Assassin is an Idle Process Management (IPM) software product that automatically performs predefined actions on processes that are idle, inactive or meet special conditions. Processes that are idle continue to use numerous resources and prevent other user processes from taking advantage of the VMS operating system’s ability to share limited resources. This can seriously impact system performance and place system security at risk. These idle processes can also block other users from accessing VMS or important software application programs by reserving limited license slots.

Several companies who had been running Saiga’s Hitman for Openvms and could no longer get support for it have switched to Assassin.

With Assassin, you can specify:

• What action Assassin will take when a process is idle.
• The level of activity that determines when a process is idle.
• Which processes get special treatment or are exempt.
• Where and how messages are sent when an action is performed.
• The messages that the user receives when an action is taken.
• Who on the systems staff is notified when Assassin takes an action.
• Which terminals are to be “locked” after the user logged in at the terminal has been idle for too much time.
• Which processes will be terminated because the user has been logged in to the system for too long a period of time.
• Which Screen Saver Image is displayed on an idle terminal.
• Different configurations for different nodes at different times of the day and days of the week. Assassin’s configuration component allows you to tailor Assassin to meet the special needs of your organization, system, day of week and time of day.

Easy to Install and Use

You can quickly and easily install Assassin on your system or in an OpenVMS cluster environment.

A default installation should take about five or ten minutes to complete. The Assassin Manual, which you can download along with the 30-day free demo, contains easy-to-use, complete instructions for installation.

Technical Information

Assassin’s monitoring component periodically gathers information about the processes on your system and decides if an action is required. If a process is consuming CPU time, generating I/Os or pagefaults above the thresholds you specify, then the process is perceived as being busy. Otherwise, it is considered idle. You can define how much resource consumption is required for a process to be considered as busy so that users are measured according to your definition of idle.

Once Assassin is configured as you desire, simply start Assassin’s monitor and forget about idle processes on your VMS system forever

PagerPlus monitors an OpenVMS system and alerts the system manager by pager, E-mail, or broadcast messages whenever conditions he has selected occur. For example, it can send an alert when a particular disk is more than 90% full or if a former employee attempts to log in.

Valuable

A system manager will never walk in Monday to find Friday’s backup didn’t run to completion with PagerPlus. It gives him the opportunity to handle problems before they develop into something worse. It lets a system manager get more work done. It also makes his job easier, knowing he will be informed when or if any of his alert conditions occur. He no longer has to constantly check the system. He can define the ideal for his system and be alerted to its every departure.
New Feature! — PagerPlus institutes automated corrective actions even before you are notified.

Easy to Install and Use

PagerPlus is easy to use. The system manager simply defines the ideal conditions by entering them in configuration screens. For example, to monitor a file, he would enter the filename on the appropriate configuration screen. PagerPlus will then monitor the file’s existence. If it is missing, the program will alert the system manager. Adding “=A” after the filename means the file should be absent. If the file appears, the system manager will be notified. It’s that simple. PagerPlus can even alert others if the system manager doesn’t receive or doesn’t want to receive the message!
The PagerPlus User’s Guide contains easy-to-use, complete instructions for installation and how to use the simple configuration screens to define rules and exceptions.

Monitoring Examples (Partial List):
A specific DCL Command succeeds
A specific DCL Command fails
A device must be mounted
A device must have a specific number of blocks free
A device must have a specific percentage of blocks free
A specific file must exist
A specific file must not exist
A file size allocation must be less than a specific number
A file size allocation must be greater than a specific number
A queue must be running
All queues must be empty
A specific queue must contain a specific job
A specific queue must contain no jobs
A logical name does not exist
A logical name must have a specific value
A process must be running on a local node
A username must exist on a local node
A username must not exist on a local node
A cluster/network node must exist
A cluster/network node must not exist
An error on a specific job

Technical Information

PagerPlus provides 6 ways to use the paging capability:
DCL commands
Interactive Message Sender screen
Application program using a mailbox
Application program using the Message File Directory
Mail Messages (VMSmail or SMTP-based)
OPCOM generated messages

KeyCapture is an OpenVMS system software tool which allows the system administrator to log keyboard input read from the terminals of selected users.

KeyCapture creates log files which contain the input read from the terminal keyboard. Along with each input, KeyCapture records a timestamp and the name of the program which issued the read. When the terminal read contains a prompt, the prompt is also recorded in the log file.

KeyCapture may be used to document exactly what your VMS users did and when they did it.

What Problems Does KeyCapture Help Solve?
Can you quickly find out who ran a particular program such as SYSGEN or AUTHORIZE on a specific date and what commands they entered to that program?
Is there a way to build a database of commands that have been issued on your OpenVMS systems?
How can you save what you type to “replay” later?
How can you satisfy various Information Technology audit-related laws and regulations such as HIPPA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bibley Act) and SOX (Sarbanes-Oxley Act of 2002)?
How can you track exactly what users do on your OpenVMS systems?
Is there a way to collect and preserve a full record of commands which have been entered so you can later validate the functions which have been performed?
Can Networking Dynamics Corporation assist you to develop Computer-Aided Audit Tools tailor-made for your OpenVMS systems?

For OpenVMS, the answer to each of these questions starts with KeyCapture from Networking Dynamics Corporation

Important Security Issues

Please note: It would be a severe security breach to carelessly write plain-text password information to a KeyCapture log file.

KeyCapture takes special care to control what is done with keyboard input data. For well-known programs which request VMS passwords (TELNET, FTP, etc), KeyCapture skips logging the passwords. For other programs, KeyCapture can be configured to ignore passwords or other security-sensitive portions of the input data stream.

Easy to Install and Use

KeyCapture is installed using a standard VMSINSTAL procedure. Following the “Quick Install” instructions, KeyCapture can be installed in just a few minutes. No reboot is required.

There are only a few commands to learn.

The basic instructions for installing and using KeyCapture fit on a single sheet of paper.

Technical Information

KeyCapture runs on the OpenVMS operating system on VAX and Alpha (AXP) systems. (An Itanium (IA64) version should be available soon.)

KeyCapture does not require any special drivers.

Free KeyCapture Software Demo Download

Call 1-800-275-6321 now for more information, or download a free, 30-day KeyCapture software demonstration today. (Note: For security reasons, a demonstration license key is required to enable running a KeyCapture demo.)

PEEK & SPY lets a privileged user see exactly what is on another user’s terminal and then permits him to either take control of that terminal to fix the problem from his own or let the user have control while he gives any needed instructions. If the PEEK & SPY user chooses to fix it himself, his input can be displayed on the user’s screen to show him/her how it was fixed. Now system managers can solve user problems (especially remote ones) without having to go to the user to solve them. Where PEEK informs users they are being watched, SPY doesn’t. In addition, SPY gives system managers documented proof of security breaches and provides a tool to lock out unauthorized users.

Valuable

When a system manager can see a user’s screen he/she will not have to depend on that inexperienced user to determine their exact problem or describe it accurately over the phone. Nor will he waste time going to the user’s terminal. He can see the screen repainted as it was before he started watching with whatever error messages were on it. The terminal attributes and characteristics are also correctly displayed. And the user gets to see the correct handling for the difficulty he/she had. PEEK & SPY solves the problem of how to give personal attention to users and trainees at a distance and permits remote, interactive training and demonstrations.

Concerning security, PEEK & SPY allows the privileged user to see and log everything done by another user using any one of four journaling options. PEEK & SPY can log the observed user’s session actions to an output file. It also permits locking out a user’s keyboard in the case of a security breach. With SPY the user is not aware he/she is being observed.

Easy to Install and Use

Using standard VMSINSTAL and PEEK & SPY’s “Quick Install” instructions, it installs in minutes. You don’t need to read the entire documentation to install it. There are only a few commands to learn. The basic instructions for installation and use of PEEK & SPY fit on a single sheet of paper.

Technical Information

PEEK & SPY runs under OpenVMS on VAX, Alpha (AXP) and Itanium (IA64) systems and supports DECnet remote connections, TCP I/P, and DECwindows Motif. The hot-key command sequences are completely configurable and may be specified as qualifiers on the command line or in a logical name table. PEEK & SPY does not require any special drivers. Since PEEK & SPY is usually installed as a privileged image, the user needs no extra privileges to run the program. Explicit permission is not required of a user with both SYSPRV and SECURITY privileges. Any user on the system can use it; however, the user being watched must explicitly permit any non-privileged user to watch him/her.

PC’s Too!

If PEEK & SPY resides on an OpenVMS node that has PCs running VT terminal emulation programs and the PCs’ screens are generated on that node, PEEK & SPY will be able to view the PC screens also.

What Our Customers Are Saying:

“Peek & Spy is an extremely helpful product and has been an asset in my role as a Host Manager. In the next year or so we will be upgrading our core system. Peek & Spy will definitely be included in this upgrade.” NH, VP Information Technology

Sysgem Self-Service Password Reset solves the problem of end-users forgetting their Windows login passwords and having to ask the helpdesk or the system administrator to reset it. With Sysgem Self-Service Password Reset users can reset their own passwords after correctly replying to security questions with answers that they have previously defined themselves.

There are three components of Sysgem Self-Service Password Reset that are to be installed. The central service should typically reside on the domain controller; the web enrolment system can be installed on any IIS server in the domain; and the workstation component should be installed on all end-user workstations to allow users to reset their password on demand.

The Domain Controller runs a Windows Service which carries out the operation of resetting passwords for end-users. It also holds a database of Questions and Answers, which are created by the end-users themselves, and subsequently used to verify the authenticity of the person wishing to reset their own password.

The web enrolment system provides a web interface to the questions and answers database held on the domain controller, allowing users to log in at any time and modify their security questions.

The workstation component installs two additional buttons on the normal Windows logon screen:
Reset Password
Unlock Account

If a user forgets his password then selecting the “Reset Password” button on a workstation where Sysgem Self-Service Password Reset has been installed will allow him to change his own password after he has correctly answered his prepared questions. If the account is locked because he has tried repeatedly, too many times, to log in with an incorrect password, then he can unlock his account by using the “Unlock Account” button and again replying to the security questions.

In a large computer environment maintenance of user account passwords is very time-consuming and as a result expensive.

Users often have accounts on many computers and the requirement is for the same username/password on these systems. When the password is changed on one system it should then be changed on other systems.
The Solution

Sysgem Password Synchronization intercepts password changes and uses a rules database to propagate the new passwords throughout the computer environment.

Key Features and Benefits
An automated ’set and forget’ solution.
Simple configuration using the Sysgem Enterprise Manager.
Any combination of account names and computers is supported.
Supports third-party applications such as ORACLE.
Easily extended – using simple scripts written in Perl and your host system’s standard scripting language such as the Korn shell on UNIX and DCL on OpenVMS.

The Sysgem Password Policy Enforcer implements a domain-wide corporate password policy ensuring users conform to stringent passwords standards when setting new passwords for themselves. It is a fully customizable stand-alone application from Sysgem AG. Optionally, when users change their own passwords, a pop-up form is displayed describing a customer-worded message to explain the corporate password standards.
Key Features
There are two components:
The GINA which is integrated into the Winlogon that provides interactive logon support and password change. The GINA displays text which the user must accept before being able to change the password and also enforces the rules defined in the rules file. It is installed on user workstations.

The text is displayed in a small popup window when the user presses Ctrl+Alt+Del and selects Change Password.

A password change DLL which is installed on domain controllers and intercepts all password change requests. The password filter enforces the rules defined in the rules file, it is installed on domain controllers.
Both of these components provide independent password enforcement.

Logfile Concentrator console monitoring Windows event logs

Alarm definitions include
Matching criteria using any combination of field values,
Assigning alarms to individual users,
Thresholds – criteria must be met [x] times in [y] seconds before the alarm actions are triggered,
Minimum repeat intervals – don’t trigger the actions more than once every [y] seconds,
Cut and paste – copying a Logfile Concentrator entry to the clipboard, then pasting it into a new alarm definition.
Alarm actions include
Sending E-mail,
Sending SMS,
Playing sound files,
Network messages (NET SEND…),
Text-to-Speech,
Windows Management Instrumentation (WMI) scripting.

Configuration Management on multiple distributed servers using policy definitions held in a central Sysgem File Synchronizer (SFiS) source file repository.

SFiS provides a complete and secure environment to build a central store of source configuration definition files. A single source file defines how target configuration files look, including all the variants for each server.

Shell commands embedded in the source files add flexibility to server specific updates.

Use ‘Sysgem File Synchronizer’ (SFiS) to:
• Distribute and deploy configuration files.
• Run embedded shell commands to action updated configuration files.
• Monitor files on remote servers from a central point.
• Raise automatic alarms when unexpected changes occur.
• Log configuration management changes in a central SFiS Audit DB.

… and why stop at configuration files? Indeed any file required on multiple servers can be handled by SFiS.

Control access to this powerful yet simple to use tool and delegate options with precision and confidence.

… and the best thing is: using SFiS could not be easier to use!

For more information read the “Detailed Features” below:
Key Benefits

• Ease of Configuration Management:

o Control Configuration files from one central point
o Convenient and easy distribution of updates
o Check status and look for exceptions for the entire network in a single window

• Increased Integrity & Increased Security :

o Automatic monitoring and alarms when corporate policies not being adhered to
o Audit trail

• Reduced Effort:

o Delegate with fine granularity of privileges
o Ease of Creating of Reports

User account management is an important part of managing your computer systems, but it is often a very involved and time-consuming process. Delays in making correctly configured accounts available to end-users result in lost business or a compromise in security.
The Solution

The Sysgem Account Manager (SAcM) is a fully featured application for user account management on multiple platforms. It supports basic operating system accounts and user profiles in end-user layered applications. With SAcM, you create accounts from default templates on multiple systems in one simple operation.
Existing accounts – across all platforms, network-wide – are sorted, filtered and multiply-selected, and updated in a single operation.
SAcM allows you to delegate responsibility with confidence and safety. Statistical and detailed user account reports are produced with ease.
And with the separately available Sysgem Development Manager (SDeM) Module, its features and functions are easily customized to meet your own specific needs.
Key Features and Benefits
Provides a single point for creating & managing multiple accounts on multiple computer systems of multiple platform types, including the maintenance of user entries in layered applications.
Prevents delays in creating the user account environment for “new starters” by simplifying the process. Whereas this once involved many tasks and a number of different people, with SAcM a single and simple operation by an authorized user-account administrator is all it takes.
Allows multiple accounts (cross-platform and network-wide) to be selected and updated as part of day-to-day account administration.
Reduces security risks when staff leave by determining the ownership of user accounts. The accounts for someone who has just left the organization, for example, can be identified, disabled and scheduled for deletion at a predefined review date. For more details on this feature see the description of the Subscriber DB.
Facilitates the management of user groups, quotas, rights, privileges, passwords and intrusions.
Simplifies help desk operations for user administration, enables responsibility to be delegated with safety, and ensures full audit trail accountability.
During account creation, default field values are applied depending on the user-group to which each user belongs. The ownership of user accounts can be linked to a subscriber database of employees.
Makes it easy to produce accurate, up-to-date reports on the usage and deployment of user accounts across the entire network, for supervisor and security manager use. Information can be sorted and filtered to meet your own requirements.
Enables you to identify and resolve security issues for accounts across the entire enterprise. For example, you can identify accounts with raised privileges and request reports to highlight differences between the states of accounts at prescribed points in time. This allows you to identify privileged accounts that are no longer used and thus present a security risk to your system.