February 2015 will see thousands of IT professionals descend on Las Vegas for IBM Interconnect 2015: The Premier Cloud and Mobile Conference. Interconnect combines three dynamic IBM conferences – Impact, Innovate and Pulse – into a single event for 2015 to become a more comprehensive and collaborative conference. Interconnect 2015 will provide a richer experience for attendees, allowing them to join the largest community embodying the full life-cycle of IT, assets and infrastructure — from Development to Architecture to Operations.

Having exhibited at Pulse for the past three years, Elyzium is delighted be sponsoring Interconnect 2015. With 8 streams and 42 tracks containing 1500+ technical sessions, hundreds of hands-on labs and certification opportunities, and unlimited peer and expert networking, Interconnect will provide the best in education, networking and exhibits, and all at a single event.

If that’s not enough to tempt you to come along, then the icing on the cake will be provided in the form of exclusive evening entertainment featuring legendary rock band Aerosmith! It doesn’t get much better than that! For further information, including full agenda details, and to register please visit the Interconnect website. Plus, if you register before December 31st you will receive a $200 discount. Watch this space for further details in the New Year, and we hope to see you there!

If you need any further information or have any questions then please don’t hesitate to ask.

THE CHALLENGE
Clarks, a leading UK footwear retailer, had been successfully using Tivoli Workload Scheduler (TWS) to manage their job scheduling requirements for a number of years. But with the end of support date for their original TWS implementation being imminent, along with increased demands on the business brought about by globalisation and the dramatic rise of eCommerce, Clarks required an enhanced solution to support their 24x7 business, increase efficiencies, and provide a strategic, future-proof Workload Automation platform going forward.

THE SOLUTION
Elyzium worked closely with the team at Clarks to design a solution with an architecture capable of supporting its growing worldwide business. A detailed plan was produced to ensure that the upgrade from Tivoli Workload Scheduler version 8.4 to version 9.1 could be executed without any risk to the business, and covered the requirements, and education needs, of all stakeholders within the organisation from both a technical and business perspective. Working closely with Clarks, Elyzium managed and implemented version 9.1 in both their test and production environments, whilst ensuring that all existing workload schedules were migrated across successfully, and without any downtime.

“It was important for us to work with a partner with the best skills and expertise to understand our complex environment. Elyzium demonstrated this expertise from the outset, they worked closely with our internal team to understand our requirements and suggest how to best use 9.1.  Throughout the project Elyzium’s expertise helped ensure the migration from 8.4 to 9.1 went smoothly without any impact to our business.”

THE BUSINESS OUTCOME

1. More flexible and agile IT Workload Automation solution
2. Increased resilience through implementation of a Backup Master Domain Manager with DB2 HADR
3. Ability to cater for existing and future Workload Automation needs

If you have any questions or would like to hear more, then just give us a call or drop us a line.

VULNERABILITIES FOR TWS DISTRIBUTED WITH WEBSPHERE APPLICATION SERVER: 

On a recent product update call with IBM, we were informed of an important change to TWS4APPS 

Multiple IBM WebSphere Application Server vulnerabilities have been discovered due to Java exposures. Users of Tivoli Workload Scheduler need to be aware since these vulnerabilities may impact TWS by affecting communications between eWAS and subcomponents through Java exposures. Versions 8.4.0 to 8.60 of TWS, TDWC and TWS z/OS Connector are affected.

Details of the individual vulnerabilities are as follows:

1. A vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers potentially allows an attacker to predict the output of the random number generator under certain circumstances
2. An unspecified vulnerability related to the JNDI component has partial confidentiality impact, partial integrity impact, and no availability impact
3. Three unspecified vulnerabilities related to the Security component have partial confidentiality impact, partial integrity impact, and no availability impact

The issues have been fixed by updating Java inside eWAS installed with the latest fixpack version of TWS. IBM advise that it should be installed after the Limited Availability fix IV61280 has been applied. For further information you can view the official IBM alert here.

VULNERABILITIES FOR TWS WITH SSLv3 ENABLED:

If you have enabled SSLv3 within TWS, then you need to take action to remediate a vulnerability that has been referred to as the Padding Oracle on Downgraded Legacy Encryption (POODLE) attack. This vulnerability has the potential to allow a remote attacker to obtain sensitive information, when using the SSLv3 protocol, and has been caused by a design error. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE attack to decrypt SSL sessions and access the plaintext of encrypted connections. Further details of the vulnerability, along with details of affected versions and fixes can be found by viewing the IBM announcement here.

If you are unsure whether your organisation is affected by these vulnerabilities, have any questions, or require assistance in remediation, then please call +44 (0)8452 696536 or email support@elyzium.co.uk.