On Thu, 31 Jan 2008 10:28:35 -0800, Ron Hawkins
[EMAIL PROTECTED] wrote:Thanks for correcting me. I
am a MF bigot, but I am also a realist. Do you
know if z/OS with RACF is the only server/software combination that has
these certification?
[snip]
My real point is that z/OS is not necessarily
On Thu, 31 Jan 2008 14:35:28 -0500, Wayne Driscoll
[EMAIL PROTECTED] wrote:
Also, I do not know if IBM has submitted any
version of RACF for z/VM for certification.
Again, it would not be RACF being certified but the system, with RACF as a
component of the system. z/VM 5.1 had a
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: DB2 queries without using MF.
Lars,
Then we better write off z/OS NFS right now...
If Shai can provide a call to RACF via the host side client, then what
is
the big deal!
And if you take a look around there are plenty of publicly listed
companies
around
Software LLC
NOTE: All opinions are strictly my own.
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of Walt Farrell
Sent: Thursday, January 31, 2008 10:01 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: DB2 queries without using MF.
On Thu, 31 Jan 2008
On Thu, 31 Jan 2008 10:30:11 -0500, Wayne Driscoll
[EMAIL PROTECTED] wrote:
Since z/OS 1.6
RACF has had CAPP EAL 3+ certification, and LSP EAL 3+ certification.
Thanks for mentioning that, Wayne. Just a couple of points:
(1) It's z/OS (when using RACF) that has the Common Criteria
Driscoll
Sent: Thursday, January 31, 2008 7:30 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: [IBM-MAIN] DB2 queries without using MF.
Ron,
With regard to AFAIK it's been a long time since RACF had any sort of
special security
rating, and even then you had to disconnect the network, Since z/OS
1.6
Software LLC
NOTE: All opinions are strictly my own.
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of Ron Hawkins
Sent: Thursday, January 31, 2008 12:29 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: DB2 queries without using MF.
Wayne,
Thanks
In [EMAIL PROTECTED],
on 01/29/2008
at 03:18 PM, Timothy Sipples [EMAIL PROTECTED] said:
An IP address can be easily spoofed,
On a UDP packet, certainly, but not on a TCP session.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see
Lars,
Then we better write off z/OS NFS right now...
If Shai can provide a call to RACF via the host side client, then what is
the big deal!
And if you take a look around there are plenty of publicly listed companies
around the world that fully comply with SOX or BASEL II, but have never
owned
Shai,
Good point. Isn't a DS8K basically just a AIX and CLAM under the covers?
Ron
Can you explain me what is wrong with data in PC and not in IBM, HDS,
EMC
PCs inside their boxes?
--
For IBM-MAIN subscribe / signoff /
: Re: [IBM-MAIN] DB2 queries without using MF.
[Ron Hawkins]
snip
Blah blah blah or just unplug a server and the entire network goes down and
you at best get an oops
snip
Ed
--
For IBM-MAIN subscribe / signoff
Rob Wunderlich writes:
Ideally, I would use Connect Unlimited. Problem for me is the price
tag. It's only available as OTC, and a fairly hefty one at that. If
it could be folded into the monthly cost of DB2 it would be a no
brainer. That particular OTC happens to exceed a magic number for
this
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of shai hess
[ snip ]
RCAF (I change the order of the bytes...:)) is a legend or
human software?
RCAF = Royal Canadian Air Force, a military entity of the Government of
Canada.
RACF = Resource Access Control
HI,
Thanks,
But really my question is do you think that users will use it and how many
users going to use it.
Security is not a problem. The PC can be in a user home (null security) or
in protected room with guards (full security).
IP is my simple tool to protect accessing the PC from any
On Sat, 26 Jan 2008 12:12:51 -0600, Ed Gould
[EMAIL PROTECTED] wrote:
That Windows data cannot be adequately secured is a canard. I'm not
disputing that RACF (and mainframe architecture) has some unique strengths,
but organizations do securely maintain and operate data on Windows and *nix
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of shai hess
Sent: Monday, January 28, 2008 12:33 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: DB2 queries without using MF.
HI,
I think that there is a lot of confusion here.
We talk
Some other thoughts on this.
The plus is obviously that this will allow a PC application to access
mainframe DB2 data without any mainframe involvement. That means no
mainframe CPU cycles for these report or even data transfer. That
means no license costs (other than what Shai imposes). That
: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf
Of shai hess
Sent: Monday, January 28, 2008 8:33 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: DB2 queries without using MF.
HI,
I think that there is a lot of confusion here.
We talk about two subjects, Query DB2 from PC
shai hess wrote:
Question, how are you going to handle security, especially if its RACF?
Two options:
1. Query MVS RACF from PC before accessing the data.
2. Using MFNetDisk security which allow only specific IP to access the data
(IPOK in my documentation).
Security, Security and more
HI,
I think that there is a lot of confusion here.
We talk about two subjects, Query DB2 from PC and emulate 3390, mirroring
etc...
About DB2, OK there is no RACF in PC, without RACF the security is not OK.
About my product MFNetDisk with data in PC, I see a lot of confusion. I am
RACF
HI John,
2) What happens, God forbid, should Shai get killed in an car accident?
Who will support this? Will the source be available?
If a lot of people will use my product I am sure that they will pray for me,
if all the religious will pray (I hope also Muslim..), I am secure (RACF
security).
Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf
Of shai hess
Sent: Monday, January 28, 2008 8:33 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: DB2 queries without using MF.
HI,
I think that there is a lot of confusion here.
We talk about two subjects, Query DB2
Shai,
In response to your question as to how to secure the DB2 data that lives on
the Open Systems disk.
I would want userid based security. Since we are talking about query only, I
see two levels of access.
1. SELECT privilige to a table.
2. SYSADM authority, allowed to define (make available
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of Lars Poulsen
Shai,
Frankly, it seems that you do not understand the security
issue, which is driven by specific laws in the USA, including
most famously
1) HIPPA - Health Insurance Privacy Protection Act
Not
On Jan 28, 2008, at 9:58 AM, Rob Wunderlich wrote:
On Sat, 26 Jan 2008 12:12:51 -0600, Ed Gould
[EMAIL PROTECTED] wrote:
That Windows data cannot be adequately secured is a canard. I'm not
disputing that RACF (and mainframe architecture) has some unique
strengths,
but organizations do
An IP address can be easily spoofed, so I'm not sure why people think that
restricting to particular inbound IP addresses offers much protection. But
even if it did, that's a single level: all or nothing. I doubt that most
businesses would find all-or-nothing access to their entire collection of
Errr..ummm. the auditors probably won't let you...that is the
reason why the MF world has the program that is *SECURITY* I
could name ACF2 or Top Secret as they will sooner or later do the
same thing. See I didn't mention the 4 letter word:)
I am nor familiar with the security software in
Ed
e.. u sounds like a strawman to me. There are many sites that move
data from z/OS other platforms for further processing without causing the
auditors to go into a green pen frenzy. Files are copied from z/OS to other
platforms every day.
Some of the disk vendors provide APIs that
On Jan 26, 2008, at 2:19 AM, shai hess wrote:
Errr..ummm. the auditors probably won't let you...that is the
reason why the MF world has the program that is *SECURITY* I
could name ACF2 or Top Secret as they will sooner or later do the
same thing. See I didn't mention the 4 letter word:)
On Jan 26, 2008, at 4:08 AM, Ron Hawkins wrote:
Ed
e.. u sounds like a strawman to me. There are many sites
that move
data from z/OS other platforms for further processing without
causing the
auditors to go into a green pen frenzy. Files are copied from z/OS
to other
platforms
HI,
As I said before I worked in the past in a project which try to access DB2
data from open system.
This project was taken many years ago.
Successfully I was able to read DB2 records from the disk. Accessing the
disk was done by using API from open system (Security or not that is my
On Jan 26, 2008, at 1:36 AM, shai hess wrote:
Question, how are you going to handle security, especially if its
RACF?
Two options:
1. Query MVS RACF from PC before accessing the data.
2. Using MFNetDisk security which allow only specific IP to access
the data
(IPOK in my
On Fri, 25 Jan 2008 15:10:54 +0900, Timothy Sipples
[EMAIL PROTECTED] wrote:
You would seem to be in the perfect situation, at least outwardly, for DB2
Connect Unlimited Edition. It's very much like the MQ Client Access
Feature: you pay a fixed rate based on your MSUs, and you're done. You
don't
Question, how are you going to handle security, especially if its RACF?
Two options:
1. Query MVS RACF from PC before accessing the data.
2. Using MFNetDisk security which allow only specific IP to access the data
(IPOK in my documentation).
Security, Security and more Security.
MFNetDisk
Shai:
Question, how are you going to handle security, especially if its RACF?
Ed
On Jan 25, 2008, at 1:15 AM, shai hess wrote:
I agree with you.
To develop the support for DB2 queries in PC without accessing the
MF is
complicate mission.
I will do it only if many people will ask me to
McKown, John wrote:
[...]
Personally, I shudder. Talk about a massive violation of security.
???
What is the violation?
Of
course, this is why I would __NEVER__ store z/OS data on anything other
than z/OS DASD (no, not even FlexCUB).
What about other mainframe users, which have READ to the
It's likely that your z/OS DASD can be accessed by open systems as
well. Or badly-managed z/OS system. It is a matter of connectivity. In
fact we talk about physical security here. Same means could apply to
Shai's PC or Support Element, or HMC, or OSA-ICC consoles.
I agree that we talk about
What kind of access tool are you talking about - SQL or something else ? If
it's SQL, how compatible will it be with DB2 SQL ? With good SQL support, it
could be a useful tool for warehouse kind of queries.
On Wed, 23 Jan 2008 22:49:35 -0800, shai hess [EMAIL PROTECTED]
wrote:
Thanks,
Yes,
I talk about SQL for queries only.
But this is a little early to talk about the SQL before I find out how many
people like such a tool.
Thanks,
Shai
On 1/24/08, Mohammad Khan [EMAIL PROTECTED] wrote:
What kind of access tool are you talking about - SQL or something else ?
If
it's SQL, how
Is it can be useful to develop in the PC, api for DB2?
The API will use my MFNetDisk 3390 data and the response time will be very
very good from PC or any open systems platform?
This would be *very* useful if
1. It could be done without using the mainframe.
2. It supported JDBC ODBC APIs.
3.
Rob Wunderlich writes:
JDBC/ODBC access to z/os DB2 works well, but it's expensive
(relative term).
I think you used the word perceived elsewhere, and there are those
perceptions, yes. It's a multi-party effort to make sure the truth is
understood.
The cost for drivers, whether DB2 Connect or
I agree with you.
To develop the support for DB2 queries in PC without accessing the MF is
complicate mission.
I will do it only if many people will ask me to do this feature.
But I think that the benefit of accessing the DB2 from PC can save a lot of
money because it will save the people the
HI,
Is it can be useful to develop in the PC, api for DB2?
The API will use my MFNetDisk 3390 data and the response time will be very
very good from PC or any open systems platform?
Thanks,
Shai
--
For IBM-MAIN subscribe /
Shai Hess wrote:
Is it can be useful to develop in the PC, api for DB2?
What's wrong with the existing ODBC and JDBC APIs for DB2 on the PC?
--
Edward E Jaffe
Phoenix Software International, Inc
5200 W Century Blvd, Suite 800
Los Angeles, CA 90045
310-338-0400 x318
[EMAIL PROTECTED]
HI,
I mean without access the MF.
Shai
On 1/23/08, Edward Jaffe [EMAIL PROTECTED] wrote:
Shai Hess wrote:
Is it can be useful to develop in the PC, api for DB2?
What's wrong with the existing ODBC and JDBC APIs for DB2 on the PC?
--
Edward E Jaffe
Phoenix Software International,
shai hess wrote:
I mean without access the MF.
I'm no DB2 expert. But, I believe the DB2 UDB that runs on UNIX, Linux
and Windows supports the same client interfaces as its z/OS host
counterpart. Please consult the DB2 product page
http://www.ibm.com/software/data/db2/9/ for details.
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of Edward Jaffe
Sent: Wednesday, January 23, 2008 10:32 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: DB2 queries without using MF.
shai hess wrote:
I mean without access the MF.
I'm
Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of Edward Jaffe
Sent: Wednesday, January 23, 2008 10:32 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: DB2 queries without using MF.
shai hess wrote:
I mean without access the MF.
I'm no DB2 expert. But, I believe the DB2 UDB that runs
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of shai hess
Sent: Wednesday, January 23, 2008 10:48 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: DB2 queries without using MF.
HI john.
Yes, You understand my point.
I also afraid
:
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of shai hess
Sent: Wednesday, January 23, 2008 10:48 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: DB2 queries without using MF.
HI john.
Yes, You understand my point.
I also
Subject: Re: DB2 queries without using MF.
HI john.
Yes, You understand my point.
I also afraid about security and if I will do something like that I
will
have also to limit access to the PC Server (using IP).
Thanks,
Shai
NOTICE: This electronic mail message and any files transmitted
immediately and
then destroy it.
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of shai
hess
Sent: Wednesday, January 23, 2008 12:09 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: DB2 queries without using MF.
Yes, John. I agree with you.
But can you trust everyone in the MF area
please notify us immediately
and then destroy it.
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of shai hess
Sent: Wednesday, January 23, 2008 12:09 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: DB2 queries without using MF.
Yes, John. I agree with you.
But can you
.
From: shai hess [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 23, 2008 12:34 PM
To: Galambos, Robert
Cc: IBM Mainframe Discussion List
Subject: Re: DB2 queries without using MF.
HI
On Wed, 23 Jan 2008 08:27:45 -0600, Shai Hess [EMAIL PROTECTED] wrote:
Is it can be useful to develop in the PC, api for DB2?
The API will use my MFNetDisk 3390 data and the response time will be very
very good from PC or any open systems platform?
I won't comment on the usefulness, and I'll
shai hess wrote:
I want to ask a question, The point of security, You think that noway that
you can protect the PC server the same as MF protect itself, If you limit
access to the PC using something which we can call PC_RACF (maybe good idea
to develop such a product).
The same sort of
are strictly my own.
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of Walt Farrell
Sent: Wednesday, January 23, 2008 12:02 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: DB2 queries without using MF.
On Wed, 23 Jan 2008 08:27:45 -0600, Shai Hess [EMAIL
.
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of Walt Farrell
Sent: Wednesday, January 23, 2008 12:02 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: DB2 queries without using MF.
On Wed, 23 Jan 2008 08:27:45 -0600, Shai Hess [EMAIL PROTECTED]
wrote
Shadiow, from NEON Systems, is already doing this. And quite well I might add.
We have some outsouring programmers sic workong on an application and
yesterday, Shadow was sucking down 25% of a processor to keep up with the
poorly written SQL code and resulting ABEND's in the code. Nary a burp
Shadow is quite different, as are DB2 tools. They're all running on the
mainframe itself.
In addition to the problems mentioned, you may have all kinds of data
integrity and consistency problems if you try to write something. Even
reads aren't necessarily going to have full consistency unless
On Jan 23, 2008, at 11:33 AM, shai hess wrote:
HI,
I want to ask a question, The point of security, You think that
noway that
you can protect the PC server the same as MF protect itself, If you
limit
access to the PC using something which we can call PC_RACF (maybe
good idea
to develop
Thanks,
Yes, I am aware to the data integrity and data in MF buffer.
That is why I think about queries only. And ability to run massive ( with
the tool of PC!!! ) programs in PC for statistic with a great response time.
For statistic maybe the users accept the small chance of data integrity
62 matches
Mail list logo
