To Stage or Not to Stage; Hardening an AS/400

Our readers comment on the November 2001 issue.

Security in Obscurity
[Roberta Braggs’ September column] that mentioned a midrange server Web site ("Pandora’s Box or Panacea?") hit a resonant chord with me. I purchased an AS/400 for our company as a back-end server for PKI verification. We used a small ATM network to connect OS/2 machines to the AS/400, a system that had obscurity as a major security theme. Could you recommend a good Web site for hardening an AS/400?

Fred Ruopp

I haven’t found a specific site that concentrates on AS/400 security but http://search400.techtarget.com seems to be a good portal into information. There’s also an affiliated security site, http://searchsecurity.techtarget.com. Of course, there’s also www.ibm.com/Search?v=11&lang=en&cc=us&q=security, IBM’s security Web site.

To get you thinking about security in general, visit www.sans.org. You’ll also find some good links there to other sites. Here are some more AS/400 security links:

—Roberta Bragg

NAS and EMC
Nice use of the surfing imagery in Jon Toigo’s August column ("Storage’s Endless Summer"). Unfortunately, I need to point out an inaccuracy in his story. Jon says EMC unveiled its first NAS products a year ago. In fact, we introduced our first NAS product, EMC Celerra, in 1996. It’s true we announced a new NAS product in 2000, the CLARiiON IP4700.

Ken McDonnell

EMC Corporation Public Relations

mcdonnell_ken@emc.com

I am aware of EMC’s NAS offering, though I confess to having gotten my date of introduction wrong in an earlier column. That error has been corrected. It does not change the point, often expressed by EMC in my interviews with them, that NAS is a Tinkertoy compared to Big Iron arrays, and that the latter are required for the heavy lifting of block-based high-performance transaction processing.

—Jon Toigo

Web-to-Host Solution
I read [Joe McKendrick’s] August column ("The Next Big Thing") on key players in Web to host, and I agree with most of it. I also want to mention BIS Advanced Software Systems, an EAI and Web-to-host solutions provider with superb, next-generation technology. BIS is missing from the vendor list included with the column.

Samuel Sheinfeld

BIS Advanced Software Systems Ltd.

shmuels@bis.co.il

[Regarding Joe McKendrick’s August Web-to-Host column,] I would like to suggest that ClientSoft’s ClientBuilder be added to the "Key Mainframe and Midrange Web-to-Host Vendors" list. ClientBuilder has capabilities for client-server, Web-enablement and wireless.

Michael Sykes

ClientSoft

msykes@ClientSoft.com

Don’t Forget Validation
I’ve just read [Jeff Gentry’s] column "The Forgotten Data Store" in the August issue. I agree with his thoughts, and believe that staging areas are going to be an essential ingredient of enterprisewide, federated BI implementations.

However, he didn’t discuss what parts of the ETL process he believes should be applied here. One critical aspect is validation and error management. This is either performed here, close to the source—and more important, close to those people who know and understand this data—or at the target system, maybe half a world away and managed by people who know nothing of the operational system that the data is coming from.

I would be interested in Jeff’s thoughts on this. Should cleansing and error management be implemented here in the staging area? If not, we get into situations in which data that has been propagated to the target system may be corrected later—but the local version retained in a persistent data store is still incorrect. The trade-off is that we then end up with this data quality processing occurring on many different systems. This concept of "intelligent data sourcing" extends the data store scenario and might be an interesting future article.

Alan Jordan

VP of Development

Coglin Mill (Australia) Pty. Ltd.

AJordan@coglinmill.com

Thanks for your comments. In fact, in my December column, I plan to discuss validation and error management in data stores.

—Jeff Gentry