Since 1976, HP NonStop (Originally introduced by Tandem Computers Inc. before being owned by Compaq and finally HP) has been a widely used integrated hardware/software stack to support critical services such as Automated Teller Machines (ATMs), stock exchanges and the airline industry. The HP NonStop system is a highly fault-tolerant and highly scalable process-oriented hardware platform used mainly to support and sustain very large amounts of transactions. It is different from IBM Z-Series mainframe systems, which are batch oriented.
Process orientated systems rely on jobs that are started manually and there is no concept of a queue. Batch orientated systems rely on batch jobs, a suite of instructions that are scheduled and executed automatically from a queue.
During a recent assessment, it became apparent that the level of knowledge on HP NonStop systems is relatively low and that they are quite different to more familiar OS's such as Windows and Linux/Unix. This means that the first few days of testing are usually spent just trying to learn about the system using online resources that are scarce. We thought a research blog post on the fundamentals of HP NonStop systems would reduce the initial time taken to gain a familiarity with the system and increase the amount of time that can be utilised for testing.
The Operating System (OS) includes the Guardian interface and the Open System Services (OSS) subsystem, which provides a UNIX-like interface.
Security services within an HP NonStop server are provided by two environments: Guardian and Safeguard. Guardian is a part of the HP NonStop OS, while Safeguard is an optional software component that requires separate installation. Guardian security is supplemented by Safeguard as the latter extends the OS's security features by adding auditing and extended authentication and authorisation capabilities.
Applications can be deployed in one or both of the two HP NonStop OS's environments: Guardian or OSS. Some of the security features from Guardian and Safeguard apply to the OSS environment. Safeguard can be configured to let users log in to the OSS environment directly without going through Guardian authentication. Safeguard must be used to manage users and groups within the OSS.
Additional third-party software can be used to extend the capabilities of Safeguard. XYGATE is a suite of programs that can be used for this purpose. XYGATE software provides the option of setting stronger password and auditing policies. A combination of XYGATE Pro and CyberArk is commonly used with HP NonStop servers. CyberArk is essentially an external password vault. CyberArk can be used to store the credentials of the administrative accounts for the HP NonStop systems, only being released when requested by the company. Once credentials are released they are kept open for the requested time limit. After the requested time, the password for the credentials change and any active administrative session gets terminated.
A 6530 terminal emulator can be used to connect to HP NonStop systems. Common 6530 terminal emulators are HP TeemTalk (free) and Reflection (3rd party paid software). TeemTalk does not support encrypted communication, so a 3rd party tool called SecureCS is often used to encrypt the communication when using TeemTalk.
Common languages for HP NonStop are COBOL, TACL (Tandem Advanced Command Language) and TAL (Transaction Application Language):
Each Guardian user has a unique username and user ID, which are formatted as follows:
Groups are used to bundle user IDs into clusters of users with similar privilege levels. This simplifies access management and enables the use of access control lists (ACLs), which can be configured to grant or deny access to a specific group. A particular difference between HP NonStop and other OS's is that a user ID can be a member of only one group. This creates situations where end users have to use several user IDs to undertake their work.
The following are special user IDs used across HP NonStop in the context of access management:
Aliases are secondary user IDs that inherit the full set of privileges from the underlying user ID. All accounts can have aliases and this is used to improve accountability for access when several individuals need to use a particular user ID. To enforce accountability, the powerful generic account can be frozen with only aliases allowed to use its privileges in an accountable manner. When logging on using an alias, there is no need to type the group membership. By writing the alias, the system recognises the underlying user ID.
HP NonStop systems use a flat file structure. The file structure is:
Note: It is not possible to have nested subvolumes (i.e. A subvolume inside an already existing subvolume).
Under Guardian, every file has an owner and a file security string:
Each security string can be associated to a type of user, such as user (O/U), group (G/C), any level (A/N) and SUPER.SUPER only (-).
Access to data and objects (e.g. volumes, devices, processes, terminals) is controlled using ACLs. These are used by the HP NonStop OS to determine whether a user ID can be granted access to a particular diskfile. The system checks whether the user ID or group has been included in the relevant ACL and then grants or denies access accordingly.
The access options available for ACLs are read, write, execute, purge, create, deny and own (R,W,E,P,C,D,O). These letters representing these privileges are in front of the user ID or group linked to the object (volume, subvolume and diskfile). Each object can have an allocated ACL, and user IDs can be added into groups to simplify access management.
The SUPER.SUPER user ID should be specifically denied access to customer files as the customer files can inherit access if this is not done.
Most resources for HP NonStop are outdated. This posed a significant problem during our testing and we ended up reading a lot of books and manuals trying to find the information we need. Below are some of the most useful ones, and any recent ones that could be found. In brackets is the date of publishing so that this can be taken into account.