Beruflich Dokumente
Kultur Dokumente
Ed Hallock
Director, Product Management
1
Housekeeping
Webcast Audio:
Todays webcast audio is streamed through your computer speakers.
If you need technical assistance with the web interface or audio, please reach out
to us using the chat window.
Questions Welcome:
Submit your questions at any time during the presentation using the chat window.
We will answer them during our Q&A session following the presentations.
Recording and Slides:
This webcast is being recorded. You will receive an email following the webcast
with a link to download both the recording and the slides.
Introducing Ironstream
Ironstream for z/OS and Enterprise Security
Ironstream for IT Operations Analytics
Ironstream for IT Service Intelligence
Q&A
3
Syncsort Confidential and Proprietary - do not copy or distribute
Big Iron to Big Data Analytics Challenge
4
Syncsort Confidential and Proprietary - do not copy or distribute
What Has Been Done in the Past?
Performance Monitors
Proactively analyze and manage z/OS
operating systems, databases other z/OS sub-
systems for optimal performance
Very good at detecting bottlenecks and other
potential performance problems in z/OS, CICS,
IMS, DB2, MQ, Storage, etc.
Most include historical reporting and trending
facilities but that is typically limited to a
subset of the data that the monitor collects
Capacity Planning Tools
Next day, next week, next month reporting of
offloaded SMF data
Event Management Systems
Alert management
5
Syncsort Confidential and Proprietary - do not copy or distribute
Challenges with these Legacy Technologies
6
Syncsort Confidential and Proprietary - do not copy or distribute
What is Needed?
7
Syncsort Confidential and Proprietary - do not copy or distribute
Splunking Your Mainframe Data into
The Industry-Leading Platform For Machine Data
Security GPS
Servers
Location
Packaged
Networks Applications
Desktops
Private Storage
Messaging Custom
Cloud Apps
RFID
Telecoms Mainframe
Online Energy
Shopping Meters Platform Support (Apps / API / SDKs)
Cart Databases
Web
Call Detail Enterprise Scalability
Records
Public Clickstreams
Cloud Smartphones Universal Indexing
and Devices
8
Syncsort Confidential and Proprietary - do not copy or distribute
Critical Mainframe Data
Normalized and Streamed to Splunk with Ironstream
Ironstream
SYSOUT DB2 USS Alerts
API
Assembler
C
COBOL
REXX
50+
Up to 50,000
types
values
Ironstream: Architectural Overview
Enterprise Security
TCP/IP
(SSL) ACK
Mainframe
z/OS
DataForwarder
Data Forwarder DCE IDT
Data Forwarder
Data Collection Extension Ironstream Desktop
SYSLOG SMF RMF File Log4j SYSOUT DB2 USS Alerts Ironstream API
SYSLOGD Load
Assembler
logs C
COBOL
security REXX
10
Syncsort Confidential and Proprietary - do not copy or distribute
Primary Use Cases for z/OS Log Data
11
Syncsort Confidential and Proprietary - do not copy or distribute
IRONSTREAM Z/OS SECURITY &
SPLUNK ENTERPRISE SECURITY
12
Syncsort Confidential and Proprietary - do not copy or distribute
Security Issues You Can Monitor with Ironstream
Intrusion Detection
TSO logon tracking
TSO account change activity
FTP authentications and file transfers
IP traffic analysis
Network events
13
Syncsort Confidential and Proprietary - do not copy or distribute
Ironstream z/OS Security App
14
Syncsort Confidential and Proprietary - do not copy or distribute
z/OS Security Dashboard
15
Syncsort Confidential and Proprietary - do not copy or distribute
z/OS Security Dashboard
Job Initiations
FTP Transfer Activity
FTP Session Activity
16
Syncsort Confidential and Proprietary - do not copy or distribute
Ironstream z/OS Security & Splunk Enterprise Security App
All collected data sources can also be mapped to Splunk CIM for
Enterprise Security and automatically exposed in ES dashboards
along with security information from other platforms
Requires the Ironstream TA for Splunk Enterprise Security
to be installed
Provides an enterprise-wide, integrated view of security
across all platforms via ES dashboards provided by Splunk
17
Syncsort Confidential and Proprietary - do not copy or distribute
Sample Intrusion Center Dashboard With Splunk Enterprise Security
18
Syncsort Confidential and Proprietary - do not copy or distribute
Sample Security Posture Dashboard With Splunk Enterprise Security
19
Syncsort Confidential and Proprietary - do not copy or distribute
IT OPERATIONS ANALYTICS
20
Syncsort Confidential and Proprietary - do not copy or distribute
What Can You with IT Operations Analytics?
21
Syncsort Confidential and Proprietary - do not copy or distribute
Operational Analytics: RACF Violations and Message Trends
Data Source: SYSLOG
Trend message volumes today vs. same time last week and 2 weeks ago
22
Syncsort Confidential and Proprietary - do not copy or distribute
Operational Analytics: Job Monitor for SLA Tracking
Data Source: SMF Type 30
23
Syncsort Confidential and Proprietary - do not copy or distribute
Application Monitoring: DB2 Performance
Data Source: SMF Type 100, 101, 102
Logging Rate Uncommitted Lock State Escalations
Records by Plan
Lock Contention
Unavailable
Resources
24
Syncsort Confidential and Proprietary - do not copy or distribute
Application Monitoring: CICS Transaction Analysis
Data Source: SMF Type 110
Transaction Rates CPU Usage by Transaction
25
Syncsort Confidential and Proprietary - do not copy or distribute
IT SERVICE INTELLIGENCE (ITSI)
Why is IT Service Intelligence Critical?
27
Syncsort Confidential and Proprietary - do not copy or distribute
Ironstream Integration with Splunk ITSI
31
Ironstream Apps Are Now On Splunk App Store (splunkbase)
https://splunkbase.splunk.com/
Search Syncsort
32
Syncsort Confidential and Proprietary - do not copy or distribute
Ironstream Applications on splunkbase
Syslog
RACF violations and message trends
CICS Region Monitor
CICS Region Health Check
CICS Region transaction rates, response times, CPU usage, & failures
MQ Monitor
Queue depths and response time
Message Get/Put rates and CPU use
Ability to filter by connection name and queue name
http://www.syncsort.com/en/TestDrive/Ironstream-Starter-Edition
35
Syncsort Confidential and Proprietary - do not copy or distribute
THANK YOU!
36
Syncsort Confidential and Proprietary - do not copy or distribute