You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Data</strong> <strong>Masking</strong> for Adabas<br />
Becky Albin<br />
Chief IT Architect
Reporting, BI, Dashboards<br />
JDBC ODBC<br />
SQL<br />
Adabas SQL Gateway<br />
Adabas SOA Gateway<br />
Other DBMSs<br />
REST<br />
SOAP<br />
<strong>Data</strong> Access<br />
<strong>Data</strong> Virtualization<br />
<strong>Data</strong> Replication<br />
<strong>Data</strong> Synchronization<br />
Disaster Recovery<br />
Event Replicator<br />
for Adabas<br />
Production<br />
DB<br />
Non-Production<br />
Reporting DB<br />
Real-time Dashboards, BI Clients<br />
webMethods<br />
EntireX, MQ Series<br />
<strong>Data</strong> Warehouse<br />
BI<br />
RDBMS<br />
Reporting DB<br />
Disaster Recovery<br />
Oracle<br />
SQL Server<br />
DB2<br />
mySQL<br />
Sybase<br />
Teradata
Adabas Product Family<br />
Administration<br />
Adabas Manager<br />
(LUW)<br />
Adabas Online<br />
Services (MF)<br />
Adabas Transaction<br />
Manager<br />
Adabas Statistics<br />
Facility<br />
Adabas Utilities<br />
Security<br />
Adabas SAF Security<br />
Adabas Security<br />
Encryption for<br />
Entire Net-Work<br />
Monitoring<br />
Adabas Review<br />
Optimize for<br />
Infrastructure<br />
Windows<br />
Client<br />
<strong>Data</strong> Access<br />
Adabas SQL Gateway<br />
Entire Net-Work<br />
<strong>Data</strong> Integration<br />
Adabas VSAM & DL1<br />
Bridges<br />
Event Replicator for<br />
Adabas<br />
webMethods EntireX<br />
webMethods<br />
Integration Server<br />
User Interfaces<br />
Rich Internet<br />
Applications<br />
Web<br />
Browser<br />
VSAM<br />
DL/1<br />
Terminal<br />
Linux, UNIX, Windows, Mainframe<br />
<strong>Data</strong> Distribution<br />
Applications<br />
3GL<br />
Services SQL<br />
RDBMs<br />
24x7 Availability<br />
Cluster Services<br />
Parallel Services<br />
Optimization<br />
Adabas Caching<br />
Facility<br />
Adabas Fastpath<br />
Adabas Vista<br />
<strong>Data</strong> Protection<br />
Adabas Delta Save<br />
<strong>Data</strong> Archiving<br />
<strong>Data</strong> <strong>Masking</strong>
<strong>Data</strong> <strong>Masking</strong> - What the Analysts say<br />
Forrester Group (Noel Yuhanna) states:<br />
“All enterprises dealing with private data in test environments should<br />
mask or generate test data to comply with regulations such as PCI,<br />
HIPAA, SOX and European Union (EU)”<br />
80% of all threats come from inside and 65% are undetected<br />
Accenture and Information Week<br />
Gartner<br />
Security breaches are increasingly coming from inside an organization<br />
70% of all security incidents come from insiders<br />
Ernst & Young<br />
An insider attack against a large company causes an average of $2.7<br />
million US in damages, whereas the average outside attack costs only<br />
$57,000
<strong>Data</strong> <strong>Masking</strong> – Why would you use it?<br />
• Improve application quality - artificially generated test data is<br />
usually insufficient<br />
• Secure sensitive data in<br />
Development environments<br />
Test centers<br />
Offshore activities<br />
• Provide a real business data training environment without publishing<br />
sensitive data<br />
• Compliance with legal regulations such as HIPAA, SOX and others
<strong>Data</strong> <strong>Masking</strong> - Value Proposition<br />
- Ability to consistently create reduced and secured test data<br />
- Rapid masking of production data from across the enterprise to, deliver<br />
“de-identified” data for testing<br />
- Provides a repeatable and automated solution to reduce the resources<br />
needed to create test data<br />
- Easily create high quality training data with a low cost investment<br />
- Facilitates an essential and safe training environment for end-users,<br />
when using live production data for training<br />
- Reduce risk of legal exposure for compromised data
<strong>Data</strong> <strong>Masking</strong> – Current Status<br />
- General Availability end of 1 st quarter 2012<br />
- Production shops<br />
- Trial copies can be obtained; contact your <strong>Software</strong> <strong>AG</strong> Account<br />
Representative<br />
- Supported Source <strong>Data</strong>bases:<br />
Adabas<br />
Oracle<br />
DB2 (UDB and z/OS)<br />
Microsoft SQL Server<br />
MySQL<br />
Sybase<br />
Ingres<br />
SQLAnywhere<br />
Informix<br />
Cache<br />
VSAM<br />
Flat Files
<strong>Data</strong> <strong>Masking</strong> – Hype or Requirement?<br />
•Challenge<br />
High quality test data is required for:<br />
Improved application quality<br />
Test and training environments<br />
Most organizations use home-grown scrambling methods<br />
or even Production data<br />
Legal regulations do not allow use of production data<br />
Scrambling methods do not always consider semantics<br />
Applications do not always function using such data<br />
Preparation is a time consuming and inconsistent manual process<br />
Cross references are not often considered/maintained
<strong>Data</strong> <strong>Masking</strong> – Hype or Requirement?<br />
•Business aspect<br />
Business needs high quality applications<br />
Online shops are open for 24 hours a day<br />
The competition is one click away<br />
Pressure to reduce cost<br />
Creating artificial test data is expensive<br />
Manual process<br />
Each project team does more or less the same<br />
Not all use cases can be built<br />
References across tables are difficult to handle<br />
Difficult to create the same values every time<br />
Creating test data can delay projects which affects business negatively<br />
Select<br />
production<br />
data<br />
Copy<br />
production<br />
data<br />
Copied<br />
production<br />
data<br />
Mask data<br />
According<br />
to rules<br />
Masked<br />
production<br />
data<br />
<strong>Software</strong> ‘package’ needs to fulfill all requirements and have an early ROI<br />
Define<br />
rules
<strong>Data</strong> <strong>Masking</strong> – <strong>Software</strong> that fulfills the requirements<br />
•Criteria for a solution<br />
Ease-of-use<br />
Almost no training needed on the software<br />
Easy to exchange obfuscation rules with<br />
non-IT staff<br />
First results needed quickly (
<strong>Data</strong> <strong>Masking</strong> – <strong>Software</strong> that fulfills the Requirements<br />
•Criteria for a solution<br />
<strong>Data</strong> source coverage<br />
One tool, not one per database type<br />
Adabas, all market relevant RDBMS and flat<br />
files need to be supported<br />
Platform coverage<br />
Mainframe<br />
Distributed environments (LUW)<br />
Define<br />
rules<br />
Select<br />
production<br />
data<br />
Copy<br />
production<br />
data<br />
Copied<br />
production<br />
data<br />
Mask data<br />
According<br />
to rules<br />
Masked<br />
production<br />
data
<strong>Data</strong> <strong>Masking</strong> – <strong>Software</strong> that fulfills the Requirements<br />
•Criteria for a solution<br />
A rich set of rules need to be available<br />
Replacement<br />
Custom functions/Seed tables<br />
Hashing<br />
Translation<br />
Substitution<br />
Multi-table columns<br />
ZIP code<br />
Credit cards number manipulation<br />
Social security number manipulation<br />
Random numeric/text<br />
Etc.<br />
Define<br />
rules<br />
Select<br />
production<br />
data<br />
Copy<br />
production<br />
data<br />
Copied<br />
production<br />
data<br />
Mask data<br />
According<br />
to rules<br />
Masked<br />
production<br />
data
<strong>Data</strong> <strong>Masking</strong> – <strong>Data</strong> <strong>Masking</strong> for Adabas<br />
•A solution that fulfills the criteria<br />
Supports the requested rules<br />
Extended features are available<br />
Cross reference masking beyond Referential<br />
Integrity<br />
Reference data can be used<br />
Using “where” clauses<br />
Ease to learn and run<br />
Use a sophisticated user interface to define<br />
rules and run-time option<br />
Non-IT professionals understand rules easily<br />
Run the masking process as a background task<br />
Using a simulation before changing data in a database<br />
Define<br />
rules<br />
Select<br />
production<br />
data<br />
Copy<br />
production<br />
data<br />
Copied<br />
production<br />
data<br />
Mask data<br />
According<br />
to rules<br />
Masked<br />
production<br />
data
<strong>Data</strong> <strong>Masking</strong> – <strong>Data</strong> <strong>Masking</strong> for Adabas<br />
•A successful approach requires knowledge of your data<br />
Which data is sensitive and need to be masked?<br />
Which columns contain what?<br />
Which relationship consists between data,<br />
maybe across tables?<br />
Are there invalid data in your data sources?<br />
What is the goal?<br />
Test a new part of an application<br />
Achieve legal compliance<br />
Ready to start?<br />
Define<br />
rules<br />
Select<br />
production<br />
data<br />
Copy<br />
production<br />
data<br />
Copied<br />
production<br />
data<br />
Mask data<br />
According<br />
to rules<br />
Masked<br />
production<br />
data
Close a Gap<br />
Provide what’s required – Hide what’s necessary<br />
Provide high quality test data<br />
Test<br />
Application<br />
Enhance<br />
Production<br />
Application<br />
Masked Copy of Production<br />
Use<br />
Adabas Tools<br />
to create<br />
Production<br />
<strong>Data</strong><br />
<strong>Masking</strong><br />
Rules<br />
Run-time parameter<br />
Meta-data<br />
<strong>Data</strong><br />
Mapping<br />
Protect sensitive production data
<strong>Data</strong> <strong>Masking</strong> for Adabas Architecture<br />
Production<br />
Application<br />
Adabas<br />
Nucleus<br />
Production<br />
Adabas Tools<br />
to create<br />
Test<br />
Application<br />
Adabas<br />
Nucleus<br />
Copy Masked<br />
Production Production<br />
Adabas<br />
SQL<br />
Gateway<br />
<strong>Data</strong> Server<br />
Adabas<br />
SQL<br />
Gateway<br />
SQL Engine<br />
Meta-data<br />
Repository<br />
<strong>Masking</strong><br />
Engine<br />
Rules<br />
Run-time Options<br />
Mainframe / Distributed Environments Distributed Environments<br />
Mapping<br />
Tool
Prepare your <strong>Data</strong>base Environment<br />
• Create a copy of the ‘production’ Adabas database<br />
• Define the file/table “GTSRC_XREF” for cross reference masking<br />
<strong>Masking</strong> data consistently across different tables<br />
• Prepare an Adabas SQL Gateway meta-data repository (CDD)
Getting familiar with the SDM Environment<br />
• Structure after installation<br />
Windows/Linux/Unix<br />
Main directory contains<br />
The software<br />
“connect” file<br />
A number of home-grown test cases<br />
Sub-directories<br />
Audits result file if defined<br />
Backups backup of rule files<br />
DDM Natural DDMs<br />
Errorlogs<br />
Logs run logs<br />
Seedtables contains a number of reference data
Getting familiar with the SDM Environment<br />
Start Mapping Process<br />
connectAdabas<br />
GTMAPPER is the tool to define masking rules and<br />
run-time options<br />
Start the Mapper, select the appropriate connect<br />
file and “Connect”<br />
“connect” parameter file<br />
The connectAdabas file is used to<br />
connect to the Adabas SQL Gateway<br />
User name, password, default schema<br />
are defined in the Adabas SQL Gateway<br />
meta-data repository (CDD)<br />
Host refers to the JDBC definition<br />
made through the “DSNRegistry” tool
Simple <strong>Data</strong> <strong>Masking</strong> – Getting Started<br />
Connect to the Meta data<br />
repository of the Adabas SQL<br />
Gateway<br />
Open rules file if available<br />
Define rules<br />
Define run-time options<br />
Save rules and options in files<br />
Run the masking process
Getting familiar with the SDM Environment<br />
Define Rules - Main Functions<br />
Select a Table<br />
Select a Column<br />
Select a Rule<br />
Define Values<br />
or<br />
Open an existing File
Getting familiar with the SDM Environment<br />
Define Run-time Options<br />
Define Audit Option<br />
Define Reference File<br />
Cross Connection File<br />
Define Reference<br />
Table<br />
Specify update mode<br />
or<br />
Open an existing File
Getting familiar with the SDM Environment<br />
Define Rules - Main Functions<br />
Save Definitions<br />
Close the GTMAPPER<br />
Check Parameter<br />
Run <strong>Masking</strong><br />
Check Results<br />
The save operation creates<br />
A file containing<br />
- Rules<br />
- Run-time Options<br />
- Start Script
SDM – Auditing and Logging Options<br />
Depending on the option<br />
An audit file is generated<br />
containing all actions along<br />
with the original and the<br />
new values<br />
Log files are written which<br />
contain information about<br />
the masking run and possible<br />
errors
Next Steps<br />
Order a test copy of <strong>Data</strong> masking for Adabas<br />
Get assistance if needed<br />
Saving money by reducing project time<br />
Reduce demands on application staff<br />
Improve application quality<br />
Achieve compliance
<strong>Data</strong> Archiving for Adabas
<strong>Data</strong> Archiving for Adabas<br />
Terminology<br />
• Source database<br />
One or more Adabas production database(s) where the daily business runs on<br />
• VAULT<br />
Intermediate Store – an Adabas database either on the same computer or a<br />
different one<br />
Vault – a offline store – a set of intelligently managed files / data sets<br />
This is part of the product. The only pre-requisite is disk space.<br />
• User Interface - “The dashboard”<br />
For defining, managing, running and monitor archiving tasks. It is part of the<br />
product<br />
| <strong>Data</strong> Archiving Insight |May 2010 | 27
<strong>Data</strong> Archiving for Adabas<br />
More Terminology<br />
• EXTRACT<br />
Read selected data from the source database and file(s)<br />
• ARCHIVE<br />
Writes extracted data to either an intermediate store or a vault<br />
Does NOT remove the records from the Source<br />
• TRANSFER<br />
Move or Copy to ADABAS<br />
| <strong>Data</strong> Archiving Insight |May 2010 | 28
Dynamic Extraction Syntax Examples<br />
-------------------------------------------------------------------------------<br />
+++ Using integer variables<br />
-------------------------------------------------------------------------------<br />
/* Pick out all PEOPLE in Derby who have a car between 1980-82*/<br />
INT[0] = 1980;<br />
INT[1] = 1982;<br />
EXTRACT PEOPLE( PEOPLE.AJ == "DERBY")<br />
{<br />
}<br />
EXTRACT CARS (CARS.AC == PEOPLE.AA)<br />
{<br />
}<br />
/* Archive all CARS registered between 1980 - 1982*/<br />
IF(CARS.<strong>AG</strong> >= INT[1])<br />
{<br />
}<br />
ELSE<br />
{<br />
}<br />
ARCHIVE CARS[*];<br />
/* Delete all CARS registered before 1980 */<br />
IF(INT[0]
Dynamic Extraction Syntax Examples<br />
-------------------------------------------------------------------------------<br />
+++ REMOVE records from a file<br />
-------------------------------------------------------------------------------<br />
EXTRACT PEOPLE (PEOPLE.AJ == "DERBY")<br />
{<br />
}<br />
EXTRACT CARS (CARS.AC == PEOPLE.AA)<br />
{<br />
}<br />
/* Only process Ford ORION 1.6 GHIA's */<br />
IF (CARS.AD == "FORD" && CARS.AE == "ORION 1.6 GHIA")<br />
{<br />
}<br />
/* Archive the records for the CARS we are about to remove */<br />
ARCHIVE CARS[*];<br />
/* Remove record from the CARS file */<br />
REMOVE CARS;<br />
| <strong>Data</strong> Archiving Insight |May 2010 | 30
Thank You!
<strong>Data</strong> Archiving for Adabas<br />
More Terminology<br />
• REMOVE<br />
Deletes the Archived records from the Source<br />
• MODIFY<br />
Change field(s) values in source records after Archive<br />
| <strong>Data</strong> Archiving Insight |May 2010 | 32
Administration User Interface<br />
• A browser based graphical tool for<br />
administrators…<br />
Define Vaults<br />
The final secure store for your historical<br />
data<br />
Define Plans<br />
A virtual folder for archiving tasks<br />
Define Actions<br />
The actual archiving task with all required<br />
details<br />
Administer the environment<br />
• Search the archive history and content<br />
• Recall content to its original form for<br />
detailed search<br />
• Observe archive activities across the<br />
enterprise<br />
| <strong>Data</strong> Archiving Insight |May 2010 | 33
Dynamic Extraction Syntax Examples<br />
EXTRACT PEOPLE(PEOPLE.AJ == "DERBY" || PEOPLE.AJ == "PARIS" ||<br />
PEOPLE.AJ == "DETROIT")<br />
{<br />
EXTRACT CARS(CARS.AC == PEOPLE.AA)<br />
{<br />
}<br />
ARCHIVE CARS[*];<br />
EXTRACT OTHER(OTHER.CA == PEOPLE.AA)<br />
{<br />
}<br />
ARCHIVE OTHER[*];<br />
ARCHIVE PEOPLE[*];<br />
| <strong>Data</strong> Archiving Insight |May 2010 | 34
Dynamic Extraction Syntax Examples<br />
-------------------------------------------------------------------------------<br />
+++ Using MODIFY to change the field values of a record<br />
-------------------------------------------------------------------------------<br />
EXTRACT PEOPLE (PEOPLE.AJ == "DERBY")<br />
{<br />
}<br />
EXTRACT CARS (CARS.AC == PEOPLE.AA)<br />
{<br />
}<br />
/* Only process Fords, Vauxhalls and Austins */<br />
IF (CARS.AD == ["FORD","VAUXHALL","AUSTIN"])<br />
{<br />
}<br />
/* Archive the current CARS records */<br />
ARCHIVE CARS[*];<br />
/* Upgrade the employees car to a Rolls Royce by modifying the record */<br />
MODIFY CARS.AD = "ROLLS ROYCE";<br />
MODIFY CARS.AE = "PHANTOM";<br />
| <strong>Data</strong> Archiving Insight |May 2010 | 35
Dynamic Extraction Syntax Examples<br />
-------------------------------------------------------------------------------<br />
+++ Using integer variables<br />
-------------------------------------------------------------------------------<br />
/* Pick out all PEOPLE in Derby who have a car between 1980-82*/<br />
INT[0] = 1980;<br />
INT[1] = 1982;<br />
EXTRACT PEOPLE( PEOPLE.AJ == "DERBY")<br />
{<br />
}<br />
EXTRACT CARS (CARS.AC == PEOPLE.AA)<br />
{<br />
}<br />
/* Archive all CARS registered between 1980 - 1982*/<br />
IF(CARS.<strong>AG</strong> >= INT[1])<br />
{<br />
}<br />
ELSE<br />
{<br />
}<br />
ARCHIVE CARS[*];<br />
/* Delete all CARS registered before 1980 */<br />
IF(INT[0]
Dynamic Extraction Syntax Examples<br />
-------------------------------------------------------------------------------<br />
+++ REMOVE records from a file<br />
-------------------------------------------------------------------------------<br />
EXTRACT PEOPLE (PEOPLE.AJ == "DERBY")<br />
{<br />
}<br />
EXTRACT CARS (CARS.AC == PEOPLE.AA)<br />
{<br />
}<br />
/* Only process Ford ORION 1.6 GHIA's */<br />
IF (CARS.AD == "FORD" && CARS.AE == "ORION 1.6 GHIA")<br />
{<br />
}<br />
/* Archive the records for the CARS we are about to remove */<br />
ARCHIVE CARS[*];<br />
/* Remove record from the CARS file */<br />
REMOVE CARS;<br />
| <strong>Data</strong> Archiving Insight |May 2010 | 37
Thank You!