Hi everyone!

It’s interesting to talk to the IBM i community about the topic of anti-virus (AV) software. The subject comes up frequently during my travels, as I often include it as a remediation item that every enterprise should evaluate. When I do this, people seem to segregate into one of two groups: Either AV is seen as a pointless exercise due to what they have heard about the IBM i operating system, or they are completely onboard with the idea and are already running it on their systems.

Perhaps we should start with a definition of a virus. According to Wikipedia, a virus is a form of malware that can copy itself from one computer to another. There are many types of malware, including Trojan horses, worms, adware and spyware, and while most of us are (oh-too) familiar with most of these, I usually give my own definition as any unauthorized code—active or dormant—that is designed to perform a function that is not part of a company’s official application initiative.

While there is the possibility of operating system objects being tampered with, IBM i has long been touted as impermeable to viruses. This is due in part to a native object structure that prevents executable code being embedded inside non-executable objects, for example, hiding program code inside of a database file type object. While I have heard some reports of a virus being technically possible in the IBM i operating system, it is far from a prevalent issue, and one that gets dismissed quickly by most security officers.

However (and this is a very important distinction), while the traditional library and object structures might be nowhere near as susceptible to viruses as a Windows server, there are other structures that are. If you are currently providing users or applications with access to the Integrated File System (IFS), these folders can easily contain an infected file. Access is often provided for client-server type applications, such as Lotus Domino, WebSphere, and Navigator for i, or simply to enable users to use an IBM i disk as a shared network repository. Unfortunately, the presence of a virus in the IFS presents a significant threat as, during a viral outbreak, most IBM i servers remain connected to the network and can cause recurring infection—remember Wikipedia’s definition of a virus?

While some companies choose to scan IBM i network drives from another network server, this is not normally advised. With many systems housing hundreds of thousands of IFS objects to be scanned, remote scanning carries significant challenges. These challenges include the likelihood of poor scanning performance and a significant increase in network bandwidth utilization. This may also cause a corresponding degradation in other communications or applications as files are brought in to the scanning server’s memory. There is also an increased risk from the requirement of a read/write share, and the common use of a profile that has *ALLOBJ special authority.

Bytware is the only supplier of a native IBM i anti-virus solution powered by a commercial grade scan engine and, as PowerTech’s sister company, makes the following observations about viruses on IBM i:

• The IBM i is not free from virus threats
• The IBM i can host and spread viruses
• Viruses can sit undetected on IBM i
• The IFS is the perfect host
• Viruses on IBM i can attack other systems
• Undetected viruses can pass through IBM i mail

Fortunately, IBM has provided exit points to allow a program to perform scanning functions similar to those found on other platforms. The StandGuard Anti-Virus (SGAV) solution from Bytware is a comprehensive anti-virus solution, and its features include:

• Designed from the ground up for IBM i, System p, AIX, Linux on x86, and Domino servers
• Powered by McAfee commercial scanning engine
• Can’t be disabled by viruses
• Green screen and GUI interfaces
• Uses IBM i scanning enablement for on-demand and open/close scanning
• Object integrity scanning protects IBM digital signatures

So my advice is to look closely at how you are using your system’s file structures. If there is a possibility of any file being written or read from the IFS, then AV is an absolute must. If you are not sure if you are, give the folks at Bytware a call and they will be happy to help you. And, if you still haven’t seen enough of a reason to use this very cost-effective solution, you should also note that an anti-virus solution is sometimes required for compliance with certain regulations—such as requirement 5 of the Payment Card Industry’s PCI-DSS standards.

You should also consider other types of malicious code. Imagine a start up program that performs a PWRDWNSYS! Although this might not be considered a true virus, it would certainly be extremely disruptive to a production application environment. Or, perhaps, an unauthorized program that is registered as a password change validation program; one that illegally records user passwords as they are set. Monitoring and reporting changes to system values, such as QSTRUPPGM or QPWDVLDPGM, is one way to prevent these types of threats from affecting your run-time environment. You can make short work of all of these threats with SGAV, ideally in conjunction with PowerTech’s comprehensive Compliance Monitor reporting solution, and the Interact real-time alerting module.

Drop me a line at robin.tatam@powertech.com for more information AV or about PowerTech, or visit www.powertech.com.

Cheers!

- rt

Hi everyone!

A few days ago, I celebrated a summer weekend up in Duluth, Minnesota, on the shores of beautiful Lake Superior. While Minneapolis was being pounded by torrential rain and thunderstorms, I enjoyed my first visit to this area, camping “old school” with my family in tents and sleeping bags, and roasting hot dogs and S’mores over an open fire. I would offer up that it doesn’t get much better than that! We also spent time skipping rocks across this unbelievably immense body of water, walking through the gorgeous Duluth rose gardens, and taking a fun ride on the recently-opened alpine roller coaster.

One of the main reasons for our travel north was to attend the exciting Duluth Airshow. I took my photo of two of the U.S. Air Force “Thunderbirds” during their awe-inspiring demonstration, and although it is hard to believe, it was edited ONLY for contrast! Witness the total faith that these pilots have in their equipment, their flight support crew, and their fellow airmen. This is a good analogy of the security of your IBM i data. It takes a combination of rock-solid hardware, quality software, competent technical support, and a parent organization that backs its solutions to ensure success. Failure of any of these critical “systems” could result in a security catastrophe, so make sure that you put your faith in “the best of the best.”

Back in the office, I am starting the wind-up for a post-summer event schedule that includes customer visits and security training workshops around the country. We will be posting information about these events as they become scheduled, both on www.powertech.com as well as in Power News, so make sure that you are signed up to receive this free monthly electronic newsletter.

As part of PowerTech’s ongoing commitment to IBM i security education, I will be presenting four security sessions at the COMMON Fall Conference and Expo in San Antonio, Texas, in early October. I am also booked to be at a couple of other regional events: ISACA’s Information Security and Risk Management conference in Las Vegas, Nevada in mid September and Optimum Solutions’ User Group conference in Nashville, Tennessee in late October.

It’s a good thing that I really love to travel, as tomorrow I am flying out to Nashville for the remainder of this week. I will be working with a large customer to discuss the deployment of our security suite to more than 100 of their IBM i systems—an exciting project to be involved in!

I mentioned in last week’s blog that we have a new Authority Broker e-training course in the works. This generated a lot of emails from customers who  are happy that we are providing another educational resource for them. I can now reveal the online class schedule, as well as announce the next iteration of our popular Network Security e-training:

Authority Broker                                                September 2

Network Security – The Basics                        September 23

Network Security – Advanced (Part 1)            September 28

Network Security – Advanced (Part 2)            September 30

If you are new to Authority Broker or Network Security, or would simply like to brush up on your existing skills, sign up today as seats are limited!

Drop me a line at robin.tatam@powertech.com for more information about PowerTech, or visit www.powertech.com.

Cheers!

-       rt

I had a customer ask me recently if you could audit yourself in PowerTech’s Authority Broker tool. I responded, “Of course!” It seems that the auditors within this particular company wanted to ensure that all the powerful profiles were audited, but the I.T. department was resisting. Their main concern was that they didn’t have a good way to deal with finding and deciphering all of the raw audit records that the operating system places into the audit journal when performing profile auditing.

Fortunately, this customer was already making extensive use of Authority Broker to handle elevation of authority for “break-glass” type emergency situations. In their shop, there were also certain functions that had to be run using specific profiles like QSECOFR, not just a profile running under the guise of QSECOFR. The solution was very simple: Install an Authority Broker PTF to enhance the base product, and permit the ability for a profile to switch to itself, thereby creating the audit and reporting environment that they were already familiar with when using normal profile switching.

We occasionally get notes about creative ways that customers wish to use one of our products—sometimes in ways that our development team never originally anticipated. While the base functionality of the products satisfies the vast majority of auditors’ requirements for regulatory compliance, we welcome “wish lists” and suggestions of how we can enhance any of our solutions. Simply send a note about your idea to support@powertech.com to get your idea added into an enhancement list database. In this particular case, we already had this little trick up our sleeve, but we love to get ideas from those of you who have found requirements to use the tool in ways outside of the original scope. Another suggestion that was turned into reality was the ability to invoke exit programs as part of an Authority Broker swap. What? You didn’t know about that capability either?  Well, check out the administrator’s guide, and the sample exit programs found on the PowerTech website.

If you are new to Authority Broker, or would simply like to brush up on your skills, we are in the process of putting together a product eTraining class that will be rolled out at the beginning of September.

Drop me a line at robin.tatam@powertech.com for more information about PowerTech, or visit www.powertech.com.

Cheers!

- rt

Last week I made some comments about Network Security Version 6 and the updated online training we recently offered. I got several questions about the “hook” of the new version, so I thought that I would give everyone a quick overview.

Before I get into the new features, let me provide some background for those of you that might not be familiar with what Network Security does for an organization. If you are already comfortable with the concept of network access, exit points and exit programs, then you may skip the italicized text below.

Back in the early days of the AS/400, the only way to access data was via a 5250 (green screen) application. This meant that we could easily secure the application data using only simple menus and command line restrictions. In the early 90’s, IBM responded to customer demand and enhanced the operating system to enable open access through network interfaces such as ODBC, FTP, and remote command. This had the effect of opening the database without the control of the menus. IBM also enabled a facility called exit points that allow the specification of programs to determine if a request should be honored or denied. Network Security is a suite of exit programs that are designed to provide two critical security functions—auditing and access control—for these requests.

If you would like to learn more, check out the Network Security product page on the PowerTech website

One of the first visual indications of the new version is found in the installation process. Gone are the days of having to manually upload a save file, restore the objects, and then run an installation routine. Instead, there is a great new installation wizard. This runs on a Windows PC to streamline the unpacking, uploading, and installation of the product from beginning to end. As one of the folks who installs this product countless times a year, I want to personally thank the person behind this enhancement! The wizard even removes itself from the PC upon completion, leaving only the new product administration guide as a lasting footprint.

Once the product is installed, there is a brand new activation process. As before, it is designed to register Network Security’s exit programs to the IBM exit points, but now the activation can be totally selective. This means that you may optionally choose to not monitor all of the exit points from day 1. Make a second pass (or more) through the activation process if you wish to activate any of the remaining exit programs subsequently.

When pulling up the Network Security’s main menu, the first thing that you will notice is that the options have been better streamlined with less nesting of menus inside menus. The interface is clean, concise, and intuitive. Some additional options have been added to support the new object rules, but most of the existing option numbers have remained the same to help with the transition.

Network Security continues to lead by its ability to control access at multiple different levels. We can set rules for users and locations that pertain to all functions within a service. We can further define rules that only apply to a specific function within a service, such as remote commands in FTP. Lastly, we can set rules for very specific requests, such as allowing the FTP download of file MYFILE from library MYLIB. Naturally, auditing and messaging from of any of these transactions was one of Network Security’s most sought after features.

The newest addition to the access control functionality comes with the ability to define “object rules.” In scenarios where you might not know the specific request being made (perhaps it can come in a different “flavor” every time), Network Security supports the ability to create and secure using an object list. This list is simply a definition of which objects are being secured by the list. Once defined, the security administrator can set rules that control the access to both data (if applicable) as well as the object itself. Imagine being able to prevent a file from being updated through an ODBC connection, regardless of the SQL statement being issued. Or perhaps you would like to audit any change requests for those particular objects, but not the entire application. While it is recommended to use transaction level rules first (as they are specific to a request), object rules introduce a new era in the capabilities of an already powerful exit program solution.

Behind the scenes, there are some other changes you will want to be aware of. We have standardized the name of installation library, authorization lists, and user profiles used by the application. If you are an existing customer, the installation wizard handles most of the upgrade process, and we have created a migration process for copying the rules from a prior version. Updated documentation has been created to guide you, and help is always just an e-mail or a phone call away.

If you are new to Network Security, or would simply like to get a “refresher,” then keep an eye out for the next round of online training. Alternatively, drop me a line and I will be happy to help you.

Our summer Webinar schedule is now in effect, and next week we will be talking to you about the 2010 State of IBM i Security study.

Drop me a line at robin.tatam@powertech.com for more information about PowerTech, or visit www.powertech.com.

Cheers!

- rt

Well, it was a tough to do, but I am back at work after spending last week in Deerfield Beach, Florida. Our trip started in Orlando with a visit to the Kennedy Space Center. We were able to see several launch pads, including ones being reconfigured for futuristic launch vehicles, as well as ride the new Shuttle Launch Experience, which was a “blast” (sorry, I couldn’t resist that). As a boy, I was obsessed with Space exploration; I remember spending countless hours working on a model of the 363-foot tall Saturn V rocket used for most of the Apollo and Skylab missions in the late ‘60s and early ‘70s. Being up-close and personal with one of these behemoth rockets was very humbling. I tell people that I work in a technology field, but that is technology at its finest!

White sands and the sound of crashing ocean waves accompanied beautiful sunsets and the sun-kissed warmth of the Atlantic Ocean. If you have never been to this part of the world then I thoroughly recommend it, although be sure to pack your sunscreen as it is pretty hot and humid. I just hope that this side of the coast line remains unaffected by the environmental disaster that is happening on the gulf coast side.

Anyway, I am glad to be back in Minnesota now. (Did that sound at all convincing?)

In my absence, there was fevered discussion about the possible abolition of the Sarbanes-Oxley Act by the U.S. Supreme Court due to the challenge on a section of the law. But before you start cheering with delight that your complex reporting requirements are over, Monday saw the court give unanimous support to the section that could have caused the entire act to be thrown out due to the fact that the government did not build “severability” into the law. Severability allows a law to remain standing even if parts are discarded as being unconstitutional, so if this one section was ruled unconstitutional, the whole law would have been eliminated.

To add to the requirement of having good reporting practices in place, new laws are also currently being pushed through Congress, although some may actually reduce the reporting burden on smaller companies.

From the PowerTech corner, Network Security Version 6 has been extremely well-received in the market place. We recently updated and executed the first online training sessions to include Version 6 enhancements, and will be scheduling another class for next quarter. We are also preparing for a similar class on Authority Broker, so watch out for that announcement. If you are interested in any type of custom training (onsite or remote), then contact Nancy Berg, our services coordinator.

Drop me a line at robin.tatam@powertech.com for more information about PowerTech, or visit www.powertech.com.

Cheers!

- rt

Hi everyone!

Visiting with customers is one of my favorite activities, so I was excited that last week’s Midrange Mixer in Rochester, MN brought in a lot of IBM i users. This time, the event was hosted at the famous Michael’s restaurant (as designated by the hundreds of celebrity photos hanging in the main hallway) in downtown Rochester. We welcomed a large number of customers and prospective customers for cocktails, hors d’oeuvres, and Jeopardy-style games. I must say, it’s amazing how much easier those questions are to answer when you are NOT sitting in the hot seat!

The evening’s table conversations were very stimulating, with numerous companies seeking assistance with their security projects. PowerTech’s recent introduction of Network Security Version 6 and other enhancement projects in the works were a topic of discussion, as was our great no-charge compliance assessment solution. I know Tom Huntington encountered a similar response regarding multi-platform scheduling, and other Help/Systems specialties. I must say, it’s good to hear about healthy business initiatives again.

Thanks must go to our own Heath Kath, Technical Sales Consultant for SEQUEL Software, for his willingness to don the (in)famous Robot suit, and stand out on the streets of Rochester to welcome everyone to the party! (Thanks also go to my over-six-feet tall parents for ensuring that the suit does not fit me!)

If you are also embarking on a new security project, drop me a line to find out how PowerTech can put our resources to work for you. With skilled security engineers, and our well-known security software solutions, we have the tools to get the job done right—regardless of your security or compliance objectives.

As part of summer, we are slowing our weekly Webinar schedule to approximately two per month. Look for our security workshops and Webinars to resume their normal schedule in September. As always, the PowerTech Website and PowerNews electronic newsletter are a great source of information, and both sources have the upcoming event schedule for June, July and August.

Speaking of summer, I am taking time off work next week to take my kids on a highly anticipated vacation to the southern climes of Boca Raton, Florida. Following my visit to Orlando for COMMON last month, I saw what a fabulous place this would be for a family trip to the beach. Thanks to my foreign exchange student “brother” for his hospitality at the beautiful ocean-front resort he manages in Deerfield Beach.

Drop me a line at robin.tatam@powertech.com for more information about PowerTech, or visit www.powertech.com.

Cheers!

- rt

Hi everyone!

Last week, I mentioned that many companies struggle with starting security projects due to a lack of any clear direction or action plan. I introduced the idea of performing an assessment, and mentioned one of the options is to start with our own no-charge Compliance Assessment solution.

I have had a number of follow-up questions regarding this approach, so this week I thought that I would delve a little deeper into the PowerTech Compliance Assessment process.

First and foremost, this is a tool that runs on Microsoft Windows. Of course, there is an IBM i component to collect the host data, but it is installed by the tool as it runs, and is removed again after it completes. This means no footprint is left behind on the server. If your change management process does not allow for software installation, we can work with you to catalog the things that are installed and deleted.

PC requirements:

• Windows 2000, Windows XP, or Windows Vista
• Java Virtual Machine (JVM), version 1.5 or later
• Internet Explorer version 6.0 or later, or Mozilla Firefox (2.0 or higher is preferred)
• Adobe Flash version 9 or later is required to view the report

IBM i requirements:

• OS/400 V5R1 or later
• Access to a powerful user profile with *ALLOBJ and *SECADM
• A network connection to the system with ftp access

The software is installed from an automatic installation process that comes from a download link that we provide. You have 7 days after you run the first assessment to run it again (as many times as you wish). This works well to provide an updated baseline based on some simple changes that may be enacted.

There are six areas of review, each represented by their own tab in the assessment application:

Auditing

This is a review of the event capture configuration provided in the operating system. PowerTech’s annual security study indicates that 20% of IBM i shops are still not performing any form of auditing, and many more are not collecting data that would be sufficient for a forensics review.

User Access

One of the largest exposures I see when performing assessments is the lack of visibility to requests for data from network interfaces, such as ODBC and FTP. IBM provides a supplemental layer to the operating system called exit points, and this checks to see which exit points have registered exit programs monitoring them.

User Security

One of the best defense mechanisms you can use is strong user and password rules. A review of your profile environment provides feedback on the number of profiles that have not recently been used, profiles with default passwords, and highest number of invalid sign-on attempts. An analysis of your password rules is also included.

System Security

There are a number of security-related system values, and ensuring that they are all set appropriately is an important step in securing your system. We’ll review these settings, as well as some best practice recommendations.

Public Authority

A legacy of many IBM i applications is that we often rely on menu security, and user profile command restrictions to prevent unauthorized data access. A look at the public authority on your application libraries will reveal if they are vulnerable to access from outside of the application.

Admin Rights

Unnecessarily powerful profiles plague many IBM i shops, and is one of the most frequently cited issues by auditors. There are eight special authorities that should be reserved for administrators, and this section will review the number of users granted each of them.

Two tabs are designed to put a “bow” on the assessment package. The Summary tab provides an executive-level view of the general state of compliance to best practices. Intuitive red/yellow/green “traffic light” style indicators provide a visual gauge for non-technical people. The Recommendations tab summarizes the key observations, which can be printed and shared. I don’t usually spend much time in this section when working directly with customers, as I take my role in the assessment process to provide observations and recommendations that pertain to the specific environment.

If you meet the PC requirements listed above, check out our online sample report or, better yet, have an assessment performed on your own system. Did I mention that it doesn’t cost anything?

Drop me a line at robin.tatam@powertech.com for more information about PowerTech, or visit www.powertech.com.

Cheers!

- rt

Hi everyone!

As hard as it is to believe, today is already the last day of school for my two children, Jordan and Sydney.  Another academic year down, and a summer vacation about to begin.  At this point, both kids have no real plan for what the summer will hold, but that isn’t going to stop them racing into their highly anticipated time off!

Their enthusiasm, despite the lack of a solid game plan, started me thinking how many people start a security project with similar gusto, but also without any real direction on where to begin (or end).  Not only can this be expensive, but it is also likely to be an inefficient use of skilled resources, and will lead to frustration and possibly even abandonment of the project as being “too complicated.” As such, I though I would share one way that I have seen customers successfully embark on such a project.

As with any project, the first step is to establish the project goal or objective.  In a security project, the objective is usually to become secure or to become compliant.  If you are a frequent reader of the PowerTech blog, you will know that these two objectives are not necessarily the same, but are terms that are often used interchangeably.  From there, identify the tasks needed to achieve the objective, and then prioritize and schedule those tasks.

Okay, so back to our IBM i security project.  If this is a new type of initiative for your organization, then determining the tasks, as well as the priority of the tasks, can be a daunting process.  If you have ever spent any time looking at risk management, you know that you want to assign levels of risk based on the likelihood of an event occurring, in conjunction with the cost and effort of mitigating the exposure versus the cost of recovery if the event were to occur.  High risk items should be mitigated first.  Low risk items should be mitigated last, or perhaps not at all if the risk is considered acceptable.

One of the best ways to identify the tasks is with a formal review of your IBM i environment.  PowerTech has two popular offerings to assist with this process:

Security Assessment Tool

We have devised an automated assessment tool that performs a high-level review of six key security-related metrics on IBM i.  The assessment findings are presented instantly to your team via a rich browser-based application, and a comparison is made to common best-practice standards to provide direction on mitigation.  PowerTech provides access to the tool for 7 days, plus a security specialist to help interpret the findings, all at no charge for the first partition.

Security Assessment Service

After using the automated tool, perhaps a “deep dive” review is deemed necessary.  This fee-based offering can be customized to your own business requirements, but is typically a five day engagement involving a security specialist performing a comprehensive review of the IBM i configuration.  The resulting report details a prioritized list of concerns, along with background information on why an item is a concern.

Now that the exposures are known, it is much easier to assign the priority of the remediation tasks and to assign the costs to mitigate them.  Some items, such as network access to data and applications, is one of the biggest vulnerabilities we see, but it can also be one of the easier high-risk items to resolve.  Other concerns, such as overly powerful users, might take more planning and manual effort to mitigate.

Beyond the class-leading software solutions that PowerTech is renowned for, we can assist with virtually any task in an IBM i security project.  Our security specialists have experience and expertise in mitigating risk in many areas, including system configuration and applications.

Don’t allow your enthusiasm to be dampened by the lack of a solid game plan.  Starting with an assessment can prevent delaying the start of a project as important as this.  After all, your application data is one of your most valuable business assets.

Drop me a line at robin.tatam@powertech.com for more information, or visit www.powertech.com.

Cheers!

- rt

Hot on the heels of the Network Security 6.0 release, I sat down with Jill Martin to discuss events leading up to the launch.

Hi Jill! Thanks for giving me some time this morning to talk about NS 6. Webinar attendees probably know you well, but why don’t you give us a quick introduction?

Sure! My name is Jill Martin and I am the PowerTech Product Support Manager. I have been with Help/Systems for about twelve years and have worked in a number of capacities, including product trainer, sales representative, and most recently as part of the PowerTech team.

So, tell me what responsibilities you have as Product Support Manager?

As manager of the technical support staff, one of my main roles is overseeing the support you receive if you ever call in to PowerTech. I also worked closely with the development team over the last couple of months to prepare for the release of Network Security version 6.0.

So what is the big “hook” with Network Security version 6?

A couple of things really. First, we added the ability to set rules based on an object. What I mean by that is that we have created the incredibly powerful capability to be able to set rules that pertain to an object. This means it’s now possible to restrict and audit access to an object regardless of the syntax of the incoming request. In SQL for example, Select fld1, fld2 from myfile was previously seen as a different request than select fld1 from myfile. As humans, we could look at that and know it was pulling the same data, but the server couldn’t. This capability adds to the powerful transaction-based rules that Network Security has long been admired for.

We also have added a new selective activation process, so customers can decide which exit points are secured. This allows a staged approach to integrate Network Security into the operating system, something that is often important in large IT shops.

In addition, we have done a lot of infrastructure changes to ensure that the product works efficiently, and that the user interface is more intuitive. Some of these changes won’t really be seen directly by customers, but they are an important part of planning for future enhancements that we are designing.

Did we have dedicated programmers working on this product?

On a project of this size, we assign a lead developer who oversees the development aspect of the project. Obviously that is someone who is intimately familiar with the PowerTech Network Security solution. We also have other developers that are familiar with security solutions and have additional resources who are are assigned “as needed,” based on the tasks identified in the project plan. Of course, these folks all report through the development chain to a manager who is responsible for product design and coding.

So how do you test a pending product release?

All Help/Systems products go through a stringent testing process that includes unit testing, integration testing, systems testing, and acceptance testing. We have a number of dedicated testers—people whose sole job is to test new development projects. They build a test plan and divide up the different sections between themselves. There is also a support person involved because they know what customers want and how they use the software. Gregg Bury was the support person, and he spent some time reviewing the functionality and the usability of the interface, and making recommendations on improvement.

So what things did the testers look at?

They tested the changes and did regression testing to the core product to review every panel and function to identify whether there were any outstanding issues from prior releases. They also did performance and stress testing using scripts.

Did they test at every release level?

Absolutely, they tested at every release that we support—currently V5R4, V6R1, and V7R1

Presumably as the testers locate issues, they prioritize them?

They do; they rank items using a priority scheme and those with a priority 1 or 2 are the things that were addressed first.

As far as making the code available to customers, how is that done?

Well, the download page has already been updated to show the new level of the code. As far as getting the code onto a customer’s machine, that is one of the changes between the last release of 5.3 and the current release of 6.0. In 5.3, we had a save file that was downloaded to a PC and then manually extracted, sent to the server, and installed from there. With version 6.0, we have a self-extracting installer. It uploads and installs the code on the server, and performs the cleanup, leaving only the administration guide on the user’s PC.

Does the customer have to know anything about their configuration to perform that install?

Yes, they need to sign on with a user profile that has the necessary authority to perform an upload and a restoration of the application. The Installation Guide walks them through the necessary requirements and steps.

So there is a new Administration Guide?

Yes, there is.

Where can existing customers find it?

They can go to the support area of the PowerTech website, under the “customer login” link in the top navigation bar. The documentation is all listed at the top of the product download page. If someone doesn’t remember their support log-in, they can contact support at support@powertech.com

Did we do a BETA program?

Well, typically Help/Systems does more of a managed release or limited ship. We do not like to give a product to customers until we feel we are on top of the release. In this case, we had a few customers who offered to help because they needed one or more of the new features. So, we had a few people using the product and giving us feedback.

How do existing v5.x customers upgrade to Network Security version 6?

The product installs into a new library, which allows the system to remain protected during the installation process. There is a command to merge rules into Network Security version 6, and the activation process allows the redirection of the exit programs to the new version in the new library.

What do the developers do after a product is released?

First they celebrate! Then they go through a number of post-project processes. There is a documentation review to analyze our methodologies and to make any necessary improvements going forward. After that, they begin to look at the next project and the development manager re-deploys the development resources based on the next project plan. The good news/bad news with working for a company as creative as Help/Systems is that we never rest. In fact, there are already requirement lists for Network Security 7.0 that we are looking at.

Where can customers learn more about Network Security 6.0?

There is a “new features” document that is a great place to start. It shows what’s new, and what’s changed. For example, the authorization lists that we use to define the capabilities of the administrators have changed names. A customer will want to review who has access to the product—the documentation discusses all of that.

We are planning to do a “What’s New” Webinar in the coming weeks to talk about the new features in Network Security 6.0. Our Web-based Network Security training class will be based on version 6.0 later this year.

What about support of the new product version?

The support staff have all been trained on the new version and have been working with the software on our internal systems, as well as with the “early-ship” customers. Our international staff have also been working with the new version.

Any closing thoughts?

Just that we are very excited to have this new Network Security release now shipping. And, I’m looking forward to building the feature list for the next release.

So there you have it—an introduction to a PowerTech product release. If you have any extra questions for Jill, please send them to jill.martin@powertech.com

Cheers!

- rt

Although it is normally nice to return home after a stint of living out of a suitcase, it was definitely a shame to leave the sun and surf of Orlando. There must be something about someone who lives in a “cooler” part of the world heading to warmer climates, as last week literally flew by. Today is rainy and cold in Minneapolis, and I am already aching to hop the quick three-hour flight back down to the sandy beaches. (Not that I spent any time there during the conference, of course!)

In all seriousness, the COMMON annual meeting was a great success for us. Three days of exposure at the expo talking to existing customers about their successes, as well as new faces that are learning how PowerTech can bring so much value to IBM i security projects.

While it seems a few of the attendees were unaware that PowerTech is a member of the Help/Systems family until they saw the joint booth and marquee, the number of people that walked by and indicated that they were already running tools from either one or both sides of the house was very impressive. Of course, we are not resting on our laurels: Today marks the official release of version 6 of Network Security, our leading exit point solution. While talking to expo attendees, it was also fun to discover when they were running just one of the PowerTech tools and to introduce them to another one of the modules.

I also enjoyed presenting three educational sessions on security topics to COMMON attendees:

• 7 Habits of Highly Secure Organizations

• State of IBM i Security Study 2010

• How To Prevent a Data Leak on IBM i

There were over 1000 attendees at this year’s event; up significantly from last year’s event in Reno, Nevada. As an exhibitor, this was quite noticeable from the foot traffic passing through the expo. Next year’s event in Minneapolis, MN will (hopefully) provide IBM with a great opportunity to represent the platform with resources from Rochester, MN. All of the Help/Systems companies will have a strong presence there, as always.

As I mentioned, Network Security’s new release began shipping this week. To celebrate, I will try to scoop an interview with Jill Martin, PowerTech’s product support manager, to tell us a little about the process of getting a product release out of the door, as well as some of the background on what is new and improved. Watch for that next week…

Last but not least, congratulations to Chris Smith of Wells Fargo, lucky winner of our Windows 7 Netbook giveaway last week.

Cheers!

- rt