Sunday, 24 October 2021

The Arcati Mainframe Yearbook 2022


How do you know what’s really going on at other mainframe sites? One answer, each year, is to read the annual mainframe users’ survey published in the Arcati Mainframe Yearbook. If you’re prepared to give up 10 minutes of your time to complete a survey form, we will send you a FREE copy of the survey results before they are published in January. As in previous years, we’re inviting all mainframe professionals to complete the annual user survey, which is up and running at itech-ed.com/AMY22/usersurvey22/. The more users who complete the survey, the more accurate a picture of what’s happening in the mainframe world we can produce, and therefore the more useful the survey report will be.

For example, when looking at what’s new (or, perhaps more correctly, what appears on a lot of PowerPoint slides), last year’s survey found that 35 percent of sites are already using Splunk. And a further 20 percent said that they were planning to use it. The survey found that 35 percent of sites were already using DevOps (up from 20 percent last year), with a further fifteen percent planning to use it. And half of all respondents said that they were already reusing APIs to speed up application development. And a further 25 percent of sites are planning to reuse APIs. Blockchain has been in the news a lot, and 10 percent of sites reported already using it, with 15 percent planning to use it. With Docker, we found that 10 percent of respondents were already using it with 15 percent at the planning stage. When it came to Web-enabling subsystems, we found that 80 percent of organizations were Web-enabling Db2; 75 percent were Web-enabling their CICS subsystems; and 30 percent of sites were Web-enabling IMS, and 30 percent were Web-enabling WebSphere. In contrast, only eight percent of sites already use Liberty, with eight percent planning to install it.

When asked what, in their opinion, are the main benefits to their organization of the mainframe over other platforms, every single respondent highlighted security. Clearly, all the talk about breaches and ransomware is focusing the minds of mainframers. 90 percent of respondents highlighted the benefit of availability. 75 percent of respondents highlighted manageability, with 75 percent identifying scalability.

Linux is often in the news, so it was interesting to see what our respondents had to say about it. Just over half of respondents said that they run Linux on the IBM Z. There are considerable cost and management benefits from consolidating distributed Linux workloads onto the mainframe. However, 63 percent of respondents weren’t interested in LinuxONE mainframes. Six percent of respondents said they already had one, with 25 percent expecting to get one at some time in the future. But, no sites in the survey said their primary operating system was Linux.

Reinforcing the value of the mainframe to organizations, the survey found that 89 percent of sites have seen some kind of increase in capacity, and 83 percent have seen an increase in technology costs, and yet only 59 percent of sites believe their people costs have increased! Also, in terms of costs, 81 percent of sites surveyed said that the bulk of their IT budget is spent off mainframe.

If you’ve not come across the Arcati Mainframe Yearbook before, it has been the de facto reference work for IT professionals working with z/OS (and its forerunner) systems since 2005. The Yearbook includes: an annual mainframe user survey; a mainframe strategy section with papers on mainframe trends and directions; an up-to-date directory of mainframe vendors, consultants, and service providers; a guide to useful sources of mainframe-related information; a glossary of terminology; and a mainframe evolution section. Each year, the Yearbook is downloaded by over 21,000 mainframe professionals. The current issue is still available at arcati.com/newyearbook21.

So, very shortly, many mainframe professionals will receive an email telling them that we have started work on the 2022 edition of the Arcati Mainframe Yearbook. If you don’t hear from us, then email arcati@itech-ed.com and we will add you to our mailing list. All respondents completing a survey before Friday 26 November will receive a FREE PDF copy of the survey results. The identity and company information of all respondents is treated in confidence and will never be divulged to third parties. And any comments made by respondents will be anonymized before publication. If you’re in a Zoom or Teams call with mainframers from other sites, please pass on the word about this survey. We’re hoping that this year’s user survey will be the most comprehensive survey ever. Current estimates suggest that there are somewhere around 3,000 mainframes in use world-wide.

Anyone reading this who works for a vendor, consultant, or service provider, can ensure their company gets a FREE entry in the vendor directory section by completing the form, which is at itech-ed.com/AMY22/vendorentry/. This form can also be used to amend last year’s entry.

Also, as in previous years, there is an opportunity for organizations to sponsor the Yearbook or take out a half-page advertisement. Half-page adverts (5.5in x 8.5in max landscape) costs $990 (that's UK£790 or €850 Euros). To put that cost into perspective: for every dollar you spend on an advert, you reach around 25 mainframe professionals.

Sponsors get a full-page advert (11in x 8.5in) in the Yearbook; inclusion of a corporate paper in the Mainframe Strategy section of the Yearbook; a logo/link on the Yearbook download page on the Arcati Web site; and a brief text ad in the Yearbook publicity e-mails sent to users. All this for just $2590 (that's UK£1990 or €2230 Euros). To put that cost into perspective: for every dollar you spend on sponsorship, you reach around 9 mainframe professionals.

Last year’s sponsors and advertisers were: BMC Software, Broadcom, Model9, Action Software International, DataKinetics, DataVantage, Enterprise Systems Associates, Inc (ESAi), Fischer International, Fujitsu, Key Resources Inc, Software Diversified Services, Tone Software, and ZETALY.

Vendors, consultants, and service providers need to complete our survey form to get their free entry in the Yearbook as soon as possible. Also, they need to let me know, either by e-mail or by ticking the appropriate box at the end of the survey (at itech-ed.com/AMY22/vendorentry/), whether they wish to advertise in or sponsor the Arcati Mainframe Yearbook 2020. All entries need to be with us by Friday 26 November.

Clearly, not an opportunity to be missed. The Arcati Mainframe Yearbook 2022 will be freely available for download early in January next year. Let me thank, in advance, everyone who will help to make the new Yearbook such a success.

Find out more about iTech-Ed here.

 

Sunday, 17 October 2021

How do I respond if my mainframe has been hacked?


I wrote a couple of weeks ago about the need for people to reveal that they have been hacked and to tell the world how large a ransom they were presented with and what they paid. I thought this time, we might dive into the thinking of companies who are faced with this dilemma.

Basically, a company that has just received a ransom demand and discovered that not only are its files and backups encrypted, but also its data has been syphoned off and could be appearing for sale on the dark web any day soon, has two choices. Either they reveal all to the media and make the lessons they have learned available to other organizations to help them prevent similar breaches occurring. Or, they say nothing about it, pay the money, and carry on in business. They hope the criminals unencrypt their data and don’t put it up for sale. And they hope that their customers continue doing business with them as if nothing had happened – which, as far as customers are concerned, is what they believe. The reputation of the hacked company stays intact.

This is in many ways like the famous game theory of the prisoner’s dilemma. You may be familiar with this. Two prisoners are held in separate rooms and are now being interviewed by the police. They can’t communicate with each other. And they are told the following:

·        If you confess and agree to testify against the other suspect, who does not confess, the charges against you will be dropped and you will go free.

·        If you do not confess but the other suspect does, you will be convicted, and the prosecution will seek the maximum sentence of three years.

·        If both of you confess, you will both be sentenced to two years in prison.

·        If neither of you confesses, you will both be charged with misdemeanours and will be sentenced to one year in prison.

Imagine that you were one of the prisoners, which option would you choose?

As a bit of background, this game theory originally came from Merrill Flood and Melvin Dresher at the Rand Corporation in 1950. It was formalized and named by Albert William Tucker.

Let’s put some numbers on the options available. If neither confesses, they both get a year behind bars. If they both confess, they get two years. But if one confesses and the other doesn’t, the one who confesses goes free and the other faces three years inside. Think of it as 1,1; 2,2; 3,0; and 0,3.

If we add up the numbers, if a prisoner confesses, they either get two years or walk away. If a prisoner doesn’t confess, they get three years or one year. If you add those numbers together, it’s either 2 years for confessing or four years for not confessing. Because they can’t communicate with each other, confessing seems like the best strategy to minimize the amount of time spent in gaol. The ideal solution, if they could communicate is for both of them to stay silent, but they probably won’t do that for fear that the other prisoner has already confessed.

What I’m suggesting is that something like the prisoner’s dilemma could be used as a theory to see what would happen if a financial institution were to work out the result of revealing that it has been hacked or not.

The first financial institution to reveal that its mainframe has been hacked would definitely find that its reputation was dented and that customers would move to a more ‘trustworthy’ bank. No matter how they spun the information they were giving to the press. It just seems to me that the same people who panic buy at the drop off a hat would lemming-like rush to another financial provider. So, I can see why these kinds of institution would not reveal the information.

Suppose there was another scenario available, where two or three or more financial institutions not only revealed the details of the ransomware attack, but also the steps they took to ensure that a similar attack couldn’t happen ever again. Their PR teams would be busily spinning the information to show that it was only a small part of their business, and they were completely in control, and appropriate steps had been taken to prevent it ever happening again. And, as a result, customers would be less likely to rush to another bank or whatever because they all seemed to be equally vulnerable. Yes, the organizations would suffer a dent to their reputations, but that would soon be forgotten about.

The advantage of companies coming out with details of their breaches and the ransoms they have been asked to pay, as well as the amount that they did pay, is that other companies can put in place appropriate strategies to prevent similar attacks happening to them.

At the moment, you can picture the mainframe business world in much the same way as the first cowboys with guns felt when they saw herds of buffalo roaming across the plains of North America. It’s pretty much open season for the bad actors to take down any mainframe site that they like. The buffalo aren’t talking to each other.

So, how to get out of the prisoner’s dilemma where a suboptimal result occurs because each prisoner is looking after themselves and not communicating with the other. In the case of the mainframe world, there are lots of ‘prisoners’ and it is very easy to communicate with them. In my opinion, legislation and protection is the only way forward to get organizations using mainframes that have experienced a breach to reveal all. Legislation would compel them to reveal all, and protection would ensure that the loss of business for those first few companies that speak up doesn’t put them out of business.

 

Sunday, 10 October 2021

Mainframes and Open Source – an update

I mentioned the Open Mainframe Summit in an article a few weeks ago. I thought it was worth taking a look at what was reported at the summit on 22 and 23 September. Not surprisingly, the Summit was online again this year – it’s second annual get-together.

John Mertic, Director of Program Management at the Linux Foundation, said: “Open Mainframe will continue to be the home of projects that help advance training, enterprise, DevOps, and z/OS on a global scale and working closely with those thought leaders in technology adjacent to mainframes.”

Interestingly, there is a COBOL working group, which came about following various news stories last year about COBOL. The group’s aim is to promote and support the continued use of the COBOL language globally. Like all good science projects, they wanted to know what the COBOL marketplace is currently like, see what challenges and concerns people have about it, and, finally, find out how companies are addressing these issues. To this end, they carried out a survey. Not surprisingly, the first thing they found was that there are hundreds of billions of lines of COBOL in production code in use.

Zowe, which we’ve mentioned before a few times, continues to be the most popular of the Open Mainframe projects. Zowe uses open-source applications to allow users to securely manage, control, script, and develop on the mainframe.

For example, Workflow WiZard simplifies the generation and management of z/OSMF workflows. The tool, which was contributed by BMC, assembles a workflow by reading a library of workflow steps and a properties file. It identifies the steps needed using rules in these templates, orders them based on step prerequisites, and writes out an XML file of the complete workflow.

ZEBRA was contributed by Vicom Infinity. It provides re-usable and industry-compliant JSON formatted RMF/SMF data records, which can then be utilized by open-source software.

The Open Mainframe Project is intended to serve as a focal point for deployment and use of Linux and Open Source in a mainframe computing environment. With a vision of Open Source on the Mainframe as the standard for enterprise class systems and applications, the project's mission is to build community and adoption of Open Source on the mainframe by eliminating barriers to its adoption on the mainframe, demonstrating value of the mainframe on technical and business levels, and strengthening collaboration points and resources for the community to thrive. There are, currently, over 30 organizations supporting the Open Mainframe Project. And, the Open Mainframe Project is home to more than 20 project working groups including ADE, Ambitus, ATOM, CBT Tape, COBOL Check, COBOL Programming Course, COBOL Working Group, ConsoleZ, Feilong, GenevaERS, Mainframe Open Education, Mentorship, Polycephaly, Software Discovery Tool, TerseDecompress, Tessia, Zowe, and Zorow. Learn more at https://www.openmainframeproject.org.

Let’s take a look at some of those organizations. ConsoleZ is an open-source package that gives browser access to z/VM consoles and CP commands, while also being able to limit access by groups. Hosted by the Open Mainframe Project, it can save time when teams need access to multiple z/VM LPARs.

z/OS Open Repository of Workflows (zorow), is a new open-source community dedicated to contributing and collaborating on z/OSMF workflows. There’s also Tessia, which is a tool that automates and simplifies the installation, configuration, and testing of Linux systems running on the Z platform.

New working groups have been launched. For example, the Debian s390x Working Group aims to oversee the maintenance of the s390x port to ensure it remains an official architecture for Debian. The Open z/OS Enablement Working Group is attempting to lower barriers to access z/OS. Unlike highly-partitioned cloud environments with no shared resources and thus low security risks, highly secured shared resources are the power behind z/OS.

The Open Mainframe Project already has more than 45 business and academic leaders from the mainframe community that collaborate to develop shared tool sets and resources. It also now includes EPAM Systems, a global provider of digital platform engineering and development services, and IN-COM, a leader in powerful application understanding tools.

It all goes to show that mainframes are not the locked-away out-of-date servers that many people seem to think they are. As we know only too well, mainframes are not only embracing the future, but in many ways leading us towards it. IBM has recognized the value of the cloud and how edge devices can be integrated with mainframes. And the Open Mainframe Project, which it is a part, is making mainframes accessible by people with IT skills, just not necessarily having previous mainframe experience.

Roll on the third Open Mainframe Summit next year and let’s see what other developments have occurred during the intervening year.