works, but he makes his living off of it, so at least for him its a good thing. Al has admitted to being a consultant for zPrime. I wonder if that makes him culpable? :-X -- Edward E Jaffe Phoenix Software International, Inc 5200 W Century Blvd, Suite 800 Los Angeles, CA 90045 310-338-0400 x318 edja...@phoenixsoftware.com http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
Dave, The best way to obtain CA MSM is to contact the AD/AM on your account. On Wed, 22 Jul 2009 19:21:29 -0700, Gibney, Dave wrote: > Hi Scott, > >One question, when can we have it. We might have tried today :) > >Point of strangeness, I actually sorta liked Aggravator :) nut I was >young then. Scott Fagen Principal Architect Mainframe 2.0 CA -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
Did anyone else see the CA Mainframe 2.0 video? I just watched it. You can find it at: http://www.ca.com/lean-it-mainframe.aspx It's 8 minutes long. The first 4 minutes could have all been said by IBM. I've heard IBM presentations that sounded very similar. The last 4 minutes talked about CA Mainframe 2.0. I confess that I am interested in this. Actually, the way CA promotes this, it is good for IBM, as well as CA. If this product benefits the mainframe, then it benefits us. I really don't know that much about it yet, other than what I've heard here on IBM-Main. One thing that struck me is that the presenter still used MIPS. I know many think of MIPS as Meaningless Indicator of Performance, however I think it still is the most widely used and probably the most widely understood performance indicator. It sure beats MSUs, which now are totally rediculous with the hardware MSUs being different from the software MSUs. What is IBM thinking? I attended the Midwest Computer Measurement Group (MCMG) meeting in Milwaukee last Friday. Al Sherkow gave 2 good sessions on IBM's pricing by workload license charging, and about ziip and zaap processors. I believe he mentioned several times how complicated their pricing is getting. He didn't like it the way their pricing works, but he makes his living off of it, so at least for him its a good thing. Eric Bielefeld Sr. Systems Programmer Milwaukee, Wisconsin 414-475-7434 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
> -Original Message- > From: IBM Mainframe Discussion List > [mailto:ibm-m...@bama.ua.edu] On Behalf Of Paul Gilmartin > Sent: Thursday, July 23, 2009 12:08 PM > To: IBM-MAIN@bama.ua.edu > Subject: Re: CA Mainframe 2.0 > > On Thu, 23 Jul 2009 11:42:17 -0500, McKown, John wrote: > >> > >> SMP/E RECEIVE FROMNETWORK can be used by anyone who understands it. > > > >Well, what I like is the "Download Director" which downloads > all the subdirectories & files for a given order. > > > Can't this be done with a handful of MGETs? Is Download Director > simply more convenient. Yes, I could "do it myself" by doing some lmkdir statements and mgets. But that makes it more difficult for me and more error prone. So it is generally just convenience. Plus Download Director can do concurrent downloads of multiple files. > > >But I guess ftp downloading a PAX file which I could unwind > and then use with a RECEIVE FROMNTS would be OK as well. > > >The mainframe is not, and likely never will be, Internet > accessible or vice versa. > > > In general, or your particular mainframe? I should have said "our" not "the". > > -- gil -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-961-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
On Thu, 23 Jul 2009 11:21:38 -0500, McKown, John wrote: >> >> No -- the problem is the credentials are in clear if you use >> your method. The link has to be encrypted. >> >> Jerry Whitteridge > >There would be 1 of 3 possible methods (as I see it). > >sftp - which is a type of file transfer over an SSH tunnel. It is not really >FTP as it does not work the same way. Also, the IBM supplied version only >works with UNIX files, not legacy datasets. > >FTPS - which is true ftp over an TLS tunnel. > >Most difficult would be to establish a point to point VPN type tunnel to the >server, then use regular FTP over that tunnel. > CA says they don't replace SMP/E; they employ it. So which does RECEIVE FROMNETWORk use? The SMP/E Commands manual mentions secure FTP, then refers to the Comm Server doc for a description of the ftp.data file. TMI. I guess I must follow the yellow brick road. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
On Thu, 23 Jul 2009 11:42:17 -0500, McKown, John wrote: >> >> SMP/E RECEIVE FROMNETWORK can be used by anyone who understands it. > >Well, what I like is the "Download Director" which downloads all the >subdirectories & files for a given order. > Can't this be done with a handful of MGETs? Is Download Director simply more convenient. >But I guess ftp downloading a PAX file which I could unwind and then use with >a RECEIVE FROMNTS would be OK as well. >The mainframe is not, and likely never will be, Internet accessible or vice >versa. > In general, or your particular mainframe? -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
> -Original Message- > From: IBM Mainframe Discussion List > [mailto:ibm-m...@bama.ua.edu] On Behalf Of Edward Jaffe > Sent: Thursday, July 23, 2009 11:25 AM > To: IBM-MAIN@bama.ua.edu > Subject: Re: CA Mainframe 2.0 > > McKown, John wrote: > > I am not familiar with CA's framework. But I do like > ShopzSeries' delivery methodology. > > > > ShopzSeries is not available to entities outside IBM. It's > primarily an > order fulfillment tool. > > SMP/E RECEIVE FROMNETWORK can be used by anyone who understands it. > > -- > Edward E Jaffe Well, what I like is the "Download Director" which downloads all the subdirectories & files for a given order. But I guess ftp downloading a PAX file which I could unwind and then use with a RECEIVE FROMNTS would be OK as well. The mainframe is not, and likely never will be, Internet accessible or vice versa. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-961-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
We have learnt that there is not always logic involved in what the PCI QSA demands to certify we are compliant. Not all QSA's have a good grounding in Mainframe strengths and weaknesses - despite our best efforts in education. However I agree that a transfer initiated from the mainframe using credentials for an external partner should face different criteria than an incoming connection. However there are many install products that start off by a download to a PC and then up to the mainframe - these were what I was targeting my comments towards mainly. But I would also say again that all the vendors should be considering security in their transfer methods however initiated. Jerry Whitteridge Mainframe Engineering Safeway Inc 925 951 4184 jerry.whitteri...@safeway.com If everything seems under control, you're just not going fast enough. > -Original Message- > From: IBM Mainframe Discussion List > [mailto:ibm-m...@bama.ua.edu] On Behalf Of Gibney, Dave > Sent: Thursday, July 23, 2009 9:20 AM > To: IBM-MAIN@bama.ua.edu > Subject: Re: CA Mainframe 2.0 > >Just curious, why do you or your security folks care about > the encryption at an external company where the data transfer > is all incoming (to you). Seems that CA should be the one > concerned about the security of their system (But they can't > required secure transfer for everyone). I don't see how the > security of credentials outgoing to an external site are the > concern of your Security or Auditor, or PCI at all. "Email Firewall" made the following annotations. -- Warning: All e-mail sent to this address will be received by the corporate e-mail system, and is subject to archival and review by someone other than the recipient. This e-mail may contain proprietary information and is intended only for the use of the intended recipient(s). If the reader of this message is not the intended recipient(s), you are notified that you have received this message in error and that any review, dissemination, distribution or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately. == -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
McKown, John wrote: I am not familiar with CA's framework. But I do like ShopzSeries' delivery methodology. ShopzSeries is not available to entities outside IBM. It's primarily an order fulfillment tool. SMP/E RECEIVE FROMNETWORK can be used by anyone who understands it. -- Edward E Jaffe Phoenix Software International, Inc 5200 W Century Blvd, Suite 800 Los Angeles, CA 90045 310-338-0400 x318 edja...@phoenixsoftware.com http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
> -Original Message- > From: IBM Mainframe Discussion List > [mailto:ibm-m...@bama.ua.edu] On Behalf Of Jerry Whitteridge > Sent: Thursday, July 23, 2009 11:06 AM > To: IBM-MAIN@bama.ua.edu > Subject: Re: CA Mainframe 2.0 > > No -- the problem is the credentials are in clear if you use > your method. The link has to be encrypted. > > Jerry Whitteridge There would be 1 of 3 possible methods (as I see it). sftp - which is a type of file transfer over an SSH tunnel. It is not really FTP as it does not work the same way. Also, the IBM supplied version only works with UNIX files, not legacy datasets. FTPS - which is true ftp over an TLS tunnel. Most difficult would be to establish a point to point VPN type tunnel to the server, then use regular FTP over that tunnel. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-961-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
Just curious, why do you or your security folks care about the encryption at an external company where the data transfer is all incoming (to you). Seems that CA should be the one concerned about the security of their system (But they can't required secure transfer for everyone). I don't see how the security of credentials outgoing to an external site are the concern of your Security or Auditor, or PCI at all. > -Original Message- > From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On > Behalf Of Jerry Whitteridge > Sent: Thursday, July 23, 2009 9:06 AM > To: IBM-MAIN@bama.ua.edu > Subject: Re: CA Mainframe 2.0 > > No -- the problem is the credentials are in clear if you use your method. > The link has to be encrypted. > > Jerry Whitteridge > Mainframe Engineering > Safeway Inc > 925 951 4184 > jerry.whitteri...@safeway.com > If everything seems under control, you're just not going fast enough. > > > > -Original Message- > > From: IBM Mainframe Discussion List > > [mailto:ibm-m...@bama.ua.edu] On Behalf Of P S > > Sent: Thursday, July 23, 2009 8:56 AM > > To: IBM-MAIN@bama.ua.edu > > Subject: Re: CA Mainframe 2.0 > > > > On Thu, Jul 23, 2009 at 11:36 AM, Jerry > > Whitteridge wrote: > > > Agreed -- we are allowed no unsecured file transfer to the > > mainframe due > > > to PCI. Our preference is FTPS but we could (for certain > > kludges) work > > > with SFTP. All vendors need to be reconsidering their supported > > > protocols. > > > > Or encrypt, FTP, decrypt, yes? > > > > -- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > > Search the archives at http://bama.ua.edu/archives/ibm-main.html > > > > > > "Email Firewall" made the following annotations. > -- > > > Warning: > All e-mail sent to this address will be received by the corporate e-mail > system, and is subject to archival and review by someone other than the > recipient. This e-mail may contain proprietary information and is > intended only for the use of the intended recipient(s). If the reader of > this message is not the intended recipient(s), you are notified that you > have received this message in error and that any review, dissemination, > distribution or copying of this message is strictly prohibited. If you > have received this message in error, please notify the sender immediately. > > == > > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
No -- the problem is the credentials are in clear if you use your method. The link has to be encrypted. Jerry Whitteridge Mainframe Engineering Safeway Inc 925 951 4184 jerry.whitteri...@safeway.com If everything seems under control, you're just not going fast enough. > -Original Message- > From: IBM Mainframe Discussion List > [mailto:ibm-m...@bama.ua.edu] On Behalf Of P S > Sent: Thursday, July 23, 2009 8:56 AM > To: IBM-MAIN@bama.ua.edu > Subject: Re: CA Mainframe 2.0 > > On Thu, Jul 23, 2009 at 11:36 AM, Jerry > Whitteridge wrote: > > Agreed -- we are allowed no unsecured file transfer to the > mainframe due > > to PCI. Our preference is FTPS but we could (for certain > kludges) work > > with SFTP. All vendors need to be reconsidering their supported > > protocols. > > Or encrypt, FTP, decrypt, yes? > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > > "Email Firewall" made the following annotations. -- Warning: All e-mail sent to this address will be received by the corporate e-mail system, and is subject to archival and review by someone other than the recipient. This e-mail may contain proprietary information and is intended only for the use of the intended recipient(s). If the reader of this message is not the intended recipient(s), you are notified that you have received this message in error and that any review, dissemination, distribution or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately. == -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
On Thu, Jul 23, 2009 at 11:36 AM, Jerry Whitteridge wrote: > Agreed -- we are allowed no unsecured file transfer to the mainframe due > to PCI. Our preference is FTPS but we could (for certain kludges) work > with SFTP. All vendors need to be reconsidering their supported > protocols. Or encrypt, FTP, decrypt, yes? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
Agreed -- we are allowed no unsecured file transfer to the mainframe due to PCI. Our preference is FTPS but we could (for certain kludges) work with SFTP. All vendors need to be reconsidering their supported protocols. Jerry Whitteridge Mainframe Engineering Safeway Inc 925 951 4184 jerry.whitteri...@safeway.com If everything seems under control, you're just not going fast enough. > -Original Message- > From: IBM Mainframe Discussion List > [mailto:ibm-m...@bama.ua.edu] On Behalf Of Jeff Grigg > Sent: Thursday, July 23, 2009 5:51 AM > To: IBM-MAIN@bama.ua.edu > Subject: Re: CA Mainframe 2.0 > > We started looking at using this but soon found out it does > not support > secure FTP so that came to a quick halt. CA has said this may > come in the > future. With PCI requirements SFTP is a must for us. > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > > "Email Firewall" made the following annotations. -- Warning: All e-mail sent to this address will be received by the corporate e-mail system, and is subject to archival and review by someone other than the recipient. This e-mail may contain proprietary information and is intended only for the use of the intended recipient(s). If the reader of this message is not the intended recipient(s), you are notified that you have received this message in error and that any review, dissemination, distribution or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately. == -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
We've been using MSM beta version, and we're very impressed at this early stage. As an example, it took me about 2 minutes work to get VTAPE installed (not configured). Elapsed time longer obviously, due to downloading and SMP/E batch work, but you can put your feet up whilst you wait, or alternatively find some other work to be doing. Click, click, click, click, and it's done. You'll need a reasonable amount of filesystem space though. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
Robert B. wrote: >As always, this email will self-destruct in 5 seconds. Your self-destruct mechanism isn't working! ;-D It is now 16:28 (GMT 14:28) and I had to destroy your mail. Feel free to destroy my email... ;-D -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
I could be wrong (and often am) but I think PCI only cares about cardholder data and some ancillary processes (like system security). A documented (and management approved) exception with compensating controls ought to be sufficient. Of course, much depends on the quality of the auditors. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Jeff Grigg Sent: Thursday, July 23, 2009 7:51 AM To: IBM-MAIN@bama.ua.edu Subject: Re: CA Mainframe 2.0 We started looking at using this but soon found out it does not support secure FTP so that came to a quick halt. CA has said this may come in the future. With PCI requirements SFTP is a must for us. NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
I would hazard a guess that we would require SFTP as well. Scott, your mission should you choose to accept it. As always, this email will self-destruct in 5 seconds. Bob - Robert B. Richards(Bob) US Office of Personnel Management 1900 E Street NW Room: BH04L Washington, D.C. 20415 Phone: (202) 606-1195 Email: robert.richa...@opm.gov - -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Jeff Grigg Sent: Thursday, July 23, 2009 8:51 AM To: IBM-MAIN@bama.ua.edu Subject: Re: CA Mainframe 2.0 We started looking at using this but soon found out it does not support secure FTP so that came to a quick halt. CA has said this may come in the future. With PCI requirements SFTP is a must for us. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
I agree with Scott as the architect, it has the potential to be greatly improved over ca-aggravator. - Original Message - From: "Richards, Robert B." Newsgroups: bit.listserv.ibm-main To: Sent: Thursday, July 23, 2009 5:45 AM Subject: Re: CA Mainframe 2.0 If Scott's the architect, it definitely is worth our time to look at it. Just my $.02. Make that $.01 if cap and tax and/or universal healthcare pass. Bob -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
> -Original Message- > From: IBM Mainframe Discussion List > [mailto:ibm-m...@bama.ua.edu] On Behalf Of Edward Jaffe > Sent: Wednesday, July 22, 2009 6:03 PM > To: IBM-MAIN@bama.ua.edu > Subject: Re: CA Mainframe 2.0 > > Mainframe 2.0 provides a generalized framework that any ISV > or product > supplier can plug into. It does not replace SMP/E. (Of > course, ensuring > the correctness of service (PTFs) would be the responsibility of the > enabled product, not the framework.) > > I plan to take a good hard look at this in the near future. > > -- > Edward E Jaffe I am not familiar with CA's framework. But I do like ShopzSeries' delivery methodology. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-961-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
We started looking at using this but soon found out it does not support secure FTP so that came to a quick halt. CA has said this may come in the future. With PCI requirements SFTP is a must for us. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
If Scott's the architect, it definitely is worth our time to look at it. Just my $.02. Make that $.01 if cap and tax and/or universal healthcare pass. Bob -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Scott Fagen Sent: Wednesday, July 22, 2009 9:44 PM To: IBM-MAIN@bama.ua.edu Subject: Re: CA Mainframe 2.0 On Wed, 22 Jul 2009 15:42:03 -0500, Steve Cunningham wrote: >Haven't we all ready been there & done that with CA-ACTIVATOR back in the >80's. On Wed, 22 Jul 2009 17:34:48 -0400, Bobbie Jo wrote: >I believe you mean ca-aggravator, but yes in repsonse to everything else you >said. To the referenced contributors, I'd ask that you try the technology out before you indict, hold in contempt, convict and sentence it. We're only at the end of year one of a three year development cycle, but already 45 products have been updated and released to take advantage of CA MSM r2.0. None of these products will require BYPASS to APPLY service. Another 100+ have been updated to take advantage of the improved, tapeless electronic software delivery process. On Wed, 22 Jul 2009 16:03:15 -0700, Edward Jaffe wrote: -snip- > >I plan to take a good hard look at this in the near future. > >-- >Edward E Jaffe Thank you, Ed. Let me know when we can get together and talk. Scott Fagen Principal Architect Mainframe 2.0 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
Good luck fella - there's a lot of (justified IMHO) bad blood out there you're going to have to overcome. It'd better be good. Shane ... .. . > Scott Fagen > Principal Architect > Mainframe 2.0 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
Hi Scott, One question, when can we have it. We might have tried today :) Point of strangeness, I actually sorta liked Aggravator :) nut I was young then. > -Original Message- > From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On > Behalf Of Scott Fagen > Sent: Wednesday, July 22, 2009 6:44 PM > To: IBM-MAIN@bama.ua.edu > Subject: Re: CA Mainframe 2.0 > > On Wed, 22 Jul 2009 15:42:03 -0500, Steve Cunningham > > wrote: > >Haven't we all ready been there & done that with CA-ACTIVATOR back in the > >80's. > > On Wed, 22 Jul 2009 17:34:48 -0400, Bobbie Jo > wrote: > >I believe you mean ca-aggravator, but yes in repsonse to everything else > you > >said. > > To the referenced contributors, I'd ask that you try the technology out > before you indict, hold in contempt, convict and sentence it. We're only > at > the end of year one of a three year development cycle, but already 45 > products have been updated and released to take advantage of CA MSM r2.0. > None of these products will require BYPASS to APPLY service. Another 100+ > have been updated to take advantage of the improved, tapeless electronic > software delivery process. > > On Wed, 22 Jul 2009 16:03:15 -0700, Edward Jaffe > wrote: > -snip- > > > >I plan to take a good hard look at this in the near future. > > > >-- > >Edward E Jaffe > > Thank you, Ed. Let me know when we can get together and talk. > > Scott Fagen > Principal Architect > Mainframe 2.0 > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
On Wed, 22 Jul 2009 15:42:03 -0500, Steve Cunningham wrote: >Haven't we all ready been there & done that with CA-ACTIVATOR back in the >80's. On Wed, 22 Jul 2009 17:34:48 -0400, Bobbie Jo wrote: >I believe you mean ca-aggravator, but yes in repsonse to everything else you >said. To the referenced contributors, I'd ask that you try the technology out before you indict, hold in contempt, convict and sentence it. We're only at the end of year one of a three year development cycle, but already 45 products have been updated and released to take advantage of CA MSM r2.0. None of these products will require BYPASS to APPLY service. Another 100+ have been updated to take advantage of the improved, tapeless electronic software delivery process. On Wed, 22 Jul 2009 16:03:15 -0700, Edward Jaffe wrote: -snip- > >I plan to take a good hard look at this in the near future. > >-- >Edward E Jaffe Thank you, Ed. Let me know when we can get together and talk. Scott Fagen Principal Architect Mainframe 2.0 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
Steve Cunningham wrote: Haven't we all ready been there & done that with CA-ACTIVATOR back in the 80's. That was going to change the mainframe software installation also as I remember. Even after CA switched to SMP for installs they never kept the prereq's and co-reps current as it seemed everytime there was something that required a BYPASS. That destroyed the whole SMP structure to me, which kinda made it useless to use it for there products. So I guess add 1 more OEM vendor product install method to the list and wait for it to bite more of their installs. Mainframe 2.0 provides a generalized framework that any ISV or product supplier can plug into. It does not replace SMP/E. (Of course, ensuring the correctness of service (PTFs) would be the responsibility of the enabled product, not the framework.) I plan to take a good hard look at this in the near future. -- Edward E Jaffe Phoenix Software International, Inc 5200 W Century Blvd, Suite 800 Los Angeles, CA 90045 310-338-0400 x318 edja...@phoenixsoftware.com http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CA Mainframe 2.0
I believe you mean ca-aggravator, but yes in repsonse to everything else you said. Bobbie Jo Justice - Original Message - From: "Steve Cunningham" Newsgroups: bit.listserv.ibm-main To: Sent: Wednesday, July 22, 2009 4:42 PM Subject: CA Mainframe 2.0 Haven't we all ready been there & done that with CA-ACTIVATOR back in the 80's. That was going to change the mainframe software installation also as I remember. Even after CA switched to SMP for installs they never kept the prereq's and co-reps current as it seemed everytime there was something that required a BYPASS. That destroyed the whole SMP structure to me, which kinda made it useless to use it for there products. So I guess add 1 more OEM vendor product install method to the list and wait for it to bite more of their installs. Steve Cunningham Views expressed are totally my own and have no reflection of my employers. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
CA Mainframe 2.0
Haven't we all ready been there & done that with CA-ACTIVATOR back in the 80's. That was going to change the mainframe software installation also as I remember. Even after CA switched to SMP for installs they never kept the prereq's and co-reps current as it seemed everytime there was something that required a BYPASS. That destroyed the whole SMP structure to me, which kinda made it useless to use it for there products. So I guess add 1 more OEM vendor product install method to the list and wait for it to bite more of their installs. Steve Cunningham Views expressed are totally my own and have no reflection of my employers. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html