I am a Mainframer: Vicom Infinity and Privakey

By June 22, 2021June 23rd, 2021I Am A Mainframer

In today’s episode of the “I am a Mainframer” podcast, Steven Dickens sits down with Brian Ross, Chief Product Officer at Privakey, Len Santalucia, CTO and business development Manager for Vicom Infinity, and Vinnie Terrone, Vicom Infinity. On this podcast, they discuss their journey with the mainframe, advice for those just starting their journey with the Mainframe, and where they see the Mainframe going in the future.

Listen now!

Steven Dickens: Hello and welcome. My name is Steven Dickens. I’m your host. You’re with us for the I Am A Mainframer podcast brought to you by the Linux foundation’s open mainframe project. We’ve got a fantastic panel today. I’m changing things up a little. I’m joined by Len Santalucia and Vinnie Terrone from one of our founding members of the project Vicom Infinity. And we’ve also got Brian Ross from Privakey. So guys, welcome to the show.

Brian Ross: Thanks

Steven Dickens: So Brian, if you could just introduce yourself, tell the listeners a little bit about what you do, what Privakey is all about, and just give us a sort of 30-second intro, and then we’ll go around the room.

Brian Ross: Great, thanks, Steven. Happy to be here. I’m Brian Ross. I’m a chief product officer at Privakey. I’ve been involved with internet-based solutions development since the late nineties. First, as a consultant, working with some large companies, such as Citibank, Chase, and Standard and Poor’s. I was working with them to articulate and implement online offerings. But more recently, I’ve been focused as a product manager at some startups, Ohana Companies for bars and now Privakey. And when we talk about Privakey, we’re talking explicitly about human-asserted, transaction intent verification.
That is, it’s an easy way, easy to use, but the sophisticated, definitive, non-repeatable assertion of authentication and authorization from end-users. We call it intent verification, whether it’s a login from a computer or a voice interaction, a workflow approval, or consent to access your personal information. All of these are examples of transaction intent verification, and we’ve created a tool that’s easy for developers to interact with and for end-users to assert these transactions,

Steven Dickens: Brian, that’s going to be a lot there in that introduction that I’m going to want to come back to. So you’ve teed that up perfectly, but we’ll get some introductions done here first and then get going. So Len, can you just give the listeners a little intro to yourself and your position at Vicom, and then I’ll go to you, Vin.

Len Santalucia: Sure. Thank you, Steven. My name is Len Santalucia. I’m the CTO and business development manager for Vicom Infinity. We are an IBM platinum business partner based in New York. And in particular, my background was with IBM for over 30 years. And when I retired from IBM, I accepted this position at Vicom Infinity.
It’s now been going on 14 years already, and it’s just flown by. We had a chance to meet with Brian and his team from Privakey at a voice conference, a different kind of conference for us because we’re mostly focused on the IBM Z Mainframe. Still, we introduced our Vicom voice assistant. We call it VIVA.

We have been on here talking about it before, but what we went there to meet was, to show people a bit of this from a different perspective, that’s based on mainframe security technology, which we’ll talk about here. And then we had a very nice opportunity to meet Brian and his team, and they had this technology we were looking for actually, this intent verification technology.

And it was a very nice chain of events from there because we integrated it into VIVA and then also into other important mainframe technology, such as CICS, which we’re here to talk about today.

Steven Dickens: We’ll get into that, Len. I think there’s a lot to unpack, and I’m going to be really interested, but let’s get Vinny introduced first. Vinny, if you could just introduce your role briefly and then I’ve got plenty to come back to just from the introductions, guys. So don’t worry.

Vincent Terrone: Hi everyone. I’m Vinnie Terrone. I work for Vicom Infinity. I’ve been working for them for a long time, 25 years for the most part. And I am an enterprise architect, my background started in COBOL and PO1 CICS development. So I’m way down in the mainframe and eventually worked on all parts of it, including Linux on Z, OpenShift, and everything else. And I got involved with Brian to help him with this project to use Privakey in CICS. But I don’t want to steal his thunder. So I’ll pass it back to you, Steve.

Steven Dickens: Yeah. Fantastic. And now, I mean, guys, you can obviously tell that you guys are excited by what we’re here to talk about. That’s coming across just from the introductions. I mean, Brian, the podcast is called I Am A Mainframer, I’m getting the impression that you’re new to that classification. So just tell us a little bit, how have you been co-opted by the likes of Len and Vinny into this little gang here? It sounds like you guys have got a cool solution, but just to get us orientated, but then get our listeners who are maybe mainframe people a little bit connected to what Privakey does and really what the sync up is, because I think you guys are super excited, and that’s coming across. Still, it’s going to be interesting to see the link here.

Brian Ross: Yeah. So as you know, Steven, I pushed back a bit when approached to do this podcast because I don’t think I consider myself a mainframer, but Len encouraged us to participate.

Steven Dickens: Brian, so let’s get this out of the way; we’re declaring you an honorary member of the gang. And that’s out of the way we’re done on that.

Brian Ross: All right. Well, I’m just going to have to add that to my resume. So, you know, our journey with Vicom has really introduced us to IBM, and it’s been incredibly rewarding, both working with Vicom as a partner and IBM as a partner, I made a point of saying that I’ve been involved in internet-based technologies from the outset of my career in the late nineties. And that typically is when you’re programming and designing it, you don’t necessarily think about where your software is going to run, except you’re trying to make it as flexible as possible. If you’re doing pulling licensed software, somebody else needs to deploy, you’re going to put it in containers and you’re going to make sure it can run anywhere and you try to make it as lightweight as possible because, you know, from the early days, even till now, internet applications on the balance are pretty low resource, low resource requirements, but we created a Privakey, it leverages cryptography, on mobile device cryptography and the verification and validation of that.

On the backend, we created a transaction intent verification tool. Some of those things naturally have led us and explicitly have led us to Vicom, IBM, and the mainframe. We were an inaugural member of the Hyper Protect Accelerator at IBM, which was more cloud-based, but it also has some crossover into the mainframe and the technology of Hyper Protect allowed us to deploy a SAS version of our offering because we inspect and we have experienced sensitive information blowing through Privakey. We were hesitant to manage the operations ourselves because we’re software developers, Hyper Protect was an eye opener for us. And we’re explicitly working with Vicom.

We’ve been introduced to Linux on Z where we’ve paired a Privakey to. We’ve developed a gateway with Vinny who can speak much more intelligently to it than I can that bridges KIX applications to Privakey, which allows people to have exception processing, workflow processing, rules-based things where human needs to be involved, to be seamlessly handled with a very minimal interaction directly from COBOL to the modern Privakey platform. So while I’m not a Mainframer, or maybe I am now lately, I’ve gained an incredible appreciation for mainframes past the current state. And I’m excited about its future.

Steven Dickens: So there’s a lot there. I mean, it sounds like you’re taking the more, increasingly modern way that people are coming into this platform. You may be coming in through the Hyper Protect space you’ve come in through and sort of seeing this platform in a completely different light. How’s that experience been, Brian? You know, you say your background, internet, software developer, not any background to the platform, just what’s that experience been like coming to the platform for the sort of first time?

Brian Ross: Yeah, I’ve said this before and it ends up being a boring conversation. It’s been incredibly easy, you know, Linux on Z is Linux. Working with Vicom, which I would think not to dismiss what Vinny has done or Alex has done when they integrated Privakey into the more native IBM ecosystems. It’s been easy. So, you know, from our perspective, the mainframe with all of its immense power feature capabilities is still, we treat it as a computer, which I don’t want to sound dismissive for a company like Privakey, that is helpful and it makes things easy.

Steven Dickens: And I think that’s the interesting thing, I suppose, you shouldn’t see it as anything different than just computing. So I don’t take that as an offense. I mean, working for IBM and pushing this computer platform app out there, and the comment you made around Linux is Linux. That’s exactly the experience we want you to have. So I think it’s really affirming for me, Brian, that you see it that way and that’s been your consumption experience. So Len, let’s maybe flip that the other side; you’re a classic Mainframer and longstanding history on the platform. What’s been the experience from the other side of that, working with Privakey, and have they fitted in with the likes of KIX and some of the other sort of more classic things that we’d seen in the mainframe space?

Len Santalucia: Well, the reason why I have the picture behind me, as you can see, is that I got my start with IBM in 1978, which was built in 1932 in New York, where IBM started in 1924. So it kind of sets the stage for a lot of the comments I always make about the mainframe. Being a longtime Mainframer, but, and I have to say, working with Brian and so on and watching the work they were doing, I found that their skills and their abilities to bring over their software were pretty much the same things. As Brian said, it was pretty straightforward, kind of boring, but exciting at the same time. And seeing them, notice the light bulbs going off in their heads about, wow, look at the possibilities here, and the chances for them to talk to people in the mainframe world, environment market, whatever way you want to call it.

It was just very, very exciting to see. Especially when I saw them getting involved once they got their solution added to Linux on Z, Vinny helped a lot with that. And then seeing them also with something else, Vinny helped them a lot with getting their intent verification engine to interface directly to CICS. As you know, almost every mainframe customer in a world run CICS could open up a whole new way for CICS, as well as Privakey to access the mainframe in a much different way than it ever was before. So that’s what I kind of saw happening here, besides getting a chance to know some very nice people at Privakey.
Steven Dickens: Well that’s something, and I’m not going to call it CICS, cause over the other side of the pond, we call it KIX as you know Len. But I mean, we won’t get into that sort of debate. So, Lenny, just talks to us a little bit about the connection between KIX and Privakey. What’s the use case? So I’m a big mainframe shop. I’ve got KIX, I’m looking at modernizing the platform. I’m paranoid about security. Just give me this sort of two, three-minute story of where KIX and Privakey can sort of come together. And what, what that use case would be for me?

Vincent Terrone: Hi, we looked at Privakey and, as Brian said, we ported it to Linux on Z and we also ran it in a container also. And it just seemed natural that, since most customers are running CICS either green screen or some other way that this would be a great fit. And, so I had worked on the COBOL side of it, and one of their team members worked on the Java side and we were running Liberty. We have a gateway written in Java that talks to Privakey, and I wrote the COBOL side. I wrote a gateway that will talk to Java.

So basically what it comes down to is anyone that needs to ensure that they have intent verification. You know, let’s say you have a million dollar transaction, and Brian could talk to these scenarios much better than me, but if you have a transaction that if you needed to have verified, the COBOL program can call the COBOL gateway, the Privakey COBOL gateway, which will in turn call the Java gateway and it’ll call a Privakey server, which will send the intent out to a phone for verification.
Steven Dickens: Fantastic. So, Brian, do you want to sort of give us your perspective of that? Vinny has given us a view from the KIX side and how that calls out. How’s the Privakey application receiving that KIX request, if you will. How does that come in, down the line to you guys?

Brian Ross: Yeah. And Steven, let me roll back a little bit to your first question, the use cases, the supports, because I think it’s important for the context we were excited, you know, as we learned about the mainframe and KIX in particular, you know, the volume of transactions that run through KIX, it seems like a company who focuses on the transaction and 10th verification might somehow want to connect to that. That seemed to us to be a no-brainer because some of those transactions are going to have data integrity issues that need human interaction. They’re going to hit up against a rule that requires approval authorization intervention and might need multiple party authorization. So it might simply just be something that says, can we access this data? All of those use cases are something that Privakey was designed to address and is able to address them in a contextual and innovative way.

So you can provide the user with the context of the information. That’s not going to be a text message to say reply. Yes or no. It can be a very rich depiction of what information is needed. It could even be in a form that allows them to submit information back into the data stream. So those are the use cases from our perspective and, you know, there’s so many people to thank for this development Vinnie first and foremost, Lee Compton who helped him navigate how to integrate our program with KIX, Ben Holland on my side, because we use the gateway that leveraged Java and Liberty, it just meant we needed to write a simple API broker between our existing API and the KIX and COBOL programs running and KIX. So Ben wrote it. I, I don’t know exactly what we’re talking about.

We are talking about a handful of lines of code. I mean, maybe a little bit more than that to actually ultimately facilitate this. Vinnie, also obviously had his side on the COBOL, but with those two pieces, it really means anybody with a native COBOL application doesn’t need to go out to a middle tier application running on Linux anywhere else. They can simply let their COBOL logic, their core business logic drive the authorization flow out to Privakey and back without any other intermediary, we think it’s a real win for KIX programmers and applications looking for this type of solution.

Steven Dickens: And Brian, when you say, go out to Privakey, is that Privakey running on Hyper Protect as a SAS service, is that kind of really where the call is going out to?

Brian Ross: Sure. We created, as I suggested before, when you’re developing software, like a company like Privakey, you have to be as flexible as possible. So the SAS offering is one of many ways with which a company could deploy Privakey. It’s obviously the easiest and quickest way, but they could deploy it in their own mainframe on Linux on Z. They could deploy it in their own IBM cloud instance. They have a hybrid cloud, they could deploy it on Hyper Protect or a simple Linux server. But yeah, it’s a running instance of the Privakey API server.

Steven Dickens: So lots of flexibility there. IBM, LinuxONE systems running in Hyper Protect, the IBM cloud, Linux on prem, on an IBM mainframe, you know, lots of different deployment options. I’d imagine security is the biggest driver about what people are wanting to do there, whether they want it public or private? Is that what’s driving people here?

Brian Ross: It’s really just how they are. I experienced selling software into enterprises, small and large. It’s more their comfort level and where they already have existing expertise and infrastructure. For us Hyper Protect was critical for security. We are going to maintain the operations of third-party data running through our system. But as far as our customers and prospects, it really seems to be the inertia of their existing infrastructure.
Steven Dickens: So Len, I know you’ve got a lot of connections out into the industry and a lot of happy customers who work with Vicom. What are you seeing as the adoption? I get the impression you guys are starting to take this to market. What’s been that initial customer reaction that you’re getting?

Len Santalucia: Excuse me, we have had very good introduction of Privakey from just when they were doing intent verification on things with Viva, but then when we took it to the level of CICS and started getting the word out, we found out that it was going to make a lot of sense to have an actual session, just with us and Privakey for the CICS or KIX audience that exists around the United States. So we’re going to be doing that in the month of June. I believe it’s June 24th, as a matter of fact, for a “lunch and learn” for all CICF customers to hear about this, because the initial impressions we got with the few that we really have extremely close relationships were, oh, wow, this thing’s very good. So I think it’s going to be excellent.

Brian Ross: And that presentation will also include Lee Compton explaining the broader capabilities of CICS and integration with Java, which is pretty exciting for the audience. And it’ll feature a demonstration running off a 30 to 70 turn emulator. So something to look forward to.

Steven Dickens: Well, we’ll certainly put that in the show notes on people’s favorite podcasts channels so that they can get access to that. I think that’s going to be a really interesting session for people to sort of click into and learn more. Normally as it starts to come towards the end of the session. I normally ask one of our guests a couple of questions, but as we’ve got multiple people here, what I’ll do is maybe split the questions rather than ask the same couple of questions to everyone on the panel. So Len, my first question is you get a crystal ball, you’re able to look into the future and we’ll see where we are sort of three to five years out. What does that mainframe platform look like? So you’re able to just look out, get a view. You’re not allowed to pick any stock prices or lottery numbers. You just get to look at the mainframe’s future. Where do you see the mainframe three to five years out?

Len Santalucia: I see it becoming the basis for the secure infrastructure that it provides for the hybrid cloud, multi-cloud environments that everybody is now starting to strive towards. It was kept at arm’s length for quite some time while people were trying to figure out whether they should move everything off to the cloud or, you know, replace their mainframes. And sometimes modernization really means replacing the mainframe with something else that is considered more modern, but that’s not happening.

And especially now with all of the security issues everybody’s had and are seeing, we just saw what affected our whole, almost the whole Eastern half of the United States. We know that if they had that technology in place instead, that would have not happened, and there’s been many more other incidents and starting to really become more of a reality. And I see it really taking off even more so than it has already with those that already know about this and are implementing it as fast as they can.

So that’s kind of my prediction, Steven,

Steven Dickens: Thank you for that Len. The second question I ask Brian, we have a lot of students who are listening to the show. You get the opportunity to go backwards this time. You get the opportunity to go back to your younger self 21, 22. What advice would you be giving to your younger self, given the hindsight that you’ve had throughout your career?
Brian Ross: Yeah, it’s an excellent question. And I think it’s advice that I might have kind of passively taken for myself without even giving it to myself. But my biggest bit of advice is that this is an industry of people. The technology is all fascinating and there’s lots of different technology out there, but what makes things actually work are the people that you generate professional relationships with and rely on to get things done. And that couldn’t have been made more clear to me in my recent journey with IBM and Vicom whether it’s Len, Vinny, Alex, who couldn’t make it from Vicom, Lee Compton and her advice, the people at the Hyper Protect accelerator at IBM, Chris Poole, and Sanjay Sacheron all of these people at IBM and Vicom have been incredible advocates, they’ve been patient and they’ve been an empathetic supporters of Privakey’s early journey. And it’s just been a really great experience. And it’s something I think going back to telling my younger self is, hold onto those people, develop those relationships and be one of those people to other people you work with.

Steven Dickens:  Hello and welcome. My name is Steven Dickens. I’m your host. You’re with us for the I Am A Mainframer podcast brought to you by the Linux foundation’s open mainframe project. We’ve got a fantastic panel today. I’m changing things up a little. I’m joined by Len Santalucia and Vinnie Terrone from one of our founding members of the project Vicom Infinity. And we’ve also got Brian Ross from Privakey. So guys, welcome to the show.

Brian Ross: Thanks

Steven Dickens: So Brian, if you could just introduce yourself, tell the listeners a little bit about what you do, what Privakey is all about, and just give us a sort of 30-second intro, and then we’ll go around the room.

Brian Ross: Great, thanks, Steven. Happy to be here. I’m Brian Ross. I’m a chief product officer at Privakey. I’ve been involved with internet-based solutions development since the late nineties. First, as a consultant, working with some large companies, such as Citibank, Chase, and Standard and Poor’s. I was working with them to articulate and implement online offerings. But more recently, I’ve been focused as a product manager at some startups, Ohana Companies for bars and now Privakey. And when we talk about Privakey, we’re talking explicitly about human-asserted, transaction intent verification.

That is, it’s an easy way, easy to use, but the sophisticated, definitive, non-repeatable assertion of authentication and authorization from end-users. We call it intent verification, whether it’s a login from a computer or a voice interaction, a workflow approval, or consent to access your personal information. All of these are examples of transaction intent verification, and we’ve created a tool that’s easy for developers to interact with and for end-users to assert these transactions,

Steven Dickens: Brian, that’s going to be a lot there in that introduction that I’m going to want to come back to. So you’ve teed that up perfectly, but we’ll get some introductions done here first and then get going. So Len, can you just give the listeners a little intro to yourself and your position at Vicom, and then I’ll go to you, Vin.

Len Santalucia: Sure. Thank you, Steven. My name is Len Santalucia. I’m the CTO and business development manager for Vicom Infinity. We are an IBM platinum business partner based in New York. And in particular, my background was with IBM for over 30 years. And when I retired from IBM, I accepted this position at Vicom Infinity.

It’s now been going on 14 years already, and it’s just flown by. We had a chance to meet with Brian and his team from Privakey at a voice conference, a different kind of conference for us because we’re mostly focused on the IBM Z Mainframe. Still, we introduced our Vicom voice assistant. We call it VIVA.

We have been on here talking about it before, but what we went there to meet was, to show people a bit of this from a different perspective, that’s based on mainframe security technology, which we’ll talk about here. And then we had a very nice opportunity to meet Brian and his team, and they had this technology we were looking for actually, this intent verification technology.

And it was a very nice chain of events from there because we integrated it into VIVA and then also into other important mainframe technology, such as CICS, which we’re here to talk about today.

Steven Dickens: We’ll get into that, Len. I think there’s a lot to unpack, and I’m going to be really interested, but let’s get Vinny introduced first. Vinny, if you could just introduce your role briefly and then I’ve got plenty to come back to just from the introductions, guys. So don’t worry.

Vincent Terrone: Hi everyone. I’m Vinnie Terrone. I work for Vicom Infinity. I’ve been working for them for a long time, 25 years for the most part. And I am an enterprise architect, my background started in COBOL and PO1 CICS development. So I’m way down in the mainframe and eventually worked on all parts of it, including Linux on Z, OpenShift, and everything else. And I got involved with Brian to help him with this project to use Privakey in CICS. But I don’t want to steal his thunder. So I’ll pass it back to you, Steve.

Steven Dickens: Yeah. Fantastic. And now, I mean, guys, you can obviously tell that you guys are excited by what we’re here to talk about. That’s coming across just from the introductions. I mean, Brian, the podcast is called I Am A Mainframer, I’m getting the impression that you’re new to that classification. So just tell us a little bit, how have you been co-opted by the likes of Len and Vinny into this little gang here? It sounds like you guys have got a cool solution, but just to get us orientated, but then get our listeners who are maybe mainframe people a little bit connected to what Privakey does and really what the sync up is, because I think you guys are super excited, and that’s coming across. Still, it’s going to be interesting to see the link here.

Brian Ross: Yeah. So as you know, Steven, I pushed back a bit when approached to do this podcast because I don’t think I consider myself a mainframer, but Len encouraged us to participate. 

Steven Dickens: Brian, so let’s get this out of the way; we’re declaring you an honorary member of the gang. And that’s out of the way we’re done on that.

Brian Ross: All right. Well, I’m just going to have to add that to my resume. So, you know, our journey with Vicom has really introduced us to IBM, and it’s been incredibly rewarding, both working with Vicom as a partner and IBM as a partner, I made a point of saying that I’ve been involved in internet-based technologies from the outset of my career in the late nineties. And that typically is when you’re programming and designing it, you don’t necessarily think about where your software is going to run, except you’re trying to make it as flexible as possible. If you’re doing pulling licensed software, somebody else needs to deploy, you’re going to put it in containers and you’re going to make sure it can run anywhere and you try to make it as lightweight as possible because, you know, from the early days, even till now, internet applications on the balance are pretty low resource, low resource requirements, but we created a Privakey, it leverages cryptography, on mobile device cryptography and the verification and validation of that.

On the backend, we created a transaction intent verification tool. Some of those things naturally have led us and explicitly have led us to Vicom, IBM, and the mainframe. We were an inaugural member of the Hyper Protect Accelerator at IBM, which was more cloud-based, but it also has some crossover into the mainframe and the technology of Hyper Protect allowed us to deploy a SAS version of our offering because we inspect and we have experienced sensitive information blowing through Privakey. We were hesitant to manage the operations ourselves because we’re software developers, Hyper Protect was an eye opener for us. And we’re explicitly working with Vicom.

We’ve been introduced to Linux on Z where we’ve paired a Privakey to. We’ve developed a gateway with Vinny who can speak much more intelligently to it than I can that bridges KIX applications to Privakey, which allows people to have exception processing, workflow processing, rules-based things where human needs to be involved, to be seamlessly handled with a very minimal interaction directly from COBOL to the modern Privakey platform. So while I’m not a Mainframer, or maybe I am now lately, I’ve gained an incredible appreciation for mainframes past the current state. And I’m excited about its future.

Steven Dickens: So there’s a lot there. I mean, it sounds like you’re taking the more, increasingly modern way that people are coming into this platform. You may be coming in through the Hyper Protect space you’ve come in through and sort of seeing this platform in a completely different light. How’s that experience been Brian? You know, you say your background, internet, software developer, not any background to the platform, just what’s that experience been like coming to the platform for the sort of first time?

Brian Ross: Yeah, I’ve said this before and it ends up being a boring conversation. It’s been incredibly easy, you know, Linux on Z is Linux. Working with Vicom, which I would think not to dismiss what Vinny has done or Alex has done when they integrated Privakey into the more native IBM ecosystems. It’s been easy. So, you know, from our perspective, the mainframe with all of its immense power feature capabilities is still, we treat it as a computer, which I don’t want to sound dismissive for a company like Privakey, that is helpful and it makes things easy.

Steven Dickens: And I think that’s the interesting thing, I suppose, you shouldn’t see it as anything different than just computing. So I don’t take that as an offense. I mean, working for IBM and pushing this computer platform app out there, and the comment you made around Linux is Linux. That’s exactly the experience we want you to have. So I think it’s really affirming for me, Brian, that you see it that way and that’s been your consumption experience. So Len, let’s maybe flip that the other side; you’re a classic Mainframer and longstanding history on the platform. What’s been the experience from the other side of that, working with Privakey, and have they fitted in with the likes of KIX and some of the other sort of more classic things that we’d seen in the mainframe space?

Len Santalucia: Well, the reason why I have the picture behind me, as you can see, is that I got my start with IBM in 1978, which was built in 1932 in New York, where IBM started in 1924. So it kind of sets the stage for a lot of the comments I always make about the mainframe. Being a longtime Mainframer, but, and I have to say, working with Brian and so on and watching the work they were doing, I found that their skills and their abilities to bring over their software were pretty much the same things. As Brian said, it was pretty straightforward, kind of boring, but exciting at the same time. And seeing them, notice the light bulbs going off in their heads about, wow, look at the possibilities here, and the chances for them to talk to people in the mainframe world, environment market, whatever way you want to call it.

It was just very, very exciting to see. Especially when I saw them getting involved once they got their solution added to Linux on Z, Vinny helped a lot with that. And then seeing them also with something else, Vinny helped them a lot with getting their intent verification engine to interface directly to CICS. As you know, almost every mainframe customer in a world run CICS that could open up a whole new way for CICS, as well as Privakey to access the mainframe in a much different way than it ever was before. So that’s what I kind of saw happening here, besides getting a chance to know some very nice people at Privakey.

Steven Dickens: Well that’s something, and I’m not going to call it CICS, cause over the other side of the pond, we call it KIX as you know Len. But I mean, we won’t get into that sort of debate. So, Lenny, just talk to us a little bit about the connection between KIX and Privakey. What’s the use case? So I’m a big mainframe shop. I’ve got KIX, I’m looking at modernizing the platform. I’m paranoid about security. Just give me this sort of two, three minute story of where KIX and Privakey can sort of come together. And what, what that use case would be for me?

 

Vincent Terrone: Hi, we looked at Privakey and, like Brian said, we ported it to Linux on Z and we also ran it in a container also. And it just seemed natural that, since most customers are running CICS either green screen or some other way that this would be a great fit. And, so I had worked on the COBOL side of it, and one of their team members worked on the Java side and we were running Liberty. We have a gateway written in Java that talks to Privakey, and I wrote the COBOL side. I wrote a gateway that will talk to Java.

So basically what it comes down to is anyone that needs to ensure that they have intent verification. You know, let’s say you have a million dollar transaction, and Brian could talk to these scenarios much better than me, but if you have a transaction that if you needed to have verified, the COBOL program can call the COBOL gateway, the Privakey COBOL gateway, which will in turn call the Java gateway and it’ll call a Privakey server, which will send the intent out to a phone for verification.

Steven Dickens: Fantastic. So, Brian, do you want to sort of give us your perspective of that? Vinny has given us a view from the KIX side and how that calls out. How’s the Privakey application receiving that KIX request, if you will. How does that come in, down the line to you guys?

Brian Ross: Yeah. And Steven, let me roll back a little bit to your first question, the use cases, the supports, because I think it’s important for the context we were excited, you know, as we learned about the mainframe and KIX in particular, you know, the volume of transactions that run through KIX, it seems like a company who focuses on transaction and 10th verification might somehow want to connect to that. That seemed to us to be a no-brainer because some of those transactions are going to have data integrity issues that need human interaction. They’re going to hit up against a rule that requires approval authorization intervention, and might need multiple party authorization. So it might simply just be something that says, can we access this data? All of those use cases are something that Privakey was designed to address and is able to address them in a contextual and innovative way.

So you can provide the user with the context of the information. That’s not going to be a text message to say reply. Yes or no. It can be a very rich depiction of what information is needed. It could even be in a form that allows them to submit information back into the data stream. So those are the use cases from our perspective and, you know, there’s so many people to thank for this development Vinnie first and foremost, Lee Compton who helped him navigate how to integrate our program with KIX, Ben Holland on my side, because we use the gateway that leveraged Java and Liberty, it just meant we needed to write a simple API broker between our existing API and the KIX and COBOL programs running and KIX. So Ben wrote it. I, I don’t know exactly what we’re talking about.

We are talking about a handful of lines of code. I mean, maybe a little bit more than that to actually ultimately facilitate this. Vinnie, also obviously had his side on the COBOL, but with those two pieces, it really means anybody with a native COBOL application doesn’t need to go out to a middle tier application running on Linux anywhere else. They can simply let their COBOL logic, their core business logic drive the authorization flow out to Privakey and back without any other intermediary, we think it’s a real win for KIX programmers and applications looking for this type of solution.

Steven Dickens: And Brian, when you say, go out to Privakey, is that Privakey running on Hyper Protect as a SAS service, is that kind of really where the call is going out to?

Brian Ross: Sure. We created, as I suggested before, when you’re developing software, like a company like Privakey, you have to be as flexible as possible. So the SAS offering is one of many ways with which a company could deploy Privakey. It’s obviously the easiest and quickest way, but they could deploy it in their own mainframe on Linux on Z. They could deploy it in their own IBM cloud instance. They have a hybrid cloud, they could deploy it on Hyper Protect or a simple Linux server. But yeah, it’s a running instance of the Privakey API server.

Steven Dickens: So lots of flexibility there. IBM, LinuxONE systems running in Hyper Protect, the IBM cloud, Linux on prem, on an IBM mainframe, you know, lots of different deployment options. I’d imagine security is the biggest driver about what people are wanting to do there, whether they want it public or private? Is that what’s driving people here?

Brian Ross: It’s really just how they are. I experienced selling software into enterprises, small and large. It’s more their comfort level and where they already have existing expertise and infrastructure. For us Hyper Protect was critical for security. We are going to maintain the operations of third-party data running through our system. But as far as our customers and prospects, it really seems to be the inertia of their existing infrastructure.

Steven Dickens: So Len, I know you’ve got a lot of connections out into the industry and a lot of happy customers who work with Vicom. What are you seeing as the adoption? I get the impression you guys are starting to take this to market. What’s been that initial customer reaction that you’re getting?

Len Santalucia: Excuse me, we have had very good introduction of Privakey from just when they were doing intent verification on things with Viva, but then when we took it to the level of CICS and started getting the word out, we found out that it was going to make a lot of sense to have an actual session, just with us and Privakey for the CICS or KIX audience that exists around the United States. So we’re going to be doing that in the month of June. I believe it’s June 24th, as a matter of fact, for a “lunch and learn” for all CICF customers to hear about this, because the initial impressions we got with the few that we really have extremely close relationships were, oh, wow, this thing’s very good. So I think it’s going to be excellent.

Brian Ross: And that presentation will also include Lee Compton explaining the broader capabilities of CICS and integration with Java, which is pretty exciting for the audience. And it’ll feature a demonstration running off a 30 to 70 turn emulator. So something to look forward to.

Steven Dickens: Well, we’ll certainly put that in the show notes on people’s favorite podcasts channels so that they can get access to that. I think that’s going to be a really interesting session for people to sort of click into and learn more. Normally as it starts to come towards the end of the session. I normally ask one of our guests a couple of questions, but as we’ve got multiple people here, what I’ll do is maybe split the questions rather than ask the same couple of questions to everyone on the panel. So

Len, my first question is you get a crystal ball, you’re able to look into the future and we’ll see where we are sort of three to five years out. What does that mainframe platform look like? So you’re able to just look out, get a view. You’re not allowed to pick any stock prices or lottery numbers. You just get to look at the mainframe’s future. Where do you see the mainframe three to five years out?

Len Santalucia: I see it becoming the basis for the secure infrastructure that it provides for the hybrid cloud, multi-cloud environments that everybody is now starting to strive towards. It was kept at arm’s length for quite some time while people were trying to figure out whether they should move everything off to the cloud or, you know, replace their mainframes. And sometimes modernization really means replacing the mainframe with something else that is considered more modern, but that’s not happening.

And especially now with all of the security issues, everybody’s had and are seeing, we just saw what affected our whole, almost the whole Eastern half of the United States. We know that if they had that technology in place instead, that would have not happened, and there have been many more other incidents and starting to really become more of a reality. And I see it really taking off even more so than it has already with those that already know about this and are implementing it as fast as they can. So that’s kind of my prediction, Steven,

Steven Dickens: Thank you for that Len. The second question I ask Brian, we have a lot of students who are listening to the show. You get the opportunity to go backward this time. You get the opportunity to go back to your younger self 21, 22. What advice would you be giving to your younger self, given the hindsight that you’ve had throughout your career?

Brian Ross: Yeah, it’s an excellent question. And I think it’s advice that I might have kind of passively taken for myself without even giving it to myself. But my biggest bit of advice is that this is an industry of people. The technology is all fascinating and there’s lots of different technology out there, but what makes things actually work are the people that you generate professional relationships with and rely on to get things done. And that couldn’t have been made more clear to me in my recent journey with IBM and Vicom whether it’s Len, Vinny, Alex, who couldn’t make it from Vicom, Lee Compton and her advice, the people at the Hyper Protect accelerator at IBM, Chris Poole, and Sanjay Sacheron all of these people at IBM and Vicom have been incredible advocates, they’ve been patient and they’ve been an empathetic supporter of Privakey’s early journey. And it’s just been a really great experience. And it’s something I think going back to tell my younger self is, hold onto those people, develop those relationships and be one of those people to other people you work with.

Steven Dickens: Fantastic. I think that’s excellent advice and certainly consistent with other guests. Well, guys. This has been a fantastic podcast. Great to welcome a new Mainframer to the clan. Brian, I’m really excited by what you guys are doing with the technology. I think we’re going to see some interesting technology coming from this collaboration going forward. We’ll certainly share the details in the show notes. So thanks very much for joining us on the ship.

Brian Ross: Thank you, Stephen.

Steven Dickens: So,  you’ve been listening to the I Am A Mainframer podcast. My name’s Steven Dickens. I’ve been your host today. If you’ve liked what you’ve heard on the show, please click and subscribe. I’m told by our team that we get a better ranking on the algorithms, if you click and like, and get them, give us a five-star rating. So please do that. As I mentioned, we’ll put the details of the upcoming webinar for Privakey and Vicom, and the KIX team in the show notes. But thanks very much for joining us and we’ll see you again on the I Am A Mainframer podcast.