bitug - 19 may 20101 rupert stanley ross systems international 19 th may 2010 nonstop management and...
TRANSCRIPT
BITUG - 19 May 2010 1
Rupert StanleyRoss Systems International
19th May 2010
NonStop Management and Performance Tools
Copyright Ross Systems International Limited 2010
BITUG - 19 May 2010 2
Data v Information
BITUG - 19 May 2010 3
Information Leads to Decisions
BITUG - 19 May 2010 4
Sometimes Data is all we need
WHAT IS THE VALUE OF THIS STOCK?
BITUG - 19 May 2010 5
Sometimes it’s a bit more complex
IS THIS HSM WORKING?
BITUG - 19 May 2010 6
Tools Available
1. Data content closely linked to Information
2. Powerful Selection Facility3. Wide range of Displays for Different
Uses4. Powerful Analytical Functionality
Available
HSEMM – HSM Emulator Suite, Management Aspects
PROBE – System Information Utility
FINFO – File Information and Status Discovery Tool
1. Data is all encrypted binary2. Performance and Fault Tolerance Vital3. Black Boxes lead to Quality Problems4. Need Independent Verification &
Validation
BITUG - 19 May 2010 7
PROBE
$SYSTEM CARL 11> run probePROBE V1.0 Run on: 15/10/2009 13:50-----Copyright Ross Systems International Ltd. 2008,2009 Full Version (Release Date 14th October 2009)---------------------------------------------System Name: \ATPHPLD, System Number 072354Processor Type: 10, Model: 71, Name: NSE-M, CPU Count 6System Speed: 2238% of K2000 speed (x22 faster)
System Name: \CORBY, System Number 052377Processor Type: 9, Model: 11, Name: NSR-E, CPU Count 2System Speed: 320% of K2000 speed (x3 faster) System Name: \NEC, System Number 052376Processor Type: 9, Model: 11, Name: NSR-E, CPU Count 2System Speed: 320% of K2000 speed (x3 faster)
NS50000 – ITANIUM, BLADE
S76000 – S-SERIES, RISK
BITUG - 19 May 2010 8
FINFOData Store is
a crucial system
resourceused by:
SYSTEM MANAGERS
COMMERCIAL USERS
DEVELOPMENT STAFF
ERRORS
COST
CASH
BITUG - 19 May 2010 9
FINFO – USER GOALS
1. Commercial Users – Just want the system to be up and run smoothlyDon’t need or want to know about its configuration or management
2. System Managers – Want to system to run smoothly for all users Use a well defined set of files. Need to know how files are growing, if there is adequate space and if there are any problems. Must have sufficient information to securely maintain the disk estate as a whole.
3. Development Staff – Want disk resources and information.Use a huge and loosely managed set of files for sources, objects, libraries, test sets, results and test data bases.Need to know where everything is and its properties.
Data store is held on files on Disks, the various system users have different requirements for management and visibility of this:
BITUG - 19 May 2010 10
FINFO – SYSTEM MANAGERSQUESTIONS
1. What disks do I have?
2. How full are they?
3. Is the system Balanced?
4. Are there any files which are going to be full in the next few days?
5. Are the indices getting too deep
QUESTIONS
6. Are the files properly secured?
7. Who has got files on the system?
8. Is anyone taking too many resources?
9. Are there any files with error flags set?
10. How do I generate reports?
FINAL DEMAND
Declutter My Desktop and Give Me a Simple Answer!
BITUG - 19 May 2010 11
FINFO – DEVELOPERSQUESTIONS
1. Where are all my measure files?
2. How much space have I used?
3. I did a test on 7th July last where is is all?
4. Which files was I working on yesterday?
QUESTIONS
5. Which big files haven’t I used for ages?
6. I’ve got to write a report and I need to export file information. how do I do it?
7. Jim has just left the project, where are all his files?
PLEA
Please give me a simple way to organise and find all my stuff!
BITUG - 19 May 2010 12
FINFO - HELP$WORK RSITEST 8> finfo -hFINFO V3.2 Native 17/05/2010 17:37-----Copyright Ross Systems International Ltd. 2008,2009,2010 Inhouse Version-Never Expires 12 May 2010)-------------------------------------------FINFO Commands are:FINFO/OUT <report>/ [<file names>] [<commands>]<report> : Output file (stdout)<file names> : Files selector [[<vol>.]<subvol.]<file>] where <vol> = Volume Name, default current volume <subvol> = Subvolume Name, default current <file> = file descriptor, default wild vol/subvol/file can contain wild cards *<commands> : -H or -? - Print out command help menu -W - Print out in wide format -X - Generate EXCEL semi-colon separated spreadsheet -D - Print out file date details -E - Print out file extent details -A - Print actual file sizes, not partition size -Tx - Print out user totals, total type x - None - Print all user totals V - Volume - Prints Volume and System Totals S - System - Prints System Totals only -Ox - Order by x, where x is: C - File Code D - Date N - Name (default) S - Size U - User
-Sx - Select by x, where x is: A - Audited Files Only B - Both ("<text>") where <text> is text Files are searched for the case free text C - File Code (cyyy), where yyy is file code D - Date Range (dyyyr) yyy - Number of units, default 1 day r - H(ours),D(ays),W(eeks),M(onths),Y(ears) or Calendar Date Range (dtm<date time>) t - Type: C(reation), L(ast open) E(xpiration), M(odification) m - modifier < / > <date time> - dd[/mm[/yy]][,hh:mm[:ss]] or <date time> - ,hh:mm[:ss] I - Index Level (ix), where x is the index level L - Licensed Files Only O - Open Files Only P - Partitioned Files Only Q - SQL Files (qt) t - Type: L(sql), T(able), I(ndex) P(rotection), S(horthand) R - Restricted Progid Set Files S - Size (smyyy) yyy - File size in Kilobytes m - modifier, < / >- less / greater than T - File Type (tx), where x is the file type U - Unstructured, R - Relative, E - Entry Sequenced, K - Key Sequenced, U - User (u<name>>) where <name> is: <group>.<user> tandem group,user names <group no>,<user no> group & user nos. X - Text ("<text>") where <text> is text Files are searched this takes time % - Percent Full (%pp) pp = percent ( - PIRA Rec ("<pira rec>") see PIRA syntax in finfo.pdf default select all files by file selector$WORK RSITEST 9>
BITUG - 19 May 2010 13
FINFO – VOLUME DETAILS
$WORK RSITEST 9>FINFO $*\sirius.$system.system.licensesFINFO V3.2 Native 17/05/2010 17:47-----Copyright Ross Systems International Ltd. 2008,2009,2010 Inhouse Version-Never Expires 12 May 2010)-------------------------------------------VOLUMES on \SIRIUS (Mb) (Mb) % FragmentsVolume Capacity Free Space Free Count Biggest(Mb)$SYSTEM 2000 267.02 13 143 265.98$AUDIT 4238 1589.11 37 7 625.50$WORK 4238 3585.78 84 29 2826.38Totals 10476 5441.91 51 179 2826.38 $WORK RSITEST 10>
BITUG - 19 May 2010 14
FINFO – SUBVOLUME DETAILS$WORK RSITEST 16> FINFO $WORK.* -S%90 -SI2SUBVOLUMES on \SIRIUS.$WORKSubVolume Files At Limit Users Used Space(Mb) % of Disk PagesACI 15 0 1 0.38 0.01 312
. . .
ZSPIDEF 510 0 3 22.96 0.88 18402ZTEMPL 201 0 2 71.39 1.85 38442ZYQ00000 1557 0 3 148.33 2.34 48424Disk Totals 5136 6 6 461.54 11.39 235714 Files needing maintenanceName ($WORK.) Last Modified Code PExt SExt MExt PC% CommentsCL00PDIC.DICTOUK 05-Oct-2004 208 4 32 500 2.9 Reload (index 2)RSITELEX.TELEX 12-Sep-2000 5000 20 200 32 60.8 Reload (index 2)RSITELEX.TELEX0 12-Sep-2000 5000 10 100 32 56.7 Reload (index 2)RUPERT.TEST 20-Apr-2007 2000 2 2 16 100.0 Reload (too full)TELINDUS.DATA1 27-Jul-1999 0 100 100 16 100.0 Reload (too full)TELINDUS.SPL3 27-Jul-1999 128 4 4 16 100.0 Reload (too full)Recommendations: Reload (too full); Reload (index depth); System Files At Limit Users Used Space(Mb) % of System PagesTotals 5136 6 6 461.54 11.39 235714$WORK RSITEST 17>
BITUG - 19 May 2010 15
FINFO – ORDINARY DISPLAY$SYSTEM SYSTEM 20> FINFO
Files on \SIRIUS.$SYSTEM.SYSTEM Name Last Modified Code TP RWEP Size User No PExt SExt PagesACMMSGS 11-May-1992 12:56:50 101 U CCCC 19,862 255,255 4 4 12ADDHELP 20-Nov-1992 16:28:57 100L U CCNC 26,374 255,255 8 2 14AHEXOBJ 17-Jun-1997 15:33:58 100L U CCCC 47,104 255,255 24 16 24AID 17-Sep-1988 00:00:51 100L U NONO 120,832 255,255 60 34 60ALGORICC 01-Dec-1997 20:00:49 101 U NCNC 75,794 255,255 28 28 56
. . .
ZX25TEXT 29-Dec-1993 20:57:11 0 K NCNC 98,304 255,255 20 20 60ZZEVCONF 17-May-2010 11:43:50 843 E NOOO 2,048 255,255 1 1 1ZZSRVMON 17-Jan-1995 16:07:12 100 U NCNC 9,608Kb 255,255 1858 32 4706ZZZZFIX 05-Apr-2007 14:26:45 101 U NCNC 2,122 255,255 2 2 2 Selected User Totals for SubVolume \SIRIUS.$SYSTEM.SYSTEMUser No User Name Files Bytes Used Pages Used127,001 RSI.RUPERT 1 3,700 2200,010 <alien>.(200,10) 8 177,108 95200,040 <alien>.(200,40) 2 243,624 132255,002 <alien>.(255,2) 5 470,312 278255,200 SUPER.RUPERT 4 558,440 292255,255 SUPER.SUPER 909 269,459,629 137,625Totals: 932 270,979,253 138,457 $SYSTEM SYSTEM 22>
BITUG - 19 May 2010 16
FINFO – WIDE DISPLAY$SYSTEM SYSTEM 22>FINFO -W
Files on \SIRIUS.$SYSTEM.SYSTEM ACMMSGS ADDHELP AHEXOBJ AID ALGORICC ALGORITM AMIXF AMONAPCCDC APCCOM APCHEX APCLMAP APCMSGS APCOBJ APCPCOD APCPDIRAPCSEC APCTAP APE APEDOC APEHELP AR ARMTRACE ARSTVBDAS AS1 ASSERTH AUDSERV AXCEL BARCODES BASEXTC BASEXTD
ZSMFPAS ZSMFTACL ZSMFTAL ZSMPPTR ZSMPSCF ZSMPSEL ZSMPTEXT ZSVRCONFZSX1PTR ZSX1SCF ZSX1SEL ZSX1TEXT ZSYSCFG ZTBLSCF ZTBLTEXT ZTCIMSGZTCIPTR ZTCISCF ZTCISEL ZTCITEXT ZTLKPTR ZTLKSCF ZTLKTEXT ZTNTPTRZTNTSCF ZTNTSEL ZTNTTEXT ZTR3SCF ZTR3TEXT ZTRCSEL ZX25PTR ZX25SCFZX25TEXT ZZEVCONF ZZSRVMON ZZZZFIX Selected User Totals for SubVolume \SIRIUS.$SYSTEM.SYSTEMUser No User Name Files Bytes Used Pages Used127,001 RSI.RUPERT 1 3,700 2200,010 <alien>.(200,10) 8 177,108 95200,014 <alien>.(200,14) 3 66,440 33200,040 <alien>.(200,40) 2 243,624 132255,002 <alien>.(255,2) 5 470,312 278255,200 SUPER.RUPERT 4 558,440 292255,255 SUPER.SUPER 909 269,459,629 137,625Totals: 932 270,979,253 138,457
BITUG - 19 May 2010 17
FINFO – EXTENTS DISPLAY$WORK RSITEST 32> FINFO -E
Files on \SIRIUS.$WORK.RSITEST Name Last Modified Code TP RWEP User No PExt SExt MExt IxL PC%CAPTURE 13-Feb-2007 08:32:12 100 U NNNN 127,001 26 16 18 0 8.7CONSOLE 13-Feb-2007 08:32:12 100 U NNNN 127,001 22 14 16 0 9.5FILELD 13-Feb-2007 08:32:16 100 U NNNN 127,001 46 16 21 0 30.0IPLSN 13-Feb-2007 08:32:16 100 U NNNN 127,001 42 16 36 0 6.6IPTEST 13-Feb-2007 08:32:18 100 U NNNN 127,001 46 16 25 0 29.5PIRAIP01 13-Feb-2007 08:08:55 101 U NNNN 127,001 2 2 16 0 1.4PIRATEST 13-Feb-2007 08:32:21 100 U NNNN 127,001 42 16 16 0 35.2PIRAUSRC 13-Feb-2007 00:03:19 101 U NNNN 127,001 4 4 16 0 10.0PIRAUSRH 13-Feb-2007 00:02:51 101 U NNNN 127,001 2 2 16 0 6.9STRIPIT 13-Feb-2007 08:32:00 101 U NNNN 127,001 8 32 500 0 0.0SVRTEST 13-Feb-2007 08:32:25 100 U NNNN 127,001 46 16 25 0 25.9TACLCSTM 13-Feb-2007 08:46:09 101 U NNNN 127,001 2 2 16 0 14.6UDPTERM 13-Feb-2007 08:32:25 100 U NNNN 127,001 46 16 28 0 9.6VIEWLICE 13-Feb-2007 08:32:26 100 U NNNN 127,001 28 16 18 0 9.0 Selected User Totals for SubVolume \SIRIUS.$WORK.RSITESTUser No User Name Files Bytes Used Pages Used127,001 RSI.RUPERT 14 1,275,906 676Totals: 14 1,275,906 676
BITUG - 19 May 2010 18
FINFO – DATES DISPLAY$WORK RSITEST 33>FINFO -D
Files on \SIRIUS.$WORK.RSITEST Name Created Last Modified Last Opened Expiration SizeCAPTURE 13Feb2007-08:16 13Feb2007-08:32 10Aug2008-18:09 *NO EXPIRATION* 53KbCONSOLE 13Feb2007-00:10 13Feb2007-08:32 09Feb2010-18:09 *NO EXPIRATION* 45KbFILELD 13Feb2007-00:16 13Feb2007-08:32 10Aug2008-18:09 *NO EXPIRATION* 224KbIPLSN 13Feb2007-00:33 13Feb2007-08:32 10Aug2008-18:09 *NO EXPIRATION* 81KbIPTEST 13Feb2007-00:34 13Feb2007-08:32 09Feb2010-15:57 *NO EXPIRATION* 259KbPIRAIP01 13Feb2007-08:08 13Feb2007-08:08 15Jan2009-11:17 *NO EXPIRATION* 916PIRATEST 13Feb2007-07:49 13Feb2007-08:32 10Aug2008-18:09 *NO EXPIRATION* 203KbPIRAUSRC 13Feb2007-00:03 13Feb2007-00:03 15Jan2009-11:17 *NO EXPIRATION* 13KbPIRAUSRH 13Feb2007-00:02 13Feb2007-00:02 15Jan2009-11:17 *NO EXPIRATION* 4522STRIPIT 13Feb2007-08:19 13Feb2007-08:32 15Jan2009-11:17 *NO EXPIRATION* 2276SVRTEST 13Feb2007-00:34 13Feb2007-08:32 09Feb2010-16:19 *NO EXPIRATION* 227KbTACLCSTM 13Feb2007-08:43 13Feb2007-08:46 15Jan2009-11:17 *NO EXPIRATION* 9570UDPTERM 13Feb2007-00:45 13Feb2007-08:32 10Aug2008-18:10 *NO EXPIRATION* 94KbVIEWLICE 13Feb2007-00:45 13Feb2007-08:32 10Aug2008-18:10 *NO EXPIRATION* 55Kb Selected User Totals for SubVolume \SIRIUS.$WORK.RSITESTUser No User Name Files Bytes Used Pages Used127,001 RSI.RUPERT 14 1,275,906 676Totals: 14 1,275,906 676
BITUG - 19 May 2010 19
FINFO – SPREADSHEET EXPORT$SYSTEM VHS 8> finfo/out excelin/ -xVolume SubVolume FileName Open Licensed ProgId Audited Modified LastOpen Created Expiration$SYSTEM VHS EXCELIN Y N N N 19-05-10 5:53 19-05-10 5:53 19-05-10 5:53 NONE$SYSTEM VHS VHS N N N N 12-02-99 13:26 24-03-04 17:09 03-01-03 14:13 NONE$SYSTEM VHS VHSCI N N N N 12-02-99 13:26 24-03-04 17:09 03-01-03 14:13 NONE$SYSTEM VHS VHSDDL N N N N 17-02-98 22:44 30-06-09 18:36 03-01-03 14:13 NONE$SYSTEM VHS VHSINSP N N N N 17-02-98 22:44 30-06-09 18:36 03-01-03 14:13 NONE$SYSTEM VHS VHSSTART N N N N 16-01-03 12:02 30-06-09 18:36 03-01-03 14:13 NONE$SYSTEM VHS VHSTEXT N N N N 20-02-98 8:49 02-05-07 8:41 03-01-03 14:13 NONE$SYSTEM VHS ZZEV0000 N N N N 16-01-03 11:56 02-05-07 8:41 16-01-03 11:56 NONE$SYSTEM VHS ZZEVCONF N N N N 16-01-03 11:56 02-05-07 8:41 16-01-03 11:56 NONE
GroupNo UserNo GroupNameUserName FileCode FileType Partitions PExt SExt MaxExt MaxPages AllocPagesPermit127 1 RSI RUPERT 101 U 4 16 978 15636 4 NNNN255 2 <alien> (255,2) 100 U 96 16 80 1360 96 NUNU255 2 <alien> (255,2) 100 U 102 16 125 2086 102 NUNU255 2 <alien> (255,2) 101 U 4 16 978 15636 4 NUNU255 2 <alien> (255,2) 101 U 4 16 978 15636 4 NUNU255 2 <alien> (255,2) 101 U 8 32 500 15976 8 CCCC255 2 <alien> (255,2) 0 K 20 20 100 2000 120 NUNU255 255 SUPER SUPER 843 E 20 100 16 1520 20 COOO255 255 SUPER SUPER 843 E 1 1 16 16 1 COOO
Eof Index Levels%Full2316 0 0
196608 0 7.1206848 0 4.8
950 0 0722 0 0
5110 0 0221184 1 5.4
4096 0 0.11024 0 3.1
excelinFTP
excelin.txt excelin.xlsImport
; separator
BITUG - 19 May 2010 20
FINFO – VOLUME USER TOTALS
$SYSTEM OPERATE 39> FINFO -T
Selected User Totals for SubVolume \SIRIUS.$SYSTEM.OPERATEUser No User Name Files Bytes Used Pages Used255,255 SUPER.SUPER 47 110,258 102Totals: 47 110,258 102
$WORK RUPERT 42> FINFO *.* -TV
Selected User Totals for Volume \SIRIUS.$WORK, Subvolumes: 105User No User Name Files Bytes Used Pages Used014,021 <alien>.(14,21) 1 12,288 8127,001 RSI.RUPERT 3506 302,492,033 180,638127,004 RSI.OLIVER 6 52,240 66127,255 RSI.MGR 1 2,048 8255,127 <alien>.(255,127) 1 360 2255,255 SUPER.SUPER 1621 158,989,860 54,992Totals: 5136 461,548,829 235,714
SUBVOLUME TOTALS
VOLUME TOTALS
BITUG - 19 May 2010 21
FINFO – SYSTEM USER TOTALS$WORK RUPERT 43> FINFO *.*.* -TS
Selected User Totals for System \SIRIUS, Subvolumes: 1089 Volumes: 3User No User Name Files Bytes Used Pages Used014,021 <alien>.(14,21) 1 12,288 8127,001 RSI.RUPERT 4606 475,509,889 269,386127,004 RSI.OLIVER 6 52,240 66127,255 RSI.MGR 1 2,048 8200,010 <alien>.(200,10) 8 177,108 95200,014 <alien>.(200,14) 3 66,440 33200,040 <alien>.(200,40) 2 243,624 132255,002 <alien>.(255,2) 26 1,832,648 1,450255,127 <alien>.(255,127) 1 360 2255,200 SUPER.RUPERT 4 558,440 292255,255 SUPER.SUPER 11281 2,755,316,146 2,075,758Totals: 15939 3,233,771,231 2,347,230 $WORK RUPERT 44>
BITUG - 19 May 2010 22
FINFO – DATE ORDER$SYSTEM VHS 61> FINFO -ODFINFO V3.2 Native 17/05/2010 18:52-----Copyright Ross Systems International Ltd. 2008,2009,2010 Inhouse Version-Never Expires 12 May 2010)-------------------------------------------Files on \SIRIUS.$SYSTEM.VHS Name Last Modified Code TP RWEP Size User No PExt SExt PagesVHSDDL 17-Feb-1998 22:44:30 101 U NUNU 950 255,002 4 16 4VHSINSP 17-Feb-1998 22:44:33 101 U NUNU 722 255,002 4 16 4VHSTEXT 20-Feb-1998 08:49:15 0 K NUNU 221,184 255,002 20 20 120VHS 12-Feb-1999 13:26:40 100 U NUNU 196,608 255,002 96 16 96VHSCI 12-Feb-1999 13:26:41 100 U NUNU 206,848 255,002 102 16 102ZZEVCONF 16-Jan-2003 11:56:28 843 E COOO 1,024 255,255 1 1 1ZZEV0000 16-Jan-2003 11:56:28 843 E COOO 4,096 255,255 20 100 20VHSSTART 16-Jan-2003 12:02:24 101 U CCCC 5,110 255,002 8 32 8 Selected User Totals for SubVolume \SIRIUS.$SYSTEM.VHSUser No User Name Files Bytes Used Pages Used255,002 <alien>.(255,2) 6 631,422 334255,255 SUPER.SUPER 2 5,120 21Totals: 8 636,542 355
BITUG - 19 May 2010 23
FINFO – SIZE ORDER$SYSTEM VHS 62>FINFO -OS
Files on \SIRIUS.$SYSTEM.VHS Name Last Modified Code TP RWEP Size User No PExt SExt PagesVHSINSP 17-Feb-1998 22:44:33 101 U NUNU 722 255,002 4 16 4VHSDDL 17-Feb-1998 22:44:30 101 U NUNU 950 255,002 4 16 4ZZEVCONF 16-Jan-2003 11:56:28 843 E COOO 1,024 255,255 1 1 1ZZEV0000 16-Jan-2003 11:56:28 843 E COOO 4,096 255,255 20 100 20VHSSTART 16-Jan-2003 12:02:24 101 U CCCC 5,110 255,002 8 32 8VHS 12-Feb-1999 13:26:40 100 U NUNU 196,608 255,002 96 16 96VHSCI 12-Feb-1999 13:26:41 100 U NUNU 206,848 255,002 102 16 102VHSTEXT 20-Feb-1998 08:49:15 0 K NUNU 221,184 255,002 20 20 120 Selected User Totals for SubVolume \SIRIUS.$SYSTEM.VHSUser No User Name Files Bytes Used Pages Used255,002 <alien>.(255,2) 6 631,422 334255,255 SUPER.SUPER 2 5,120 21Totals: 8 636,542 355 $SYSTEM VHS 63>
BITUG - 19 May 2010 24
FINFO - SELECTION• Name mask,
• Date (Modification) Range (hours, days, weeks, months, years),
• Date (Creation and/or Modification and/or Last Open Expiration) by (Earliest / Latest / Range),
• Size Maximum/Minimum/Range
• Percent Full
• Index Depth
• User (Name or Number),
• File Code / Type
• SQL All/Table/Index/Views
• Audited and/or Licensed and/or Progid’d and/or Open
• Content (either Text or Binary)
BITUG - 19 May 2010 25
FINFO – SELECTION ON FILE CODE$SYSTEM VHS 20> finfo -sc101 -sb"process"FINFO V3.2 Native 19/05/2010 06:13-----Copyright Ross Systems International Ltd. 2008,2009,2010 Inhouse Version-Never Expires 12 May 2010)-------------------------------------------Files on \SIRIUS.$SYSTEM.VHS Name Last Modified Code TP RWEP Size User No PExt SExt PagesVHSDDL 17-Feb-1998 22:44:30 101 U NUNU 950 255,002 4 16 4VHSSTART 16-Jan-2003 12:02:24 101 U CCCC 5,110 255,002 8 32 8 Selected User Totals for SubVolume \SIRIUS.$SYSTEM.VHSUser No User Name Files Bytes Used Pages Used255,002 <alien>.(255,2) 2 6,060 12Totals: 2 6,060 12 $SYSTEM VHS 21> edit vhsddlTEXT EDITOR - T9601D20 - (01JUN93)CURRENT FILE IS $SYSTEM.VHS.VHSDDL*lb /process/ 8 ! Vhs-date Vhs-time Process-name Rest-of-text 29 05 process-name TYPE CHARACTER 8.*e
BITUG - 19 May 2010 26
FINFO – SELECTION ON SIZE$SYSTEM VHS 28> finfo -ss<10\sirius.$system.system.licensesFINFO V3.2 Native 19/05/2010 06:27-----Copyright Ross Systems International Ltd. 2008,2009,2010 Full Version (Release Date 18th March 2010)-------------------------------------------Files on \SIRIUS.$SYSTEM.VHS Name Last Modified Code TP RWEP Size User No PExt SExt PagesVHSDDL 17-Feb-1998 22:44:30 101 U NUNU 950 255,002 4 16 4VHSINSP 17-Feb-1998 22:44:33 101 U NUNU 722 255,002 4 16 4VHSSTART 16-Jan-2003 12:02:24 101 U CCCC 5,110 255,002 8 32 8ZZEV0000 16-Jan-2003 11:56:28 843 E COOO 4,096 255,255 20 100 20ZZEVCONF 16-Jan-2003 11:56:28 843 E COOO 1,024 255,255 1 1 1 Selected User Totals for SubVolume \SIRIUS.$SYSTEM.VHSUser No User Name Files Bytes Used Pages Used255,002 <alien>.(255,2) 3 6,782 16255,255 SUPER.SUPER 2 5,120 21Totals: 5 11,902 37 $SYSTEM VHS 29>
BITUG - 19 May 2010 27
FINFO - SELECTION ON PERCENT FULL$SYSTEM VHS 32> FINFO *.* -S%90 -E
. . .Files on \SIRIUS.$SYSTEM.BSCSPOOLName Last Modified Code TP RWEP User No PExt SExt MExt IxL PC%SPL3 ***** OPEN NOW ***** 128 U NNNC 255,255 216 216 16 0 99.2 Selected User Totals for SubVolume \SIRIUS.$SYSTEM.BSCSPOOLUser No User Name Files Bytes Used Pages Used255,255 SUPER.SUPER 1 7,024,640 3,456Totals: 1 7,024,640 3,456 Files on \SIRIUS.$SYSTEM.ZLOG03Name Last Modified Code TP RWEP User No PExt SExt MExt IxL PC%ZZEV0002 18-Oct-2004 16:07:16 843 E NOOO 255,255 80 80 16 0 100.0ZZEV0003 31-Jan-2005 18:18:45 843 E NOOO 255,255 80 80 16 0 100.0ZZEV0004 ***** OPEN NOW ***** 843 E NOOO 255,255 800 800 16 0 90.9 . . .
Selected User Totals for SubVolume \SIRIUS.$SYSTEM.ZSYHUser No User Name Files Bytes Used Pages Used255,255 SUPER.SUPER 3 9,338,880 4,560Totals: 3 9,338,880 4,560 Selected User Totals for Volume \SIRIUS.$SYSTEM, Subvolumes: 3User No User Name Files Bytes Used Pages Used255,255 SUPER.SUPER 7 45,424,640 22,576Totals: 7 45,424,640 22,576
BITUG - 19 May 2010 28
FINFO - SELECTION ON INDEX LEVEL$SYSTEM VHS 35> finfo *.* -si3 -e
Files on \SIRIUS.$SYSTEM.SYS02 Name Last Modified Code TP RWEP User No PExt SExt MExt IxL PC%TMFMESG 26-Feb-1998 23:40:10 0 K NCNC 255,255 51 50 16 3 44.0 Selected User Totals for SubVolume \SIRIUS.$SYSTEM.SYS02User No User Name Files Bytes Used Pages Used255,255 SUPER.SUPER 1 721,920 401Totals: 1 721,920 401 Files on \SIRIUS.$SYSTEM.SYS03 Name Last Modified Code TP RWEP User No PExt SExt MExt IxL PC%TMFMESG 26-Feb-1998 23:40:10 0 K NCNC 255,255 51 50 16 3 44.0 Selected User Totals for SubVolume \SIRIUS.$SYSTEM.SYS03User No User Name Files Bytes Used Pages Used255,255 SUPER.SUPER 1 721,920 401Totals: 1 721,920 401 Selected User Totals for Volume \SIRIUS.$SYSTEM, Subvolumes: 2User No User Name Files Bytes Used Pages Used255,255 SUPER.SUPER 2 1,443,840 802Totals:
BITUG - 19 May 2010 29
FINFO – CONCLUSION
1. COMMAND LINE INTERFACE
2. SPI SERVER VERSION – Multithreaded C++
3. IP SERVER VERSION – TCP/IP or UDP/IP
4. JAVA CLIENT VERSION – Available July
VARIETIES
The wide variety of interfaces and the capability of
defining searches and display type and order give
FINFO the advantage over all other file information
discovery and display tools
BITUG - 19 May 2010 30
HSM - PERFORMANCE
1. Background2. HSM Performance
a) TCP/IP Threadsb) HSM Host Command Firmware
3. HSM Utilisation4. Management and Reporting
a) Configurationb) Reportingc) Fault Tolerance
5. Development and Test Considerations6. Conclusions
Improving Cost and performance of HSM based systems
BITUG - 19 May 2010 31
SECURITY
Cryptography
1. Privacy
2. Authentication
3. Integrity
4. Non-Repudiation
People andOrganisationsneed protecting
Done by:
1. Physical
2. Procedural
3. ISMS
BITUG - 19 May 2010 32
HSM Background
• Long History in Cryptography
• Provide Secure Trusted Environment
• Used in Financial Service Industries
• Volume and Crypto Mix of Transactions Increasing
• Electronic Banking Core Offering
• The Battle Goes on
BITUG - 19 May 2010 33
Current Situation
Ever growing number of POS and ATM Transaction
Peak instantaneous loads about 2,000 tps
Safety margin of about 80% needed for performance
Systems need to be sized to handle 10,000 tps
Transaction rate growing at about 15% p.a.
Cost of high performance HSM about £30,000
Failure not factored in so systems vulnerable
Capital cost = Risk + Expenditure. Rising exponentially
Basel and PCI DSS Regulations
Need a resilient service + best use of infrastructure
BITUG - 19 May 2010 34
HSM Performance
Commercially available HSMs have:
1. High Performance processors, 1GHz +
2. Cryptographic Co-processors DES, AES, RSA…
Theoretical throughput is 5,000+ PIN Translates per Second
Max. Quoted tps rates: 800 Thales, 990 Atalla, 2000 nCipher
Difference owing to:
1. HSM Operating System
2. Communications delays through 6 OSI Stack Layers
3. Need to Interpret HSM Command
BITUG - 19 May 2010 35
OSI Stack
THALES/ATALLA/nCIPHER HSM
HOST COMMAND PROCESSING SYSTEM
HOST
TRANSACTION PROCESSING SYSTEM
Application Service
Requestor
Presentation Package
Session
Transport
Network
Datalink
Physical
Session
Transport
Network
Datalink
Physical
Presentation HSM Firmware
Application Host
Commands
TCP/IP STACKTCP/IP STACK
All commands have to traverse stack andHost Application cannot really affect command throughput
BITUG - 19 May 2010 36
TCP/IP THREADS
• Number of IP Ports = Number of Threads
• Increase number of threads HSM Constantly Processing
• More than a certain number will increase queuing
• The maximum transaction rates assume lots of threads
• Maximum Port Counts
1. Thales 8000 - 64 TCP/IP Ports
2. Atalla A10150NSP - 64 TCP/IP Ports
3. nCipher netHSM 2000 - 20 TCP/IP Ports
BITUG - 19 May 2010 37
HSM FIRMWARE
The Firmware is the HSM executable code.
It contains the:
1. Standard Host Commands
2. Standard Console Commands
3. Bespoke Host Commands
4. Bespoke Console Commands
Increase the efficiency of this code and
The transactions per second will increase
BITUG - 19 May 2010 38
FIRMWARE SPEEDUP
BEFORE Efficiency 1 Transaction per 5 Cycles
OperatingSystem
4 Cycles
Firmware1 Transaction
1 Cycles
BITUG - 19 May 2010 39
FIRMWARE SPEEDUP
AFTER Efficiency 1 Transaction per 2 Cycles
OperatingSystem
4 Cycles
Firmware6 Transaction
6 Cycles
BITUG - 19 May 2010 40
SPEEDUP CHALLENGES
1. Host Presentation Software is more complex
Blocking and Unblocking of Commands
2. Line Transmission Times Increased
However 100 BaseT can handle 30,000 x 800 bytes per sec.
3. Standard Command cannot be used
Bespoke Firmware Required with variable blocking
Implemented as defined
Beware of timeouts
BITUG - 19 May 2010 41
SPEEDUP RISKS
1. Multithreaded Presentation Software is Complex
Reduce by using OO techniques and products - TELOS
2. High Speed IP Processing could be a bottleneck
Split over IP Stacks
Use dynamic switching Presentation Layer
3. Optimising Bespoke Commands can be Expensive
Do not let HSM supplier do this
Prototype using a suitable product - HSEMM
BUT, IF YOU WANT FIREPOWER IT’S WORTH IT
BITUG - 19 May 2010 42
END EFFECT
BITUG - 19 May 2010 43
MAXIMISING USECryptographic Facilities of HSMs is a Service
HSM SERVICE
HOST
APPLICATION
APPLICATION
HSM INTERFACE
HSM
HSM
HSM
HSM
NETWORK
BITUG - 19 May 2010 44
SERVICE GOALS
1. HSMs share transaction load equally
a) Each HSM doing the same amount of work
b) Reduce queuing
2. Transaction Processing time is not affected
c) No transaction reaches timeout
3. HSM system is Fault Tolerant
d) There is no single point of failure
Impossible to do but we can have a good try.
BITUG - 19 May 2010 45
ENGINEERING PROBLEMS
1. Variations in transaction load mean The HSM configuration must be dynamic
2. Host Command Processing times vary implies Allocation scheme must allow for time critical commands
3. Maximum dispatch rate of about 5000 tps causes Multiple host processes
4. Single points of failure in host, network and HSM infrastructure Must be allowed for to produce fault tolerant service
5. Multiprocessing load on OS must not Impact performance
BITUG - 19 May 2010 46
BUILDING THE SERVICE1. Find out Available HSMs, Types and Transaction Rates2. Design IP network topology with
2+ networks and Service operates after loss of one network
3. Split Host Commands by transaction processing time into bands<0.05 Sec, <0.1 Sec, < 0.2 Sec, < 0.5 Sec, >= 0.5 Sec
4. Allocate HSMs to Groups, this can be done:Statically. Simple but can cause unevenness in load balanceDynamically, Beware of management messages, poll?
5. Calculate Number of Dispatchers (HSM Interface Processes), Must be at least 2, use transaction rates to calculate number
6. Dispatchers have TCP/IP ports open to all HSMs7. Requestors Linked to Dispatchers on round robin basis
BITUG - 19 May 2010 47
SERVICE STRUCTURE
Requestors
Dispatcher
Dispatcher
Dispatcher
Dispatcher
Dispatchar
HSM Manager
HSM
HSM
HSM
HSM
HSM
HSM
Host Commands
Allocation Requests
Polling and Statistics
Configuration & Statistics Database
Management and Query Requestor
BITUG - 19 May 2010 48
CONFIGURATIONConfiguration of the service occurs:1. On Start-up
a) Configuration file is readb) Checks nominated dispatcher processes are activec) Restarts any missing dispatchersd) Performs a periodic re-configuration step 2b).
2. Periodic Re-Configuration (after a fixed time)a) Poll the HSM dispatchers
(i) Number of transactions by command(ii) Transaction Command Timing Statistics(iii) Port error information and actions
b) Inactive HSMs marked downc) HSM dispatchers sent their new configuration
BITUG - 19 May 2010 49
REPORTING AND CONTROL
HSM Manager is a socketed application server enabling:
1. Dispatcher Start-up
2. Dispatcher Polling to get Load information
3. Performance data to be supplied to other applications
4. Configuration to be:
a) Inspected
b) Modified. Including addition of HSMs and Dispatchers
Persistence, by accessing Database following re-start
5. Applications Load Balancing by supplying names of Dispatchers
BITUG - 19 May 2010 50
FAULT TOLERANCE
Separate Open Systems runningTwo incidences of HSM Managers and DispatchersLoad routed by Active/Passive Products such as Barracuda Load BalancerManagers Synchronise Poll and Control Information To manage HSM facility as integrated whole
HSM SERVICE
APPLICATION
APPLICATION
Open System HSM
INTERFACE 1
HSM
HSM
HSM
HSM
NETWORK
Open System HSM
INTERFACE 2
HSMBARRACUDA
BARRACUDA
BITUG - 19 May 2010 51
DEVELOPMENT AND TEST
Problems when developing bespoke firmware:
1. Very difficult to specify and test new HSM functions
2. Multithreaded Applications are not trivial
3. Project run time increased because:
a) Management of Firmware AND Application Projects
b) Cannot Prototype Firmware
c) HSM Firmware Design & Implementation on critical path
BITUG - 19 May 2010 52
PROJECT TIMING
HSM
Supplier
START
HSM DESIGN 2 Months
HSM CODE 2 Months
HSM TEST 1 Month
END DESIGN 1 Month
CODE 1 Month
TEST 1 Month
Critical Path 7 months
Application Team active for 3 months
HSM Firmware suppliers want to have linear project
This is not good.
BITUG - 19 May 2010 53
ALTERNATIVE PROJECT
Tool
Supplier
HSM
Supplier
START
HSM DESIGN 2 weeks
HSM CODE 1 Month
HSM TEST 1 Week
END DESIGN 1 Month
CODE 1 Month
TEST 1 Month
HSEMM DESIGN
AND CODE
HSEMM TEST
HSM TEST SUITE
SYSTEM AND ACCEPTANCE
TESTS
• Critical Path 3.5 months• Quality much better, thorough with audit traces …• Tools are needed
BITUG - 19 May 2010 54
USEFULL TOOLS
1. Multithreaded Applications Framework
:- TELOS C++ Applications Framework
2. Tools to Prototype HSM Solution
:- HSEMM C Coded HSM Emulator
3. Tools to Test the HSM Operation
:- HSM Test and Development Suite
4. Tools to test the Application
:- PIRA Based Test Tools
BITUG - 19 May 2010 55
CONCLUSIONHigh performance, resilient, adaptable HSM architecture using:
1. A control and reporting service to manage architecture
2. HSM Dispatcher Server process to manage links to HSMs
3. Fault tolerance by using redundant architecture
a) Barracuda IP Load balancer Active/Passive
b) Multiple Posix Boxes
c) Multiple Networks
4. Bespoke HSM Commands to improve throughput
5. Tools: Application framework & HSM Emulator and Test
Suite
6. Requires Applications Architecture to deliver transactions
BITUG - 19 May 2010 56
QUESTIONS?
THANK YOU
Rupert Stanley
Tel. 01206-392923Email: [email protected]
Web www.rsi-ns.com