December 17, 2014

MB Foster extends Ability Commerce's retail

Screen Shot 2014-12-17 at 6.19.47 PMAbility Commerce, a direct commerce software and provider of JDA Direct Commerce Professional Services, has announced their partnership with MB Foster. The two companies offer services to enterprises that use the JDA products including Escalate Retail, the latest generation of the Ecometry ecommerce software suite.

Ability, in calling MB Foster "a software programming and consulting firm specializing in highly scalable data access and delivery solutions for the  JDA Direct Commerce (Ecometry) software platform," plans to use its new partner to transform and migrate the surround code popular in Escalate installations.

“MB Foster’s addition to our strong partnership solutions dedicated to the JDA Direct Commerce software platform will allow us to provide an even higher level of service to that user base, "said Shawn Ellen, Director of Sales and Marketing for Ability Commerce. "MB Foster is committed to the Ecometry user base and will be joining us as a sponsor at our Ability Commerce User Summit this coming March 11-13 in Delray Beach, Florida."

Posted by Ron Seybold at 06:20 PM in Migration | Permalink | Comments (0)

Follow the 3000 NewsWire on Twitter
for immediate feeds of our latest news
and more twitter.com/3000newswire.

December 16, 2014

How OpenCOBOL Helped Porting COBOL II

Editor's note: A little while ago the 3000 newsgroup was discussing the merits of OpenCOBOL compared to the heartland compiler of MPE, COBOL II. Roy Brown offered his story of how he made the open source COBOL step in to do the work that COBOL did during a 3000 migration. A port, if you will.

By Roy Brown

I used OpenCOBOL to port two HP 3000 COBOL programs — only two, but one of them was the big and critical engine at the heart of a system otherwise written completely in PowerHouse.

Key_to_replacementI first used the portability checker on COBOL II to make a few amendments to bring the program in line with the standards — and was able to roll that version back into the production HP3000 code at the time.

The thing that remained non-standard, but which OpenCOBOL supported, IIRC, was entry points. I could have got round the limitation of not having them, but I was pleased not to have to.

The one remaining issue after that was not having IMAGE on the new platform, but having to use Oracle instead. So I rewrote the IMAGE calls as Oracle PRO*COBOL calls. And I was quite surprised that this made the program shorter, or would have if I hadn't left the IMAGE calls in, but commented out, so I could refer back to them if there were issues.

So, armed with a readable program, I slotted it through the PRO*COBOL precompiler, which spits out unreadable COBOL, put that through the OpenCOBOL compiler, which spits out C (or did then, at any rate — does it still?) and then compiled that with the GNU C compiler.

All this was accomplished in a single makefile, so it was not hard to do.

The prospect of debugging any intermediate stage of this tottering house of cards was not inviting, but fortunately I didn't need to — all my mistakes were clearly visible in the PRO*COBOL source.

Once I got it working, which was a surprisingly smooth process, I handed it over, and left for my next assignment.

Checking back a year later, I was pleased to learn it had all just gone live, and the attentions of the finest Oracle optimisers known to man meant that the system was now up to 'only' twice as slow as the HP 3000 original. Despite running on unimaginably more powerful Intel hardware running RedHat Enterprise Linux 5.

Sometimes I think it would be easier to get back over the event horizon of a black hole than to get off an HP 3000, even "lift and shift," which this was. No wonder so many 3000s are still running, including the four I help look after — ones that should have been pensioned off, as indeed I should have been, years ago.

 

Posted by Ron Seybold at 05:53 PM in Migration | Permalink | Comments (0)

December 15, 2014

2015 migrations creep on, in virtual mode

HocusPocusIn the concept of virtualization, a server is replaced by another which pretends to be just like the original. There's no new HP 3000 in emulation, for example. Just the idea of one. The essence of the HP 3000, its PA-RISC architecture, is replaced using the Charon product: software that mimics the HP hardware. Virtualization engines use software to eliminate hardware.

Some MPE migrations which have been underway for years look like they may be using up virtual man-months, so the IT group won't have to adopt a new application. The plan and lengthy project time eliminates the need to go live with changes.

In a virtual migration, the organization knows its intention. Get onto another environment with mission-critical apps. But the work never gets completed, something like a "forthcoming" novel that's expected but unfinished. Virtualized migrating can very well be the reason any 3000 project still has a 2017 target date.

"These days with the tools that are available," said Alan Yeo of ScreenJet, "no migration should take more than 12 months." He added that he believes that engaging a migration services company of any reasonable size would get most of of an organization's code running in test-mode in about six weeks.

A few weeks ago we reported that the San Bernadino County School District was now going to have a migration project scheduled to finish after its reigning 3000 expert has retired. The plan was to have a go-live date next year, and the project has slipped forward to 2017.

There can be acceptible reasons for a migration project timeline of more than two years. They often involve changes in the migration itself. A few that come to mind that we've heard of include failures of chosen tools, organizations that downsize during a migration, and discoveries that changed the scope of the project.

There's always the possibility that a seemingly-simple set of programs feeds data to and extracts it from other applications in the organization. But today's set of available tools to extract and clean and transform and load data really makes data more flexible and fluid. If an organization doesn't have these ECTL tools, this is not easy, however. (At this moment we're thinking about MB Foster's UDA Central, and there are others as well.)

Nevertheless, there's also a possibility that IT managers hold existing software in such high regard that a replacement solution has unnecessary expectations attached to it. Yeo had heard of one lengthy migration where payroll and financials were on a long-term timeline.

"Payroll and financials?" he said. "Why is anyone, in this day, migrating payroll and financials? Go out and get something off the shelf, instead of rewriting your payroll and financials."

He makes a good point that might apply to long-standing migrations. The relative complexity of paying employees and tracking P&L on a general ledger is small, compared to things like process and discrete manufacturing systems. Yes, big ERP systems do include financials and payroll integrated into the suite. They don't have to be that integrated, since moving data back and forth has become easier.

Educational organizations have special demands on their budgets -- they often don't have much of one. Projects compete for resources at schools, and it's not like the schools can sell more classroom seats to generate more revenue. That kind of cash generation comes through taxation and elections, both of which can be lengthy processes themselves.

As we approach 2015, it looks like it will be the 13th year when a migration could still be underway in your community. What's unfinished up to now may be just a virtual migration -- the sort that is on the operations calendar but not scheduled with any urgency.

I work with writers who have novels underway, and some of those novels are only virtual books. I tell them that a far-off deadline does not help complete their work and take it out of the status of "forthcoming." Immediate deadlines which are stepping-stones to a genuine goal make up the backbone of creation.

"We're working on a migration" sounds a lot like "I'm working on a novel." These things are never finished, I tell my writers. They're only completed, because we can always devise something else that would make them more perfect.

Even though perfect is a classic IT ideal, even sharp managers have found themselves testing new software in production mode, and getting away with it. "I did this for over 20 years and only once or twice got in trouble," a manager named Milo Simpkins said on the 3000 newsgroup this month. "But it was never something I couldn't recover from quickly, with no one the wiser."

Posted by Ron Seybold at 07:44 PM in Migration | Permalink | Comments (0)

December 05, 2014

A Forced Migration, One That's Unfortunate

ImagesThis month in the US includes more than the usual ration of Christmas carols and holiday office parties. This is the first month when we US citizens are renewing our healthcare, all of us at once. It's Open Enrollment! According to my insurance agent, everybody's got to be insured by the end of the month. I'm one of the people who's having an experience like 3000 users got in 2001. Blue Cross is migrating me away from a product that it no longer wants to sell.

The parallels, so far, are pretty close. There was nothing that stopped working with my health plan. Like HP, Blue Cross simply stopped selling it because it wasn't making the vendor enough profit. The plan was not removed because of the Affordable Care Act (commonly known as Obamacare). But then, the HP 3000 was not removed because of the HP merger with Compaq. These were simply business decisions, by HP and by Blue Cross of Texas.

Business decisions are taken as a result of events that create situations. Insurers must protect profits, in the same way that HP had to protect its ability to grow after it absorbed $25 billion of Compaq. Customers don't get consulted about discontinuing products.

Much like the experience of the 3000 community with the 2001 migration march, my journey to a new plan will trigger more expense, and let Blue Cross earn more by doing less. I'll see about a 20 percent increase in recurring costs -- which might look cheap compared to how much the 3000 migration has cost the companies being forced to move.

There's a difference that's important, though. The active event that's changed the sale of insurance in America comes with federal rules. It now costs at least $395 a year to homestead, as it were, with no insurance at all. That's a fine that can rise as high as 2 percent of your gross income. A similar bill for a company making $5 million yearly in profit would be $100,000. That would be money spent just to stay on a system which the vendor stopped making or supporting.

Thankfully, there's no such fine for homesteading. There's a bill if a site simply stops support of all kind, however. Every computer system breaks down sooner or later, because nothing is built to never break. A company's insurance on its computer operations is support. The 3000 community got an advantage over those of us who've seen their products discontinued. System support got less costly.

Is a computer system as essential as healthcare? It depends who you ask. Companies can get ill enough to die, too. The continued health of information services is essential to good business practices. There's no guarantee that vendor-based computer support, or even R&D, will keep a company fiscally healthy. It goes a long way when a vendor can deliver new hardware, when older systems can get replacement parts (like artificial hips or shoulders), or when the medicine of improved software and cleansed data remain available.

I'm not happy about seeing my product canceled, and just like HP 3000 customers, I know I need a replacement product. Like 3000 sites, I'll be paying for more than one system, during this month's changeover. I wish I could say that I saw other companies get a chance at affordable computing during the prior decade because HP canceled the 3000 product. I didn't see that. It might have looked like seeing a struggling startup get a computer system built upon Windows and driven by HP's ProLiant hardware. That's a Compaq product that has done very well in the 12 years since the merger.

In contrast, I know there are families who are now getting insurance premium help of some kind. They make less than $62,000 for a family of two, and that number gets higher as the family gets bigger. At some level, their insurance product might be free. There's nothing like that in the computer marketplace.

The phrase "taking a bullet" comes to mind while I look at my insurance costs for the coming year. It's a small bullet. Your community took a bigger one, and some companies didn't survive. That's the cost of some discontinued products. Mine won't kill me.

Posted by Ron Seybold at 04:56 PM in Homesteading, Migration | Permalink | Comments (0)

December 02, 2014

Data leads way to migrations, via support

Migration patternThe heart of a 3000 homestead operation is its collection of IMAGE/SQL databases. Almost 20 years ago, IBM was mounting an effort to turn 3000 customers into AS/400 sites. I commented on the effort for Computerworld, "They'll have to do something about converting IMAGE/SQL data, if they expect to have any success." IBM had little luck in that effort, and not a great deal more nine years later, after HP announced an exit date for its 3000 operations.

From a reader and system manager on the US East Coast, we've heard more about data leading the way to the future. At this long-time 3000 site, the systems are getting a new support provider to keep them online and reliable. Not many sites are changing this sort of arrangement these days. It's been almost four years since HP closed its 3000 and MPE support operations in 2010.

A new company will be supporting that A-Class server on the East Coast before long. The new support is going to open the door to a revamped future, however. 

Our purchasers are still in the process of signing up our new vendor for HP 3000 support. What is sad is that part of the deal includes migration of some TurboIMAGE databases to MS Access or something like that, which will lead to the eventual demise of the HP3000.

There is still the chance the new support might extend the 3000's utility, though. Self-maintainers who don't use support run risks that the 3000 doesn't really have to bear. A stable server is just one short-term reward for signing up with a support provider specializing in 3000s, like Pivital Solutions or The Support Group.

"Yes, I hate doing this support upgrade," the manager reported. "But there is the slim chance that the migration will not be done soon enough to meet the needs of customers -- meaning the usage of the 3000 could actually increase in the short term."

Short-term 3000 usage increases are common in any environment where the data is leading the way to a migration. System managers know the writing is on their shop whiteboards when the data starts to move. While using advanced tools like UDA Central from MB Foster, or back in the day, solutions like DB Migrate when it was offered in service contracts from Speedware, data migrations of IMAGE into other database formats take away the greatest asset of the 3000.

Migration solution companies don't often support servers in the same contract. That arrangement can be an artifact of having a more dedicated resource supporting the HP 3000. While they migrate data, some providers can be keeping the 3000 up to date, too. A customer making a migration might look for a 3000-devoted vendor for moving data.

Posted by Ron Seybold at 05:20 PM in Homesteading, Migration | Permalink | Comments (0)

December 01, 2014

HP Q4, FY static; 3000 replacement sales fall

Enterprise Group totals Q4 2014Despite all of the challenges Hewlett-Packard faced over the past fiscal year, the company has reported sales and earnings that didn't fall much from FY 2013 levels. Falling sales of HP 3000 replacement systems remain on the balance sheet, however. Nothing has changed but the depth of the plunge.

Both the 2014 fiscal year and the Q4 numbers (click on graphics for details) reflected an ability to keep some declines off the HP financial report. The latest quarter improved on Q2 and Q3 results overall. HP reported a profit of $2.62 per share for 2014. That's nearly $5 billion in earnings company-wide.

If the company sticks to its plan, its total of $115 billion in 2014 sales, only down 1 percent from last year, covers the penultimate period HP reports as a full company. By the end of FY 2015, the corporation will separate its businesses and spin off HP, Inc. for consumer and PC products. Hewlett-Packard will remain to sell servers and enterprise computing products and services. Analysts expect the companies to be of equal size.

Revenue shares Enterprise Group Q4 2014The total of HP's Business Critical Systems revenues took another hit in the fourth quarter, dropping almost 30 percent from Q4 of 2013. Double-digit percentage drops in BCS sales are commonplace by now. The unit produces the HP-UX systems HP once designated as replacements for the HP 3000. Intel-based systems, contained in the Industry Standard Servers operations, also saw their sales decline slightly. Networking revenues were slightly higher for the quarter.

The company's CEO was thrilled about the overall picture for the full company, calling it a sustained turnaround.

"I'm excited to say that HP's turnaround continues on track," said Meg Whitman. "In FY14, we stabilized our revenue trajectory, strengthened our operations, showed strong financial discipline, and once again made innovation the cornerstone of our company. Our product roadmaps are the best they've been in years and our partners and customers believe in us. There's still a lot left to do, but our efforts to date, combined with the separation we announced in October, sets the stage for accelerated progress in FY15 and beyond." 

The HP Enterprise Group, where BCS operations live, saw revenues drop 4 percent year over year with a 14.8 percent operating margin. Industry Standard Servers revenue was down 2 percent, Storage revenue was down 8 percent, Business Critical Systems revenue was down 29 percent, Networking revenue was up 2 percent and Technology Services revenue was down 3 percent. After the report, HP's share price flirted with the $40 mark and hit a 52-week high, before falling away today. The fate of BCS and the Enterprise Group didn't concern many investors, who watch EPS profits versus predictions.

The BCS numbers for the full year showed a 22 percent sales decline, a figure that reflects a total of perhaps $200 million in lost revenues. HP doesn't report individual segment sales totals from its Enterprise Group. But BCS operations accounted for about 3 percent of the Enterprise group's $27.8 billion of activity. BCS did avoid a quarterly revenue decline once during 2014. This latest period countered with the largest quarter-over-quarter sales dive for BCS, up to now.

Even though four of the five HP segments reported revenue declines -- and the fifth, Printing and Personal systems, was flat -- the company continues to post profits. The Enterprise Group managed to return the largest operating profit for Q4 of 2014, even while its sales declined. Profitability from these Enterprise products and services will buoy up the forthcoming HP Enterprise corporation. Only HP Printing, the keystone of the new HP Inc., is more profitable per dollar of revenue.

BCS 3000 replacements won't be providing as much profit during the forthcoming year. But HP predicts that its total, company-wide operations for 2015's fiscal year will net $6 billion in profits. Those are numbers for the combined company -- one which, by this time next year, will operate as two entities. 

Posted by Ron Seybold at 07:58 PM in Migration, News Outta HP | Permalink | Comments (1)

November 24, 2014

Building a Portfolio Away From Retirement

ClutteredclosetUsing analogies of moving out of a house and filling out scorecards, an hour of last week unreeled off a Webinar that showed how portfolios offer a plan for migrating and sustaining applications. Birket Foster and his crew at MB Foster showed how continuous and thorough software management helps available budget meet the most crucial needs.

A classic four-quadrant chart outlined the scoring of applications. One axis showed a business fit, the other a technical fit. Like all of the four-box charts, nobody wanted software in the bottom left, low in both aspects. But it's a business decision that drives most of the changes in IT these days. Scorecard the business fit of applications in a portfolio first, Foster said. If it scores well in that fit, go on to the technical fit.

The portfolio is the tool of governance, he added. Governing is a classic process to ensure the most needy get resources as required. Application Portfolio Management has been a favorite topic at MB Foster. It's only possible if a company knows its applications very well — and very well means with documentation that can be shared over time. The assets in a portfolio can be judged to be worthy of migration based on their risk-benefit-value. What helps a company most, and what could you least afford to let fall into that dreaded lower-left box?

QuadrantOnly about 5 percent of the community's applications can fall off that chart completely, ready for retirement. The largest group are suited for a same-capability migration, when they creep down. That 70 percent of the apps can get a lift-and-shift of their functionality, usually through replacement. It takes hundreds of hours per application.

What makes it less painful and swifter is cleaning in advance. As Foster said, "It's like moving out of a house. If you go through your closets regularly, you'll be moving less that you don't need." In this analogy, the closets are your data, which "has to be made available to the new app. It's not automatic."

One tool that helps to automate moving out is UDA Central, software that until recently wasn't sold as a standalone utility. The program MB Foster created came onto the job as part of a services engagement. But after winning an innovation award from the Canadian government, UDA Central is being productized. It will be offered to systems integrators outside of the MB Foster labs.

But the advice shared last week was more than a pointer to useful software. When deciding whether to re-host (lifting code to another computer) or replace, the full range of software assets gets inventoried. The real answer about what needs to be moved, and in what priority, comes from asking about the whole portfolio. While that study's going on, there are those closets to be cleaned. Few people do such cleaning, VEsoft's Vladimir Volokh says.

"They see a list of 100,000 files and do not want to scrap any of them," he said. "So they move everything to the new system." A tool like MPEX can assist by looking at the data that drives companies. That's work that can take place even before a transition is underway. There's no such thing as Data Portfolio Management, but governance of data is one way to practice for the informed choices of application governance.

When to set up an APM? 

  • When there's no accurate accounting of apps used by a business
  • When there's a lack of understanding of how apps support business processes
  • When assets degrade through declining business fit, agility and maintainability

Deciding where to put new money for IT to maximize returns, mergers and acquisitions, and synchonizing IT and business priorities all lead to APM, too.

Posted by Ron Seybold at 09:40 AM in Migration | Permalink | Comments (0)

November 18, 2014

Replacing rises as migrator's primary choice

Key_to_replacementIt's the end of 2014, just about. Plenty of IT shops have closed down changes for the calendar year. Many 2015 development budgets have been wrapped up, too. Among those HP 3000 operations which are still considering a strategy for transition, there's only one assured choice for most of who's left. They'll need to replace their application. Not many can rehost it.

We've heard this advice from both migration services partners as well as the providers of tools for making a migration. An HP 3000 is pretty likely to be running an application with extensive customization by this year. We've just now edged into the 14th year since HP announced a wrap-up of its interest in all things MPE/iX. Year One began in mid-November of 2011. After completing 13 years on watch during the Transition Era, there's a lot of migration best practices to report. More success has been posted, at a better price and on schedule, when a replacement app can be integrated along with a new server and computing environment.

Of course, massive applications have been moved. One of the largest was in the IT operations of the State of Washington Community College Computing Consortium. It was a project so large it was begun twice, over enough elapsed time that the organization changed its name. The second attempt better understood the nuances of VPlus user interface behaviors. There were 40 staffers and at least four vendor services groups working on the task.

One of the issues that's emerged for rehosting organizations is a reduction in MPE expertise. Companies can still engage some of the world's best developers, project managers, and rewriting wizards for MPE/iX. It's harder to assign enough expert human resources who know your company's business processes. That's why a top-down study of what your apps are doing is the sort of job that's been going out-of-house. By this year, it would be better to engage an outside company to replace what's been reliable. This hired expertise ensures a company doesn't lose any computing capability while it makes a transition.

You'll need the use of tools to manage data in a replacement, though. Everything else is likely to change, even in a replacement, except for the data. "Replacement requires reorganizing data," Birket Foster of MB Foster told us this summer. "You could start cleaning your data now." Foster is presenting a Webinar on the subject of the Three Rs -- Rehosting, Replacing, or Retiring -- tomorrow (Wednesday) at 2PM Eastern Time. 

A company making a transition to a replacement app needs to understand what data will be needed, at what detail level, and in what timeframe. The best answers to those questions might come from outside of the IT group. In face, Foster says they often do. A solid team of transition stakeholders always includes an important seat for a member from the business group.

Replacement of a 15- or 20-year MPE/iX app suite also might not be a favored choice in the IT group. That group includes the experts who know the programs best. Nothing seems like it will be a clean, quick fit for what's been running the company -- not at first. Replacing with a non-MPE version of the app sometimes leaves key integrated surround code at the curb, too. Replacing surround code is a good project for outside expertise. Companies which consult on that task have field experience on success to share.

The good news: replacing a business suite is not as dangerous as replacing a joint. You get to shop and specify and test for replacement software, even while the worn-down hip of the business suite continues to bear the weight of the company's enterprise. Backing out of a replacement -- replacing the replacement -- is just as extensive in software as it is in medicine. It's like doing it all over again. But replacing after an attempt at rehosting? That's the least effective strategy of all.

Posted by Ron Seybold at 07:04 PM in Migration, User Reports | Permalink | Comments (1)

November 14, 2014

Our World's Greatest Cartoon, Ever

101 MigrationsBecause it's so crucial, and because Alan Yeo was brilliant in commissioning it. Mark your calendars. (Click it for detail)

Posted by Ron Seybold at 02:39 PM in History, Homesteading, Migration | Permalink | Comments (0)

November 11, 2014

Veterans get volunteered for transition's day

1stCavHere on Veteran's Day — I'm a vet of the '70's-era military — I'm remembering there are IT pros with another kind of veteran status. They are people who count more than a couple of decades of experience with the HP 3000, managing their servers since before the time that Windows was the default computing strategy. They've been through a different kind of conflict.

I've learned that the most embattled managers employ a surprising tool. It's a sense of humor, reflected in the tone of their descriptions of mothballing the likes of 25-year-old independent apps during migrations. They have to laugh and get to do so, because their attempts to advance their positions might seem like folly at first look, or even in a second attempt.

Really, an assignment like putting Transact code into an HP-UX environment? Or take the case of working around a financial app software from Bi-Tech -- an indie vendor that "really stopped developing it for the 3000 years ago," according to City of Sparks, Nevada Operations & Systems Administrator Steve Davidek. There's been some really old stuff doing everyday duty in HP 3000 shops. The age of the applications was often in line with the tenure of the project's management.

These pros typify the definition of veterans, a term we'll use liberally in the US today to celebrate their sacrifices and courage. Facing battle and bullets is not on par with understanding aged code and logic. But two groups of people do have something similar at heart. Both kinds of veterans have been tested and know how to improve the odds of success in a conflict. Youthful passion is important to bring fresh energy to any engagement, military or technological. What earns the peace is experience, however grey-haired it looks next to Windows warriors.

With each mission accomplished -- from what looks like the Y2K effort of 14 years ago to embracing a roll-your-own Unix that replaced MPE's integrated toolset -- these veterans moved forward in their careers. "Our knowledge base is renewed with this work," one said after migrating apps that served 34 Washington state colleges. "We're on the latest products."

Recruiting IT talent into small towns — and the 3000 runs in many small cities where manufacturing labor is less costly — meant hiring for Windows experience. Adopting Windows into an organization means leaving proprietary environments even more popular than MPE/iX. Like HP-UX.

HireVetLeaving a familiar environment means enduring risks. But a tone of "yeah, that'll happen, but we'll manage through it" is what I hear from the 3000 pros marching into the dark of 2015 and beyond. And if a migration is happening next year or the years beyond, you may want to thank a colleague -- anyone whose IT battles have promoted the knowledge that creates veterans, marching in the ranks of both managers and vendors alike.

Les Vejada worked with HP 3000s for more than 20 years at HP, then moved on to HP's other enterprise platforms until the vendor cut his job. It was as if he'd mustered out of a unit. "I don't work with the 3000 anymore," he told us when he joined the Linked In HP 3000 Community. "I know the 3000 is dying, but it brings back a lot of great memories. I probably would still take something on a MPE machine if offered." Whether it's in-house, or in-community, one motto remains as valid today as it did after any conflict: Hire a Vet.

Posted by Ron Seybold at 04:23 PM in Homesteading, Migration, User Reports | Permalink | Comments (0)

November 05, 2014

Migration plans: Rehost, Replace, or Retire

CircleRMigration begins with an inventory. Application by application, an IT manager does triage on every program on their 3000. The goal is to come up with a disposition for each app. Some ccan be rehosted. Apps built with PowerHouse might be moved to other servers, for example. For other apps, they can be replaced. Ecometry sites could adopt the CommercialWare application, in some cases. Or in other instances, an in-house program suite can be replaced by a Commercial Off The Shelf app. Migration services company MB Foster likes to call those replacements COTS. The company has a Wednesday webinar scheduled on Nov. 19 to explore planning to replace COTS and more.

Foster calls the strategy the Three R's of Migration: Rehost, Replace, Retire. At 2 PM Eastern Time in a couple of weeks (register here), Birket Foster will lead a slide talk with time for questions about what to do if you're migrating away from any one of the above types of applications. The word Retire is already on the minds of MPE-savvy managers, since most of them are older than 50. It turns out that applications can find the end of a career even before their caretakers do.

It's not always this way. At the San Bernadino County schools, the apps to run the California district will have a retirement date from the 3000 that falls after the district's 3000 expert. Sometimes, though, a migration can become easier when older programs that have fallen into disuse are simply erased. There's no need to migrate such an app.

However, there's only one sure way to discover these retirees: inventory and analysis. MB Foster's summary for the Nov. 19 webinar breaks that triage process into inventory of app environments; rating the functionality vs. business suitability of each app; then organizing and prioritizing with a study of interfaces and grouping used that applies to each app. COTS carries a different set of requirements to study during migration planning, the company says, than in-house apps.

Look at the IT resources in your company as a portfolio, Foster advises. Create a profile for each asset in your portfolio, using an inventory of the documents, tools, and other parts of each application's environment. Pay attention to these elements across the lifecycle of the app.

The first stage in the lifecycle is a requirements document. What are the workflows being supported? Was the application built or bought, and what roles were considered as the project to charter the application began? If the application is built in house, then technical documentation for the app's design and delivery will be required. If the application is COTS software, then the requirements documentation changes, to include the software selection process and a Fit-Gap analysis.

Every application spends time crossing through three environments: Development, Test, and Operations. Migrating anything means that IT management must consider how to move away from Development elements such an IDE, or source control software, change control tools, scripting languages, and compilers. 

Foster says in its summary for the webinar that making a transition away from an app's Test environment means analyzing the test tools, methodologies, test scripts, plus documentation for the app's unit test, integration test, and UAT (User Acceptance Test).

The inventory for analysis of an Operations environment studies "scripts for operating daily, weekly, monthly and other periodic functions," as well as "the toolkit for monitoring the production environment (unique or shared), the scheduler, and other production environment tools."

The analysis will allow the 3 R's of migration to be applied – Rehost, Replace or Retire. Once the application portfolio is divided into these categories, it is time to organize and prioritize the applications. Each application may be standalone or grouped – and the triage process will need to note any internal or external interfaces that will be impacted.

Foster says the webinar will examine and teach about those processes. It might be a way to bring something closer to retirement: an aging 3000, or even old business practices for IT.

Posted by Ron Seybold at 08:18 PM in Migration | Permalink | Comments (0)

November 03, 2014

10 years ago, was the 3000 halfway gone?

I revisited a set of user conference slides from 2004 recently, and I found a scheduling milestone. A presentation at that final Interex show in Chicago included a schedule warning. In that year, it was about halfway through the period HP gave the community to get away from their HP 3000s. The deadline for the end of HP support was December 31, 2006, as of the week the presentation rolled out in Chicago.

Go 95%"Put your plan into the budget during this summer of 2004," one slide suggested. Using that timeline, an IT manager could commence migrating by the summer of '05 and complete a migration by the end of 2006. To be sure, 18 months is a swift migration schedule, but it's possible -- if a company can budget for some outside expertise for project management and coding. The tests will usually be handled in-house. That's up to one third of a migration project's timeline, according to migration services experts like MB Foster.

By the next fall, HP was pulling the carpet out from under such companies. That deadline for HP support got extended by 24 months. With that change, that halfway-gone point was still at the moment of HP's rescheduling. But now there were more than 36 months left. People had not migrated in enough numbers. A greater factor: HP made a business decision to keep support business alive and earning revenues for another two years. It was high-profit revenue. High enough that the deadline got moved again, out by another 24 months.

Since those days, we've seen many customers use the same sort of rolling-forward deadline for their migrations. They plan for the end of 2013, for example, then push out to the end of 2015. Just like HP, customers in places like California school districts and manufacturers in the Southwest are taking more time because they like the return on investment. They can afford to reset the halfway mark.

But what if 2004 was the start of 95 percent of migrations, and the decade since then represents halfway-gone? What's left by now in the user community still includes companies of serious size.

Last week we heard of the farthest-out 3000 shutdown date ever scheduled: 2024. Sure, if that replacement project at the MANMAN site gets done sooner, the 3000 will go dark faster. But right now, 2014 is their halfway point, even if you only counted back a full decade ago.

Another customer, the San Bernadino, California school district, will not switch off until the end of 2017. So far away that its resident 3000 guru will already be retired. In that shop, even the exit of expertise won't move things along faster. Operations calendars play a role in scheduling.

The end of the calendar year is a typical time to switch things over for the schools that use the 3000. Classes end in December for a long break. E-commerce and retail companies like Musician's Friend, a former Ecometry site, consider the middle of summer to be their safe cutover time.

A one-month operations break, or even the 90 days before holiday retail time, is a short window compared to a full year. If a site doesn't get to its deadline window in time, there's an extra 6-12 months of 3000 operations to schedule. This mandates a Sustain plan.

Even back in 2004 the presentation advice included Sustain strategy. It included the same counsel given to migrators: Innovate before you migrate. Innovation is the one advantage of extending a halfway point. The IT staff can do some immediate-payback work. Innovation to existing systems helps as soon as it's tested.

Innovations in existing 3000 systems is not as crazy as it sounds. If you're aiming at innovation targets, these three were part of the 2004 slide set.

  • Projects that affect operational efficiency and ROI
  • Projects that build sills and experience on your staff
  • Projects that will help with year-over-year comparisons in the future

If that final target isn't clear, it's a good practice to get another set of eyes on migration planning. IT stakeholders are one set of eyes. Another potential is the migration planners in your community. Knowing what to innovate before you go away: this is also preparing for a migration.

Posted by Ron Seybold at 10:25 AM in Homesteading, Migration | Permalink | Comments (0)

October 29, 2014

Security experts try to rein in POODLE

PoodlelocksSometimes names can be disarming ways of identifying high-risk exploits. That's the case with POODLE, a new SSL-based security threat that comes after the IT community's efforts to contain Heartbleed, and then the Shellshock vulnerability of the bash shell program. HP 3000s are capable of deploying SSL security protocols in Web services. Few do, in the field; most companies assign this kind of service to a Linux server, or sometimes to Windows.

The acronym stands for Padding Oracle on Downgraded Legacy Encryption. This oracle has nothing to do with the database giant. A Wikipedia article reports that such an attack "is performed on the padding of a cryptographic message. The plain text message often has to be padded (expanded) to be compatible with the underlying cryptographic primitive. Leakage of information about the padding may occur mainly during decryption of the ciphertext."

The attack can also be performed on HP's Next Generation Firewall (NGFW), a security appliance that is in place protecting thousands of networks around the world. Other firewalls are at risk. Just this week HP released a security patch to help the NGFW appliances withstand the attack. External firewalls are a typical element in modern web service architectures.

A POODLE attack takes a bite out of SSL protections by fooling a server into falling back to an older SSLv3 protocol. HP reported that its Local Security Manager (LSM) software on the NGFW is at risk. But a software update is available at the HP TippingPoint website, the home of the TippingPoint software that HP acquired when it bought 3Com in 2010. TippingPoint rolled out the first HP NGFW firewalls last year.

The TippingPoint experts seem to understand that older protocols -- a bit like the older network apps installed in servers like the 3000 -- are going to be indelibile.

The most effective mitigation is to completely disable the SSLv3 protocol.  If this is not possible because of business requirements, alternately the TLS_FALLBACK_SCSV flag can be enabled so that attackers can no longer force the downgrade of protocols to SSLv3.

What's at risk in your data pool? HP says it likely to be sensitive, short strings of data such as session IDs and cookie values, "which can then be used to hijack the users' sessions, etc."

Et cetera indeed. The added challenge which enterprise managers assume once they move into open networks are the POODLEs, shocks to a shell and the bleeding hearts of newer operating environments. The security expertise to meet these challenges is a well-spent investment -- whether it's through a 3000-savvy services provider, or the vendor of the migration target system that's just replaced a 3000.

Basic information on these threats is always provided for free. Implementation savvy can be a valuable extra expense. For example, HP adds this nuance about disabling protocols. 

An important note:  both the client and server must be updated to support that TLS_FALLBACK_SCSV flag. If both allow for SSLv3 and one of them has not been updated to support the flag, the attack will remain possible.

Posted by Ron Seybold at 08:48 PM in Migration, News Outta HP, Newsmakers, Web Resources | Permalink | Comments (0)

October 24, 2014

Legacy Management: More than Rehosting

LooksoftwareSpeedware became Freshe Legacy several years ago, and in 2012 the company's business crossed the watershed from Hewlett-Packard sites to those running IBM's AS/400 servers. The latter is now called IBM i, and in one interview Fresche CEO Andy Kulakowski said the company's customers are now 85 percent IBM users.

The world of IBM i is still populated with product releases, vendor support, and the challenges of keeping a legacy line of computing looking current. Last month Fresche purchased the assets, intellectual property and customer base of looksoftware (yes, all lowercase and all one word.) Next week the newest tool in the Fresche belt goes on display in one of the oldest of enterprise venues: a $949 user conference, COMMON.

COMMON has served IBM users since before there was an Interex. The first meetings of the group surrounded the IBM Series 1800, a data acquisition and control system which was similar to the 3000 in that it used a Multi Programming Executive (MPX) operating system. COMMON meetings began in the 1960s, and the 1800 was used in product for more than 50 years. Even though COMMON attendance has dropped and the gatherings have gotten shorter, the group still assembles the experts and the faithful once a year for a classic expo and education event. This year's is in Indianapolis, following the model that Interex used for HP 3000 customers: a moveable feast taking place in cities both great and, well, common. One forgettable year the Interex show was held in Detroit. In the Midwest, however, a great number of manufacturers and distributors have always used business systems like the 3000 and the i.

ModernizationDrill into the looksoftware website and you'll find mention of the HP 3000 in the Modernization Solutions section. Along with methodologies such as cloud enablement, database modernization and automated code conversion, MPE/iX customers can find a relevant line, "Re-hosting (HP e3000)." COMMON attendees could very easily hear about rehosting at the conference. After decades of serving just the AS/400 family, it's now an expo that embraces Unix and Linux computing from IBM, too.

There are other methods to revitalize an HP 3000, but moving those business applications onto a new host is the classic strategy. Business Rules Extraction, Consolidation and Export is also among the solutions listed in the looksoftware services stable. Taking a customer's business rules along during any transition is a must. A "lift and shift" is what Fresche called the move onto non-3000 hardware back when the firm was called Speedware.

There's not much of that kind of business left in the 3000 customer base by now -- certainly not compared to the number of modernization opportunities for the AS/400 crowd. IBM has a strategy book that's released every year for IT planners called the Redbook. The latest edition, the largest ever in the history of the publication, is Modernizing IBM i Applications from the Database up to the User Interface and Everything in Between. Over at the IT Jungle website, the editors are calling the current Fresche strategy of acquistions "a page right out of the Redbook." The book's 687 pages are summed up thusly by the website.

It refers to modernization as "a sequence of actions" and "a process of rethinking how to approach the creation and maintenance of applications." Much of the focus is on application structure, user interface, data access, and the database. There's a lot of out with the old and in with the new here.

Adding new companies isn't new to the Speedware/Fresche history. The company acquired Neartek for the latter's AMXW software, for example, once the migrations were in full play in the 3000 market. Databorough is a similar acquisition, a database software firm whose products are useful tools in the mission Fresche calls legacy modernization. User interfaces get a rejuvenation, data access and pathways to more current data resources, and usually newer hardware arrives. Not hardware from a vendor other than IBM, however. For that kind of modernization, you have to look to the HP 3000 community. Yes, Fresche Legacy will rehost your MPE/iX apps, using a different methodology than any virtualization supplier. The new technology goes beyond hardware and IO and chip-level environments. It includes a new operating system, databases, and surround code.

One of the other significant throwbacks in legacy enterprise arenas are languages. MPE's got COBOL, and the IBM i has RPG. The RPG langauge was once so central to IBM enterprise computing that HP built an RPG compiler to run on the 3000. Its goal was to steal away Series 38 IBM shops. Next week at COMMON, Kulakowski will be spreading the message that in the IBM world, "There are lots of tools and services that support the move from RPG to more modern environments."

Kulakowski sees the age of the engineer and developer as a factor in modernization. Quoted in IT Jungle, he said

Generations X and Y are coming. They are very big part of population and will be far more demanding than we were. I think it would be a losing battle to try to convince them to use RPG as a development platform. It's up to us to set the table for the generation to come. We have the tools and technology to do that. That's the revolution I would fight for.

Fighting for refreshed MPE/iX hardware is a campaign for the non-migrating 3000 customer -- managers and owners with no conferences left to attend, and nothing like a 678-page Redbook playbook to follow. There's only one virtualization vendor for PA-RISC hardware, so at least the vetting of the suppliers won't take as long. There's not much choice, and that can have its downsides. But it might be a good thing to have no reason to visit Detroit or Indianapolis this fall, just to keep an IT operation modernized. Late-generation hardware is about as modernized as an MPE homesteader will be able to get.

Of course swapping out hosting hardware, by using a Linux cradle for MPE/iX, is a different level of churn than turning out the operating environment. For that sort of change, a trip to a city to ask questions face to face might well be a good business process.

Posted by Ron Seybold at 06:49 PM in Migration, Newsmakers | Permalink | Comments (0)

October 22, 2014

What Needs Replacing, at Its Heart?

Porsche-getaway-carHewlett-Packard's 3000 hardware has started to show its age this year. Even the newest of servers was built at least 11 years ago. Although that's an impossible age for PCs or tablets, more than a decade isn't outrageous for systems created by HP. These things were built to the specs of spacecraft, on the good days of the manufacturing line in Roseville, Calif. and elsewhere.

However, even a server of rigorous construction has moving parts and electrical components with a finite lifespan. Lately we're been hearing from customers whose managers have awoken from a peaceful slumber, dreaming of limitless hardware lifetimes. Hey, say they, how did we ever get to be relying on computers built before Y2K?

At this point there are no questions about MPE/iX, or TurboIMAGE, or the pedigree of bash shell software, or the built-in the ODBC data connection capabilities, or jobstream management. These are all stand-up, solid citizens, even through their range of motion can be limited. (So is mine, but like the software above, I work to stay limber.)

No, this is all about the age of the iron. HP stopped building servers that ran MPE apps more than a decade ago. So, is it out those apps go, the baby tossed with the hardware bathwater? It's a simplistic way to approach system reliability. However, until recent years there was no newer hardware to lift those apps onto. Fresh steeds, in the shape of faster and newer computers, hadn't been in the stable in many years.

Users would like to move to implementation straight away, once they get that "What's up?" inquiry from the boardroom. The fastest path to Get Me Outta Here -- indeed, the most ready getaway car -- seems to be the Stromasys virtualization solution. There are more complete, wider-ranging moves. They take a great deal longer, because their details demand they move slower.

The last time we were asked about this, and the community's practices, we had to answer there's a growing number of Charon virtualization users out there. There are still many more sites who no longer use the 3000 because they're left MPE and TurboIMAGE.

The best set of practices for each customer is only going to be checked rigorously using an assessment. Which programs are used, what data types are still viable, what networking and sharing services are on demand -- the answers to all of these give the perspective that sees farthest forward into the future of corporate IT strategy.

But if you want to move away from hardware only supported by third parties, computers not built or backed by their creators, the Stromasys Charon package using new iron -- even HP's -- is the fastest path that we have seen. The level of complexity to put MPE onto Linux hosts isn't trivial, but it's well tested. It looks like the kind of getaway vehicle that lets you take the big money of apps away from the bank, instead of just the bank book of application designs and data.

Posted by Ron Seybold at 09:14 PM in Homesteading, Migration | Permalink | Comments (0)

October 20, 2014

3000's class time extended for schools

SB County schoolsThe San Bernadino County school district in California has been working on moving its HP 3000s to deep archival mode, but the computers still have years of production work ahead. COBOL and its business prowess is proving more complicated to move to Windows than expected. Dave Evans, Systems Security and Research officer, checked in from the IT department at the district.

We are still running two HP 3000s for our Financial and Payroll services. The latest deadline was to have all the COBOL HP 3000 applications rewritten by December 2015, and then I would shut the HP 3000s down as I walked out the door for the last time. That has now been extended to 2017, and I will be gone before then. 

We are rewriting the COBOL HP 3000 apps into .NET and Windows Presentation Foundation (WPF) technologies. Ideal says they can support our HP 3000s until 2017.

And with the departure date of those two HP 3000s now more than two years away, the school district steps into another decade beyond HP's original plans for the server line. It is the second decade of beyond-end-of-life service for their 3000.

Evans was checking up on the timeline.

In the original timeline HP published, did HP announce in November 2002 that the HP 3000 was at end of life? That HP 3000 production lines would shut down in 2004, and all HP 3000 support would end 2007?

Very close, but not quite accurate. The 3000's future got its exit notice from Hewlett-Packard in 2001 (almost 13 years ago), and system manufacturing ended in 2003. The first of HP's end of life deadlines was December 2006. Virtually nobody would have figured in 2001 they'd have MPE applications still in service more than a decade after 2006. 

But San Bernadino County is giving lessons on how to extend an investment, even while it finishes a migration. By the time those school district servers go offline -- and they won't be the last in the world by any means -- the 3000 product platform will have been in continuous production service somewhere in the world for 43 years.

Posted by Ron Seybold at 10:26 PM in History, Homesteading, Migration, User Reports | Permalink | Comments (0)

October 17, 2014

Tracking MPE/iX Vulnerability to Shellshock

Security experts have said that the Shellshock bug in the bash shell program is serious. So much so that they're comparing it to the Heartbleed breach of earlier this year. Many are saying Shellshock is even more of a threat.

Screen Shot 2014-10-17 at 8.22.33 PMOnce again, this has some impact on HP 3000s, just like Heartbleed did. But you'll need to be managing a 3000 that's exposed to the Internet to see some risks to address as part of system administration. Web servers, domain name servers, and other net-ready services provide the opportunity for this malware. There's not a lot of that running in the customer base today, but the software is still sitting on the 3000 systems, programs that could enable it.

Authorities fear a deluge of attacks could emerge. The US government has rated the security flaw 10 out of 10 for severity.

Bash is open source software, and our expert on that subject Brian Edminster is working on a specific report about the vulnerabilities. Hewlett-Packard posted a security bulletin that points to a safer version of the bash shell utility. But that version won't help HP 3000s.

It's not that HP doesn't know about the 3000 any longer. The patching menu above shows that MPE is still in the security lexicon at Hewlett-Packard. But Edminster thinks the only way to make bash safe again on MPE might be to port it a-fresh. "The 3000's bash is version 2.04, but the version that's considered 'current' is 4.x (depending on what target system you're on)," he said. "So if v2.04 is broken, the code-diffs being generated to fix the issues [by HP] in late-model bash software won't be of much (if any) use."

One report in a UK newspaper suggested that "if online retailers use older, mainframe-style computing systems, they are likely to be vulnerable." That sounds like one way to describe the Ecometry sites still selling online with MPE versions of that software. Many of those customers do not have the 3000 directly exposed to the Internet, though.

The bug allows hackers to send commands to a computer without having admin status, letting them plant malicious software within systems.

HP has released a software update to resolve the vulnerability in HP Next Generation Firewall (NGFW) running Bash Shell. Version NGFW v1.1.0.4153 will fix the breach in that that product. But NGFW doesn't run on MPE/iX.

Edminster forwards this advice while he's working on his report.

It's most likely to be an issue for web services that use bash scripts to process web-page input for example, such as machines exposed to the Internet, and those that have services that can accept input from the 'net. I'll work to round up as many examples of potential places this can be felt on a 3000, so that folks know where to look.

Yep — this one is messy, because it's not quite so cut-and-dried as HeartBleed was.

Posted by Ron Seybold at 08:33 PM in Homesteading, Migration, News Outta HP, Newsmakers | Permalink | Comments (0)

October 15, 2014

Signed malware stalks HP's Windows boxes

HP will be revoking a security certificate for its Windows-based systems on Oct. 21, and the vendor isn't sure yet how that will impact system reliability.

StalkingThe bundled software on older HP PC systems has been at risk of being the front-man for malware, according to a report in the Kerbs on Security website. This code-signing is supposed to give computer users and network admins confidence about a program's security and integrity. HP's Global Chief Security Officer Brett Wahlin said the company is revoking a certificate it's been using even before 2010.

HP was recently alerted by Symantec about a curious, four-year-old trojan horse program that appeared to have been signed with one of HP’s private certificates and found on a server outside of HP’s network. Further investigation traced the problem back to a malware infection on an HP developer’s computer. 

HP investigators believe the trojan on the developer’s PC renamed itself to mimic one of the file names the company typically uses in its software testing, and that the malicious file was inadvertently included in a software package that was later signed with the company’s digital certificate. The company believes the malware got off of HP’s internal network because it contained a mechanism designed to transfer a copy of the file back to its point of origin.

The means of infection here is the junkware shipped with all PCs, including HP's, according to HP 3000 consultant and open source expert Brian Edminster. In this case, the revoked certificate will cause support issues for administrators. The certificate was used to sign a huge swath of HP software, including crucial hardware and software drivers and components that are critical to Windows.

"This is one of the reasons that I absolutely loath all the 'junkware' that is commonly delivered along with new PCs," Edminster said. "I end up spending hours removing it all before I use a new PC." Recovery partitions on Windows systems will be at unknown risk after the certificate is pulled Oct. 21, too.

HP's Windows computers have recovery partitions on the boot hard drive that can restore a system to its original, factory-shipped software configuration. That configuration includes the junkware.

"For me, this junkware is just chaff," Edminster said, "and an opportunity to clog up a machine that's supposed to be pristine and new. To say nothing of increased opportunities for the sort of thing outlined in the Kerbs article."

HP's Security officer Wahlin said that admins will have to wait to see the impact of that revoked certificate, according to the article.

The interesting thing that pops up here — and even Microsoft doesn’t know the answer to this — is what happens to systems with the restore partition, if they need to be restored. Our PC group is working through trying to create solutions to help customers if that actually becomes a real-world scenario, but in the end that’s something we can’t test in a lab environment until that certificate is officially revoked by Verisign on October 21.

Posted by Ron Seybold at 10:15 PM in Migration, News Outta HP, Newsmakers | Permalink | Comments (0)

October 14, 2014

Making a Migration Down the Mountain View

After an exit off the HP 3000, the City of Mountain View is now also saying goodbye to one of its longest-tenured IT pros. Even beyond the migration away from the municipality's Series 957, Linda Figueroa wanted to keep in touch with the HP 3000 community, she reported in a note. "I started working on a Series III back in the 1980s," she said.

Inside Pocket GuideBut after 38 years with the City, and turning 55, it's time to retire. At a certain time, city employees with as many years as I have get the "when are you retiring?" look. We had 3000s running at the City of Mountain View from 1979 until 2012. 

Pocket GuideOur first HP 3000 in 1979 was a Series III system (which I just loved; always felt so important pressing those buttons). It had a 7970E tape drive, four 7920 disc drives and a printer. Then we moved to the monster Series 68, and ended up with the Series 957 with DLT tapes — no more switching reel-to-reels! I still have my MPE:IV software pocket guide from January 1981. (I couldn't get rid of it — coffee stains and all.)

When Mountain View took down its HP 3000, a couple of years after the switchover, the City turned off all of its other Hewlett-Packard servers, too. Only its software suppliers have made the transition, proving the wisdom that customers are closest to their applications — and leave the platforms behind. But MPE — from System IV to MPE/iX 6.5 — and the HP 3000 did more than three decades of service at Mountain View.

Mountain View first purchased Dell servers to replace the HP 3000 in 2010. "We had Utility Billing and Business License software from Idaho Computer Systems," Figueroa said. "We still run the same software from DataNow (a vendor previously known as Idaho Computer Systems). But we run it now on Dell servers."

"Up until 2012 we had an HP 9000 Unix system running our IFAS accounting software from SunGard Bi-Tech. These computers were also replaced by Dell servers."

The veteran IT manager added that she used Adager, Suprtool, Reflection and several other products on the 3000. "I also used VEsoft's products, Figueroa said. [VEsoft founder] "Vladimir Volokh would make site visits once a year for years, begging me to update our software."

Posted by Ron Seybold at 11:22 PM in Migration, User Reports | Permalink | Comments (0)

October 10, 2014

When Smaller Can Be Better

SmallgoldfishHewlett-Packard has chosen to cleave itself into two much smaller companies. It will take most of the next year to make that a reality. But it might be an advantage to return to working with a more nimble company. Well, an advantage to the 3000 site that's migrating to HP's other computer enterprise solutions, or has done so recently.

Over at the New York Times, the tech writers found something to praise even while they questioned the wisdom of the move. 

In one day, Meg Whitman has created two of America’s biggest companies. All she had to do was break apart Hewlett-Packard, the company credited with creating Silicon Valley. HP Enterprise is targeting a market that appears full of potential innovations, while HP Inc. seems stuck in the low-margin consumer hardware business that has proved a slog for companies not named Apple or Samsung.

It appears Whitman has found a vision: one that looks a bit like the IBM of the West — with an emphasis on products rather than IBM’s consulting services — and another that looks a bit like Compaq Computer, a Texas computer company that HP controversially merged with 12 years ago.

A long time ago, in a marketplace now far away, 3000 owners wished for some breaking off. The HP 3000 wasn't a part of Hewlett-Packard's vision? Fine. Sell the unit off and let's get on with a focused future. At the time, the business was said to turn over $1 billion yearly. Even at half that size, it would've been big enough to survive with customer loyalty. If the 3000 had nothing else going for it, you could count on loyalty.

All opportunities now gone, you say. You just cannot break up an enterprise tech player like that. Then Whitman chops a massive company into two much smaller parts. Smaller has been better for the typical 3000 customer for a long time. Yes, there are times when there are advantages of being big: When a 3000 user got more from a company which sprawls to supersize, in sales and scope of solutions. You get predictability, alliances and headroom from companies sized HP. The vendor so lusted after being No. 1, which did not become a path to long-term success.

3000 community members understand that smaller can be better -- not bigger -- especially when they use what the independent vendor lives upon. Small companies respond faster, polish relationships, and commit for life.

Faster response can mean software that is enhanced sooner, or answers that resolve problems more quickly -- because a smaller company has fewer layers for a customer to dive through. Relationship polishing is the personal attention to a company of any size: the kind of experience that HP 3000 managers, who may now be CIOs and CTOs, recall getting from a smaller HP.

As an example, the Support Group knows its customers on a first-name basis. The operations at this 3000 provider include a hotsite datacenter located about 100 yards from the call stations. This integration of support and cloud services is natural, seamless, and don't require a special manager to coordinate.

You can get that kind of integration in an encounter from HP for a migration platform. Whether it slips smoothly into the budgets of small to midsize companies is less certain. So much of the HP offerings don't come from Hewlett-Packard while the vendor engages smaller customers. Independent partners deliver services in what HP considers a smaller marketplace.

Then there's that "outside the product" call that a 3000 user makes to a long-time supplier. This call is really about the 3000, not the product in the support contract. But that doesn't make a difference to a smaller company than HP. Large IT vendors don't even have a coding category to let that call begin, let alone be resolved.

Finally there's the final chapter of a relationship between smaller customer and smaller provider. I call this "commit for life" because it represents the intention to maintain a relationship to the very end, not when a business strategy changes in a boardroom. Years ago, Robelle told the community it would support the 3000 until at least 2016. As long as there's still a customer around, STR Software says they'll support them on the Fax/3000 solution. Commit for life means a smaller vendor's lifespan, most of the time, -- not the lifetime of its business plans.

Posted by Ron Seybold at 09:48 PM in Homesteading, Migration, News Outta HP | Permalink | Comments (0)

October 09, 2014

TBT: A 3000 Newsworthy Birth Day

Inaugural IssueThe first issue of the Newswire ran its black and red ink across 24 pages of an early October issue. Inside, the first FlashPaper late-news insert had been waiting a week for main-issue printing to catch up with mailing plans.

In our ThrowBack to this week of 1995, the first issue of The 3000 Newswire rolled out into the mails. The coverage of the HP 3000 was cheerful enough to encourage a belief that the computer would run forever -- but 19 years of future was far from certain for either the system or the first 3000-only publication. Volume 1 (the year), Issue 1 came out in a 24-page edition, the same page count of the printed issue that just mailed this Fall. At the Newswire's introduction, one user group leader wondered aloud, on a bus ride during the Interex '95 conference in Toronto, "what in the world you'll might be able to find to fill up the news in Issue No. 2."

The last of the competing HP-only publications closed its doors 10 years later, when Interex folded its user group overnight. Interact, HP Professional, SuperGroup, HP Omni and others turned out the lights during that decade.

The Newswire's first mailed issue was carrying the news circulating in mid-August during an Interex conference. For the first time in 10 years, an HP CEO spoke at the Interex event. However, Lew Platt was a current CEO when he spoke to the 3000 faithful. David Packard was a former CEO and board member when he addressed the multitudes at Interex '85 in Washington DC.

Platt said that HP 3000 users had nothing to fear from a future where Unix was in vogue at HP. Earlier in the day, speaking before the full assembly of users, he said HP was going to making new business by taking out older products. At an editor's luncheon we asked him what that mission held for the 3000.

Platt explained his prior comments on cannibalizing HP's business to maintain steady growth. MPE/iX won't be served up in a pot anytime soon. "I don't mean leaving customers high and dry," he said. "HP has worked extremely hard with products like the HP 3000 to make the people who have bought them have a good future. We've put an enormous amount of energy out to make sure we can roll those people forward. I'd say we've done a better job than just about any company in the industry in providing a good growth path for those customers."

The CEO went on to explain how cannibalization would work. HP would take a product, such as a printer, that was doing perfectly well and may still be a leadership printer in the market -- and bringing in a new one before it's reached its end of life. If you substitute "business server" for "printer" in that plan, you can see how a computer that was doing perfectly well might see a new computer brought in before the end of its life. In that issue, the Newswire story noted that the project we'd learn to call Itanium six years later was going undercover, so that new product wouldn't lock up existing server business for a year before it would ship.

HP was calling the joint effort with Intel the Tahoe architecture, and Platt would be retired from his job before anything shipped.

Sixteen more stories made up the news in that October of 19 years ago. The Series 9x9 line had an 8-user model introduced for just under $50,000. It was the era when a 3000's price was set by the number of its concurrent users. A 40-user 939 sold for $30,000 more, despite having no extra horsepower. User-limited licensing, which HP maintained for the 3000 while Windows was free of limits, would continue for the next six years.

An Interex survey said that three-fourths of 3000 customers were ready to reinvest in the line, but the article focused on the better value of the server in the users' estimation. HP's Unix servers were compared to the 3000.

The story atop Page One addressed the limits of those user-based licenses, and how a requested MPE improvement would help. SIGMPE's Tony Furnivall said that "if you could have multiple, independent job queues, the same algorithms ight be used to limit the number of active sessions." Any 8-user 3000s that were replaced with 800-user systems would be subject to more costly software licenses from third party firms. User-based licensing was prevalent, if not popular, in the 3000 world of October 1995.

On the first three inside pages were a story about the country's oldest pastime, a pointer to a then-new World Wide Web that included a Newswire page, and a full-page HP ad that said, "You want open systems computing. You don't want to move mountains of critical data to a new platform." Hewlett-Packard would hold that view for about six more years. The next 13 have made up the Migration Era, with a Newswire printed across every one of those years. The Newswire has been published more than twice as long during those migrations as all the years before HP announced the end of its 3000 plans.

Cal Ripken, Baltimore Orioles baseball all-star, was breaking a record for consequitive games played that began 13 years earlier. "We're here in your hands this month because of the legendary, Ripken-esque performance of the 3000 deserves more attention," an editorial crowed.

A PC and printer executive at HP got the job as chief of all computer business. It was the second additional layer of management inserted between the CEO and the 3000 group. Rick Belluzzo was 41, commanding a $20 billion sector, and didn't have a specific job title. Olivier Helleboid was 3000 General Manager three levels down.

Windows 95 was launched at that Interex show in Toronto with a mountaineer rappelling down the CN Tower, stopping halfway and "using Win95 from a wireless laptop. It was all too much for Birket Foster, president of HP 3000 channel partner M.B. Foster Associates and a supplier of Windows products."

"It's all a media event," Foster said. "Is the average user going to do that? It's all way too much hype for what's being delivered." A survey showed no manager had installed Win95 company-wide yet. 

HP's managers shed their coats and ties at a roundtable en masse, after customers pointed out that IBM's officials dressed casual on the conference's expo floor. A technical article detailed the relief that PatchManager/iX delivered for MPE patch installs. New 3000 integrators were announced for manufacturing and FileNet workflow document services; the latter had six companies listed in the US.

One of those in-between HP managers said the company "now sees the 3000 as something sold to new customers mostly as an engine for specific applications, like manufacturing or healthcare systems." Porting applications from other systems would be made easier with the first C++ for MPE, the freeware GNU C++ suite, bootstrapped by ORBiT Software's Mark Klein. The GNU package made possible a host of open system tools within two years. "HP is helping to distribute GNU C++ form its HP 3000-based World Wide Web server on the Internet," the story added.

Ultimately, the Web server software HP shipped for MPE/iX was ported from Apache source code from the open systems world. HP told its DeskManager office communications users to expect enhancements first on HP's Unix systems. Helleboid, forecasting HP's final act in the 3000 world years later, said in the first Q&A that HP would collaborate with arch-rivals IBM, Digital and Sun to create "a complete environment for Unix applications."

Helleboid also said that the 3000's Customer First strategy would be presented to other HP computer groups such as its Unix group. "Customers are looking for this kind of relationship," he said in a forecast of using 3000 ideas to improve replacement business models.

Posted by Ron Seybold at 09:49 PM in History, Migration, News Outta HP | Permalink | Comments (0)

October 08, 2014

Another Kind of Migration

Change is the only constant in life, and it's a regular part of enterprise IT management, too. Another sort of migration takes place in one shop where the 3000 has been retired. Specialized scripts for automation using Reflection are being replaced. Thousands of them.

RhumbaMicro Focus, which owns Reflection now as well as its own terminal emulator Rumba, is sparking this wholesale turnover of technology. Customers are being sold on the benefits of the Micro Focus product as part of a suite of interlocking technologies. When that strategic decision is taken, as the British like to say (Micro Focus has its HQ in the country) the following scenario plays out.

Glenn Mitchell of BlueCross BlueShield of South Carolina reported his story, after reading our report on Micro Focus acquiring Attachmate.

I can certainly see many parallels between the latest change at our organization and the migrations many of us undertook from MPE to other platforms. 

It has been many years since I was heavily involved with the 3000 and the 3000 community.  One of the ties back to those old days has been that we use Reflection 3270 as our mainframe terminal emulator here. I’ve done a number of extensive macros in Reflection VBA to assist our customers and developers, and I understand we have thousands of Reflection VBA and Reflection basic scripts in use throughout the company. (We’re a mainframe-centric organization specializing in high-volume claims processing, including Medicare claims in the US.)

Some months ago, I was told we were dropping Reflection and moving to Rumba by Micro Focus (the old Wall Data product) as a cost-saving measure. As part of that move, all of my macros will need to be converted to use the EHLAPPI interface in Rumba.  According to the support staff here, a conversion was going to be required anyway to move to the latest version of Reflection. Well, the support staff has done a good job and many thousands of macros run pretty successfully with some special conversion tools they’ve provided.

Of course, mine don’t, yet.

"As a former WRQ PC2622 user," Mitchell added, "it’s as sad to see my days with Reflection coming to an end as much as my days with MPE ended." As for EHLAPPI, it stands for Enhanced High Level Language Application Program Interface. And with any acronymn that has seven letters, it's a design choice that's got quite a, well, legacy air to it.

It's an API that goes back to the early PC days, and allowed a program running on the PC to "scrape" data from a terminal emulator session running on the PC. So it represents a big move backwards in technology from Reflection VBA. 

Our guys figured out a way to run our VBA scripts in Excel and trap most of the Reflection API calls (e.g. getdisplaytext) and convert them to equivalent EHLAPPI calls for Rumba. The gotcha is that they've only done the most frequently used API functions, and Rumba doesn't support all of the functions Reflection makes available via API.

Scripting inside of a terminal emulator product represents a deep level of technology. Just the sort of tool a 3000 shop deploys when it can command petabytes of data and tens of thousands of users. When things change with vendor plans, whether it's a system maker or a provider of software, support staff shifts its support to migration tasks.

As an interesting footnote to the changes in the outlook for Reflection -- given that Rumba has been offered as a replacement -- we turn to the a recent comment by Doug Greenup of Minisoft. "Minisoft has NS/VT in its HP terminal emulator," he noted when we described the unique 3000 protocol in some versions of Reflection. "And unlike WRQ, we remain independent. We still have HP 3000 knowledgeable developers and support people." The company's terminal emulator for 3000s, Minisoft Secure 92, has a scripting language called TermTalk.

Posted by Ron Seybold at 09:10 PM in Migration, User Reports | Permalink | Comments (0)

October 07, 2014

HP decides to break up the brand

HP Enterprise Corp. StrategyAnd in one stroke of genius, it's become 1984 again at Hewlett-Packard. Yesterday brought on a new chorus for an old strategy: sell computers to companies, and leave the personal stuff to others. Except that one of the others selling personal computers, plus the printers usually connected to PCs, is another generation of the company. The CEO of Hewlett-Packard is calling the split-off company HP Inc. But for purposes of mission and growth, you could call it HP Ink.

AnalysisTo be clear, that's a broad definition we used up there to define that stroke of genius. Brilliance is something else, but genius can be just a powerful force for good or for ill. Definition 3 of the word in Apple's built-in dictionary on my desktop calls genius "a person regarded as exerting a powerful influence over another for good or evil: He sees Adams as the man's evil genius." It's from Latin meaning an attendant spirit present from one's birth, innate ability, or inclination.

What's become the nature of Hewlett-Packard, its innate ability? The company was founded on one ability and then had a second grafted onto its first success. It's been 30 years now since 1984, when the vendor which invented MPE and the 3000 has been inventing products for consumers. The LaserJet opened the door for a torrent of ink and toner to sweep around traditional technology innovations. Before there was a need for a battalion of printing devices and a phalanx of personal devices, the old HP logo represented business and scientific computing. Plus a world-leading instruments business whose profile was an icon for what HP was known for best.

HP's been down this path before, splitting off those instruments into Agilent in 1999. A few months later Carly Fiorina won the approval of then-ink czar Dick Hackborn, placing her in the CEO's seat. Yesterday's announcement of splitting the company into two complementary entities returns the Hewlett-Packard name to enterprise computing. But it seems the core values of the only major IT vendor named after its founders won't rebound into favor. Not on the strength of just splitting off high-cost, high volume ink and PC business. HP needs to impress people with what it builds again. Not just what it can aggregate and integrate.

A few notes we took away from that announcement:

  • HP says it aims to be two Fortune 50 companies after breakup, but more nimble and focused
  • "The brand is no longer an issue," say HP executives, and breaking up the brand will create equal-sized businesses.
  • An extra 5,000 layoffs come along with the split-up. The running total is now 55,000 on the clock that started in 2011.
  • HP likes its own idea; prior chairman Ralph Whitworth called it a "Brilliant value-enhancing move at the perfect time in the turnaround."
  • CEO Meg Whitman says HP's turnaround made the breakup possible.
  • Its stock traded more than five times its usual daily shares on breakup news, and picked up almost 5 percent in share value. HPQ also gave away all of that gain, and more, the very next day.

That's how it goes in the commodity computing market: easy come, say the customers, and easy go. It might be why Whitman is helping the brand called Hewlett-Packard break away from the commodity business.

Some analysts have noted the current board chair and CEO of today's un-split entity, the one still called HP, will take charge of the enterprise arm of the company's future. This, they reckon, is where the real innovation and action will take place. The part of the company that pulled Hewlett-Packard into the consumer reseller model, then swallowed up the second-place PC provider in Compaq 12 years ago, has been set free to float at the whims of a roiling market. HP Inc will have to compete without a dynamic mobile product line, and so we can wish the new-ish part of the vendor godspeed and good luck. They'll need it against the likes of Apple and Samsung, or even Lenovo and Lexmark.

HP's story last year was that the company was better together, after hearing seven years of calling for a split up. High volume, low profit business was suited to a market of 1999, but once mobile devices and the Web changed the game for data processing, PCs and printers just wanted different resources than servers and software demanded. Now CEO Meg Whitman says Hewlett-Packard and HP Inc. can focus and be nimble. From a 3000 customer's perspective, that focus would have been more useful 13 years ago, when growth demanded HP buy Compaq for $25 billion on the promise of becoming No. 1.

Being No. 1 didn't last long enough to pay the bills incurred to do so many things at once. Now Whitman says that three years of turnaround action has taught the company how to do more than one thing at a time. There's plenty to do. Maybe the first thing is to choose a new color to represent its oldest business. She said HP blue to going with the multi-colored ink of HP Inc.

Hewlett-Packard didn't need multiple colors to succeed on that 1984 day it added printers to its product line. But it was a company wrapped in a handsome slipcase of collegial traditions, still working to win its way to the front of enteprise IT selections. Canon and Hewlett-Packard collaborated to sell a laser printer to anyone, not just the customers buying HP's specialized business servers. Before long, the trails it blazed in consumer sales gave it an opening for its color ink, which at one point contributed 55 percent of the company profits. That's the consumables bringing home the bacon, not the nearly-disposable printing devices.

During the era when the 3000 was given its last several years of HP life -- first five, then seven, and finally nine -- IBM was happy to point out the passion for printing at HP. One thunderbolt of an IBM sales rep called the company Inky at a HP user group meeting speech in Houston. Those were the days when everyone in 3000 territory was looking at a new future. About three fourths of the business machines became computers without Hewlett-Packard on their badges. Still, the fungible nature of enterprise computing -- that ease of replacement that HP preached against MPE -- also turned out to be true for its own Unix business line. Somehow, the same Windows that would be suitable for 3000 shops was also a good-enough migration target for HP-UX customers.

Unix had its day, and Linux was the new wave and not channeled through a single vendor. HP invited comparisons. Now its customers can compare companies, starting next fall. Do business with HP Inc. and use Windows and probably Linux on HP's iron. Or choose a company that says it's now focused on the new style of computing: cloud services, big data, security and mobility. The company does not mean to suggest there's no place for in-house servers. But it's focused on those four areas, with a mention of software during yesterday's 45-minute presentation and Q&A.

Our readers will remember software. In MPE and IMAGE they got fine-tuned and refreshed software each year, although in some years the refreshes were faint. By the middle of the 1990s Hewlett-Packard had to embrace Windows to remain on planning short lists. Now the Hewlett-Packard Enterprise has to attract and retain ever-mobile business on the strength of in-house innovations. Because if you want industry-standard commodity computing, HP Inc. is ready to take that business. It will soon be loose from the legacy of Hewlett-Packard.

Posted by Ron Seybold at 04:55 PM in History, Migration, News Outta HP | Permalink | Comments (0)

October 06, 2014

HP to break itself, dividing into 2 companies

Two public HP companiesCompanies of equal sizes will sell products branded HP. But the blue logo goes to the new HP Inc.

Hewlett-Packard announced this morning that it will divide itself into two publicly-traded corporations, a move that shareholders and stock analysts have been demanding and predicting for years. The division of the company will be along product lines. The business server operations will be contained in the new Hewlett-Packard Enterprise, while PC and printer businesses will comprise the new HP, Inc.

The vendor said in a press release that the restructuring will "define the next generation of technology infrastructure." The reorganization will also spin out the least profitable, but largest, segment of HP's business into its own unit. HP still ranks in the top five among PC makers and is one of the largest makers of printers in the world.

HP double logoMeg Whitman will be CEO and president of the Hewlett-Packard Enterprise company. Pat Russo will chair a new Hewlett-Packard Enterprise board of directors. Last month Hewlett-Packard -- the full corporation founded by Bill Hewlett and Dave Packard in 1939 -- had named Whitman as chairman of the board and CEO. By breaking up the company, Whitman will cede some control of its most competitive and popular product segments.

Dion Weisler will be the head of the new HP, Inc. as CEO and president. Whitman will chair the HP Inc. board of directors. HP said it will still meet its profit forecasts for the fiscal year that ends on Oct. 31. It also said that it "issues a fiscal 2015 non-GAAP diluted Earnings Per Share outlook of $3.83-$4.03." That is the sweetest way of forecasting a profit, using non-Generally Accepted Accounting Practices. But it's not clear if that's HP Inc. profits, or profits for Hewlett-Packard Enterprise. And the vendor said it would take all of fiscal 2015 to complete the transaction.

“The decision to separate into two market-leading companies underscores our commitment to the turnaround plan," said Whitman, who's led HP through three years of a five-year turnaround plan. "It will provide each new company with the independence, focus, financial resources, and flexibility they need to adapt quickly to market and customer dynamics, while generating long-term value for shareholders.

"In short, by transitioning now from one HP to two new companies, created out of our successful turnaround efforts, we will be in an even better position to compete in the market, support our customers and partners, and deliver maximum value to our shareholders."

Much of the rest of HP's release deals with the visions and mechanics of dividing a $128 billion company into a classic and post-modern product manufacturer. Except that nothing is classic about the Hewlett-Packard Enterprise company, with the exception of its three proprietary operating systems: HP-UX, OpenVMS, and NonStop. The company has announced that HP-UX will be extending some of its enterprise-grade features to a version of RedHat. OpenVMS will be curtailed to only the newest generation of servers for the latest version of the OS. And NonStop, the most specialized of the three operating systems, is getting a full port to the x86/Xeon architecture -- an escape hatch from the Itanium chips that power Integrity servers.

But HP is retaining the Financial Services unit inside the Hewlett-Packard Enterprise corporation. It's a move the company noted will give financial advantages to customers and partners.

Hewlett-Packard Enterprise will have a unique portfolio and strong multi-year innovation  roadmap across technology infrastructure, software and services to allow customers to  take full advantage of the opportunities presented by cloud, big data, security and  mobility in the New Style of IT. By leveraging its HP Financial Services capability, the company will be well positioned to create unique technology deployment models for  customers and partners based on their specific business needs.

Additionally, the  company intends for HP Financial Services to continue to provide financing and business  model innovation for customers and partners of HP Inc. Customers will have the same unmatched choice of how to deploy and consume  technology, and with a simpler, more nimble partner. The separation will provide  additional resources, and a reduction of debt at the operating company level, to support  investments across key areas of the portfolio. The separation will also allow for greater  flexibility in completing the turnaround of Enterprise Services and strengthening the  company's go-to-market capabilities. 

"Over the past three years, we have reignited our innovation engine with breakthrough  offerings for the enterprise like Apollo, Gen 9 and Moonshot servers, our 3PAR storage  platform, our HP OneView management platform, our HP Helion Cloud and a host of software and services offerings in security, analytics and application transformation,"  continued Whitman. "Hewlett-Packard Enterprise will accelerate innovation across key next-generation areas of the portfolio."

R&D innovation has been a troubled business operation for Hewlett-Packard since the early years of this century, until Whitman announced a shift in the vendor's priorities in 2012. She named Martin Fink, the former leader of the embattled Business Critical Systems unit where those operating systems are built, to lead HP Labs. Within a year, the Labs were creating The Machine, a way forward into a new architecture for computing -- but one that could demand up to 75 percent of the Labs' resources.

It's not yet clear where HP Labs will go in the reorganization, but the Enterprise unit seems to make the most sense. Labs also contributes to product releases in the printer and PC lineups. HP mentioned the forthcoming 3D printer lineup in the breakup announcement.

HP was to have a meeting with financial analysts in just two days, but "as a result of this separation, its Oct. 8 2014 Securities Analysts Meeting has been postponed." A conference call took place at 5AM today, and is available for replay at the HP Investor Relations website.

Whitman said only a year ago that a single HP was the right approach. She said the same strategy is still the right approach, but added that breaking up the company will accelerate growth. "We now operate from a position of strength," she said, citing a strong balance sheet and returns to shareholders. The stock was nearing $40 a share in recent months, a profound rebound from prices in the teens at the lowest point of the turnaround.

After the split up, shareholders of the HPQ security will hold shares in both companies, CFO Cathie Lesjak said in the confence call. It's a move that will prompt instant investment in the new HP Inc.

Posted by Ron Seybold at 11:40 AM in Homesteading, Migration, News Outta HP, Newsmakers | Permalink | Comments (0)

September 30, 2014

Reflection touchstone: a screen benchmark

Reflection boxThe most recent transfer of Attachmate's products and people into the Micro Focus organization sparked some study of what matters to 3000 migrators and homesteaders. Both kinds of customers need to pay mind to what their application's screens look like. Whatever's correct tends to be first measured by an Attachmate product.

That would be Reflection, still the terminal emulator in widest use among the homesteading community as well as a benchmark for any others making a 3000 change. ScreenJet's Alan Yeo kept his eye on the Micro Focus reverse-takeover, as the parent company is headquartered in the UK. (That's still a United Kingdom, after the Scotland vote, much to the UK citizen's relief.)

Reflection's fate remains as unchanged at Scotland's. There will be some modification over time. And the software's screen views are often evoked while change is afoot.

Attachmate "had a big push on re-launching its Rhumba terminal emulator about three years ago," he said. A few migration clients using Micro Focus COBOL were being pushed hard to drop Reflection, he explained. A battery of internal tests at ScreenJet determined that Rhumba would work, intrinsically, with ScreenJet's product. But the standard for terminal emulation, in the mind of somebody who knows VPlus screen handling better than most on the planet, remains Reflection.

"If anything doesn't work, and it works with Reflection, the go fix Rhumba," Yeo said he advised the customers being pressed into the Rhumba re-launch. "If you report a problem, re-test with Reflection." The tests at ScreenJet produced some suggested repairs to Rhumba, he added.

ScreenJet never heard from a migrating customer who made a choice to drop Reflection. He's got no prejudices. "I don't care what any customer uses, so long as what they use works, and doesn't break what they're using from us," Yeo said. "Reflection is pretty much a touchstone. It's not to say that I haven't gone back at times and done testing on a terminal to find out what really happens. Sometimes I have to go back to a customer and say 'I'm sorry, but it's an artifact of even Reflection not doing it right.' "

And so your community still may have some need for 3000 terminals, the real sort. The 3000 newsgroup recently carried an ad for some of this extra-focused HP iron -- offered by an independent broker.

Posted by Ron Seybold at 02:46 PM in Homesteading, Migration | Permalink | Comments (0)

September 29, 2014

Classic advice: COBOL Choices, Years Later

Five years ago on this day we ran a report from a conversion company about the lineup of COBOL choices. Just a few weeks ago, the largest provider of COBOL swallowed up Attachmate, owners of the Reflection lineup. It made the impact of the acquisitive Micro Focus on the 3000 migrator even greater.

Conversion and migration supplier Unicon Conversion Technologies had sent us a white paper that outlined decisions to enable 3000 conversions to Windows. Unicon's Mike Howard attended that year's e3000 Community Meet, which included plenty of COBOL discussion. Here's Howard's take on the COBOL choices for those headed to Windows. Much is of it is still on target.

By Mike Howard

When HP announced it was discontinuing the HP 3000, there were four main Windows COBOLs: RM COBOL, ACUCOBOL, Micro Focus COBOL and Fujitsu COBOL.

But in May 2007, Micro Focus acquired ACUCOBOL when they bought Acucorp. Shortly after they also acquired RM COBOL when they bought Liant. ACUCOBOL is very similar to RM COBOL but has more features and functions. Micro Focus immediately incorporated the RM COBOL product into ACUCOBOL and stopped selling RM COBOL. Micro Focus is now incorporating ACUCOBOL into the Micro Focus COBOL product. (Ed. The Project Meld was not completed, and ACUCOBOL is being called Micro Focus extend today.)

So today, for new Windows COBOL customers there are two COBOLs -- Micro Focus and Fujitsu. In summary, Micro Focus is an all-embracing, all-platform COBOL with excellent support, but it is expensive. Fujitsu is a Windows product with limited support but an extremely attractive price. We have found that both products are very stable and very fast in production. Both charge the same for support, 20 percent per year. The differences lie in cost of ownership vs. response time of support.

Micro Focus COBOL: This is the big COBOL player on the block. It has compilers for Windows, Unix and Linux, and has excellent support across all these platforms. It has good documentation and it also has excellent award winning customer support department that provides training courses and ongoing product support. The Windows product is fully integrated into Windows .NET (MISL code) and the Visual Studio IDE. The compiler, runtime and debugger are excellent products as is the support of relational databases. 

A new customer buys both development licenses and runtime licenses. Each programmer needs a developers license and each application server needs a runtime license. In very rough figures a developer license is $5,000 per developer and a runtime license is about $20,000 per CPU per server. So five developers would be $25,000 and a 4 CPU dual core server would count at 8 CPU’s for a runtime license cost of $160,000.00; for total cost of $185,000.
 
Fujitsu COBOL: This is a very good COBOL which is fully supported by the Fujitsu Corporation in Japan but sold and supported outside Japan by a small company (maybe 10 employees) in Bend, Oregon called Alchemy Solutions.  Alchemy Solutions rose from the old Fujitsu COBOL Software department – I think Fujitsu decided to close it and the department management created Alchemy Solutions with all the staff of the old department. 

Although Fujitsu has compilers for Unix (but not IBM’s AIX), this is really a Windows-based COBOL. Customer support is essentially limited to an online question submittal process; which may not sound very supportive, but the guys who provide the service do an excellent job. Support requests are normally answered within 24 hours. 

It is an excellent Windows .NET Visual Studio product and highly integrated into the .NET framework. The compiler, runtime and debugger are excellent products as is the support of relational databases. Each programmer needs a developers license, but there are no runtime charges. Developer licenses at about $5,000 per developer. So a customer with five developers would cost $25,000 for the developer licenses — but remember, there is no runtime charge of any kind. 

Posted by Ron Seybold at 11:25 AM in Migration | Permalink | Comments (0)

September 26, 2014

Making History By Staying Together

ScotlandMontageWhat price and what value can we put on borders? While we put the latest 3000 Newswire print issue to bed last week, the United Kingdom’s region of Scotland was voting for its independence from Great Britain. One of our favorite 3000 resources and supporters, Alan Yeo, didn't know if he’d wake up at the end of last week using UK or GB as the acronym to define his country. If Scotland were to go, the Kingdom would no longer be United.

Cooler heads prevailed, and the No vote to block the push to secede squashed the Yes by a large margin. The country made history with the largest voter turnout every recorded. There's some good come of the competition, anyway.

The independence balloting called to mind what the Web has done with borders: erased them all, virtually. Some of the more draconian countries have fences up to keep their citizens’ thoughts and beliefs in, but even China with its Alibaba marketplace — where you can but a 747 or drone motors over the Web equivalent of eBay or Amazon — is erasing its borders. Scotland, inexplicably, wants to erect new ones.

Here in Austin, and through most of Texas, bumper stickers ride on trucks with the state’s outline the command, “Secede!” We are the United States of America, though. Pockets of rebellion boil up in places like the Texas border with Mexico, or up in Idaho. But there’s too much in common among government sentiment to break us up into pieces.

I know about the desire for borders. Our nitwit governor here was on TV last fall, here in Austin, describing our progressive town as “the blueberry in a sea of red.” Yes, we’re juicy, sweet, and different. But we’re Texans, too, much to the governor’s dismay. That TV show didn’t hit Jimmy Kimmel’s show from Dallas or Houston.

So it has gone for the Web and 3000 users. On pages over the years, both paper on on the Web, we cater to constituencies as diverse as possible. One set of readers is done with MPE, making plans to archive systems or scrap them. Another is devoted to their status quo, the devils they know rather than the devils they don’t know how much upset and cost they’ll trigger.

Long ago, there were borders on our Internet information. In the Usenet domain, discussion groups raced along with names like comp.sys.hp.mpe, and its Unix counterpart comp.sys.hp.ux. You’d rarely hear exchange in those countries about their neighbors. Mostly because people had to specialize in order to remain successful in their IT careers. Now the borders between environments have been forced to open up while our readership grapples with a homogenous list of servers. Some apps have moved to HP’s Unix servers, at one site, while key apps run on virtualized 3000s.

When I type “3000 to 9000 migration” into Google I find only seven HP-related links. We’re No. 5 on the page, behind two HP whitepapers, a YouTube video from a hardware reseller, and the HP 9000 Wikipedia article. Of course Google searches on an exact phrase — so our article is entitled “IBM takes a swing at 9000 migration.” It picked up on the phrase “9000 migration.” A lot like a secceding citizen might note the differences between countries, or states.

The element that’s changing fastest about these borders over the computing community is how fast they’re falling. HP is celebrating the cloud business it’s still trying to win, now that the specialized servers it retained — in favor of 3000s — have stopped winning customers. The cloud is the ultimate borderless territory, where you can’t tell which vendor is running your app. All that matters is that the data is secure, and it’s a reliable resource.

The Scots missed out on the chance to discover modern expectations about security and reliability. It was the common belief on election night that the balloting would be whisker-close over there. Here in our office where nearly all of what we produce goes onto the Web first, we’re not seceding from any 3000 domain.

Posted by Ron Seybold at 10:13 AM in Homesteading, Migration, Newsmakers | Permalink | Comments (0)

September 24, 2014

Did Charon get to where HP could've gone?

The past can't be changed, but that doesn't mean it's not useful in planning. There are still a surprising number of companies that want to stand pat without regard to the future of their hardware running MPE/iX. Some of it is old already, while other servers -- even those newest -- are now moving into their 10th year of service.

Integrityrx2660_frontHewlett-Packard's planning for the future of MPE/iX hosts once included a bold move. The operating system was going to run natively on Itanium-based servers, the IA-64 Integrity line (above) that hosts VMS and NonStop today. It was a project that did not make HP's budget cuts of more than a decade ago, and so the whole lineup got canceled. There might have been another way, something that HP could arrive at -- years after Stromasys started selling the solution.

Native hosting is always the preferred solution for an OS and its iron, sure. But there's so much virtualization these days; VMware is a significant market force. What if HP had taken MPE/iX and just put it onto another operating system's back? What if the OS that drives 3000 apps might have taken a ride in a carriage of Unix, or Linux?

HP did this sort of miracle once for the 3000, calling it Compatibility Mode. There was a massive revison of hardware and software to arrive at the PA-RISC generation, but the changes were transparent to customers. You ran your apps in CM, until you could move them forward. In the '90s, companies used compatibility mode for years, installing newer hardware and moving up to better performance by revising their applications.

"If all HP had done was to create a Compatibility Mode for MPE on IA-64," said ScreenJet's Alan Yeo, "nobody would have batted an eyelid about swapping to an HP-UX box to run their company's software."

At its heart, this is what Stromasys has done with its software. The only difference to the customers is that it's a solution not sold and supported by their hardware vendor.

"There was a huge effort, like HP should've moved MPE to IA-64, Yeo said. "It was totally nonsensical." And costly, too. Stromasys was discouraged while there were still thousands of customers of HP 3000s choosing where to migrate. Key technical trade secrets were not being shared, so Charon for the 3000 had to be tabled. HP came back to the idea after they'd lost more than half of the installed base to other vendors.

For the record, Windows migrations count as another vendor. If not for the fact that HP sells ProLiant servers, that percentage of 3000 sites lost to the competition would be even higher. When you cede the OS to another company, you can lose the leverage to call a site Your Customer.

This matters when looking at where virtualization operates today. Using a wide variety of hardware hosting, from HP's iron to many others, Charon does the carrying of MPE while it rides in the vehicle of Linux. It might have been HP-UX at one time, if HP had just modified its plans to make that move to IA-64 a less costly lab project.

Almost three years ago, Hewlett-Packard announced it would introduce a new version of Integrity servers, Superdomes no less, that could run the x86/Xeon family of chips. There's no delivery date, and most recently we hear the vendor's building The Machine. New OS, new chip design. The same old sweeping vision that created things like VMS, MPE, and NonStop. Costly? Martin Fink wants about three fourths of the HP Lab budget to get it built and customer-ready.

But that NonStop environment has gotten the Big Promise of a new native version, capable of running on the Xeon family. No deadline for when that will be delivered, either, but HP wants to retain those customers. The complexity of applications in MPE can pale when compared to the ultimate real-time computer system. NonStop clients have lock-in that encourages HP to do the grand sweep into the future for them.

At the time that HP will have Xeon versions of Integrity ready -- services that could host Linux and therefore cradle a virtualized MPE server -- Stromasys will have about five years head start in selling that solution. We'll be generous and figure the Integrity models that are ready for Xeon blades will sell in 2017. There might be a market for that, for some companies that still want a big vendor to rely upon. But HP could've had that market a decade ago, just by aiming for a CM for MPE.

Customers don't really care that much about genuine PA-RISC iron, or something called an HP 3000 If they did, there would be no traction for Charon at all. With every passing week, that continues to be proven untrue.

Posted by Ron Seybold at 07:31 PM in Migration, News Outta HP | Permalink | Comments (1)

September 23, 2014

Pre-Migration Cleanup Techniques

Migrations are inevitable. The Yolo County Office of Education is on its way to a Windows-based system, after many years of HP 3000 reliance. Ernie Newton of the Information and Technology Services arm of the organization is moving his 3000 data. He's doing a clean-up, a great practice even if you're not heading off of MPE.

I am cleaning up our IMAGE databases for the inevitable move to Microsoft’s SQL Server. One thing I've encountered is that Suprtool does not like null characters where there should be numbers.

I know that I have invalid characters, (non-numeric), in a field called ITEM-NUMBER.  But when I try to find those records, Suprtool chokes and abruptly stops the search. Here's what I get...

IF ITEM-NUMBER < 0 OR ITEM-NUMBER > 9999
X

Error:  Illegal ascii digit encountered. Please check all data sources
Input record number: 1

Is there a way to run Suprtool to help it find these records? Query finds them just fine, but Query doesn't have to ability to do what I want to do. 

After being reminded that "Nulls are not numbers," by Olav Kappert, and "try to use a byte string to compare (like < "a" or > "z") or something like that," Robelle's Neil Armstrong weighed in.

You can find any character you want by using the Clean, $findclean and $clean feature. The first issue to deal with is to re-define the item-number as a byte type in order to use the function.

Armstrong explained, "The following shows how to find the fields with 'invalid' zoned-decimal characters. Remember that zoned fields use characters to indicate the sign. It's likely that you don't have negative Item numbers but they are valid.

get somedataset
def item-x,item-number,byte
{Setup what characters to look valid characters are 0-9, JKLMNOPQRST, ABCDEFGHI and the curly braces }
{ so Clean characters should be not the above }
clean "^0:^47","^58:^64","^85:^122","^126:^255"
if $findclean(item-x)
ext item-x
list st
xeq

"Note the clean command defines the 'decimal' characters to look for."

Posted by Ron Seybold at 05:50 PM in Hidden Value, Migration | Permalink | Comments (0)

September 15, 2014

WRQ's Reflection goes deeper into coffers

Micro Focus logoNews came to me today about the Sept. 15 deal between Attachmate and Micro Focus. Two of the larger enterprise software makers which matter to 3000 vendors, the connectivity company and world's biggest COBOL vendor, will be doing a merger. With this, the consolidation of enterprise vendors takes another step into its future, and Reflection goes deeper into another software corporation's coffers.

Below is some of the story as told by Micro Focus, in a message to its clients and customers, about a $1.2 billion all-stock deal that leaves Micro Focus owning 60 percent of Attachmate.

Our intention is to preserve the full portfolios of strong, leading products in both Micro Focus and Attachmate going forward. We will draw on our recent acquisitions’ track record of successfully integrating any overlapping product sets.

Business logic and data that lies at the heart of operational effectiveness is increasingly exposed to very complex IT environments, as well as recent technology developments such as the cloud, mobility and virtualization. The combination of Micro Focus and Attachmate creates a leading technology company that will be well positioned to give organizations the ability to exploit the opportunities these trends produce whilst also leveraging prior investments and established IT assets to effectively bridge the old and the new.

For those who are counting up what kinds of products will be preserved -- in addition to the Reflection line -- the merger also brings Novell, NetIQ, and SUSE Linux under the control of Micro Focus. It would take some detailed calculating to figure the total number of products being preserved. But more than 200 in the portfolio would not be an errant guess.

This sort of reverse takeover is popular for merger deals today. JDA pulled the same sort of strings when it acquired Red Prairie early in 2013. It's billed as a merger, but the terms are not equal ownership once the deal has been approved. Shareholders of both of these companies still must approve this reverse deal, but Micro Focus is already announcing the transaction is expected to close on November 3.

Regulatory approval is required for this merger, but that won't include much regulation from the customers of the Attachmate product set. Micro Focus has absorbed a 3000-related vendor before. The company bought Acucorp, makers of AcuCOBOL, outright in 2007. The complier, for a short time, had MPE COBOL II awareness and was positioned as an upgrade to the HP-built COBOL II. Then HP announced its 3000 exit strategy, and the ranks of COBOL vendors for MPE got shorter.

It can take years to discover what might become of a product vital to an HP systems manager, software that's been acquired this way. AcuCOBOL, which had a cross-platform prospect before HP's exit activity, is still in the Micro Focus price list. (Well, maybe not as AcuCOBOL anymore. Following Acucorp's lead, it's now called extend. But it's been in, and then out, and then back in favor for COBOL futures. The last in-person report we heard was in 2009, when an AcuCOBOL rep told the HP 3000 faithful at the Meeting by the Bay that his compiler was on the rise again -- or at least no longer falling.

The definition of coffer includes strongbox, money chest, and casket. In the first, the Reflection products would be tucked away safely and receive whatever development they could earn. In a world where much of IT connection takes place over the Web, a standalone terminal emulator is going to have restricted earning prospects.

The ideal for customers would be Reflection to become a money chest through the increased sales opportunity that Micro Focus might supply to it. We can pause for a moment to consider how often this has happened for acquired products. In the JDA instance, some Red Prairie product managers were no longer on the scene, post-reverse takeover. Rightsizing operations drives the shareholder approval of these things. There's an Attachmate sales force, and there's the products. Only the latter is certain to survive beyond this first year.

The casket is the kind of option where a software vendor's assets -- developers, locations, and cash -- are the prize in the deal. This seems unlikely given the size of Attachmate. This deal was big enough that Micro Focus chose a reverse-takeover approach. But Reflection didn't have the same profile at Attachmate as when WRQ sold itself to Micro Focus. Within a couple of years, the company called AttachmateWRQ became simply Attachmate.

Reuters reports that the owners of Attachmate are four asset management firms: Francisco Partners Funds, the Golden Gate Funds, the Thoma Bravo Funds and the Elliott Management Fund. Golden Gate bought up Ecometry long ago. By now, after its addition of the products of Novell et al, Attachmate is owned by a parent corporation called Wizard LLC. 

Terminal emulation to HP servers doesn't require much wizardry these days, but the Reflection product does understand the NS/VT protocol for MPE/iX. There's sure to be someone in Seattle who's in charge of that this week, and probably beyond November 3, too.

Posted by Ron Seybold at 03:44 PM in Homesteading, Migration | Permalink | Comments (3)

September 12, 2014

Can HP's cloud deals ground enterprises?

Editors at The New York Times seem to believe the above is true -- or more to the point, that cloud business will come at the expense of HP's hardware revenues. Nobody knows whether this is the way that HP's clouds will rise. Not yet. But a deal to buy an open source software company caught notice of a writer at the NYT, and then came a saucy headline.

Storm-cloudsHP Is Committed to the Cloud, Even If It Kills. The bulk of the story was about Marten Mickos, who sold his company Eucalyptus to Hewlett-Packard and got himself named as General Manager of HP Cloud Business, or somesuch. Open source followers will know Mickos as the man who sold mySQL to Sun, sparking some fury in a customer base that didn't want any connection to major vendor. (As it turned out, Sun wasn't really a major vendor at all, just an object for Oracle acquisition.)

This only matters to migrating customers who use HP 3000s, so if you're still reading and you're homesteading -- or migrating away from HP altogether -- what follows is more for sport than strategic planning. But once more, I'll remind readers that HP is looking for anything that can lift its fortunes. Selling enterprise hardware, like the Integrity servers which are the only island where HP-UX can live, has got a dim outlook. Selling cloud services instead of hardware has plenty more promise, even if it's largely unrealized at HP today.

The rain-clouds in HP's skies come from Amazon, mostly, whose Amazon Web Services is the leader in a growing segment. Eucalyptus works with AWS, and that seems to be the major reason that Mickos gets to direct-report to HP's CEO Meg Whitman. Eucalyptus manages cloud computing systems. HP still sells hardware and software to host private clouds, but an AWS arrangement is a public cloud concept. HP wants to be sure an AWS user can still be an HP customer.

Clouds have a penchant for carrying a customer away from a vendor. Or at least a vendor's hardware. In the NYT story, "HP will have to rely less on revenue from selling hardware, and more on software and service contracts. 'Success will be a tight alignment of many parts of the company,' said Mr. Mickos. 'We have to figure out how to work together.' "

If you go back 24 years, you can find some roots of this HP desire on a stranded pleasure boat in the San Francisco harbor. But until the business critical HP iron stopped selling, the company never believed it would have to set a rapid course for services.

In the fall of 1990, HP hosted a CIMinar conference, mostly for the press and some big customers. The letters stood for Computer Integrated Manufacturing. There was a dinner party on a nice cruise boat as part of the event. When the engines died after dinner, the boat sat in the bay for awhile. We all went out to the deck to lean on the rail and catch some cool air and wait for the tug. That's when Charlie, HP media relations guy, explained that hardware would be on its way out.

"We don't want to sell servers in the long run," Charlie said, while we were talking long enough that he got to the soul of what he believed. He was a former trade press reporter and a good media guy, too. "HP wants to be in the services business, and maybe selling some software."

So here we are, close to a quarter-century later, and now HP's finally found a reason to buy open source software and the fellow who guided it into several hundred companies. Then name him head of HP Cloud making. They hope the whole deal will turn him and his software into a rainmaker for HP enterprise revenues. 

While the Times article has got its problems, it got one stretch of the story pretty accurate. HP, like it has said for several decades, is just following its customers. Apparently, away from relying on HP's hardware.

Putting services and hardware together in new ways is part of "the hard hill we are in the process of climbing," said Martin Fink, HP’s chief technology officer and the head of HP Labs, where much of the development is taking place. "Is there uncertainty? There is always uncertainty." He added that Ms. Whitman has determined that this is where customers are going, so HP needs to adjust its business accordingly.

For years, the HP 3000 community wanted Hewlett-Packard to make recommendations to customers about which HP solution to employ. No dice. "We just want to be trusted advisors," HP said over and over. "The customer will tell us what they need, and then we will provide it."

And if the customer needs more legroom to use Integrity and HP-UX? Well, there's always that uncertainty that Mr. Fink mentioned.

Posted by Ron Seybold at 09:48 PM in Migration, News Outta HP | Permalink | Comments (0)

September 08, 2014

Who else is still out there 3000 computing?

MaytagEmploying an HP 3000 can seem as lonely as being the Maytag Repairman. He's the iconic advertising character who didn't see many customers because a Maytag washing machine was so reliable. HP 3000s have shown that reliability, and many are now in lock-down mode. Nothing will change on them unless absolutely necessary. There is less reason to reach out now and ask somebody a question.

And over the last month and into this one, there's no user conference to bring people together in person. Augusts and Septembers in the decades past always reminded you about the community and its numbers.

Send me a note if you're using a 3000 and would like the world to know about it. If knowing about it would help to generate some sales, then send it all the sooner.

But still today, there have been some check-ins and hand-raising coming from users out there. A few weeks back, Stan Sieler of Allegro invited the readers of the 3000-L newsgroup to make themselves known if they sell gifts for the upcoming shopping season. "As the holiday shopping season approaches," he said, "it occurred to me that it might be nice to have a list of companies that still use the HP 3000... so we could potentially consider doing business with them."

If September 9 seems too early to consider the December holidays, consider this: Any HP 3000 running a retail application, ecommerce or otherwise, has gone into Retail Lockdown by now. Transitions to other servers will have to wait until January for anybody who's not made the move.

Sieler offered up a few companies which he and his firm know about, where 3000s are still running and selling. See's Candies, Houdini Inc, and Wine Country Gift Baskets are doing commerce with gift consumers. We can add that Thompson Cigar out of Tampa is using HP 3000s, and it's got a smoking-hot gift of humidor packs. (Sorry, couldn't resist.) Then there's American Musical Supply, which last year was looking for a COBOL programmer who has Ecometry/Escalate Retail experience.

Another sales location that could provide gifts for the holiday season is in airports. The duty free shops in some major terminals run applications on MPE systems. HMS Host shops, at least four of them, sell gifts using 3000s. Pretty much anything you'd buy in a duty free shop is a gift, for somebody including yourself.

The discussion of who's still using, and feeling a little Maytag solitude, prompted a few other customers to poke up their heads. We heard again from Deane Bell at the University of Washington, where there could be another 10 years of homesteading for the 3000. The first three finished. All in archival mode.

Beechglen furnishes an HP 3000 locally hosted system meeting the following minimum specifications

· Series A500 Server
· 2GB ECC memory
· 365 GB disk space consisting of 73GB operating system and temporary storage for system backups, and 292GB in a software RAID-1 configuration yielding 146GB of usable disk storage
· DDS3 tape drive
· DLT8000 tape drive

There were other check-ins from Cerro Wire, from the California Department of Corrections and Rehabilitation (where one 3000 wag quipped, "the users are not allowed access to files) and one from MacLean Power Systems -- that last, another data point in the migration stats under the column "Can't shut down the HP 3000 as quickly as originally believed." Wesleyan Assurance Society in the UK raised its hand, where Jill Turner reports that "they have been looking to move off for years, but are only now just getting round to looking at this, which will take a while so we will still be using them. Far more reliable than the new kit."

In our very own hometown of Austin, Firstcare is still a user, but nearly all of its medical claims processing has been migrated to a new Linux platform. That's one migration that didn't flow the way HP expected, toward its other enterprise software platforms.

There is Cessna, still flying its maintenance applications under the HP 3000's wingspan. Locating other 3000 customers can be like finding aircraft in your flight pattern. A visual search won't yield much. That's one reason we miss the annual conferences that marked our reunions. This month will be the five-year anniversary of the last "Meeting by the Bay" organized by ScreenJet's Alan Yeo, for example. But the Wide World of the Web brings us all closer.

As a historical Web document that might have some current users on it -- including retail outlets for gift giving -- you can look at the "Companies that Use MPE" page of the OpenMPE website. (That's at openmpe.com these days). That list is more than 10 years old, so it represents the size of the community in the time just after HP's exit announcement. The list is more than 1,200 companies long. And there are plenty of Ecometry sites among the firms listed, including 9 West for shoes and Coldwater Creek for its vast range of clothing. The latter may very well be remaining on a 3000 for now, since retailers' fortunes define the pace of migrations.

And so, in an odd sort of way, patronizing a 3000-based retailer this season might help along a migration -- by increasing revenues that can be applied to an IT budget. It can make for a happier holiday when you can buy what you want, even when that includes a new application and enterprise environment.

Posted by Ron Seybold at 08:18 PM in Homesteading, Migration, User Reports | Permalink | Comments (0)

September 04, 2014

TBT: Practical transition help via HP's files

2004 HPWworld Transition PartnersA 2004 slide of partner logos from an HP presentation.

10 years ago, at the final HP World conference, Hewlett-Packard was working with the Interex user group to educate 3000 users. The lesson in that 2004 conference room carried an HP direction: look away from that MPE/iX system you're managing, the vendor said, and face the transition which is upon you now.

And in that conference room in Atlanta, HP presented a snapshot to prove the customers wouldn't have to face that transition alone.

The meeting was nearly three years after HP laid out its plans for ceasing to build and support the 3000. Some migration was under way at last, but many companies were holding out for a better set of tools and options. HP's 3000 division manager Dave Wilde was glad to share the breadth of the partner community with the conference goers. The slide above is a Throwback, on this Thursday, to an era when MPE and 3000 vendors were considered partners in HP's strategy toward a fresh mission-critical future.

The companies along the top line of this screen of suppliers (click for a larger view) have dwindled to just one by the same name and with the same mission. These were HP's Platinum Migration partners. MB Foster remains on duty -- in the same place, even manning the phones at 800-ANSWERS as it has for decades -- to help transitions succeed, starting with assessment and moving toward implementations. Speedware has become Fresche Legacy, and now focuses on IBM customers and their AS/400 futures. MBS and Lund Performance Solutions are no longer in the transition-migration business.

Many of these companies are still in business, and some are still helping 3000 owners remain in business as well. ScreenJet still sells the tools and supplies the savvy needed to maintain and update legacy interfaces, as well as bring marvels of the past like Transact into the new century. Eloquence sells databases that stand in smoothly for IMAGE/SQL on non-3000 platforms. Robelle continues to sell its Suprtool database manager and its Qedit development tool. Suprtool works on Linux systems by now. Sure, this snapshot is a marketing tool, but it's also a kind of active-duty unit picture of when those who served were standing at attention. It was a lively brigade, your community, even years after HP announced its exit.

There are other partners who've done work on transitions -- either away from HP, or away from the 3000 -- who are not on this slide. Some of them had been in the market for more than a decade at the time, but they didn't fit into HP's picture of the future. You can find some represented on this blog, and in the pages of the Newswire's printed issues. Where is Pivital Solutions on this slide, for example, a company that was authorized to sell new 3000s as recently as just one year earlier?

HP probably needed more than one slide, even in 2004.

From large companies swallowed up by even larger players -- Cognos, WRQ -- to shirt-pocket-protector sized consultancies, there's been a lot of transition away from this market, as evidenced by the players on this slide from a decade ago. Smaller and less engaged, pointed at other enterprise businesses, some even gone dark or into the retirement phase of their existence -- these have been the transitions. This kind of snapshot of partners never would have fit on even two PowerPoint slides in 1994, ten years before that final HP World. Today the busy, significant actors in the 3000's play would not crowd one slide, not from the ones among the company pictured above. 

If you do business with any of these companies above, and that business concerns an HP 3000, consider yourself a fortunate and savvy selector of partners here in 2014. We'd like to hear from you about your vendor's devotion to the MPE Way, whether that's a way to continue to help you away from the server, or a way to keep it vital in your enterprise.

Posted by Ron Seybold at 08:24 PM in History, Homesteading, Migration | Permalink | Comments (0)

September 03, 2014

Moves to Windows open scheduler searches

Some HP 3000 sites are migrating from HP 3000s to Windows .NET systems and architecture. While there's one great advantage in development environment during such a transition -- nothing could be easier to hire than experts in Visual Studio, nee Visual Basic -- companies will have to find a scheduler, one with job handling powers of MPE/iX. Native Windows won't begin to match the 3000's strengths.

Scheduler demo shotMore than three years ago, MB Foster built a scheduler for Windows sites, and customers are sizing up this MBF Scheduler. There's even been interest from IT shops where a HP 3000 has never booted up. They are ofter users of the JDA Direct Commerce (formerly Ecometry-Escalate Retail) software on  Windows servers. These companies never seen an MPE colon prompt, but some need that level of functionality to manage its jobs.

"If senior management has simply decided that Windows was the place to be," said CEO Birket Foster, "we could help automate the business processes -- by managing batch jobs in the regular day and month-end close, as well as handling Ecometry jobs and SQL Server jobs." Automating jobs makes a Windows IT shop manager more productive, like creating another set of hands to help team members. And for a 3000 shop making a transition, something like an independent job handler means they'll be able to stay on schedule with the expected level of productivity.

Companies that use Windows eventually discover how manual their job scheduling process becomes while hemmed in with native tools for the environment. Credit card batches must be turned in multiple times a day at online retailers, for example. The site that orginally sparked the MBF-Scheduler design didn't have a 3000's tools, either. It did had 14,000 jobs a day running, however.

Job listings, also known as standard lists (STDLISTs), are common to both the 3000 and Windows environment, and the software was built to provide the best of both 3000 and Windows worlds, Foster said. The software's got its own STDLIST reviewer, one that's integrated with a scripting language called MBF-UDAX. Ecometry sites working on HP 3000s usually rely on a tool as advanced as Robelle's Suprtool for job scheduling.

Foster's Scheduler includes filtering buttons in job reports by user, by job name, by status and by subqueue. A recent addition to the product introduced a custom category that managers can use to select or sort jobs. While running thousands of batch jobs a day, some are in distinct categories. Customers like the idea of managing factory floor jobs separately from finance jobs, for example. Managers 

Measurement Systems, the manufacturer which runs a dozen HP 3000s in sites across North America, China and Europe, uses the MBF Scheduler. The product manages a complementary farm of MBF Scheduler Windows servers to move jobs among servers throughout Measurement Systems' 3000s.

Terry Simpkins at Meaurement Specialties has been devoted to Infor's MANMAN implementations well beyond the vendor's ability to support the application. Like other customers around the community, Simpkins and his team have compared the Scheduler to MPE's mature tools, and favorably. Sites like this don't need a separate Unix or Linux server for job scheduling, which is the usual way to keep Windows IT on schedule.

Windows schedulers serve HP 3000s, but also serve the Windows-only IT environments where some MPE/iX operations will be headed. At Measurement Specialities, for example, the IT pro who handles scheduling never sees the HP 3000. But enterprise server-born concepts such as job fences are tools which are at that IT pro's command.

Posted by Ron Seybold at 05:33 PM in Migration | Permalink | Comments (2)

August 25, 2014

Shopping While Lines are Dropping

Trendline ESGHP's third quarter financial report showed that a company making adequate profits can also be making products that are not popular any more. The time comes to every product line, but the Hewlett-Packard of 2014 has made steady progress toward commodity-style enterprise computing. The pull into Windows has become a vortex -- and in a bit of irony, Windows' age helped HP's sales this quarter.

Share of Sales Q3 2014The overall numbers were impressive to the markets. Investors lifted the price of HP's stock more than $2 a share, after the briefing, sending it closer to $40 than it's been in years. Meanwhile, the continued downturn of Business Critical Systems scarcely earned a minute's mention. It's off 18 percent from the same 2013 quarter. But it gets less than a minute because BCS products like the HP Unix line, and VMS computing systems -- even the steady but meager business of NonStop -- only comprise 3 percent of the company's enterprise sales. In the circle above, BCS is the rounding error, the most slender slice. Click it to see a bigger picture of that smallest piece.

NetRevbySegment Q3 2014And Enterprise represents just one dollar out of every four that HP earns in sales. This is activity in the Industry Standard Systems. These are the ProLiant servers driving Windows and Linux, business that grew 9 percent. Specialized operating environments like HP-UX just aren't producing new business, and they're losing old customers. If you look over the last three years of Q3 numbers, each and every one shows a double-digit BCS decline. There's only so much clock time on that product wall before irrelevancy pushes a community off HP's futures map. It happened to the HP 3000, but MPE never ruled over HP business computing like Unix once did.

"When I look at the way the business is performing, the pipeline of innovation and the daily feedback that I receive from our customers and partners, my confidence in the turnaround grows stronger." -- Meg Whitman, CEO

So when HP's business in your installed platform shows poor numbers, what do you do? The rest of the company's report looked tame, although you'd wonder why anyone could be sanguine about the future of the company. Printing, Services, Software and Financial Services all dropped their sales top lines. The Enterprise Group grew its business 2 percent overall on a $27.5 billion HP sales quarter. This was accomplished by $57 million of expense cuts. 

Only PC sales grew along with enterprise business. How can a company reporting a 27 percent drop in profits, one that missed its forecast by more than 10 percent, be rewarded on the trading floor? Jim Cramer of MSNBC said there's just enough to like about HP now. That might be due to the history the company has turned back. Everybody on the trading floor remembers HPQ at $12 a share with a fired CEO having followed an ousted CEO. Historic lows are a faded memory now, although the company's gotten no bigger over that stretch of clock time. The good feelings come from a turnaround tale that's still in the middle of its story.

But it is history that is the biggest concern for owners of the plunging VMS and HP-UX servers. Hewlett-Packard may never kill off an enterprise product line again like it did with the HP 3000. But becoming irrelevant is a fatal blow, too. Customers choosing to manage their own datacenters are taking shelter in Linux and Windows, according to HP's report. The analysts are pleased with the company's net operating cash position, which at $4.9 billion is 80 percent higher than last quarter. But that's $2.2 billion extra not being spent on R&D for the company's specialized technology running in HP 3000 migrated sites.

Q3 2014 HPQ EnterpriseThis kind of sour outlook is like a chart-topping record back on '60s radio. As a customer you hear it all the time. But it's not a concern to the corporation making the Unix servers, or to the investors who propel that company into the future. You have to wonder why anyone else would care. It's an even more distant piece of history to recall the day MPE slipped into HP's under-a-minute bin. Enterprise outlook is not part of what Cramer likes about HP this month.

There's shopping until you drop, and shopping until the product line is dropped. The latter's probably years away for the enterprise products that are not commodities. The HP 3000 migrated base has experience in how to manage their investments in a line HP won't watch any longer. At some point they'll draw the line on whether their servers need to be powering Unix or VMS applications. It's the apps that steer operations investments.  By this point, it would be news if BCS numbers did not drop.

It's a good thing that Windows XP dropped out of Microsoft's support plans. The demise of a popular OS left companies with a problem that required replacing aged PCs. The CEO is getting good at keeping HP's aged strategy from pulling down growth, but it's been flat for a long while. If there's a future to owning and staying loyal to Hewlett-Packard enterprise systems, few analysts can see it. You must look at customer applications -- and the dug-in nature of legacy computing -- to see the staying power. 

Posted by Ron Seybold at 09:45 PM in Migration, News Outta HP | Permalink | Comments (1)

August 13, 2014

When a taxing situation might shuffle plans

Out in the 3000 community some select customers are seeing subpoenas. According to a source familiar with the matter, a vendor's been having some issues with the Internal Revenue Service, and the US Government is intent on gathering what it believes it's owed.

1120pictureTax matters go to subpoena when information is being demanded in a case against a corporation or an individual. We're still seeking confirmation of the information about which vendor's name is now out among its customers, attached to a subpoena. [Update: And we have gotten it, plus a copy of the vendor's response. It's a long-term battle with the IRS, the vendor says. We've found documents going back more than 15 years. They claim that the fight is personal, not related to their company. Nonetheless, the vendor's customers got subpoenas.]

It illustrates the unpredictable nature of doing long-term business in the IT industry. HP 3000 users often do long-term business. They have a reputation for sticking to suppliers, especially in these days when companies are shifting focus away from MPE. When you get a tool that works, and a company that pledges to support it, you stick with it while you stay with the 3000.

"What do I do if they go out of business?" one of the customers has asked. The answer is simple enough: the products will go onto the open market to be purchased as assets. Software with customers who pay support fees, well, that's likely to be bought up sooner than later. An IT manager will have to manage new product ownership -- and perhaps new strategy and roadmaps for the product.

But just because there's change at the top of a product's ownership doesn't mean all else changes. It's pretty easy for a company to acquire a product and change little. Especially if the customer base is providing a profit to the vendor at the same time that the software continues to earn support contract renewals.

A sale of assets is the situation that Interex fell into when it declared Chapter 7 bankruptcy in 2005. There was not much of value for another company to purchase. Nobody was taking over the services Interex provided, so there was no customer base to buy as an asset. The only thing that wound up being transferred was the Interex customer list, transferred in a blind auction.

But software that's running in enterprises, across a scope of platforms even broader than MPE -- that's an asset that the government could sell. It's a typical outcome; for example, the trustee of the Interex bankruptcy managed the sale of the user group's assets.

Sometimes taxing issues can be resolved with negotiation. The government wants to be paid, and if there's fraud involved, the "accuracy-related penalties" can be steep. Lawyers with tax experience handle these things to everybody's satisfaction. Watch out for any company representing itself in tax court. Not recommended.

One flag about an imminent forced asset transfer could be an email sent out by the vendor, claiming the government has no right to tax anybody like they're being taxed. That's politics, not business. Nobody ever advised withholding support payments in this kind of matter. But you have to consider where that payment might be used, and whether it will end up someplace besides a support lab. Better to be current, and considered a customer, in case anything changes in ownership of an asset.

Posted by Ron Seybold at 09:36 PM in Homesteading, Migration | Permalink | Comments (0)

August 12, 2014

Where a Roadmap Can Lead You

In preparation for its upcoming VMS Boot Camp, Hewlett-Packard has removed some elements of its roadmap for the operating environment. What's disappeared are no small thing: dates.

HP 3000 customers saw their roadmap get less certain about its destination. At the end of the vendor's interest in selling and creating more systems, an elaborate PowerPoint slide showing multiple levels of servers. The roadmap actually got a cloud creeping in from the right hand margin.

Okay, that was 13 years ago this very month in Chicago. But it was not the last HP World conference -- that would be one decade ago, this month -- not any more than next month's Boot Camp for VMS enthusiasts and customers will be the last. But there have been times when VMS had promises from HP's management of another decade of service. Here's the before, and the after. 

OpenVMS MapOnly seven months elapsed before the OS releases started being named things like "V8.next."

OpenVMS Rolling Map

 Very few products last for lifetimes. Knowing when they're going, and how soon to make plans for replacement, is serious business for an IT manager.

During an August in 2001 when the future looked certain and solid for some customers, a PowerPoint slide told more than could be easily read in Chicago for HP 3000 customers. For the record, the slide below delivered everything promised up until 2003. The PA-8800 never made an entry into the N-Class.

HP 3000 Roadmap 2001 Chicago

That would be known, in the roadmap parlance, as a PA-8xxx. The PA-8yyy (8900) never made it into a 3000, either.

Roadmaps might be an old tradition, but they're moments to establish and renew trust in a partner. Specific, and follow-through, make that possible. Some VMS customers are already underway with their migration assessments.

Posted by Ron Seybold at 06:58 PM in History, Migration, News Outta HP | Permalink | Comments (0)

August 11, 2014

Classic lines push homestead tech designs

Sometime this week I expect to be updated on the latest restructure at Stromasys. That's the company that has created a 3000 hardware-virtualization product installed in more sites than we first thought. They hold their cards close to the vest at Stromasys, especially about new installs. But we keep running into MPE support vendors who mention they have emulator-using clients. These companies are reticent about reporting on emulation.

Lakshorelimitedposter3000 people have dreamed about emulators ever since 2002. And for the next eight years, people figured emulation wouldn’t matter by the time HP approved MPE emulator licensing. Better not tell that to the customers who have plans to go deep into the second decade of the 21st century with their 3000. Emulation was rolling by 2012 for the 3000. Within a couple of years between now and 2023, that technology could be well polished for MPE. Enough to stop using HP's 3000 hardware, boxes that will be at least 20 years old by that time. Most of them are at least 15 years old right now.

A great deal of time has passed since the 9x9 3000s had their coming-out, but much has changed that we couldn't predict back then. Come with me to the magical year of 1997. We had little idea what we'd see in just 10 years' time.

It’s 1997. (Humor me a minute, and turn back the year.) You're here? Okay, think about what we don’t have yet. Google. BluRay. DVDs, for that matter. Hybrid cars. Portable MP3 players of any kind. PayPal. Amazon turning a profit. YouTube. eBay was so new it was called AuctionWeb. Thumb drives. Digital TV. Viagra. Caller ID. Smartphones, warmed baby wipes, online banking, Facebook and Twitter. Blade servers, cloud computing, Linux, virtualization — the list of technologies and designs we didn’t have 17 years ago is vast.

We don’t even have to talk about clouds, tablet computers or 3D TVs. Now, roll ahead to 2023. In that year, there will still an HP 3000 running a factory in Oklahoma. That’s the plan for Ametek’s Chandler Engineering unit. By that year MPE will be 50 years old, COBOL more than 75. And what will keep those two technologies viable? Well, probably technology that we don’t even have out of design now, nine years ahead of that shutdown date. People have been throwing rocks at old stuff for years, but it hangs on if it’s built well.

Northbynorthwest2Four years ago I took a train ride from New York toward Chicago on the Lakeshore Limited. Just like Cary Grant rode that same line with Eva Marie Saint in the year I was born, in North by Northwest. The train remains the best value to get a night’s worth of sleep and end up 800 miles west of where you started. C'mon, railroads? Passenger service with berths went on lines, as it were, in the 19th century. How could it remain viable 150 years later? Like the HP 3000, the values that propel such elder technologies are efficiency and entropy. Railroads still call their carriages rolling stock, because you can roll freight three times farther on a train than a truck for the same expense.

The HP 3000 hardware, virtualized or not, still preserves business rules because Hewlett-Packard built the boxes like armored cars. The investment was so great back in those '90s that people expected it to last more than a decade between upgrades. The downside to switching to newer technology? The stuff we haven’t invented yet might not stick around. Perhaps the Oracle database will still be in widespread use in 2023. That’s the software where Ametek is taking its migration, using a plan developed by people who probably won’t be at the company is 2023.

That Ametek date was so far out that I wondered if it was a typo in an email. (Oh, we had email in 1997. But it wasn’t considered grandpa’s technology back then, the way the young turks think of email today. but now even grandpa's tech reputation has changed. So much noise on Twitter and Facebook. A personal email, from a known colleague -- you open that one first.) So when you plan your transition to tomorrow — whether it’s your personal retirement, or parking that armored car of a computer — don’t sell the future short. Go ahead and be independent to get the work finished on your timetable. But if you're going, now would be a good time to start. It will take until 2016, at best, if you began assessments today.

Posted by Ron Seybold at 11:14 PM in History, Homesteading, Migration | Permalink | Comments (0)

August 07, 2014

Who's got our history, and our future?

Migration takes on many problems and tries to solve them. A vendor stops supporting the server. Investing in a vendor's current product by migrating makes that go away. Applications slide into disrepair, and nobody knows how to re-develop them. Ah, that's a different sort of problem, one that demands a change in people, rather than products.

Yesterday we heard a story of a company in Ohio, running a 3000, whose IT manager planned to retire rather than migrate. Telling top management about your retirement plans is not mandatory. Frankly, having an option to retire is a special situation in our modern era. Figuring that you could be replaced, along with all of your in-company experience and know-how about things like COBOL, is far from certain. Legacy systems still run much of the world, but the people who built and tend to them are growing older, out of the workforce.

NutsfordsPair2004It's a glorious thing, knowing that your server's environment was first crafted four decades ago. Some of the brightest players from that era are still around, though not much active. Fred White built IMAGE, alongside Jon Bale at HP. Neither are at work today. Fred's now 90, as of April. 
NutfordsIn another example of a seasoned 3000 expert, Ken Nutsford's LinkedIn account reports that he celebrates 45 years at Computometric Systems, the development company he founded with his wife Jeanette. In a Throwback Thursday entry, here they are, 10 years ago and now, still together. Not all of us wear so well, but they've retired enough to have travelled the world over, several times, on cruise ships. That's what more than 40 years will earn you.

HPWorld2004SIGCOBOLIt's been a decade since there's been a HP World conference like the one pictured at left, hosted by the Nutsfords, complete with a hospitality buffet as well as a board of trivia (below, click for detail) technical details that just a tiny set of experts might know. The number of people who know the operating system and the hardware at hand at that level has been on the decline. Not just in the MPE world, but throughout the computer industry. SIGCOBOLTrivia

BusinessWeek recently ran an article titled, "Who'll keep your 50 year old software running?" Even though the Nutsfords retired from leading SIGCOBOL in 2004, there's plenty of COBOL around. But not anywhere near enough people to maintain it, although companies continue to try.

The baby boomers that brought us the computer revolution, developing the products and programs we now rely on, are retiring. But many companies are still using programs written in such software languages as COBOL and Fortran that were considered “cutting edge” 50 years ago. Indeed, the trade publication Computerworld has reported that more than half of the companies they surveyed are still developing new COBOL programs

"Staffing is the first thing to go these days," said Birket Foster in a Webinar briefing this week. His MB Foster company is still doing migrations, including moving a Unix customer off the Progress database and onto SQL Server. Progress is a youngster compared to COBOL and IMAGE. Some people decide to migrate because of the migration of their most expert people.

50-yo-sw.frontThe BusinessWeek article didn't supply easy answers to the brain-drain dilemma that every company seems to face. The firms that put computers into their business processes during the last 35 years -- that's just about every company -- are working with new staff by now, or watching their tech foundation head out to the pleasure cruise life.

The article notes that up to one-half of all COBOL and Fortran programmers are at least 50 years old. Younger developers arrive with experience in newer languages. There's a gap to cross between what's operational and what's state-of-the-art. "Smart companies have recruitment and succession plans, of course," the business magazine said. "What they don’t have is access to an adequate supply of workers with the technical expertise they need."

The staffing issues complicate the timing of migrations. How long can you depend on legacy software while you get a replacement up and tested, something the younger set of developers can understand? A migration takes at least 18 months, Foster says. He adds that getting started on the assessment is pretty much a do-it-now item. August is a month that hosted HP World conferences for a good business reason: this is the time of the year when companies are planning their IT budgets for the year to come.

Posted by Ron Seybold at 07:47 PM in History, Homesteading, Migration | Permalink | Comments (0)

August 06, 2014

Password advice for migrating managers

PasswordsStolenMore than a billion password-ID combos were stolen by a Russian gang, according to a report from a cybersecurity company. Mission-critical, revenue-centric passwords are probably the ripest targets.

Once you're making a migration of mission-critical systems from MPE to more-exposed servers, passwords will become a more intense study for you. Windows-based servers are the most exposed targets, so a migrated manager needs to know how to create high-caliber passwords and protect them. Given the headlines in current news, today's probably the day when you'll get more questions about how safe your systems are -- especially in the coming era of cloud computing. Here's some answers from our security expert Steve Hardwick.

By Steve Hardwick, CISSP
Oxygen Finance

Everything needs a password to access it. One of the side effects of the cloud is the need to be able to separate information from the various users that access a centrally located service. In the case where I have data on my laptop or desktop, I can create one single password that controls access to all of the apps that reside on the drive, plus all of the associated data. There is a one to one physical relationship between the owner and the physical machine that hosts the information. This allows a simpler mechanism to validate the user. 

In the cloud world it is not as easy. There is no longer a physical relationship with the user. In fact, a user may be accessing several different physical locations when running applications or accessing information. This has lead to a dramatic increase in the number of passwords and authentication methods that are in use. 

I just did a count of my usernames and passwords and I have 37 different accounts (most with unique usernames and password). Plus, there are several sites where I use the same usernames and password combinations. You may ask why are some unique and why are some shared. The answer is based on the risk of a username or password be compromised. If I consider an account to have a high value, high degree of loss/impact if hacked, then it gets a unique username or password. Let's look at email accounts as a good example.

I have a unique username and password for my five email accounts. However, I do have one email account that is reserved solely for providing a username for other types of access. When I go to a site that requires an email address to set up an account, that is the one I use. Plus I am not always selecting a unique password. The assumption is that if that username and password is stolen, then the other places it can be used are only website accounts of low value. I also have a second email account that I use to set up more sensitive assess, Google Drive, for example. This allows me to limit the damage if one of the accounts is compromised and not end up with a daisy chain of hacked accounts.

So how do you go about generating a bunch of passwords? One easy way is to go into your favorite search engine and type in password generator. You will get a fairly good list of applications that you can use to generate medium to strong passwords. When I used to teach security this was one trick I would share with my students. Write a list of 4 or 5 short words that are easy to remember. Since my first name is Steve we can use that. Add to this password a short number (4-5 digits in length),1999 for example. Now pick a word and number combination and intersperse the numbers and letters S1t9e9v9e would be the result of Steve and 1999.

Longer words and longer numbers make strong passwords -- phone numbers and last names works well. With 5 words and 5 numbers you get 25 passwords. One nice benefit of this approach comes when you need to change your password. Write the number backwards, and merge the word and data back together.

Next challenge: how to remember them all. Some of the passwords I use I tend to remember due to repetitive use. Logging into my system is one I tend to remember, even through it is 11 characters long. But many of my passwords I use infrequently, my router for example, and many have the “remember me” function when I log on. What happens when I want to recall one of these? Well the first thing is not to write them down unless you absolutely have to. You would be amazed how many times I have seen someone’s password taped on the underside of their laptop. A better option is to store them on your machine. How do you do that securely? Well there are several ways.

One easy way is to use a password vault or password manager. This creates a single encrypted file that you can access with a single username and password. Username and password combinations can then be entered into the password vault application together with their corresponding account. The big advantage is that it is now easy to retrieve the access data with one username and password. The one flaw is: what happens if the drive crashes that contains the vault application and data? If you use an encrypted vault, then you can place the resulting file on a cloud drive. This solved the machine dependency and has the added advatage that the password is generally available to multiple machines. If you want to get started with a password vault application, here is a good article that compares some leading products.

Another option is to roll your own. Create a text file and enter all of your account/username/password combinations. Once you are done, obtain some encryption technology. There are open source products, truecrypt is the leader, or you can use the encryption built into your OS. The advantage of using open source is that it runs on multiple OS. Encrypt the text file using your software. Caution: do not use the default file name the application gives you as it will be based on your text file name. 

Once you have created your encrypted file from the text file, open the text file again. Select all the text in the file and delete it. Then copy a large block of text into the file and save it (more then you had with the passwords). Then delete the file. This will make sure that the text file cannot easily be recovered. If you know how to securely delete the file do that instead. Now you can remotely store the encrypted password file in a remote location, cloud storage, another computer, USB drive etc. You will then have a copy of your password file you can recover should you lose access to the one on your main machine.

Now, if you do not want to use encryption, then there is a very geeky option. But why wouldn’t you use encryption? Most programs use specific file extensions for their encrypted file. When auditing, the first thing I would look for is files with encryption extensions. I would then look for any files that were similar in size or name to see if I could find out the source. This included looking through the deleted file history.

The other option is steganography, or stego for short. The simple explanation is the ability to bury information into other data - for example pictures. Rather than give a detailed description of the technology here, take a look at its Wikipedia page   There is also a page with some tools on it. For a long time, my work laptop had a screen saver that contained all my passwords. I am thinking of putting a picture up on Facebook next.

So here are a few simple rules on handling multiple passwords:

1) Try and use uniques usernames and password for sensitive account. You can use the same username password combination for low sensitive accounts.

2) Run through an exercise and ask yourself, what happens if this account is hacked. i.e don't use the same username and password for everything.

3) Do NOT write down your passwords to store them, unless you have a very secure place to store the document e.g. a safe.

4) Make sure you have a secure back-up copy of your passwords, use encryption or steganography.

Posted by Ron Seybold at 05:55 PM in Migration, Newsmakers | Permalink | Comments (0)

August 05, 2014

Boot Camper laying down migration steps

HmBannerOpenVMSMore than a decade after HP began its migration away from MPE and HP 3000, there's another underway among the vendor's enterprise systems. OpenVMS customers are starting to look into what's needed to make a transition off the Digital servers. HP's announced that it will curtail the use of the newest VMS to the very latest generation of hardware. Thousands of servers are going to be stuck on an older OpenVMS.

That will be one element to spark the offers at next month's VMS Boot Camp in Bedford, Mass. We heard from a veteran HP 3000 and MPE developer, Denys Beauchemin, that his company is headed to the Boot Camp for the first time this year. There's engagements and consulting to be made in moving HP enterprise users to less HP-specific environments.

"We migrate them from VMS to Linux or other platforms," said Beauchemin, who was the last working chairman at the Interex user group before the organization went dark in 2005. "Another HP operating system comes to an end."

Boot Camp is a VMS tradition among HP's most-loyal general purpose computing community. (You can't call the 3000 community HP's any longer, now that the vendor is coming up on seven years without a working lab.) Boot Camps in the past were annual meetings to advance the science and solutions around VMS. But in more recent times they haven't been annual. Now there's migration advice on hand for the attendees. Some may view it with disdain, but when a vendor sends up signals of the end of its interest, some kinds of companies make plans right away to migrate.

There is a strong presence in the VMS community for the Stromasys virtualized server solutions. Stromasys made its bones helping VAX and Alpha customers get away from DEC-branded servers; the company was established by the leader of the Digital migration center in Europe.

VMS might be just as essential in some companies as MPE has turned out to be. This is what's made Stromasys CHARON HPA a quiet success in your own community. As VMS customers face the end of HP's support for older hardware -- the latest OpenVMS won't run -- some of them may be looking to a virtualized version of the newer VMS systems. This strategy isn't without its efforts, too. Comparing migration to virtualization as a way into the future is likely to become a diligent task for another HP operating system customer base.

Posted by Ron Seybold at 09:16 PM in Migration, News Outta HP | Permalink | Comments (1)

August 04, 2014

Webinar advice outlines migrating in-house

In-houseThe biggest share of HP 3000 applications have been written by the owners of the systems. Custom code either began out of raw materials and the needs of a company's business processes -- or they were customized from third-party applications. In the most dynamic part of the 3000's history, companies bought source code from vendors along with the software products.

That's why this Wednesday's Webinar from MB Foster will strike so close to the hearts of MPE users. Migrating Custom In-House Developed HP 3000 Applications begins at 2 PM Eastern, 11 AM Pacific. Birket Foster leads a 45-minute talk and answers questions about risk, mitigating challenges, and how to get started. Regardless of how much life a 3000 has left in any company, the transition process revolves around the applications. Moving one can teach you so much about what might be next.

"It may seem frightening to migrate, but when properly planned, 'risks' are mitigated," says the introduction to the webinar. You can register right up to the starting time by following the links at the MB Foster website

"You can do nothing and not migrate," Foster says, "and risk that your system performs without complications or downtime. Alternatively, you can choose to migrate, rejuvenate your business applications, improve performance, and resolve operational and technical challenges before going live."

With our guidance and as part of this webinar, MB Foster will deliver to you and your management teams, answers to its immediate questions and more 

  • How do we get started?
  • What’s the process?
  • Average time it takes to migrate? 

Our goals are the same as yours

  • Reduce risk
  • Mitigate and resolve technical challenges
  • Enhance and protect investments in an organization’s custom in-house developed applications
  • Reduce the time it takes to transition
  • Offer opportunities that current and future technologies provide
  • Increase scalability
  • Reduce year over year costs

Posted by Ron Seybold at 08:20 PM in Migration | Permalink | Comments (0)

August 01, 2014

HP doubles down on x86 Intel, not HP-UX

IBM's giving up on another market that HP continues to prize, but the latest one is more relevant to the small-sized enterprise where HP 3000 migrators hail from. (Years back, IBM sold its consumer PC business to Lenovo.) Now the modest-horsepower x86 server field's going to Lenovo, since IBM's decided to exit another Intel-based hardware market.

A longtime HP 3000 software vendor took note of this transition. He wondered aloud if the message HP now sends to its x86 prospects has a shadowy echo of another advisory, one delivered a decade ago. From our correspondent Martin Gorfinkel:

Hewlett-Packard has been running full page ads in the New York Times with the lead, “Building a cloud? Your future is uncertain.” (The “un” in “uncertain” is crossed out.) The ad goes on to say that the "IBM decision to exit the x86 server market impacts your cloud strategy." Thus, they say, move to HP and be assured that HP will not leave you stranded.

Would I be the only former user/vendor in the HP 3000 market to find that advertising hypocritical -- and further evidence that the company we once relied on no longer exists?

FutureIsUncertainThe hypocrisy is probably on display for any 3000 customer who was told Hewlett-Packard was making an exit from the 3000 hardware market (and by extension, the MPE software world). Every vendor exits some part of their business, once the vendor gets large enough to sell a wide array of products. IBM is dropping away from x86. HP invites enterprises to "join us to plan your forward strategy." This forwarding strategy of moving to Windows and Linux differs from HP advice of 10 years ago. Going to HP-UX was the strategy du jour, beyond a 3000 exit in 2004.

The full-page ads in four colors in a national daily announce a redoubling of effort to win Intel x86 business. That's going to suck up some energy and mindshare, effort that 3000 customers who followed HP forward on HP-UX are probably going to miss.

It won't come as much news to the migrated customer who's been listening to HP management comment about the future of its Business Critical Systems Unix products. "A formerly growing business" is the best that HP's chairman and CEO Meg Whitman can manage in quarterly briefings.

IBM's moving in different directions than HP these days. A recent announcement pulls Big Blue into step with Apple to win enterprise business for both companies at once. Microsoft was once the savior of Apple in hard times. Now it looks like Apple, which has a valuation well above IBM's, is going to perform some salvation. HP had a shot at working with Apple in consumer business, but it was back in the days when selling re-badged iPods seemed like a good idea.

HP's attraction of IBM customers has been a give-and-take that goes back decades. In 1995, IBM wanted HP 3000 customers to switch to AS/400s. Database issues stood in the way of that effort, but certainly a very few companies made the transfer once HP announced an exit of the 3000.

In the same way, HP executives are claiming wins for business in the hundreds, according to an article in eWeek

According to Antonio Neri, senior vice president and general manager of HP's servers and networking businesses, the efforts over the past six months are paying off. The company has seen its win rate against IBM increase more than 40 percent, accounting for several hundred new deals won against Big Blue.

Customers in those deals might be the only parties who still have to figure out how they feel about this change. IBM is happy to let loose of server business that was killing its profits, according to a NY Times article. The changes say a lot about how important these big vendors consider enterprise server business. On one hand, IBM says there's no enterprise-caliber profit in selling x86. On the other, HP is happy to take on whatever customers IBM was passing over to Lenovo.

[Vendors'] businesses like PCs are losing ground to mobile devices like smartphones, and the once-formidable computer server is increasingly viewed as one more commodity piece of globe-spanning cloud computing projects from a few elite players.

“We need to get an inventor’s profit, not a distributor’s profit,” said Steve Mills, senior vice president of software and systems at IBM. “Our investment in research and development is what makes IBM go. It’s hard to do that in markets that don’t give you credit for the innovations you bring.”

It’s stark how quickly that margin fell away. A year ago, IBM was talking about a sale of its server business to Lenovo for what was reported at the time to be $6 billion. Today’s deal for $2.3 billion kept for IBM some higher-value servers, like those that perform complex data analytics. But according to Mr. Mills, it also included agreements for IBM to buy from Lenovo some of the commodity, or x86, servers for IBM’s growing cloud business.

And so there's the interesting wrinkle for anybody considering their migration off HP 3000s. IBM isn't giving up on cloud computing, not any more than HP has; both vendors want to host your applications on cloud servers they'll set up and maintain for you. (So does Amazon, of course, and probably at a better price.) Clouds might be the only way to get a 3000 migration that carries a budget similar to sticking with HP 3000s. Everyone wants to know more about security on clouds, but they want to know about security everywhere these days.

One combination you won't see is clouds and HP-UX computing. HP's own Cloud cannot host HP-UX apps, just those running Windows or Linux. It's an Intel party up there in the HP Cloud. (In a big piece of irony, Apple's OS X Unix is one of the supported HP Cloud installs.) Going forward from the 3000 with HP has more options than going forward than with IBM, right? It's true if you don't count Unix. Hewlett-Packard shows its strategy, with full-page splashes, that Unix counts for much less at enterprises.

We invite any correspondents who see the full-page ads about HP-UX enterprise to alert us. Twenty years ago, the HP 3000 customers were measuring the HP love by way of ads and alliances. To reply to the other part of Gorfinkel's question, we believe that old HP still exists. The company that 3000 customers relied upon in the '90s is repeating its behavior. It's just leaving a different OS out of its forward strategy this time. 

Gorfinkel added that he managed to put his opinions into the inbox of the HP CEO. "I got a promotional email from HP that included – if you follow enough links – an opportunity to email Meg Whitman herself," he said. "Could not resist sending the following:

I cannot believe that HP is running full page ads pointing out that IBM decided to exit the x86 server market and that HP can be trusted to keep your future certain. Is there no corporate memory of the HP exit from the HP3000 market? None of us who felt our future was certain with the most reliable, most secure hardware/software combination in the industry have forgotten. HP left us stranded with a few independent vendors working to pick up the slack. Those who know of HP's history will just laugh (or cry) over the ad; others may be fooled.

It is certainly ironic!

Posted by Ron Seybold at 06:34 PM in Migration, News Outta HP | Permalink | Comments (0)

July 28, 2014

Taking a :BYE before a :SHUTDOWN

BYEHP 3000 systems have been supporting manufacturing for almost as long as the server has been sold. ASK Computer Systems made MANMAN in the 1970s, working from a loaned system in a startup team's kitchen. MANMAN's still around, working today.

It might not be MANMAN working at 3M, but the Minnesota Minining & Manufacturing Company is still using HP 3000s. And according to a departing MPE expert at 3M, the multiple N-Class systems will be in service there "for at least several more years."

Mike Caplin is taking his leave of 3000 IT, though. Earlier this month he posted a farewell message to the 3000-L listserve community. He explained that he loved working with the computer, so much so that he bet on a healthy career future a decade-and-a-half ago. That was the time just before HP began to change its mind about low-growth product lines with loyal owners.

Tomorrow, I’ll type BYE for the last time. Actually, I’ll just X out of a Reflection screen and let the N-Class that I’m always logged in to log me out.

I started on a Series II in 1976 and thought I died and went to heaven after working on Burroughs and Univac equipment.  The machine always ran; no downtime, easy online development, and those great manuals that actually made sense and had samples of code. I still have the orange pocket guide for the Series II.

I found this list about the same time that getting help from HP became a hit or miss. I always got a usable answer after posting a question, usually in under an hour.  So the purpose of this is to say goodbye, but also to say thank you for all of the help over the years.

I was in a headhunter’s office about 15 years ago and he told me that I needed to get away from the 3000 because I’d never be able to make a living until I was ready to retire. I told him that he may be right, but that I was counting on knowing enough to be able to stay employed and that I intended to outlast MPE. I guess I got lucky and won that argument.

We love the part of Caplin's message where he gambled on his expertise and spent the last 15 years staying employed, instead of running from the 3000. We've been doing something similar here. This summer is the 13th we're writing and publishing since HP announced its end-date with the 3000 business. It can be sporting to try to figure who'll be the last to turn out the lights, but there's a good chance we won't be working anymore when it happens to MPE.

So that devoted MPE user has typed his last BYE. But MPE -- at least in some transitional mission at 3M -- has outlasted his days with the server. The community is still full of people who will make their exits before their HP 3000s do. Terry Floyd of the Support Group has said that at some manufacturing sites, there's a good chance the expertise will retire before the hardware does a shutdown. The marvel is to be able to go into retirement operating the same flavor of enterprise server as when you performed your first COLDSTART.

Posted by Ron Seybold at 08:02 PM in History, Migration, User Reports | Permalink | Comments (0)

July 25, 2014

Pen testing crucial to passing audits

Migrated HP 3000 sites have usually just put sensitive corporate information into a wider, more public network. The next audit their business applications will endure is likely to have a security requirement far more complicated to pass. For those who are getting an IT audit on mission-critical apps hosted on platforms like Windows or Linux, we offer this guide to penetration testing.

By Steve Hardwick
CSIPP, Oxygen Finance

Having just finished installing a new cable modem with internal firewall/router, I decided to complete the installation by running a quick and dirty on-line penetration test. I suddenly realized that I am probably a handful of home users that we actually run a test after installing the model. I used the Web utility Shields Up, which provides a quick scan for open ports. Having completed the test -- successfully I may add -- I thought it would be a good opportunity to review Pen, or penetration, testing as a essential discipline.

SecuritypenetrationPenetration testing is a crucial part of any information security audit. They are most commonly used to test network security controls, but can be used for testing administrative controls too. Testing administrative controls, i.e. security rules users must follow, is commonly called social engineering. The goal of penetration testing is to simulate hacker behavior to see if the security controls can withstand the attack.

The key elements of either tests fall into three categories

1) Information gathering: This involves using methods to gain as much information about the target without contacting the network or the system users.

2) Enumeration: To be able to understand the target, a set of probing exercises are conducted to map out the various entry points. Once identified, the entry points are further probed to get more detail about their configuration and function.

3) Exploitation: After review of the entry points, a plan of attack is constructed to exploit any of the weaknesses discovered in the enumeration phase. The goal is get unauthorized access to information in order to steal, modify or destroy it.

Let's take a look at how all this works in practice.

Information gathering

There are a lot of techniques that can be used to gain information about a target. A simple whois on target URLs may reveal contact information that can be used in social engineering for example. (I used it once to get a personal cell phone number of a target by looking at the registration of their web page). 

Another commonly used method is dumpster diving This is where trash from a target is examined for any useful information. Finding out the middle name of a CIO can often confuse an IT admin and open the door to masquerading as a company employee (I have person experience of this one). There may even be old network diagrams that have been thrown out in the trash.

Another good technique is Google hacking. This is a technique where advanced Google commands are used to find information that may not be immediately apparent. For example, searching a website for any text files that contain the word “password.” Sounds amazing, but it can work. For more information, download a copy of this book published by the NSA.

Enumeration

For social engineering, this can be as simple as chatting to people on their smoke breaks. Other activities can include taking zoom photographs of employee badges, or walking around a building looking for unlocked exits and entry doors.

For networks this typically comes in multiple stages. First, the externally facing portions of the network are probed. Ports are scanned to see which ones are accepting traffic -- or open. Equipment can be queried for its make and its installed software. Also, the presence of other network devices; this can include air conditioning controllers, security camera recorders, and other peripherals connected directly to the Internet. 

Exploitation

An obvious question at this point: How can you tell if the person attacking your security systems is a valid tester or an actual hacker? The first step in any penetration test is to gain the approval of someone who can legitimately provide it. For example, approval should be from a CEO or CIO, not a network admin. The approval should also include the scope of any testing. This is sometimes called a get out of jail card.

Once a list of potential entry points and their weakness has been compiled, a plan of attack can be put together. In the case of social engineering, this can include selecting a high-ranking employee to impersonate. Acting as a VP of Sales, especially if you include their middle name, and threatening a system admin with termination if they don't change their password can be a good way of getting into a network.

On the technical side, there are a lot of tools out there that can be used to focus on a specific make of equipment with a specific software level. Especially if it has not been patched in a while. Very often the enumeration and exploitation steps are repeated as various layers of defense are breached. There is a common scene in movies as the hacker breaches one firewall after another. Each time it is a process of enumeration followed by exploitation.

Useful tools

Once of the most useful tools for performing penetration testing is BackTrack. This is a useful site for two reasons. One, it contains a set of penetration testing tools on a live CD version of Linux (now maintained by Kali). The live CD version is very useful if you gain physical access, as you may be able to use it on an existing PC. Two, it contains a wide set of how-to's and training videos. This is a good first stop for those looking to understand what is available and how penetration testing is done. The tools and training is targeted to both beginners and experienced practitioners.

Another site that provides a variety of tools is insecure.org. The site provides links to individual tools that are focused on various parts of pen testing. The listing is broken down for the various sections and the tools listed. Both free and commercial tools are listed in the site's compendium. There is also a directory of relevant articles on different security topics.

Finally, there is Open Web Application Security Project (OWASP). This site is hosted by a non-profit organization that is solely focused on Web application security. OWASP provides a great deal of information and tools regarding testing and securing web applications, as this is a very common target for hackers. This can include a corporate web site, but also a web interface for controlling an HVAC unit remotely. There is even a sample flawed website, web goat, that can be used to hone testing skills.

Penetration testing is a very important part of security audit. It provides a methodology for analyzing vulnerabilities in security controls within a company's infrastructure. In many cases testing will be performed by internal resources on a more frequent basis, with annual or semiannual tests conducted by qualified third-party testers. In all cases, the testing should be performed by someone who is qualified to the level required. A improperly executed pen test provides a dangerous level of false security. Plus in many cases, security compliance will necessitate a pen test.

Posted by Ron Seybold at 04:50 PM in Migration | Permalink | Comments (0)

July 23, 2014

Migrators make more of mobile support app

A serious share of HP 3000 sites that have migrated to HP's alternative server solutions have cited vendor support as a key reason to leave MPE. Hewlett-Packard has been catering to their vendor-support needs with an iPhone/Android app, one which has gotten a refresh recently.

HPSCm screenshotsFor customers who have Connected Products via HP's Remote Support technologies, the HP Support Center Mobile (HPSCm) app with Insight Online will automatically display devices which are remotely monitored. The app allows a manager to track service events and related support cases, view device configurations and proactively monitor HP contracts, warranties and service credits.

Using the app requires that the products be linked through the vendor's HP Passport ID. But this is the kind of attempt at improving support communication which 3000 managers wished for back in the 1990s. This is a type of mobile tracking that can be hard to find from independent support companies. To be fair, that's probably because a standard phone call, email or text will yield an immediate indie response rather than a "tell me who you are, again" pre-screener.

But HPSCm does give a manager another way to link to HP support documents (PDF files), something that would be useful if a manager is employing a tablet. That content is similar to what can be seen for free, or subject to contract by public audiences, via the HP Business Portal. (Some of that content is locked behind a HP Passport contract ID.) This kind of support -- for example, you can break into a chat with HP personnel right from the phone or tablet -- represents the service that some large companies seem to demand to operate their enterprise datacenters.

Weird-zucchiniThere's also a Self-Solve feature in the HP mobile app, to guide users to documents most likely to help in resolving a support issue. Like the self-check line in the grocery, it's supposed to save time -- unless you've got a rare veggie of a problem to look up.

Remote system administration isn't unheard of in the 3000 world. Allegro Consultants' iAdmin got an update to iOS 7 this month. It supports MPE servers, as well as HP-UX, Solaris, Linux and OS X. iAdmin requires a back-end subscription for each server monitored, just like the HPSCm app. But iAdmin draws its information from a secure server in the cloud; the monitored systems feed their status to that secure server.

HPSCm offers one distinction from independent service arrangements: managers and companies can report they're getting mobile updates via HP itself -- instead of a more focused support company, like Pivital Solutions, which specializes in 3000 issues. Migrated sites have stopped caring about 3000 support, but those who are still mulling over the ideal of using more modern servers might try out the HP app. They can do so if they've already registered monitoring access for servers and such via HP Passport.

Posted by Ron Seybold at 05:06 PM in Migration, News Outta HP | Permalink | Comments (0)

July 21, 2014

Maximum Disc Replacement for Series 9x7s

Software vendors, as well as in-house developers, keep Series 9x7 servers available for startup to test software revisions. There are not very many revisions to MPE software anymore, but we continue to see some of these oldest PA-RISC servers churning along in work environments.

9x7s, you may ask -- they're retired long ago, aren't they? Less than one year ago, one reseller was offering a trio for between $1,800 (a Series 947) and $3,200. Five years ago this week, tech experts were examining how to modernize the drives in these venerable beasts. One developer figured in 2009 they'd need their 9x7s for at least five more years. For the record, 9x7s are going to be from the early 1990s, so figure that some of them are beyond 20 years old now.

"They are great for testing how things actually work," one developer reported, "as opposed to what the documentation says, a detail we very much need to know when writing migration software. Also, to this day, if you write and compile software on 6.0, you can just about guarantee that it will run on 6.0, 6.5, 7.0 and 7.5 MPE/iX."

BarracudaSome of the most vulnerable elements of machines from that epoch include those disk drives. 4GB units are installed inside most of them. Could something else replace these internal drives? It's a valid question for any 3000 that runs with these wee disks, but it becomes even more of an issue with the 9x7s. MPE/iX 7.0 and 7.5 are not operational on that segment of 3000 hardware.

Even though the LDEV1 drive will only support 4GB of space visible to MPE/iX 6.0 and 6.5, there's always LDEV2. You can use virtually any SCSI (SE SCSI or FW SCSI) drive, as long as you have the right interface and connector.

There's a Seagate disk drive that will stand in for something much older that's bearing an HP model number. The ST318416N 18GB Barracuda model -- which was once reported at $75, but now seems to be available for about $200 or so -- is in the 9x7's IOFDATA list of recognized devices, so they should just configure straight in. Even though that Seagate device is only available as refurbished equipment, it's still going to arrive with a one-year warranty. A lot longer than the one on any HP-original 9x7 disks still working in the community.

One developer quipped to the community, five years ago this week, "On the disc front at least that Seagate drive should keep those 3000s running, probably longer than HP remains a Computer Manufacturer."

But much like the 9x7 being offered for sale this year, five years later HP is still manufacturing computers, including its Unix and Linux replacement systems for any 3000 migrating users. 

So to refresh drives on the 9x7s, configure these Barracuda replacement drives in LDEV1 as the ST318416N -- it will automatically use 4GB (its max visible capacity) on reboot.

As for the LDEV2 drives, there are no real logical size limits, so anything under 300GB would work fine -- 300GB was the limit for MPE/iX drives until HP released its "Large Disk" patches for MPE/iX, MPEMXT2/T3. But that's a patch that wasn't written for the 9x7s, as they don't use 7.5.

Larger drives were not tested for these servers because of a power and heat dissipation issue. Some advice from the community indicates you'd do better to not greatly increase the power draw above what those original equipment drives require. The specs for those HP internal drives may be a part of your in-house equipment documentation. Seagate offers a technical manual for the 18GB Barracuda drive at its website, for power comparisons.

Posted by Ron Seybold at 07:51 PM in Hidden Value, Homesteading, Migration, User Reports | Permalink | Comments (2)

July 14, 2014

Protecting a Server from DDoS Attacks

For anybody employing a more Web-ready server OS than MPE, or any such server attached to a network, Distributed Denial of Service (DDoS) presents a hot security and service-level threat. Migrating sites will do well to study up on these hacks. In the second of two parts, our security writer Steve Hardwick shares preventative measures to reduce the impacts to commodity-caliber enterprise computing such as Linux, Unix or Windows.

By Steve Hardwick, CISSP
Oxygen Finance

SecurityScrabbleDDoS attacks can be very nasty and difficult to mitigate. However, with the correct understanding of both the source and impact of these attacks, precautions can be taken to reduce their impact. This includes preventing endpoints from being used as part of a botnet to attack other networks. For example, a DDoS virus may not affect the infected computer, but it could wreak havoc on the intended target.

One legitimate question is why a DDoS attack be would used. There are two main reasons:

1) As a primary attack model. For example, a group of hacktivists want to take down a specific website. A virus is constructed that specifically targets the site and then is remotely triggered. The target site is now under serious attack.

2) As part of a multi stage attack. A firewall is attacked by an amplified Ping Flood attack. The firewall can eventually give up and re-boot (sometimes referred to as “failing over”). The firewall may reboot in a “safe” mode, fail over, or back-up configuration. In many cases this back-up configuration contains minimal programming and is a lot easier to breach and launch the next phase of the attack. I've had experiences where the default fail-over configuration of a router was wide open -- allowing unfiltered in-bound traffic.

DDoS attacks are difficult to mitigate, as they attack several levels of the network. However, there are some best practices that can be employed to help lessen the threat of DDoS attacks.

1) Keep all software up to date. This includes end user machines, servers, security devices (IDPs for example as they can be targets of DDoS attacks to disable them) routes and firewalls. To be truly effective, an attack needs to secure a network of machines to source the attacks, so preventing these machines from becoming infected reduces the source of attacks.

2) Centralized Monitoring: By using a central monitoring system, a clear understanding of the network operation can be gained. Plus any variance in traffic patterns can be seen, this especially true of multistage attacks.

3) Apply filtering: Many firewalls contain specific sections for filtering out DDoS attacks. Plus disabling PING responses can also help reduce susceptibility. Additionally, firewall filtering policies must be continually reviewed. This includes audit of the policies themselves, or a simulated DDoS attack on networks at period of low activity. Don't forget to make sure that firewall backup configurations are reviewed and set correctly.

4) Threat intelligence: Constantly review the information regarding new threats. There are now many media services that will provide updates about newly detect threats.

5) Outsource: There are also several DDoS mitigation providers out there that assist in providing services that help corporations secure their networks against DDoS attacks. A quick web search will show many of the well-known companies in this space.

6) Incident Response plan: Have a good plan to respond to DDoS level threats. This must include an escalation path to a decision maker that can respond to a threat as this may include isolating critical systems from the network.

Posted by Ron Seybold at 10:12 AM in Migration | Permalink | Comments (0)

July 11, 2014

Understanding the Roots of DDoS Attacks

Editor’s Note: While the summertime of pace of business is upon us all, the heat of security threats remains as high as this season's temperatures. Only weeks ago, scores of major websites, hosted on popular MPE replacement Linux servers, were knocked out of service by Distributed Denial of Service DDoS attacks. Even our mainline blog host TypePad was taken down. It can happen to anybody employing a more Web-ready server OS than MPE, to any such server attached to a network -- so migrating sites will do well to study up on these hacks. Our security writer Steve Hardwick shares background today, and preventative measures next time.

By Steve Hardwick, CISSP
Oxygen Finance

DDOS-AttackDistributed Denial of Service (DDoS) is a virulent attack that is growing in number over the past couple of years. The NSFOCUS DDoS Threat Report 2013 recorded 244,703 incidents of DDoS attacks throughout last year. Perhaps the best way to understand this attack is to first look at Denial Of Service, (DoS) attacks. The focus of a DoS attack is to remove the ability of a network device to accept incoming traffic. DoS attacks can target firewalls, routers, servers or even personal computers. The goal is to overload the network interface such that it either it unable to function or it shuts down.

A simple example of such an attack is a Local Area Network Denial. This LAND attack was first seen around 1997. It is accomplished by creating a specially constructed PING packet. The normal function of ping is to take the incoming packet and send a response to the source machine, as denoted by the source address in the packet header. In a LAND attack, the source IP address is spoofed and the IP address of the target is placed in the source address location. When the target gets the packet, it will send the ping response to the source address, which is its own address. This will cause the target machine to repeatedly send responses to itself and overload the network interface. Although not really a threat today, some older versions of operating systems -- such as the still-in-enterprises Windows XP SP2, or Mac OS MacTCP 7.6.1 -- are susceptible to LAND attacks.

So where does the Distributed part come from? Many DoS attacks rely on the target machine to create runaway conditions that cause the generation of a torrent of traffic that floods the network interface. An alternative approach uses a collaborative group of external machines to source the attack. For example, a virus can be written that sends multiple emails to a single email address. The virus also contains code to send it to everyone in the recipient's email address book. Before long, the targeted server is receiving thousands of emails per hour -- and the mail server becomes overloaded and effectively useless.

Another DoS example is a variant of the LAND attack, a Ping flood attack. In this attack a command is issued on a machine to send ping packets as fast as possible without waiting for a response (using the -f option in the ping command, for example). If a single machine is used, then the number of packets may not overwhelm the target. However, if a virus is constructed such that the ping flood will occur at a specific time, then it can be sent to multiple machines.

When a predefined trigger time is reached, all of the infected machines start sending ping flood to the target. The collection of infected machines, called Zombies, is called a botnet or an amplifications network. A good example is Flashback Trojan, a contagion that was found to have infected more than 600,000 Mac OS X systems. This created a new phenomenon -- MAC based botnets.

Before discussing some other attacks, it is necessary to understand a little more about firewalls and servers. In the examples above, the target was at the IP address layer of the network interface. However, network equipment has additional functionality on top of the IP processing function. This includes session management of the IP connections and application level functions.

Newer attacks have now started focusing on these session and application functions. This requires less resources and can create broader based attacks that can target multiple network elements with a single virus. A good example of this class are HTTP floods. For example, repeated HTTP Get requests are made to retrieve information from a web server. The sending machine does not wait for the information to be sent, but keeps sending multiple requests. The web server will try to honor the request and send out the content. Eventually the multiple requests will overload the web server. Since these look like standard HTTP requests, they are difficult to mitigate.

Next time: Why DDoS is used, and how to reduce the threats to servers.

Posted by Ron Seybold at 06:56 PM in Migration | Permalink | Comments (0)

July 08, 2014

That MPE spooler's a big piece to replace

PrintspoolerMigration transitions have an unexpected byproduct: They make managers appreciate the goodness that HP bundled into MPE/iX and the 3000. The included spooler is a great example of functionality which has an extra cost to replace in a new environment. Unlike in Windows with MBF Scheduler, Unix has to work very had to supply the same abilities -- and that's the word from one of the HP community's leading Unix gurus.

Bill Hassell spread the word about HP-UX treasures for years from his own consultancy. While working for SourceDirect as a Senior Sysadmin expert, he noted a migration project where the project's manager noted Unix tools weren't performing at enterprise levels. Hassell said HP-UX doesn't filter many print jobs.

MPE has an enterprise level print spooler, while HP-UX has very primitive printing subsystem. hpnp (HP Network Printing) is nothing but a network card (JetDirect) configuration program. The ability to control print queues is very basic, and there is almost nothing to monitor or log print activities similar to MPE. HP-UX does not have any print job filters except for some basic PCL escape sequences such as changing the ASCII character size.

While a migrating shop might now be appreciating the MPE spooler more, some of them need a solution to replicate the 3000's built-in level of printing control. One answer to the problem might lie in using a separate Linux server to spool, because Linux supports the classic Unix CUPS print software much better than HP-UX.

The above was Glen Kilpatrick's idea as a Senior Response Center Engineer at Hewlett-Packard. Like a good support resource, Kilpatrick was a realist in solving the "where's the Unix spooler?" problem.

The "native" HP-UX scheduler / spooler doesn't use (or work like) CUPS, so if you implement such then you'll definitely have an unsupported solution (by HP anyway). Perhaps you'd be better off doing "remote printing" (look for that choice in the HP-UX System Administration Manager) to a Linux box that can run CUPS.

This advice shovels in a whole new environment to address an HP-UX weakness, however. So there's another set of solutions available from independent resources -- third-party spooling software. These extra-cost products accomodate things like default font differences between print devices, control panels, orientation and more. Michael Anderson, the consultant just finishing up a 3000 to Unix migration, has pointed out these problems that rose up during the migration.

My client hired a Unix guru (very experienced, someone I have lots of respect for) to set this up a year or more ago. They recreated all the old MPE printer LDEVs and CLASS names in CUPS, and decided on the "raw" print format so the application can send whatever binary commands to the printers. Now they have some complaints about the output not being consistent. My response was, "Absolutely! There were certain functions that the MPE spooler did for you at the device class/LDEV level, and you don't have that with CUPS on HP-UX."

Anderson has faith that learning more about CUPS will uncover a solution. "One plus for CUPS, it does make the applications more portable," he added.

There's one set of tasks can solve the problem without buying a commercial spooler for Unix, but you'll need experience with adding PCL codes and control of page layouts. Hassell explains:

Yes, [on HP-UX] it's the old, "Why doesn't Printer 2 print like Printer 3?" problem. So unlike the Mighty MPE system, where there is an interface to control prepends and postpends, in HP-UX you'll be editing the model.orig directory where each printer's script is located. It just ASMOS (A Simple Matter of Scripting). The good news is that you already have experience adding these PCL codes and you understand what it takes to control logical page layouts. The model.orig directory is located in /etc/lp/interface/model.orig

What Anderson needs to accomplish in his migration is the setup of multiple config environments for each printer, all to make "an HP-UX spooler send printer init/reset instructions to the printer, before and after the print job. In other words: one or more printer names, each configured differently, yet all point to the same device."

You won't get that for HP-UX without scripting, the experts are saying, or an external spooling server under Linux, or a third party indie spooler product. 

3000 managers who want third party expertise to support a vast array of print devices are well served to look at ESPUL and PrintPath spooling software from veteran 3000 developer Rich Corn at RAC Consulting. Corn's the best at controlling spoolfiles for 3000s, and he takes networked printing to a new level with PrintPath. Plenty of 3000 sites never needed to know all that his work could do, however -- because that MPE spooler looks plenty robust compared to what's inside the Unix toolbox.

Posted by Ron Seybold at 01:56 PM in Migration, Web Resources | Permalink | Comments (0)