Mainframe Basics for Security Professionals


Book Description

Leverage Your Security Expertise in IBM® System zTM Mainframe Environments For over 40 years, the IBM mainframe has been the backbone of the world’s largest enterprises. If you’re coming to the IBM System z mainframe platform from UNIX®, Linux®, or Windows®, you need practical guidance on leveraging its unique security capabilities. Now, IBM experts have written the first authoritative book on mainframe security specifically designed to build on your experience in other environments. Even if you’ve never logged onto a mainframe before, this book will teach you how to run today’s z/OS® operating system command line and ISPF toolset and use them to efficiently perform every significant security administration task. Don’t have a mainframe available for practice? The book contains step-by-step videos walking you through dozens of key techniques. Simply log in and register your book at www.ibmpressbooks.com/register to gain access to these videos. The authors illuminate the mainframe’s security model and call special attention to z/OS security techniques that differ from UNIX, Linux, and Windows. They thoroughly introduce IBM’s powerful Resource Access Control Facility (RACF) security subsystem and demonstrate how mainframe security integrates into your enterprise-wide IT security infrastructure. If you’re an experienced system administrator or security professional, there’s no faster way to extend your expertise into “big iron” environments. Coverage includes Mainframe basics: logging on, allocating and editing data sets, running JCL jobs, using UNIX System Services, and accessing documentation Creating, modifying, and deleting users and groups Protecting data sets, UNIX file system files, databases, transactions, and other resources Manipulating profiles and managing permissions Configuring the mainframe to log security events, filter them appropriately, and create usable reports Using auditing tools to capture static configuration data and dynamic events, identify weaknesses, and remedy them Creating limited-authority administrators: how, when, and why




Eating the IT Elephant


Book Description

A Practical, Start-to-Finish Approach to Managing, Evolving, and Transforming Legacy IT Systems For every IT executive, manager, architect, program leader, project leader, and lead analyst “Richard and Kevin introduce us to a reality that’s often neglected in our industry: the problem of evolving legacy systems, a domain they call ‘Brownfield development.’ The authors identify the root of the problem as that of complexity, and offer an approach that focuses on the fundamentals of abstraction and efficient communication to nibble at this problem of transformation bit by bit. As the old saying goes, the way you eat the elephant is one bite at a time. Richard and Kevin bring us to the table with knife and fork and other tools, and show us a way to devour this elephant in the room.” Grady Booch, IBM Fellow, co-creator of UML “Most organizations in the 21st century have an existing, complex systems landscape. It is time that the IT industry face up to the reality of the situation and the need for new development methods and tools that address it. This book describes a new approach to the development of future systems: a structured approach that recognizes the challenges of ‘Brownfield’ development, is based on engineering principles, and is supported by appropriate tooling.” Chris Winter, CEng CITP FBCS FIET, IBM Fellow, Member of the IBM Academy of Technology Most conventional approaches to IT development assume that you’re building entirely new systems. Today, “Greenfield” development is a rarity. Nearly every project exists in the context of existing, complex system landscapes--often poorly documented and poorly understood. Now, two of IBM’s most experienced senior architects offer a new approach that is fully optimized for the unique realities of “Brownfield” development. Richard Hopkins and Kevin Jenkins explain why accumulated business and IT complexity is the root cause of large-scale project failure and show how to overcome that complexity “one bite of the elephant at a time.” You’ll learn how to manage every phase of the Brownfield project, leveraging breakthrough collaboration, communication, and visualization tools--including Web 2.0, semantic software engineering, model-driven development and architecture, and even virtual worlds. This book will help you reengineer new flexibility and agility into your IT environment...integrate more effectively with partners...prepare for emerging business challenges... improve system reuse and value...reduce project failure rates...meet any business or IT challenge that requires the evolution or transformation of legacy systems. · System complexity: understand it, and harness it Go beyond the comforting illusion of your high-level architecture diagrams · How conventional development techniques actually make things worse Why traditional decomposition and abstraction don’t work--and what to do instead · Reliably reengineer your IT in line with your business priorities New ways to understand, communicate, visualize, collaborate, and solve complex IT problems · Cut the elephant down to size, one step at a time Master all four phases of a Brownfield project: survey, engineer, accept, and deploy




Mastering XPages


Book Description

The first complete, practical guide to XPages development - direct from members of the XPages development team at IBM Lotus Martin Donnelly, Mark Wallace, and Tony McGuckin have written the definitive programmer's guide to utilizing this breakthrough technology. Packed with tips, tricks, and best practices from IBM's own XPages developers, Mastering XPages brings together all the information developers need to become experts - whether you're experienced with Notes/Domino development or not. The authors start from the very beginning, helping developers steadily build your expertise through practical code examples and clear, complete explanations. Readers will work through scores of real-world XPages examples, learning cutting-edge XPages and XSP language skills and gaining deep insight into the entire development process. Drawing on their own experience working directly with XPages users and customers, the authors illuminate both the technology and how it can be applied to solving real business problems. Martin Donnelly previously led a software startup that developed and distributed small business accounting software. Donnelly holds a Commerce degree from University College Cork and an M.S. in Computer Science from Boston University. Mark Wallace has worked at IBM for 15 years on many projects as a technical architect and application developer. Tony McGuckin participates in the Lotus OneUI Web Application and iWidget Adoption Workgroup. He holds a bachelor's degree in Software Engineering from the University of Ulster.




DB2 Developer's Guide


Book Description

DB2 Developer's Guide is the field's #1 go-to source for on-the-job information on programming and administering DB2 on IBM z/OS mainframes. Now, three-time IBM Information Champion Craig S. Mullins has thoroughly updated this classic for DB2 v9 and v10. Mullins fully covers new DB2 innovations including temporal database support; hashing; universal tablespaces; pureXML; performance, security and governance improvements; new data types, and much more. Using current versions of DB2 for z/OS, readers will learn how to: * Build better databases and applications for CICS, IMS, batch, CAF, and RRSAF * Write proficient, code-optimized DB2 SQL * Implement efficient dynamic and static SQL applications * Use binding and rebinding to optimize applications * Efficiently create, administer, and manage DB2 databases and applications * Design, build, and populate efficient DB2 database structures for online, batch, and data warehousing * Improve the performance of DB2 subsystems, databases, utilities, programs, and SQL stat DB2 Developer's Guide, Sixth Edition builds on the unique approach that has made previous editions so valuable. It combines: * Condensed, easy-to-read coverage of all essential topics: information otherwise scattered through dozens of documents * Detailed discussions of crucial details within each topic * Expert, field-tested implementation advice * Sensible examples




XPages Extension Library


Book Description

The XPages Extension Library’s next-generation XPages controls make application development far more efficient, effective, scalable, and rewarding. With IBM® Lotus® Notes®/Domino® 8.5.3 and Upgrade Pack 1, IBM has incorporated powerful new capabilities and support. These components and technologies are now fully ready for even the toughest production challenges. XPages Extension Library is the first and only complete guide to Domino development with this library; it’s the best manifestation yet of the underlying XPages Extensibility Framework. Complementing the popular Mastering XPages, it gives XPages developers complete information for taking full advantage of the new components from IBM. Combining reference material and practical use cases, the authors offer step-by- step guidance for installing and configuring the XPages Extension Library and using its state-of-the-art applications infrastructure to quickly create rich web applications with outstanding user experiences. Next, the authors provide detailed step-by-step guidance for leveraging the library’s powerful new support for REST services, mobile and social development, and relational data. The book concludes by showing how to include JavaTM code in Domino XPages applications—a great way to make them even more powerful. Coverage includes Automating deployment of XPages Extension Library throughout your IBM Lotus Notes/Domino or IBM XWork environment Integrating modern design patterns and best practices into Lotus Domino applications with drag-and-drop ease Incorporating AJAX capabilities with Switch, In Place Form, and other dynamic content controls Extending applications with Dojo widgets, popups, Tooltips, Dialogs, and Pickers Implementing state-of-the-art navigation and outlines Using Layout and Dynamic Views controls to painlessly modernize most Domino applications to XPages Quickly building mobile interfaces for existing applications Using social enablers to connect with social platforms and incorporate social features Integrating SQL datasources into XPages data-driven applications




DB2 SQL Tuning Tips for z/OS Developers


Book Description

The Definitive Solutions-Oriented Guide to IBM® DB2® for z/OS®: Now Fully Updated for Both v9 and v10! The largest database tuning performance gains can often be obtained from tuning application code, and applications that use SQL to retrieve data are the best candidates for tuning. This well-organized, easy-to-understand reference brings together more than 100 SQL-related skills and techniques that any developer can use to build and optimize DB2 applications for consistently superior performance. DB2 tuning expert Tony Andrews (“Tony the Tuner”) draws on more than 20 years of DB2-related experience, empowering you to take performance into your own hands, whether you’re writing new software or tuning existing systems. Tony shows you exactly how to clear bottlenecks, resolve problems, and improve both speed and reliability. This book fully reflects the latest SQL programming best practices for DB2 V9 and DB2 V10 on z/OS: techniques that are taught in no other book and are rarely covered in general DB2 SQL courses. Drawing on his extensive consulting experience and highly praised training with Themis Inc., Tony also presents practical checklists and an invaluable 15-step methodology for optimizing virtually any DB2 application. Coverage includes Empowering developers on knowing what to do and where to look in resolving performance problems in queries or programs Providing many programming and SQL coding examples Establishing standards and guidelines that lead to high-performance SQL Implementing time-efficient code walkthroughs to ensure that your standards are followed Focusing on the small number of SQL statements that consume the most resources Identifying simple solutions that deliver the most sizable benefits Optimizing performance by rewriting query predicates more efficiently Providing a better understanding of SQL optimization and Runstat statistics Recognizing opportunities to tweak your code more effectively than the Optimizer Optimizing SQL code with COBOL applications Efficiently checking for the existence of data, rows, or tables Using Runstats’ newest capabilities to consistently optimize paths to data




Persistence in the Enterprise


Book Description

The Definitive Guide to Today’s Leading Persistence Technologies Persistence in the Enterprise is a unique, up-to-date, and objective guide to building the persistence layers of enterprise applications. Drawing on their extensive experience, five leading IBM® Web development experts carefully review the issues and tradeoffs associated with persistence in large-scale, business-critical applications. The authors offer a pragmatic, consistent comparison of each leading framework--both proprietary and open source. Writing for IT managers, architects, administrators, developers, and testers, the authors address a broad spectrum of issues, ranging from coding complexity and flexibility to scalability and licensing. In addition, they demonstrate each framework side by side, via a common example application. With their guidance, you’ll learn how to define your persistence requirements, choose the most appropriate solutions, and build systems that maximize both performance and value. Coverage includes Taking an end-to-end application architecture view of persistence Understanding business drivers, IT requirements, and implementation issues Driving your persistence architecture via functional, nonfunctional, and domain requirements Modeling persistence domains Mapping domain models to relational databases Building a yardstick for comparing persistence frameworks and APIs Selecting the right persistence technologies for your applications Comparing JDBCTM, Apache iBATIS, Hibernate Core, Apache OpenJPA, and pureQuery The companion web site includes sample code that implements the common example used throughout the technology evaluation chapters, 5-9. The IBM Press developerWorks® Series is a unique undertaking in which print books and the Web are mutually supportive. The publications in this series are complemented by resources on the developerWorks Web site on ibm.com. Icons throughout the book alert the reader to these valuable resources.




Implementing ITIL Configuration Management


Book Description

Practical, Real-World ITIL Configuration Management—From Start to Finish The IT Infrastructure Library® (ITIL) places the “best practices” in IT operations at your command. ITIL helps you make better technology choices, manages IT more effectively, and drives greater business value from all your IT investments. The core of ITIL is configuration management: the discipline of identifying, tracking, and controlling your IT environment’s diverse components to gain accurate and timely information for better decision-making. Now, there’s a practical, start-to-finish guide to ITIL configuration management for every IT leader, manager, and practitioner. ITIL-certified architect and solutions provider Larry Klosterboer helps you establish a clear roadmap for success, customize standard processes to your unique needs, and avoid the pitfalls that stand in your way. You’ll learn how to plan your implementation, deploy tools and processes, administer ongoing configuration management tasks, refine ITIL information, and leverage it for competitive advantage. Throughout, Klosterboer demystifies ITIL’s jargon, illuminates each technique with real-world advice and examples, and helps you focus on the specific techniques that offer maximum business value in your environment. Coverage includes Assessing your current configuration management maturity and setting goals for improvement Gathering and managing requirements to align ITIL with organizational needs Describing the schema of your configuration management database (CMDB) Identifying, capturing, and organizing configuration data Choosing the best tools for your requirements Integrating data and processes to create a unified logical CMDB and configuration management service Implementing pilot projects to demonstrate the value of configuration management and to test your planning Moving from a pilot to wide-scale enterprise deployment Defining roles for deployment and ongoing staffing Leveraging configuration management information: Reporting and beyond Measuring and improving CMDB data accuracy Covers ITIL version 3. Preface xvii Acknowledgments xxi About the Author xxiii Chapter 1: Overview of Configuration Management 1 Part I: Planning for Configuration Management 17 Chapter 2: Gathering and Analyzing Requirements 19 Chapter 3: Determining Scope, Span, and Granularity 37 Chapter 4: Customizing the Configuration Management Process 55 Chapter 5: Planning for Data Population 67 Chapter 6: Putting Together a Useful Project Plan 85 Part II: Implementing Configuration Management 97 Chapter 7: Choosing the Right Tools 99 Chapter 8: Implementing the Process 117 Chapter 9: Populating the Configuration Management Database 127 Chapter 10: Choosing and Running a Pilot Program 137 Chapter 11: Communication and Enterprise Roll Out 149 Part III: Running an Effective Configuration Management System 161 Chapter 12: Building a Configuration Management Team 163 Chapter 13: The Many Uses for Configuration Information 179 Chapter 14: Measuring and Improving CMDB Accuracy 193 Chapter 15: Improving the Business Value of Configuration Management 207 Index 217




IBM Rational Unified Process Reference and Certification Guide


Book Description

The Only Official RUP® Certification Prep Guide and Compact RUP Reference The IBM® Rational Unified Process® has become the de facto industry-standard process for large-scale enterprise software development. The IBM Certified Solution Designer - IBM Rational Unified Process V7.0 certification provides a powerful way for solutions developers to demonstrate their proficiency with RUP. The first and only official RUP certification guide, this book fully reflects the latest versions of the Rational Unified Process and of the IBM RUP exam. Authored by two leading RUP implementers, it draws on extensive contributions and careful reviews by the IBM RUP process leader and RUP certification manager. This book covers every facet of RUP usage. It has been carefully organized to help you prepare for your exam quickly and efficiently--and to provide a handy, compact reference you can rely on for years to come. Coverage includes A full section on RUP exam preparation and a 52-question practice exam Core RUP concepts, the new RUP process architecture, and key principles of business-driven development RUP’s architecture-centric approach to iterative development: practical issues and scenarios Patterns for successful RUP project implementation–and “anti-patterns” to avoid The Unified Method Architecture (UMA): basic content and process elements RUP content disciplines, in depth: Business Modeling, Requirements, Analysis and Design, Implementation, Test, Deployment, Project Management, Change and Configuration Management, and Environment Essential RUP work products, roles, and tasks RUP phases, activities, and milestones RUP tailoring and tools for your organization--including introductions to IBM Rational Method Composer (RMC) and MyRUP




A Practical Guide to Trusted Computing


Book Description

Use Trusted Computing to Make PCs Safer, More Secure, and More Reliable Every year, computer security threats become more severe. Software alone can no longer adequately defend against them: what’s needed is secure hardware. The Trusted Platform Module (TPM) makes that possible by providing a complete, open industry standard for implementing trusted computing hardware subsystems in PCs. Already available from virtually every leading PC manufacturer, TPM gives software professionals powerful new ways to protect their customers. Now, there’s a start-to-finish guide for every software professional and security specialist who wants to utilize this breakthrough security technology. Authored by innovators who helped create TPM and implement its leading-edge products, this practical book covers all facets of TPM technology: what it can achieve, how it works, and how to write applications for it. The authors offer deep, real-world insights into both TPM and the Trusted Computing Group (TCG) Software Stack. Then, to demonstrate how TPM can solve many of today’s most challenging security problems, they present four start-to-finish case studies, each with extensive C-based code examples. Coverage includes What services and capabilities are provided by TPMs TPM device drivers: solutions for code running in BIOS, TSS stacks for new operating systems, and memory-constrained environments Using TPM to enhance the security of a PC’s boot sequence Key management, in depth: key creation, storage, loading, migration, use, symmetric keys, and much more Linking PKCS#11 and TSS stacks to support applications with middleware services What you need to know about TPM and privacy--including how to avoid privacy problems Moving from TSS 1.1 to the new TSS 1.2 standard TPM and TSS command references and a complete function library