FLUC-Subsystem

Our subsystems make all conversions (eg HOST FB dataset with EBCDIC strings and BCD numbers as PGP file with CSV format in UTF-8 read and write) of the FLUC transparent for applications. This can be used to extend standard applications (e.g., SAP) with encryption, compression, and conversion capabilities. On the host it is used mainly to make legacy applications fit for various new security standards (e.g., PCIDSS) or to write formats (e.g., XML or CSV) used in modern WEB applications. For example, customers use the subsystems so that decentralized SAP systems or the data warehouse can read CSV or XML files that physically reside on a host as a dataset. Conversely, host applications can be provided with fixed data structures that are physically delivered as compressed or encrypted XML files.

 

flucFS for Linux

 
Under Linux the implementation is based on FUSE (File system in user space). The FLUC subsystem is a normal executable, with which one can mount a directory. The mount point is the logical view of the data. This is assiociated to a physical directory where the encrypted, converted and/or compressed files are stored. Which files are to be converted is maintained via a configuration database (hidden file in physical directory). The management of this configuration can be done most easily with FLCC as shown in the screen dump below. flucFSconfig.png
 
Here you can define read or write specifications for arbitrary match strings (wildcards). Amongst other things, the Write configuration allows you to determine whether a file should be readable in the logical view (mountpoint) or not. The rights of the physical file can also be redefined when writing. Thus, unlike other file/folder encryptions, the solution is not fully transparent and the encrypted file (e.g., PGP file) is under your own control (End2End). All files not matching any match string can be setup to pass them through unchanged, so that a mount does not change anything at first, but only with an entry in the configuration database converted, compressed and / or encrypted physical files. For reading different views are supported. With Mount, you can provide a corresponding view, which allows you to set up different logical views of the same physical data for different parties to read. Among other things, when writing, it is also possible to specify several write/output specifications or I/O definitions, with which one can simultaneously send the data to a partner or place it in an archive for backup purposes.
 

FLUC-SUB for z/OS

 

On the HOST it is an I/O subsystem, which is provided via a started task and which can be allocated in the DD statement. Thus one can subject individual files during reading and writing to appropriate conversions, without the using application noticing. For example, it would be possible to extend a legacy application that writes an FB80 dataset to translate these fixed data structures from BCD numbers and EBCDIC strings into a CSV file in UTF-8, which is a GZIP file written by SSH to a UNIX system or read from there.

In both cases, all conversion options of the FLUC are available as CLP strings.