After two years of the NIST cybersecurity guidelines in place, is our critical infrastructure any safer?  

The National Institute of Science and Technology Framework for Improving Critical Infrastructure Cybersecurity (aka the Framework) was released in February 2014. The Framework was developed to help critical infrastructure organizations manage cybersecurity-related risk through a prioritized, flexible, repeatable, and cost-effective approach. It consists of multiple standards, guidelines and practices that organizations can employ based on their unique assets, risk environments, resources, and priorities.

Now a little more than two years after its introduction, many stakeholders are asking themselves and the organizations who’ve adopted it, “Is it working?”

A quick review of the massive cyber-attacks and data breaches that have been reported over the past couple years might lead many to believe the answer is no.  However, I’d actually argue that the Framework is working well for those who are using it.

The Framework in action

CA Technologies recently conducted an assessment of its cybersecurity controls against the categories and subcategories of the Framework.  We found that this assessment validated a number of the processes and controls that the company has in place, and that it also aligned with areas where we were investing to improve technology processes.

We intend to continue using the Framework to help us develop new cybersecurity goals and to prioritize action plans to address the dynamic cyber threat environment and our unique priorities.

And that, I believe, is the goal of the Framework.

Organizations don’t use the Framework to completely secure themselves from all cyberattacks (an impossibility for connected organizations in today’s digital economy).  Rather, they use it to prioritize information security decisions and to maximize resiliency in the face of attacks.

Further, the Framework enables organizations to use a common lexicon to communicate cybersecurity priorities and actions throughout an enterprise (from company leadership to frontline technicians,) and with customers and suppliers.

So, if the Framework is such a great tool, to what extent is it being used, and by whom?  And how, if at all, should it be improved?

Workshop attendees weigh in

Last week, more than 900 stakeholders met at a NIST workshop to discuss awareness and use of the Framework, as well as recommendations for potential updates. Over the course of the two-day event, I picked up on a few common themes.

• NIST and other Federal agencies should continue to promote awareness and adoption of the Framework.  The Federal government should continue to engage the stakeholder community through workshops, requests for information, and other forums.  And industry supporters of the Framework should continue to evangelize its use with customers and suppliers.
• Federal agencies should accelerate efforts to align existing regulations and guidelines with the Framework.  This was a particular point of emphasis among financial services attendees at a break-out session on the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT).
• Small and medium sized businesses, which make up a significant portion of critical infrastructure providers, called for better implementation guidance and use cases to make it easier to adopt the Framework.
• Global industry participants stressed the importance of promoting flexible, risk management-based cybersecurity policies that align with global standards with other international governments. For example, the recent release of the National Cybersecurity Framework in Italy, which incorporated these principles, was a very welcome policy development.  

Updates and improvements debated

There seemed to be general consensus that it is appropriate for NIST and its industry partners to update and refresh the list of standards in the Framework, and to provide greater clarity around some of the cybersecurity outcomes listed in the subcategories.  However, the vast majority of attendees opposed a major overhaul or restructuring of the Framework, arguing that this might inhibit or undo some of the early progress that’s been made in Framework adoption.

Clearly, there is a lot of work to be done.  As strong believers in the promise of the application economy, CA Technologies recognizes the vital importance of building trust in our information systems.  Stronger cybersecurity enables this trust.  And flexible, prioritized policies such as the NIST Framework, can help provide stronger cybersecurity.

Written by Jamie Brown As director of global government relations for CA Technologies, Jamie manages cyber security, cloud computing…

Copyright © 2016 CA. All rights reserved.

Can DevOps principles be applied to the deployment of applications to the Cloud? Most definitely.

In actuality, DevOps and Cloud technologies are both striving to do the same thing: make delivering apps easier and faster. And the Cloud (whether private, public or hybrid) can become a standard part of your app delivery practices without adding overhead or risk.

The practice of delivering apps agilely

First and foremost, DevOps is a set practices, methodologies, or even ideologies designed to encourage and instill greater collaboration between development teams and IT operations.

According to Rob England, an early critic and now advocate of DevOps, “There are exciting consequences of DevOps: being more nimble, accelerating our ability to deliver, becoming better aligned with the business, giving people their life back.”

And we have real world results that back that up. Some of our customers have reported a 94% improvement in application deployment times. Release failures (risk) reduced by more than 60% and application deployment volumes increased by 300%.  These organizations also report that they iterate faster and deliver more innovative features than before.

Last year’s State of DevOps Report surveyed more than 9,200 software developers and found that DevOps organizations deploy code 30 times more frequently than practitioners of more traditional development techniques and experienced 50 percent fewer failures.

Cloud deployments: Risk or reward?

On the other hand, Cloud is also purposed as a way to introduce agility and nimbleness to software development and the business. Too often though we think of it as a way to reduce the reliance development teams (and sometimes the business itself) have on IT operations.

More of a way to bypass IT ops in order to deliver applications faster and therefore serve the needs of the business better. But, that way of thinking comes with a huge risk.

Unfortunately, IT ops often gets tagged as the “department of no”.  They are entrusted with the keys to the kingdom so to speak. Again from Rob England, old-school IT views “Anything that accelerates the rate of change or increases volatility inherently creates risk.”

But, incorporating a cloud strategy with DevOps principles, which includes IT ops, is proving we can not only deliver software faster with higher quality, but also reduce the risks of failure and compliance issues at the same time.

Taking the risk out of cloud deployments

We believe continuous delivery is the key enabler for cloud-based deployments—with release automation a primary lynchpin in that discipline. Martin Fowler defines continuous delivery as a software development discipline where software is built in such a way that the software can be released at anytime.

So if we break that down, that means that software enhancements are automatically integrated into the code stream, tested, and promoted to the next stage until ultimately it is ready to be promoted to production when the business demands it.

So where does the cloud come into the picture? In many cases you may be using a public cloud, say AWS or Azure, for your test environments and a private cloud environment like VMware behind the firewall for production.

You’ll want an integrated solution that automates the provisioning and configuration of those cloud environments and deploys the application to all test and production environments all within the same, consistent workflow.

An enterprise release automation solution will simplify the process of creating, managing and decommissioning complete, production-like environments within an application deployment workflow.

It will ensure your environments are provisioned with exactly the resources you need as you need them. It will integrate your test streams and run those tests in parallel and identify any potential conflicts while enabling you to collaborate and share the results with other stakeholders.

Finally, it should automate the promotion of the application to the next stage of the lifecycle including production, while decommissioning obsolete test environments to free up resources for other application testing—again, all within the workflow.

Cloud and DevOps principles with highly sophisticated release automation go hand-in-hand to ensure your business can compete in this new application economy.

Written by Tim Mueting As Sr. Principal Product Marketing Manager, Tim Mueting is responsible for product marketing for CA

Copyright © 2016 CA. All rights reserved.

I'm a stickler for shaving. I guess I'm forced into it as every other male on the planet is. Even if you have your hipster beard or designer stuble. At some point you are going to need to shave.  

Now I'm not here to debate wet versus dry. On my journey I have tried both and still gravitate back to wet shave.  

When money was no object I used whatever the latest Gillette was in the market.  

When money was tight I switched to King of Shaves and was delighted by the shave and cost.  

In the last two years I switched back to Gillette lured with the latest gizmo ball thing.  All seemed good. I would stomach the cost of new blades every month. But insist in my own mind that they were the best a man could get!!!  

Cue launch of Gillettes new razor with lube strips top and bottom. Just like the girls have. Big marketing gig at Waterloo station. You could not enter into Boots the chemist without going through a highly advertised archway. No mention of price. Apart from the slash priced introductory pack. 

When did find the cost of the blades I thought m@$#% f@#?€s. Ripping me off.  

I have been listening to American podcasts recently and hearing that the yanks had these mail order shave clubs such as Dollar and Harry's. At the time I looked them up in the UK but none seemed to have cudos that they bought a razor factory in Germany to make the blades. This implying that German blades are the best. A throw back to Germany's great industrial and manufacturing heritage conjoured up images of the best. 

Eventually I decided I would try a UK shave club. One that I found used a plant in Germany. I even spanked out for the old skool brush and soap. Something that I felt harked back to the manly years in the barbers when they did shaves as well. This went against my nature. As I used what I thought was the best lubrication for shaving, King of Shaves Kinexium. I have used this stuff religiously for years. Prior to this I used shaving oil, having given up on shaving gel and foam as messy, bulky and not great for a close cut and appears to increase drag.

After signing up to "The Bearded Colonel", and a couple of days later I received the package. Blades, handle, tin with spare blades, a brush and shaving soap dish with soap. 

With a good growth on my face I lathered up waited and then shaved......

....... Hmmmmmm. Lets say that I was disappointed. Being a logical person I was quickly trying to work out what was wrong and why was my face dripping with blood from lots of nicks. This was not the easy shave that the Gillette had been providing. 

I waited a couple of days and tried a second time. But still was getting the same results. I was fast coming the conclusion that perhaps the blades are sharper than I was used to. But like new TV series I decided I would give it 3-5 further attempts just in case it was a bedding in phase and I needed to get used to the blade. 

Good News

Take three and blood was non existent. I was starting to believe that the blades were sharper. I also would feel (not see) a slight razor rash, which I had not with the Gillette and the KoS Kinexium. However there is something about lathering up with a brush and then shaving away the soap that eliminated that issue of the shaving rash. 

I'm now convinced. The blades are good. The price is better than the Gillette, obviously. Its a no frills product, no gimmicky ball and suspension gadgets.

The handle is fairly minimalist unlike some of the other shave club handles I have seen. The blades have the 5 blade arrangement with a lube strip. Each blade has a blade cover to protect them when you finish the shave. The tin is like the tobacco tins you used to get but has no logos etc it. The brush is badger hair and works nicely. The shave soap is supposedly from Old Bond Street place (cynical side thinks its a branding thing). Will I get another one? Not sure. I use the Kinexium when I travel (I keep it in the tin) and soap when at home. Both work with performance. Giving the exceptional close shave. 

Will I go back to Gillette? Errrr no. I think I have found a new supplier of great blades and with minimal hassle, i.e. not shopping for the best price of the Gillette blades. And after my face and I have go used to shaving with the new blade and handle I have minimal nicks or blood. 

 

In fact, our study from 2015 showed that almost all “digital disrupters” – companies at the leading edge of innovation – had leveraged APIs to achieve twice the revenue growth of their mainstream counterparts. Digging deeper, the research also showed that the best predictor of success is not just having APIs, but having them in the context of a properly managed and coordinated API program.

APIs accelerate innovation, which in turn leads to the great digital experiences that make consumers and shareholders take notice.

Mobile apps that give us a constant link to our vehicles, finances, and families; smart devices that monitor our homes and bodies; connected sensors that allow us to track anything in physical space – these are the emerging use cases that are catapulting businesses into the realm of exponential growth.

While APIs provide the connectivity that brings these experiences to life, recent events make it painfully clear that in the absence of proper governance and management, they also become a gateway to nightmare scenarios.

What happens without API management?

One of the more vivid examples occurred just last month, when security researchers revealed that APIs used to connect the Nissan mobile app to Leaf electric vehicles were implemented without encryption or authentication.

Anyone with the server address and a vehicle identification number (VIN) could not only intercept personal data including trip logs, but also activate cabin features, anonymously and from anywhere in the world. Primary functions such as throttle, brakes, and steering were not affected this time around, but as cars become ever more autonomous, it’s easy to imagine the safety implications of future vehicle API hacks.

API management helps to restore control

As the “last mile” between mobile apps, IoT endpoints, and their backend services, APIs have rapidly become the new perimeter for today’s digital businesses. In turn, API governance and management have risen from being minor considerations to critical factors in both the design and delivery of digital experiences.

Properly implemented, API management restores perimeter awareness, security, and control to enterprises, even as they are increasingly exposed to connected “things” outside the firewall – whether those things are phones, tablets, cars, baby monitors, webcams, GPS trackers, fitness monitors, or just about any other modern product.

Of all the businesses in the world, digital disrupters from our survey have had the most experience with this kind of exposure, and it’s telling that they have concluded that proper management of APIs is critical for reducing its risks. Be one of those digital disrupters. Avoid being that Nissan guy.

For more information about the 13 essential capabilities that API management can bring to your digital initiatives, download the free API Management Playbook.

Written by David Chiu David Chiu is a Senior Principal for product marketing at CA Technologies, specializing in API…

March 10, 2016 Visit CA.com Legal Privacy Connect with us: Copyright © 2016 CA. All rights reserved.

Since the first campfires some 400,000 years ago, storytelling has plotted the evolution of mankind.

As a presales consultant, telling stories is part of my job. Effectively demonstrating the value in a software solution takes more than just flipping through slides, features, and requirements– it’s about engaging, showing enthusiasm, and staying authentic. Telling a story is a great way of doing just that.

But, would you believe that something as arcane as Application Performance Management (APM), when done properly, is really all about ‘telling a story’?

Take a random presentation from any of the APM vendors out there. You’ll hear things like Mean Time to Resolution and Root Cause, learn about BCI and Correlation, and discover the importance of error snapshots and transaction traces.

These are the speeds and feeds of the APM discipline – everything to help you manage the performance of your app and act quickly if things go wrong. And that is all good, but these capabilities are only bits and pieces of a larger picture.

Bringing the APM story to life

So what if your APM solution could help you put those bits and pieces together, in context? What if it could help you tell the whole STORY around a specific problem?

In effect, CA APM actually does just that.

For many CA APM users, the story begins with the Dashboard View. You choose who the story is going to be about, with differential analysis and alert intensity helping you pick the most interesting characters. Need the location where your app performance story takes place? CA APM can even give you that.

A good story often features both good guys and bad guys, so you might want to add both extremes to your cast. Make that slow SQL query your villain, and a well-behaving one your knight in shining armor. Filter out the superfluous and focus on your protagonists.

After you have chosen your main characters, it’s time to relate them to each other, putting them into perspective. They might be family – node grouping – with parents and children, siblings and cousins, neighbors and friends. CA APM builds these relationships for you and makes suggestions on what an interesting relationship could look like. If you don’t agree, it is easy to choose or even create one that fits the story you want to tell.

Becoming Shakespeare

Like a story with a beginning and an end, the timeline is important in APM. Being able to see when and how things started, along with the changes that took place and how it affected your characters, is key. Bad guys weren’t always bad guys; events and changes in their lives turned them into it. Think of a thriller or crime novel, where the goal is to track down the “smoking gun.”  A well-told APM story is a lot like that.

To resolve the conflict in your APM story, you may need to pull in some specialists, maybe the SWAT team, to “kill” the bad guy, or even better, bring him in for questioning. Of course, the SWAT team will want to know the whole story.

When you think about it, the discipline of APM has a lot to do with storytelling. Want to be the William Shakespeare of your IT organization? Let CA APM help.

Blog by Stig Skilbred, Senior Presales Consultant at CA Technologies. 

 

 

March 21, 2016 Visit CA.com Legal Privacy Connect with us: Copyright © 2016 CA. All rights reserved.

These user engagement experiences have lasting effects. They impact the way we live, work and compete. Companies are no longer being compared to the competitors within their own traditional boundaries, but to all organizations that are delivering a great customer experience.

Continuous innovation through APIs

What we have learned through industry disruption is that those who compete and are digital disruptors in existing or new industries find new ways to continually innovate. The newly released API research report, “APIs and the Digital Enterprise: From Operational Efficiency to Digital Disruption” uncovered key areas digital disruptors are investing in to adapt and thrive in the new application economy.

1. Release engaging apps faster: To deliver optimal digital experiences businesses need to get apps out faster, understand usage sooner and iterate more often. It is not about delivering the most features but the right features in today’s experience driven world. 84 percent of organizations are using or planning to use APIs to speed delivery of revenue enhancing apps.

2. Unlock data silos to improve customer experience: Businesses need to tap in to useful data that is often hidden away in silos, accessed very little or never at all. The ability to use information to deliver a more engaging experience across channels based on consumer insights provides a much more convenient and personalized experience that keeps customers coming back. 85 percent of organizations are using or planning to use APIs to deliver new and better customer experiences.

3. Expand reach through digital ecosystems: Successful digital organizations must find a way to open up information and expand digital ecosystems. The ability to effectively share information will allow digital disruptors to extend reach and access entirely to new markets. Understanding how to connect and share data will enable companies to capitalize on the network effect ecosystems offer. 84 percent of organizations are using or planning to use APIs to extend their digital reach.

L’Oréal: how APIs drove consumer goods innovation

As the world’s largest cosmetics company, L’Oréal is dedicated to beauty. L’Oréal sought to modernize on a single ecommerce platform in the Americas, with the ability to support any combination of digital, retail and partner channels through a consistent set of APIs. L’Oréal witnessed a 5X increase in the number of application connections without having to expand development teams. In addition, L’Oréal was also able to tap in to the value of customer data, combining it with merchandise to deliver a better customer experience. This took shape with the L’Oréal Makeup Genius app, which delivered an innovative omni-channel virtual experience of trying on makeup. Finally, L’Oréal was able to open and share product data with partners such as Target. This helped reduce operational costs, cutting down inventory overage, while ensuring shelves were filled with accurate pricing. This all was possible through APIs.

Why API management

Successful organizations such as L’Oreal have found API Management necessary for their API projects. The right API Management solution should effectively allow organizations to create APIs and integrate with data, secure and mitigate the risk of APIs, accelerate the development of mobile and IoT apps connecting to APIs and unlock the value of data by engaging in new digital ecosystems. See www.ca.com/api to learn more how CA API Management can help.

Written by Tyson Whitten CA Director of API Management Product Marketing. Tyson Whitten is a CISSP with 15+ years…

March 30, 2016 Visit CA.com Legal Privacy Connect with us: Copyright © 2016 CA. All rights reserved.

APIs are great for getting more efficient at internal app development, but the real payoffs come when you set your sights on leveraging external partners. Jackie Kahle • March 29, 2016

 

Back in November I wrote a post summarizing some of the major findings from a recent global survey of API usage conducted by Freeform Dynamics and sponsored by CA Technologies. One set of findings I would like to explore further is how this familiar concept has become critical to digital business.

While APIs have been around for years to provide easy access to libraries of prebuilt functions and separate interfaces from implementation, the rise of the app economy has opened up new opportunities to leverage APIs externally. In fact, another paper from the same research explored the common traits of an advanced and successful class of “Digital Disrupters” and what they are doing differently from their mainstream counterparts. It runs out that Digital Disputers are 2-times more likely to have a well-managed and coordinated approach to using APIs for internal development, but up to 2.8-times more likely to also leverage them to engage the external developer ecosystem.

The good news is that our survey results show that enterprises are embracing this more modern use of APIs—74 percent are enabling third-party developers to access their APIs and 74 percent also say they are using APIs to incorporate third-party apps and services into their own applications.

Of course, being open to doing this brings with it the need to address security, scalability and many other issues. In fact, the survey respondents outline a wide-range of major and secondary objectives, including:

• Ability to secure APIs effectively (82 percent)
• Effective management of API performance/scalability (81 percent)
• Ability to track and manage use of third-party APIs (79 percent)
• Ease of API consumption by external developers (77 percent)
• Ease of publishing APIs to external developers (76 percent)  

One of the large U.S.-based telcos who was interviewed for this study summed up some of the challenges nicely:

 “Things are changing fast. We are looking at exploiting APIs for both the company’s internal use as well as for our external customers. It makes it very difficult to be able to expose data to any device unless you can do so securely. Exposing data wholesale via APIs sounds good in theory, but it’s really difficult to do in practice. We have to work out how to draw the line. As part of this, we try things out ourselves first to make sure there are no surprises.”

While the challenges are not insignificant, the associated pay-offs can be huge. According to the survey, those respondents with more advanced API capabilities were 2.9-times more likely to have expanded their digital reach, 2.6-times more likely to have improved delivery of the overall customer experience and 2.9-times more likely to have leveraged third-party innovation. All of these are essential for competing in the app economy and ensuring you can address the digital disruption happening everywhere.

Written by

Jackie Kahle CA Community Jackie is a 30-year IT industry veteran, holding senior management positions in marketing, business development…

Well, its been many years since I was lucky enough to be given a set of Global knives as wedding presents.

I never thought about the price at the time. I mean I knew how much they were. But thought nothing of it.

Roll on over twenty years and the Global knives are still going strong. So much so that when I visit my mum who likes to cook and try and use one of her kitchen knives and I get sorely fed up and start to wish everyone was lucky enough to have the posh knife that is sharp.

Sharpness test. I can run my finger along the blade of my mums knives and not a problem. I would not dare with the Global ones. 

Whilst they may not be as balanced as say a Sabatier knife they do feel good in the hand and its the sharpness that counts. 

Tip - Don't put them in the dishwasher. You will blunt them and also rust will start to appear. 

So if one has the means. Just save on the beers for a week and spend the £50+ on a decent knife. You won't regret it. In fact I feel more scared of using the blunt knife than the sharp ones. 

Microsoft's demo included holographic avatars, virtual caves and more.

Jon Fingas , @jonfingas

If you think you have a sense of what Microsoft's HoloLens headset can do, you're in for a pleasant surprise. The company's Alex Kipman recently presented a TED Talk on HoloLens that included multiple fresh demos illustrating Kipman's vision of an augmented reality future. He showed off virtual caves and forests, and a space where you could watch TV at one moment and talk to family in the next. The highlight, however, comes near the end: Kipman talks to an avatar of NASA's Jeffrey Norris standing on a recreation of Mars. Suddenly, Star Wars' holograms aren't so far-fetched.

A question-and-answer session after the presentation also helps explain how Microsoft produces the holographic effect for an external camera at an event. While HoloLens normally maps environments in real-time, Microsoft pre-maps the stage so that it can maintain the demo even when the WiFi invariably bogs down. Also, while the outside camera uses a fisheye lens to create an extremely wide field of view, Kipman is quick to note that the points of light in a given area are identical -- the experience is fundamentally the same. In short, you'll probably feel like you got your money's worth if you dared to drop $3,000 on the developer HoloLens unit.

Source: TED, Microsoft Devices Blog In this article:

This meltingly tender lamb is a luxurious yet inexpensive way to feed a crowd.

 

Ingredients

• 4 tinned anchovy fillets, chopped
• Finely grated zest of 1 lemon
• 3 fresh rosemary sprigs, leaves picked and chopped
• 2 tbsp olive oil
• 2 kg (4½lb) lamb shoulder (on the bone)
• 1 large onion, cut into thick rings (leave skin on)
• 5 garlic cloves (in their skins)

 

FOR THE GRAVY

Ingredients

• 2 tbsp cornflour
• 100 ml (3½fl oz) white wine
• Small handful fresh mint

Method

Preheat the oven to 220°C (200°C fan) mark 7. In a small bowl mix together the anchovy fillets, lemon zest, chopped rosemary, oil and plenty of seasoning. Next, lay the lamb shoulder on a board and slash the fatty side well with a sharp knife. Rub the marinade all over the lamb.

Put the onion slices and garlic into a roasting tin (just large enough to hold the lamb). Lay the lamb on top (slashed-side up) and cover the tin with foil. Turn the oven down to 170°C (150°C fan) mark 3. Slow-roast for 4hr, removing foil for the last 45min to allow the lamb to brown. The lamb is ready when you can shred the meat off the bone with two forks.

Transfer the lamb to a board and cover again with foil while you make the gravy (lamb can rest happily for up to 45 min).

Pour off most of the fat from the roasting tin (leaving the onions and garlic in place). Whisk in the cornflour, then the wine and mint (stalks and all). Bring to the boil, whisking frequently (and squishing the vegetables), until the gravy thickens. Add about 200ml (7fl oz) water and simmer until gravy reaches the desired consistency. Strain; check the seasoning. Serve with lamb.

We are proud to announce the general availability of CA APM 10.2 providing visibility from mobile to mainframe within Team Center, new features that give you the ability to tame your complex enterprise environments and a focus on simplification.

Visibility from Mobile to Mainframe CA APM 10.2 provides increased visibility from mobile to mainframe with a new integration between Cross Enterprise APM and APM Team Center.  As part of this integration, three new mainframe components were added to APM Team Center allowing you to see the performance of CICS, IMS and DB2 in context of your application performance.  Also within Team Center, you will also be able to view the mainframe metrics of these components.  This new integration allows you to pivot on these critical mainframe components providing greater insights and increasing your ability to quickly triage application performance issues.

Taming your Complex Enterprise Some of the largest enterprises rely on CA APM due to our ability to scale with their growing needs.

Here are just a few customer data points as to how vast in scale we can go:

• A large communications service provider is currently using CA APM to monitor over 25,000 Java Virtual Machines (JVMs) across multiple datacenters, capturing 25,000,000 metrics every 15 seconds, reporting into over 400 EMs, many of which are in the customer’s internal cloud.
• A large online services and tax management company monitors 2,500,000 concurrent customer sessions processing 200,000 transactions per second. This customer monitors 9,000 JVMs and network components on more than 120 EMs. They monitor applications in their private cloud, legacy datacenter and public cloud using CA APM.
• A major US bank manages more than 14,000 JVMs and middleware components using CA APM. This bank also uses CA APM to manage critical applications, like online banking, fund transfers, wealth management, lending and mortgage, investment banking and more.

Over the years of collaborating with large enterprises, we understand the challenges with taming complex environments such as how do you view application performance that spans across data centers globally?  How do you simplify and aggregate complex mass sets of performance data quickly and easily?

Introducing Enterprise Team Center, which works under the hood to provide Team Center to aggregate data across your APM enterprise environment.  Team Center centralizes information from all MOMs and standalone Enterprise Managers in the environment to present a single view of any area of the enterprise environment.

Enterprise Team Center allows users to:

• Easily view app performance across large-scaled environments
• Ensure consistent, simplified monitoring across large deployments with managed agent bundles/packages
• Pulls aggregate data across clusters (i.e. average heap in Data Center, etc.)

Another new feature in APM Team Center are Universes providing security, management and navigation needed to understand application environments. Universes are a focused partition of the application environment across clusters that is defined using attributes and based on business requirements for a user.  Think of these like a global filter that are assigned to users and detailing what users are allowed to see.   Universes are also great for providing specific user views into not only large enterprises but also complex application environments such as those using microservices architectures.

The example below shows transactions across three different APM clusters which previously you would have had to log into each cluster separately in order to view the application performance.

 

Enterprise Team Center and Universes provide an easy way to view application performance data across complex environments in a way that makes sense to the business and to the various users of CA APM.

In addition, CA APM 10.2 provides better clarity with a new Path-based Filtering capability. Often times, application maps quickly become unwieldy, even in small environments and typical filtering cuts too much from the view.  In CAAPM 10.2, you now have the ability to add path-based filtering along with the attribute filter to show all relevant components or “cousins” related to that transaction flow.  This allows you to reduce complex maps by only showing what is relevant to the users task. In addition, you do not have to be an expert to understand what the critical pieces to the puzzle are; it connects the dots for you.    

Simplification

Over the past few releases, we have been focusing on simplifying CA APM, asking ourselves for every new feature “is it easy”.   In CA APM 10.2, we continue down the path of simplification with a new ACC Agent Builder and APM Team Center UI improvements.

APM Command Center (ACC) Agent Builder enables you to create and manage custom agent packages suitable for your environment. Using the graphical user interface (Agent Package Builder), you can build packages by combining various agent functionalities. The completed package can be downloaded, either manually or using an API.

Agent Builder helps to simplify the download and configuration of agents by:

• Providing simpler download and configuration of agents.
• Centralizing agent configuration making it easier to manage agent complexity.
• Making it easier to find the agent package needed for each environment.
• Providing an API that allow users to easily configure agents by pushing scripts.
• Keeping track of agent versions.

In order to make CA APM more prescriptive, we continue to fine-tune and improve APM Team Center.  In this release, we have updated the Team Center UI by replacing ribbons with collapsible navigation for filters and highlighting, which allows more space to view the application environment. Also APM Team Center includes a new welcome page with readily accessible information to get started quickly, the ability to build perspectives on any attribute and easily add metrics to the details pane for better context when triage application performance issues.

Additional Improvements

CA APM 10.2 introduces new features to CA Customer Experience Manager (CEM) including real time transaction metrics to include 95th % metrics.  This allows you to understand the outlier data points to identify any issues in a business transaction.  Also added are geo-location metrics, which tracks the geographic locations of any business transactions, and the performance metrics for a location.

These are only just few of improvements introduced in CA APM 10.2 for the complete list; please refer to the release notes or the CA APM 10.2 documentation.

 

Copyright © 2016 CA. All rights reserved. © 2016 J

Organizations that invest in preparation and infrastructure see the strongest benefits from their API programs. Rahim Bhatia • March 22, 2016

The API is an essential enabler of digital transformation. APIs represent one of the key technologies helping smart organizations react quickly and effectively to the constant changes inherent in today’s application economy. Understandably, many companies that have not yet launched API programs are keen to do so as soon as possible. But launching an API program is not something to be rushed into. Opening the enterprise backend via APIs has serious security and performance implications that must be addressed in advance.

Recent research from Freeform Dynamics (sponsored by CA Technologies) shows organizations that invest the most in planning, preparation and infrastructure see the strongest benefits from their API programs. The fact is, enterprises that take a little time to put the right API infrastructure in place can actually be quicker to market with APIs that create real business benefits.

How mature are enterprise API programs?

The API is hardly a new technology. The genesis of the specific RESTful Web API style behind present-day enterprise API programs is usually traced back to the launch of Salesforce.com, more than 15 years ago—several lifetimes in the tech world. Since then, many enterprise IT teams have gained some experience of API-style integration through using Service Oriented Architecture and Web Services to connect and repurpose internal systems. These teams are relatively well-placed to deploy the kind of APIs that will enable mobile apps, Internet of Things (IoT) and so forth.

But it would be a mistake to assume the Web API is an inherently mature technology that can be safely and efficiently deployed within the context of a standard enterprise IT infrastructure. APIs require a specifically API-centric set of security and management practices. The evidence shows these practices cannot be treated as an afterthought and the companies that get most benefit from their APIs are those that base their programs on a solid foundation using API security and management.

The Freeform Dynamics report, APIs in the Digital Enterprise, uses responses from more than 1,400 business and IT professionals to look at the maturity of API programs. It finds that 51 percent of organizations with advanced API programs have put the correct tooling and infrastructure in place, compared to just 19 percent of those with limited programs. The report calls out security as a particular area of concern and notes that the most successful API programs implement strong, centralized security infrastructure from the beginning.

Building everything on a secure foundation

I should note that I’m using the phrase “API security and management” as shorthand for an end-to-end process that goes beyond simply securing and managing the performance of APIs. It’s meant to encompass everything from interface design to developer enablement to lifecycle—an approach the API Academy calls “API360.” Every stage of this process should be based on a firm infrastructural foundation, but many enterprises still display signs of immaturity in regard to the practices and technologies required for end-to-end API management.

The research makes it clear it’s those organizations with a solid API infrastructure in place that are the most mature in terms of their API design, security and management practices. And it is also clear that these enterprises are seeing the best results from their API programs. Furthermore, it’s not always the organizations you would expect that are displaying the clearest signs of maturity—with public sector API programs emerging as perhaps-surprising leaders in this field.

So, don’t rush into an API program. Take the time to put the right infrastructure in place and you’ll ensure that, in the long term, your organization is set up to be quick to market with the secure, high-performance APIs it needs to meet the demands of a rapidly-changing and competitive environment.

Written by Rahim Bhatia Rahim leads CA’s Developer Products business unit made up of CA's API Management portfolio. He… Published in DevOps.

Permalink

]]>Build high-performance APIs from the ground up