Bsafe Updates Security Tools for i OS

May 16, 2008 Alex Woodie

Bsafe Information Systems issued a major new release of Bsafe Enterprise Security, its integrated suite of security software for IBM‘s i operating system (formerly i5/OS), at the COMMON conference in Tennessee last month. With version 5.6, Bsafe has introduced several new features that will make the security and audit processes faster and less painful, including new ways to replicate i OS security settings among multiple partitions or boxes, a new centralized reporting module, and better support for Windows in the auditing tool.

Bsafe Information Systems is a security software company headquartered in Herzliya, Israel, with United States offices in New Jersey. The company’s primary offering is Bsafe Enterprise Security, a suite of 19 modules designed to help organizations clamp down the security exposures of their i-based Power Systems servers (formerly System i, i5, iSeries, and AS/400). The tool also provides some support for securing IBM mainframe, Linux, and Windows servers, but it offers the most functionality for i (the operating system formerly known as i5/OS).

Bsafe has made several major enhancements with version 5.6, which started shipping during the same time frame as the COMMON conference, although the company did not make a formal announcement at that event. The bulk of the enhancements are geared toward simplifying some of the day-to-day activities faced by systems administrators and security professionals operating medium to large i-based Power Systems (System i, iSeries), especially those running multiple i-based Power Systems servers, those who make extensive use of logical partitioning (LPAR), and those looking to unite all of their servers–i, Linux, mainframe, Windows–under a single common reporting tool for the sake of simplifying regulatory compliance tasks.

One of the enhancements–better support for Windows in the Cross Platform Audit (CPA) module–is aimed directly at regulatory compliance initiatives. The CPA module, which BSafe launched about a year ago, assists administrators by collecting, consolidating, and presenting security-related log data from multiple systems.

The first release of CPA offered some support for Windows, including the capability to monitor Windows logs, according to information Bsafe provided IT Jungle last year. With the new version of CPA, the product has been enhanced to support SQL Server and Active Directory, two crucial elements of the Windows stack. CPA itself runs on the Windows/SQL Server platform.

Multiple Systems Management

Streamlined management of i OS security configuration settings across multiple i OS servers or i OS logical partitions is another new feature of Bsafe Enterprise Security 5.6.

Thanks to a new feature called the Multiple Systems Management (MSM) console, administrators can replicate basic security settings–including system values, user profile attributes, and object authority attributes–across multiple systems through the manipulation of templates.

The graphical MSM console enables administrators to create templates that define security settings on individual servers, or groups of systems or logical partitions. The administrator sets the security configuration the way he wants it, and then he’s free to apply that template to any number of different groups defined within the system (which is accomplished through dragging and dropping on the GUI).

So if a company has three logical partitions used for finance, and four used for manufacturing, and they want common access rules across each of them, they can use MSM to accomplish that quickly across these seven systems, without the need to configure them manually, according to Itay Karny, vice president of business development for Bsafe North America.

“So when you want to change security definitions for a system, you don’t need to go into that system, you just go into the template, or into the group,” Karny says. “So you really did nothing on the system, but, just by doing something in our software, you can apply 10 templates to a system you just installed; so you can bring something into compliance within minutes, instead of going into that system and configuring it manually.”

Bsafe Report Generator

The final bit of product news in Bsafe Enterprise Security is the introduction of a new module, called the Report Generator.

In previous releases, Bsafe built reporting capabilities directly into each of the various modules. So if an administrator wanted to generate a report cataloging the various i OS exit points the software is using, he would need to go into the Application Access Control module and go from there. This worked fine for targeted needs, and it even included a report scheduler that could eliminate much of the drudgery. But for a suite with 19 distinct (yet integrated) software modules, it left something to be desired on the centralization front.

That has been fixed with version 5.6, which introduces the new Report Generator module. This GUI console enables administrators to run reports across any of the other 18 modules, and export them as a CSV, HTML, PDF, or i OS spool file report.

In addition to consolidating reporting across the suite, the new reporting module gives administrators more flexibility when creating reports. For example, users now have the capability to sort columns, and can use Boolean logic to narrow their result sets. What’s more, the new module includes a report splitting capability that allows administrators to create separate reports out of a subset of data generated by the initial report. Lastly, Report Generator supports multiple i OS servers or logical partitions, which should make the tool more useful in larger organizations.