Townsend Brings Modern Crypto Capabilities To Legacy RPG Apps

The field-level encryption capability that IBM introduced with IBM i 7.1 is a powerful tool for securing sensitive data. However, IBM i shops that have not modernized their legacy RPG applications with SQL access methods find it difficult to use. That should change with new technology coming out of Townsend Security this week at the COMMON conference in New Orleans.

The DB2 field procedure exit point that IBM launched in 2010 helped a lot of IBM i shops to encrypt their data on a field-level. The capability to encrypt pieces of sensitive data residing in particular parts of their DB2 for i databases, while leaving other pieces of data untouched, was a blessing to companies in retail, healthcare, and financial services industries struggling to comply with tough new security mandates.

However, the FieldProc came with a catch. While it worked just fine if your IBM i application accessed data via SQL calls, it didn’t work quite so well for older RPG applications using native I/O methods to access the database. The FieldProc method proved especially troublesome for companies that organized their databases in a particular way–when they built column-level indexes for sensitive data.

Patrick Townsend, the CEO and founder of Townsend Security, explains the significance. “Many–perhaps most–IBM i customers have not been able to leverage FieldProc automatic encryption because of the inherent limitations in legacy RPG I/O,” he tells IT Jungle via email. “Encrypted indexes just don’t work as expected with the older I/O model.”

IBM’s path forward for these IBM i shops entails re-engineering RPG applications to use the SQL Query Engine (SQE). “But this means a huge investment for most IBM i customers that provides little in the way of business improvement,” Townsend adds. “So most IBM i customers have been on the sidelines.”

So Townsend decided to do something about it, using another relatively recent piece of IBM technology: Rational Open Access: RPG Edition, which is sometimes called OAR, ROAR, or RPG OA.

How Townsend Security implemented OAR to streamline access to FieldProc.

OAR, you will remember, is a modernization tool that enables IBM i shops to bypass native RPG I/O and create intermediary programs, called “handlers,” that enable the RPG application to communicate with a device for which it wouldn’t normally be able to communicate in a native manner. The 5250 data stream, of course, is not an ideal way to communicate with modern Web browsers and mobile devices, which were the primary targets that IBM envisioned OAR to be used with.

But IBM was clear that Web and mobile clients weren’t the only uses for OAR, and it appears that Townsend has hit on another. To that end, yesterday Townsend announced that it has used OAR to enable RPG apps to bypass native I/O and instead talk SQL. The OAR handler that Townsend developed appears as an F spec in the RPG code, and essentially makes the RPG application look like it talks SQL to the database via the SQL Query Engine (SQE). In this manner, Townsend enables older RPG applications to work with the FieldProc via SQL.

Here’s how the company describes it:

“The Townsend Security solution maps legacy RPG file operations like CHAIN, SETLL and other operations to native SQL statements, while preserving the functional integrity of the original RPG business logic. This means that IBM i customers can install the Townsend Security code, make one line of change to their application source code, and effectively convert the application to SQL,” the company says.

The result of all this, Patrick Townsend says, is a simple solution to a complex problem. “It’s like magic,” Townsend says. “Many IBM i customers have struggled with the implementation of encryption using FieldProc because of the limitations of RPG applications, which use encrypted indexes. For most of our customers, this will open the way to deploying encryption with a minimum of disruption. IBM i customers have a huge business investment in RPG applications.”

Townsend Security is now selling this FieldProc solution in AES/400, its flagship encryption software for IBM i. AES/400 implements a set of AES encryption APIs and supports for encrypting save files, IFS files, and tape files. The software works with local key stores as well as Alliance Key Manager, which is the company’s FIPS 140-2-compliant key manager solution.

The company is also starting an early adopter program for the new FieldProc capability. If you’re interested in joining it, you can contact Townsend at the company’s website, www.townsendsecurity.com.

RELATED STORIES

File Integrity Monitoring Comes to IBM i

Townsend Automates IBM i Encryption with ‘Field Proc’