Secure sensitive business data with HPE NonStop SSL software

Data sheet
Secure sensitive business data
with HPE NonStop SSL software
As financial and other confidential data increasingly must
be transferred digitally across networks, the challenges to
secure such sensitive data also increase. During transit,
this data is vulnerable to hackers, who might attempt to
capture or make changes to it.
Be safer with HPE NonStop SSL software
To avoid data being captured as it moves between systems or workstations, it has become
routine to dynamically encrypt the data packet before it is sent. It is also decrypted for
use after it arrives on the destination system. Secure Socket Layer (SSL) and its successor
Transport Layer Security (TLS) are cryptographic protocols that provide security for
communicating over the Internet. SSL/TLS encrypts the segments of network connections
at the transport layer end to end, and is becoming critical for data in motion protection,
especially for Web‑based applications that communicate with servers over the Internet.
Additionally, customers in the finance and retail industries are subject to Payment Card Industry
(PCI) Data Security Standard compliance auditing which mandate strong protection of sensitive
data stored or processed within the enterprises. Noncompliance can mean heavy fines and even a
potential ban on handling credit and debit card transactions. The HPE NonStop SSL product is a
part of the NonStop security bundle (H-Series and J-Series) and is included in the NonStop OS on
L-Series systems. While NonStop SSL is a very good solution for many scenarios, there are certain
cases where a tighter native or transparent SSL/TLS integration into the application is desired.
In that case, please easily integrate SSL/TLS into your applications with NonStop cF SSL-LIB and
NonStop cF SSL-AT available at
Key features and benefits
When you purchase NonStop SSL software, you get the reliability and service network of
Hewlett Packard Enterprise, the fault tolerance of NonStop systems. NonStop SSL software
provides data-in-motion protection for Telnet, file transfer, and other protocols such as
EXPAND based on TLS encryption standard.
SSL and TLS are used to reference both a general
technology and specific protocol versions within
this technology. To refer to the general technology,
both terms are still used and mean the same
thing—we use SSL/TLS in this document. However,
when referring to the low-level protocol version
within the technology itself, the terms have
different meanings and are used individually.
Note that all SSL protocol versions are outdated
as they are no longer considered to be secure.
Data sheet
Page 2
The main features of NonStop SSL software are:
•Secure connections using TLS: NonStop SSL software leverages the most widely used and
accepted security protocol by securing connections through TLS.
•All versions up to and including TLS 1.2 are supported, with extra security from strong
ciphers such as 256‑bit AES, Elliptic Curve Cryptography (ECC). Strong SHA-2 message
authentication also is supported.
•IPv6 Support: NonStop SSL provides full support for IPv4, IPv6, or dual mode connections.
•Support of the FTP/TLS standard (RFC 4217): NonStop SSL software is compatible with
a wide range of SSL/TLS‑enabled FTP solutions for the PC and other platforms. NonStop
SSL’s FTP implementation for IPv6 file transfers is fully compliant with RFC 2428.
•Support for PKI: Support for Public Key Infrastructure (PKI) allows you to enforce both
client and server authentication. NonStop SSL software supports X.509 certificates as part
of a PKI. RSA key sizes of up to 8192 bits are supported.
•Basic firewall functionality: Access to the protocol without encryption can be disabled if
required. Allowed remote IP addresses can be limited by implementing white lists and black lists.
•Auditing of network traffic: Optionally, NonStop SSL software can be used to write an audit
log of all network traffic. This can be useful for protocols such as open database connectivity
(ODBC) or Telnet when a complete byte-to-byte dump of the network traffic is desired.
Business benefits
With NonStop SSL software, the benefits to your business include:
•Securing data transmissions to meet compliance audits: Customers in the finance
and retail industries need to strongly protect sensitive data processed, stored, or
transported within their IT systems and also comply with stringent security standards
such as the PCI DSS. NonStop SSL software helps you meet compliance standards and
avoid penalties.
•Protecting important data from hackers: User names, passwords, and application data
may be sent across the network unprotected, making data communication vulnerable
to hacker attacks during transit across the network. NonStop SSL software provides an
effective encryption layer against such attacks.
•Increasing convenience and reducing costs: Now with all new systems, NonStop SSL comes
bundled, and for older systems it is available for purchase from Hewlett Packard Enterprise at an
affordable price.
Technical benefits
The technical benefits of NonStop SSL software include:
•Easy to install and set up: NonStop SSL software is delivered with the OS and includes a
setup macro, which guides administrators through the initial configuration.
•Meets SSL/TLS standards and supports Telnet, FTP, middleware, and EXPAND traffic:
On the NonStop system, a separate instance of the SSL/TLS server process will run for each
protocol to be encrypted (such as Telnet or EXPAND). This proxy process will communicate
with SSL/TLS to the client system and without SSL/TLS to the NonStop component.
•Works with a variety of clients: NonStop SSL software can encrypt any protocol that is
based on TCP clients connecting to a fixed number of static ports. The TCP/IP client may
either reside on the remote platform (such as for Telnet, FTP, RSC, or ODBC) or on the
NonStop platform (such as the FTP client).
Data sheet
Page 3
Solution architecture
On the NonStop platform, SSL/TLS runs in native mode under the Guardian environment,
resulting in efficient performance and full leverage of the NonStop system advantages.
Remote system
NonStop system
On the client platform, there is a rich set of choices: If you have an SSL/TLS-enabled
solution on the client platform (such as a 6530 terminal emulator or an SSL/TLS-enabled
FTP client or server), you don’t need to install anything extra. If you are not using a client
that supports SSL/TLS-enabled FTP, you can look into using the remote proxy product
offered by our partners for your environment.
FTP Server
FTP Server
ASAP Server
ASAP Client
6530 clients
FTP clients
FTP clients
NonStop system
Figure 1. The HPE NonStop SSL software approach
NonStop SSL software uses a proxy-based approach to provide the SSL/TLS encryption
layer for existing NonStop client or server applications, as shown in figure 1. The RemoteProxy
component included with HPE NonStop SSL software is used to enable SSL/TLS encryption for
HPE client components running on Microsoft® Windows® systems.
Usage of the RemoteProxy component is supported in NonStop SSL software for selected
HPE NonStop products only, including HPE NonStop Remote Server Call (RSC/MP) and
Data sheet
HPE NonStop SSL software
Technical specifications
Compatible protocols
Telnet, FTP, RSC, ODBC, EXPAND over IP, FASTPTCP, CORBA, Pathway iTS, Web ViewPoint,
and ASAP. NonStop SSL software supports the SOCKS protocol, enabling it to pass through
firewalls on remote systems.
Table 1. Ordering information
HPE Integrity NonStop X Systems
L15.02 or later
Included in the OS
HPE Integrity NonStop i Systems (J-Series)
J06.03 or later
HPE Integrity NonStop i Systems (H-Series)
H06.18 or later
When ordering the HPE NonStop Operating System for new system orders or upgrades,
the product IDs listed above will be automatically included in the order. When ordering a
software upgrade to include these products in future software deliveries, order the part
numbers separately.
Keep your data-in-motion secure. Add a standard layer of security to sensitive and important
data with your NonStop OS at an affordable price, visit
Sign up for updates
Rate this document
© Copyright 2012, 2016 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change
without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty
statements accompanying such products and services. Nothing herein should be construed as constituting an additional
warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
4AA2‑1680ENN, March 2016, Rev. 2