Splunking Your z/os Mainframe Introducing Syncsort Ironstream

Similar documents
Getting Vision on Enterprise-class Security

EView/390z Insight for Splunk v7.1

The Power to Stream z IT Operational Data to the Analytic Engine of Your Choice

Data Obfuscation and Field Protection in Splunk

IBM DB2 Analytics Accelerator Trends and Directions

Welcome to Tomorrow... Today

The Modern Mainframe. IBM Systems. Powerful, secure, dependable and easier to use. Bernice Casey System z User Experience

Securing Mainframe File Transfers and TN3270

1. Which programming language is used in approximately 80 percent of legacy mainframe applications?

IBM. PDF file of IBM Knowledge Center topics. IBM Operations Analytics for z Systems. Version 2 Release 2

Making System z the Center of Enterprise Computing

Revolutionize the Way You Work With IMS Applications Using IBM UrbanCode Deploy Evgeni Liakhovich, IMS Developer

FFIEC Cybersecurity Assessment Tool

Exploiting IT Log Analytics to Find and Fix Problems Before They Become Outages

Splunk & Amazon Web Services

The Power of Data Normalization. A look at the Common Information Model

IBM Application Performance Analyzer for z/os Version IBM Corporation

Mainframe Optimization System z the Center of Enterprise Computing

Bring Context To Your Machine Data With Hadoop, RDBMS & Splunk

Data Onboarding. Where Do I begin? Luke Netto Senior Professional Services Splunk. September 26, 2017 Washington, DC

Deploying IMS Applications with IBM UrbanCode Deploy

REST APIs on z/os. How to use z/os Connect RESTful APIs with Modern Cloud Native Applications. Bill Keller

Key Management in a System z Enterprise

Measuring HEC Performance For Fun and Profit

Dynamic What? I m Dynamic, Aren t You? Andrew Chapman & Sam Knutson VP Product Management CA Technologies

Modernizing InfoSec Training and IT Operations at USF

Transforming IT: From Silos To Services

APIs Economy for Mainframe Customers: A new approach for modernizing and reusing mainframe assets

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

IBM. User Guide. IBM Common Data Provider for z Systems. Version 1 Release 1

End to End Analysis on System z IBM Transaction Analysis Workbench for z/os. James Martin IBM Tools Product SME August 10, 2015

IBM z/os Management Facility V2R1 Solution Guide IBM Redbooks Solution Guide

Please give me your feedback

Copyright 2014 Splunk Inc. Splunk for VMware. Architecture & Design. Michael Donnelly, Sr. Sales Engineer

CPU MF Counters Enablement Webinar

Cisco Tetration Analytics

Db2 for z/os Early experiences using Transparent Data Set Encryption

Introduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike

EView/390z Mainframe Discovery

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:

Unum s Mainframe Transformation Program

The Old is New Again Engineering Security in the Age of Data Access from Anywhere

Micro Focus Studio Enterprise Edition Test Server

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. reserved. Insert Information Protection Policy Classification from Slide 8

TECHED USER CONFERENCE MAY 3-4, 2016

Introduction to CICS. Course introduction

Proactive Outage Avoidance with IBM Service Management Suite for z/os (SMSz) V1.3

Splunk & AWS. Gain real-time insights from your data at scale. Ray Zhu Product Manager, AWS Elias Haddad Product Manager, Splunk

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

z/os Introduction and Workshop Overview of z Systems Environment 2017 IBM Corporation

2014 IBM Corporation IBM Advanced Technical Skills ZCONN1. WebSphere Application Server Liberty Profile z/os. z/os Connect

z/osmf User Experiences

Create Dashboards that People Love

OFA Developer Workshop 2014

ASG-TMON SOLUTIONS OVERVIEW

Optimize Your Heterogeneous SOA Infrastructure

Splunk. Plataforma de Datos. Denise Roca / Gerente de Software

The Major CPU Exceptions in EPV Part 2

DATA SHEET. VANGUARD ez/tokentm KEY FEATURES:

SIEM: Five Requirements that Solve the Bigger Business Issues

A System z Developer's Journey Through the Application Lifecycle

IBM DB2 Analytics Accelerator

Running Splunk Enterprise within Docker

IBM PDTools for z/os. Update. Hans Emrich. Senior Client IT Professional PD Tools + Rational on System z Technical Sales and Solutions IBM Systems

Dragons and Splunk Do Not Do Well In Captivity

IBM Exam C IBM z Systems Solutions Sales V7 Version: 6.0 [ Total Questions: 74 ]

About the DISA Cloud Playbook

Jim McNeill. Vanguard Professional Services VSS10 & VSS13

Oracle NoSQL Database Overview Marie-Anne Neimat, VP Development

zenterprise exposed! Part 1: The Intersection of WLM, RMF, and zmanager Performance Management

BMC Subsystem Optimizer for zenterprise Reducing Monthly License Charges

Next Generation Dashboards

Oracle Exadata: Strategy and Roadmap

Approaches to Enterprise-Wide Monitoring and Problem-Solving on IBM z Systems

DB Connect Is Back. and it is better than ever. Tyler Muth Denis Vergnes. September 2017 Washington, DC

The Oracle Trust Fabric Securing the Cloud Journey

REALIZE YOUR. DIGITAL VISION with Digital Private Cloud from Atos and VMware

Demystifying the Cloud With a Look at Hybrid Hosting and OpenStack

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

CLOUD WORKLOAD SECURITY

DIR-SDD zseries Services

Docker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications

Overview. Business value

System Z Performance & Capacity Management using TDSz and DB2 Analytics Accelerator: UnipolSai Customer Experience

Accelerate IMS Transaction Management Modernization

Transform to Your Cloud

Z13 customer experiences

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

hcloud Deployment Models

Cisco Tetration Analytics

Latest from the Lab: What's New Machine Learning Sam Buhler - Machine Learning Product/Offering Manager

#techsummitch

IBM. OA VTAM 3270 Intrusion Detection Services - Overview, Considerations, and Assessment (Prerequisite) z/os Communications Server

IMS Performance - Getting The Most Out Of Your Monitoring Technology: Isolating And Solving Common Issues

Oktober 2018 Dell Tech. Forum München

VANGUARD Compliance Manager VANGUARD Policy Manager VANGUARD Security Manager VANGUARD Enforcer

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

CA Chorus Infrastructure Management for Networks and Systems

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

Transcription:

Copyright 2016 Splunk Inc. Splunking Your z/os Mainframe Introducing Syncsort Ironstream Ed Hallock Director of Product Management, Syncsort Inc.

Disclaimer During the course of this presentation, we may make forward looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in the this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not, be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. 2

Agenda Why Splunk Your z/os Mainframe? Challenges with Getting Mainframe Data into Splunk Ironstream : Getting z/os Mainframe Operational & Security Data Into Splunk Ironstream Sample Applications for Operational Analytics and Application Monitoring Ironstream for z/os Security and Integration with Splunk Enterprise Security (ES) Ironstream Integration with Splunk IT Service Intelligence (ITSI) Conclusion 3

Splunking Your Mainframe Data Into The Industry-Leading Platform For Machine Data Machine Data: Any Location, Type, Volume Answer Any Question On- Premises Online Services Web Services Ad hoc search Monitor & alert Report & analyze Custom dashboards Developer Platform Servers Security Networks GPS Location Packaged Applications Private Cloud Public Cloud Storage Online Shopping Cart Desktops Smartphones and Devices Telecoms Web Clickstreams RFID Call Detail Records Messaging Databases Custom Apps Energy Meters Mainframe Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing 4

Why Splunk Your Mainframe? Because Mainframes Still Host the Most Critical Applications 71% Fortune 500 2.5 Billion Bus. Transactions / day / per MF Top World 92 Banks 10 of World s Top Insurers 23 of Top 25 US Retailers Source: IBM 5

IBM System z and z/os 101 z/os z/os zlinux zlinux z/vm PR/SM LPAR PR/SM LPAR PR/SM LPAR IBM System z *Note - z/linux is NOT z/os 6

Challenges with Getting Mainframe Data Into Splunk Integration Data Conversion: EBCDIC to ASCII; Binary to readable Complex mainframe data structures: SMF Data Security Hosts mission critical sensitive data making it difficult to access Cost Processing on the mainframe costs CPU cycles (MIPS) including data transmission (TCP, FTP, etc.) Cannot interfere with system throughput Operational Log file migration can be complex Tracking delta from log files difficult, if not possible Getting data in real time/near real time is complex 7

Ironstream: Getting z/os Mainframe Operational & Security Data Into Splunk Enterprise Security Mainframe TCP/IP z/os DCE IDT Data Forwarder Data Collection Extension Ironstream Desktop SYSLOG SYSLOGD logs securit y SMF 50+ types RMF Up to 50,000 values File Load Log4j SYSOUT Live/Stored SPOOL Data DB 2 USS Alerts Network Components Ironstream API Assembler C COBOL REXX Application Data 8

Ironstream Architectural Considerations Ultra Light Weight Minimal MIPS impact even for billions of SMF records Non-intrusive Collect data from critical system Zero impact to throughput Fast Collect data in real time Secure and Reliable Error recovery Security Load balancing 9

Sample Mainframe Log Data That Can Be Splunked Operational Analytics Mainframe Application Operator logs for DB2, CICS, IMS, etc Related Mainframe Logs Syslog Application Monitoring DB2 Accounting Records CICS Accounting Records WebSphere Job / Step Accounting Records SMF Type 101 SMF Type 110 Log4j SMF Type 30 Security & Compliance RACF Intrusion Detection SMF Type 80 SyslogD 10

Operational Analytics: RACF Violations and Message Trends Data Source: SYSLOG RACF Violations by type RACF Violations by user Trend message volumes today vs. same time last week and 2 weeks ago 11

Operational Analytics: Batch Job Activity Data Source: SYSLOG Batch JOB activity over time showing peak batch window 12

Operational Analytics: Job Monitor for SLA Tracking Data Source: SMF Type 30 Track JOB execution against defined service levels and identify JOBS that are at risk of noncompliance with service level agreement target Drill down to predecessor JOBS 13

Application Monitoring: DB2 Performance Data Source: SMF Type 100, 101, 102 Logging Rate Uncommitted Records by Plan Lock State Escalations Unavailable Resources Lock Contention 14

Application Monitoring: CICS Transaction Analysis Data Source: SMF Type 110 Transaction Rates CPU Usage by Transaction Transaction Response Time Transaction Failures 15

Ironstream z/os Security & Splunk Enterprise Security

Critical z/os Security Data Sources Collected via Ironstream Intrusion Detection (port scans, floods/dosattacks, malformed data packets) z/os Traffic Regulation Management Daemon (TRMD) SYSLOGD Network Management Component TSO logon tracking SMF30 TSO account change activity SMF80 FTP authentications SYSLOGD Network Management Component FTP file change analysis SMF119 IP traffic analysis SMF119 Network events Network Management Component 17

Ironstream z/os Security App All data sources collected by Ironstream are exposed in an application focused on z/os security only This app shows z/os mainframe security data and is NOT an enterprise-wide integrated view 18

z/os Security Dashboard Intrusion Detection showing Port Scans and Denial of Service Attacks TCP/IP Network Traffic 19

z/os Security Dashboard TSO Account Activity TSO Lockouts Job Initiations FTP Session Activity FTP Transfer Activity 20

Ironstream + Splunk Enterprise Security App All collected data sources can also be mapped to Splunk CIM for Enterprise Security and automatically exposed in ES dashboards along with security information from other platforms Requires the Ironstream TA for Splunk Enterprise Security to be installed Provides an enterprise-wide, integrated view of security across all platforms via ES dashboards provided by Splunk 21

Sample Intrusion Center Dashboard With Splunk Enterprise Security Now shows z/os intrusions and anomalies along with events from other platforms 22

Sample Security Posture Dashboard With Splunk Enterprise Security Now shows z/os intrusions and anomalies along with events from other platforms 23

Ironstream Integration with ITSI

Ironstream Integration with ITSI KPIs provided for mainframe systems in Service Analyzer CEC (Central Electronic Complex), i.e. the box LPARs (logical partitions) Critical services Glass Tables for visualization 25

Ironstream Integration with ITSI 26

Ironstream Integration with ITSI 27

Ironstream Apps Are On splunkbase https://splunkbase.splunk.com/ à Search Syncsort 28

Splunk Your z/os Mainframe and Get a 360-degree View of Your Entire IT Infrastructure Intrusion Detection (port scans, floods/dos attacks, malformed data packets) z/os Traffic Regulation Management Daemon (TRMD) SYSLOGD Network Management Component TSO logon tracking SMF30 TSO account change activity SMF80 FTP authentications SYSLOGD Network Management Component FTP file change analysis SMF119 IP traffic analysis SMF119 Network events Network Management Component 29

Syncsort Heritage Syncsort provides fast, secure, enterprise-grade software spanning Big Iron to Big Data 50% of all mainframes run Syncsort software Real-time MF Log data to Splunk - Ironstream DB2 transparency migration solutions Real-time network management and security software Fastest sort technology in the market Most trusted 3 rd party mainframe software Over 45 years of innovation: 25+ issued & pending patents Large global customer base 12,000+ deployments in 85 countries and serving 87 of the Fortune 100 1,500 mainframe customers Our customers realize ROI and get the best customer service in the world, every day! Key Partners 30

What Now? Come visit us our booth! Get Ironstream for SYSLOG for free http://www.syncsort.com/en/testdrive/ironstream-starter-edition CONTACT INFO@SYNCSORT.COM 31

THANK YOU

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback