Macro 4’s session manager Tubes improves mainframe security through easy roll-out of multi-factor authentication (MFA)

Tubes for z/OS is fully enabled for MFA, and comes with real-time Splunk reporting for monitoring application access

Crawley, UK, July 25, 2018 – Macro 4, a division of UNICOM® Global, has launched a new version of the Tubes for z/OS session management software that enables enterprises to quickly roll out IBM’s multi-factor authentication system for z/OS as they bid to make access to mainframe applications more secure.

Tubes for z/OS 7.8 has a new multi-factor authentication capability which provides a simple way for organizations to introduce additional security tests or ‘factors’, such as a randomized PIN or a fingerprint scan, to strengthen mainframe access security.

According to Keith Banham, Mainframe R&D Manager at Macro 4, improving security is a growing priority as modernization initiatives are exposing mainframe applications to new threats:
“Mainframe applications are becoming much more connected to the outside world, with users logging on from outside the data center on mobile devices. That’s great for digital business but this increased openness also provides more opportunities for hackers, so you need to strengthen your defenses.

“Tighter regulatory controls such as the GDPR are also raising the bar for security. Companies need to demonstrate that they’re using advanced access mechanisms such as multi-factor authentication to safeguard data privacy and security.

“There’s widespread recognition that the old single factor static password authentication system is no longer fit for purpose. In a poll of mainframe users we conducted last year, 67 per cent agreed that MFA is an important additional security measure.”

The Tubes session manager controls user access to all of an organization’s mainframe applications through a single sign-on, so rolling out MFA through Tubes saves effort and reduces risk as no additional systems changes are required, explained Banham:

“Many organizations will be running numerous applications on the mainframe, so trying to implement the new MFA system on each one individually – involving separately configuring and testing every application – would be a massive challenge. If they use a session manager such as Tubes to control end-user access to applications, then they only need to configure MFA in one place – Tubes – and the job’s done.

”Some older applications don’t support MFA at all, so more systems changes are needed to make them compatible. And do you really want to risk touching those old systems? With Tubes you’re talking about a few minutes’ work rather than weeks or months of effort.”

Introducing MFA through the Tubes session manager also minimizes the impact on users as it avoids the inconvenience of re-authenticating every time they log on to a different application, said Banham:
“Say you work with several mainframe applications and for each one you have to get a new access code from your mobile phone or pinpad every time you log on. The time all adds up and it can be frustrating, as well as reducing productivity. The beauty of using a session manager such as Tubes is that users need to go through the MFA authentication process only once and they are then automatically logged into any of the applications they are authorized to use.”

The Tubes software provides additional capabilities to make the introduction of MFA a more user-friendly experience. Help and guidance or reminder messages about the new authentication process can be easily added to the Tubes login screen, helping to reduce end-user frustration and wasted time as well as potentially reducing calls to the helpdesk.

The new version of Tubes also supports real-time management reporting through Splunk, allowing systems administrators to monitor and analyze application access from an easy-to-understand graphical dashboard. For example, information such as the patterns of access to specific applications can be used to identify suspicious online behavior, and response time data can be analyzed to assist capacity planning and performance management. Tubes management reporting also supports all leading business intelligence and reporting tools, including TIBCO JasperReports and Oracle Business Intelligence.

Tubes is a leading session management solution that provides secure, user-friendly access to mainframe applications. From a single sign-on, users can log in to all the applications they are authorized to access and switch easily from one application session to another, with no loss of context. An optional browser interface offers a way to instantly web enable mainframe applications; users are no longer tied to a computer running a terminal emulator and can access their applications from any PC or mobile device.

Due to its advanced functionality, Tubes dominates the session management replacement market and provides a fast and straightforward migration path for discontinued session managers such as IBM Session Manager.

The comprehensive session management capabilities of Tubes for z/OS 7.8 are also available in UNICOM’s latest offering, the Universal Gateway (UniGW®). UniGW® is a management dashboard designed to provide real-time insights into operational business performance.


Splunk application access reporting for Tubes for zOS


Macro 4 data management solution InSync helps IBM mainframe shops improve data governance as they embrace stricter privacy rules

InSync® includes support for Splunk reporting and enhanced features for test data generation and anonymization

Crawley, UK, July 10, 2018 – Macro 4, a division of UNICOM® Global, has introduced a new release of InSync®, the data management and manipulation solution for IBM Z. InSync 6.9 includes enhanced features to help mainframe users improve data governance as they seek to embrace stricter data privacy regulations such as the General Data Protection Regulation (GDPR).

To make it easy for companies to track and analyze all data manipulation activities in test and production environments, the new release supports real-time management reporting through Splunk, with easy-to-understand graphical dashboards. InSync management reporting also supports all leading business intelligence and reporting tools, including TIBCO JasperReports and Oracle Business Intelligence.

“InSync’s new reporting features enable companies to keep a close watch over which data sets are being handled, by which technicians, and to monitor the processes that are being applied to them,” explained Keith Banham, Mainframe Development Manager at Macro 4. “For example, are data privacy processes being correctly applied, such as the anonymization of personal data from the production environment before it is used in software testing by development teams?”

Where production data has to be anonymized, for example in application testing or when diagnosing data errors, InSync provides a data privacy function that allows the IT department to centrally define and administer how data sets from Db2, z/OS and now IMS databases are disguised. This ensures that every time someone accesses the data it is automatically disguised according to pre-defined rules.

In InSync 6.9 individual developers now also have the flexibility to define their own rules to disguise data when working on extracts from files that include sensitive data such as personal details.
A new bulk data creation facility within InSync allows development teams to generate sample test data easily and quickly without the need to create records from scratch or to copy production data. From a single data record the software can create multiple new records for testing purposes, using randomization or specific rules, which saves time and supports data privacy:

“If you have to do it manually, generating usable test data is often a long and laborious process that slows down software development,” said Keith Banham. “InSync can generate thousands of unique test records from a single record in just a few seconds – something that could take days if done manually.”

InSync is a comprehensive and cost effective data management and manipulation solution for IBM Z data sources including Db2, IMS, WebSphere MQ and other z/OS files. It is part of Macro 4’s integrated suite for mainframe fault analysis and testing.


InSync management reporting through Splunk







Macro 4 is partnering with IBM to deliver a legacy application decommissioning solution powered by IBM Watson for analytics and business insights

The new solution teams Macro 4’s Columbus software with IBM Watson Analytics and IBM Cloud Object Storage

Macro 4, a division of UNICOM global, is partnering with IBM to offer a joint legacy application decommissioning solution that enables organizations to retire legacy applications while keeping the data alive and available to IBM Watson Analytics to mine for business insights. The data is moved to Columbus, Macro 4’s secure content repository, either in the cloud or on premise, from where it remains accessible to end users for operational reasons such as answering customer queries.

”Legacy applications are a huge challenge for many organizations. Old technology is potentially non-compliant, and a security risk. Legacy apps divert resources away from innovation and can be costly to maintain. At the same time, they lock away important data that could provide valuable business intelligence,” said Darren Jack, Professional Services Manager at Macro 4, which is a long-standing IBM Business Partner.

”Gartner predicted that between 2016 and 2020 IT organizations would decommission more than three times the number of applications they did between 2000 and 2016, and we’re also seeing an increase on the ground. Technology upheaval caused by digital transformation and the drive to rationalize IT to support GDPR compliance are both contributory factors,” said Darren Jack.

The new joint legacy application decommissioning solution ensures business continuity by retaining legacy data in its original context and making it easy for end users to access, from a web interface and mobile app.

Macro 4’s professional services team follows a structured process to identify all legacy information that will be required going forward, for compliance, operational reasons or analysis. Visual layouts are then designed; these can either replicate the original application screens or be enhanced to improve usability. Once the data has been transferred to the Columbus content repository the original legacy applications are retired.

Data from all decommissioned applications is stored and managed centrally, providing a single source of legacy information that can be analyzed by IBM Watson Analytics, which uses artificial intelligence to extract deep business insights. IBM Watson Analytics is designed to sweep through vast quantities of data, making it well suited to analyzing many years of historical data generated by legacy applications.

”Legacy application decommissioning doesn’t mean getting rid of data – far from it,” said Jonathan Clark, Business Development Manager at Macro 4. ”It just means moving it to a specialist content repository where it’s easier to manage, quicker to access, and cheaper to run. Many of the organizations we work with have multiple legacy applications, so the cost savings are very significant.”

”In business intelligence terms, we see legacy data as being an important part of the total view of information available, frequently providing valuable insights. With IBM Watson Analytics, it is not a question of being told what insights you can derive from your data; instead the starting point is: what insights do you want?”

Macro 4’s Columbus content repository can be located on a server on premise, or in the cloud. The joint solution provides customers with the option of running Columbus on IBM Cloud Object Storage, which is a highly scalable cloud storage service, designed for durability, resilience and security. Moving data into the cloud offers the potential for additional savings compared with on-site storage.

Columbus has an integral information lifecycle management capability that allows organizations to apply retention rules to comply with regulatory data retention requirements and to ensure that data is deleted when it has no further useful purpose, in line with the GDPR principle of data minimization. Sensitive data can also be redacted for security or compliance reasons.
For more information about the joint legacy application decommissioning solution from Macro 4 and IBM, contact or call +46-(0)8-5560 5500.

About Macro 4 application decommissioning:
Macro 4 has over fifteen years’ experience in successfully delivery legacy application decommissioning projects of all sizes, providing a secure and cost-effective solution for retaining legacy data from any business application that needs to be retired.