Month: March 2023

WALTHAM, Mass.–(BUSINESS WIRE)–Rocket Software, a global technology leader that develops enterprise software for some of the world’s largest companies, today announced Puneet Kohli will serve as president of its application modernization business unit and Gary Gregory has been appointed as the company’s chief technology officer. Kohli and Gregory step into their new roles at Rocket Software as the company continues to innovate and invest in the technology necessary to support customers’ modernization efforts across infrastructure, data, and applications.

The Application Modernization business unit helps enterprises modernize their critical applications while increasing the value of their existing business logic and data. Kohli assumes the president role as the business unit is experiencing significant momentum, while Gregory steps into his new position as CTO. Kohli recently led the enhancements of Rocket® Modernization Suite for IBMi i, which empowers customers to extend and enhance the value of their IT systems. Reporting to Rocket Software’s President and CEO Milan Shetti, Kohli will work with the application team to further enable its customers to increase business agility and drive better customer engagement across applications. During Kohli’s 5-year tenure at Rocket Software, he has held multiple leadership roles leading the Quality, DevOps, and Product engineering teams and has been instrumental in standardizing Rocket Software’s Quality and DevOps toolchain.

“Rocket Software directly addresses the IT challenges mission-critical organizations face with solutions to help in their modernization journeys. Enabling our customers to better engage with and provide for their own customers is something I feel very passionate about,” said Kohli. “I am fortunate to be able to continue to build upon the success of the entire Applications business unit and advance our application modernization solutions.”

As Chief Technology Officer, Gregory will work closely with Shetti on the company’s strategic imperatives, ensuring Rocket Software continues to provide its customers with the holistic solutions to solve their most pressing IT challenges. Gregory will also look at opportunities to bridge the gap between the state of IT and how applications are written and maintained, driving innovations that reduce barriers to modernization by cutting costs and eliminating risk.

“The application market has exploded and evolved significantly in the decade since I joined Rocket Software and I’ve had the privilege of guiding many of our customers on their modernization journeys during that critical period,” said Gregory. “As I pass the baton to Puneet, I look forward to uncovering the next great technologies and opportunities to advance Rocket’s depth and breadth and continue to support our customers.”

“Both Puneet and Gary have been exemplary leaders and mentors to our Rocketeers, furthering the organization’s ethos: putting the people behind the software first,” said Shetti. “They each have played a significant role in the success of our application business unit and helping our customers build extraordinary applications. I look forward to seeing them both continue to exceed our business goals.”

For more information about Rocket Software’s leadership team, click here.

About Rocket Software

Rocket Software partners with the largest enterprises, in all industries, to solve their most complex IT challenges, across infrastructure, data, and applications — with solutions that simplify, not disrupt their modernization journey. Trusted by over 10,000 customers, Rocket Software helps enterprises modernize in place with a hybrid cloud strategy, so they don’t need to re-platform or build from the ground up. The company’s 2,600 global employees work with customers to accelerate and optimize their modernization journey while meeting evolving market needs. Rocket Software is a privately held U.S. corporation headquartered in the Boston area with centers of excellence strategically located throughout North America, Europe, Asia and Australia. Rocket Software is a portfolio company of Bain Capital Private Equity. Follow Rocket Software on LinkedIn and Twitter or visit www.RocketSoftware.com.

______________________

i IBM is a trademark of International Business Machines Corporation

I gave a quick demonstration of Node-RED to a client recently and I didn’t get the response I was expecting.

On bringing up the Node-RED browser interface, the first question I got asked was why doesn’t Node-RED use a TLS (Transport Layer Security), or SSL (Secure Socket Layer), connection to the server.

Great question, I’m sure we are all security minded these days, if not, we should be.

So, in this article, I show how we can add a couple of security features to make this application more secure.

TLS/SSL Connection

To make our browser connection secured, we have to have generate a pair of private and public security certificates.

We will use the open-source application of OpenSSL to produce these certificates.

To install OpenSSL on your IBM i, use either Access for Client Solutions (ACS), or Yum.

As can be seen in the figure below, I have the required packages already installed.

There are three steps we need to run to generate our certificates.

From a BASH shell session, run the following commands and input your answers as necessary.

openssl genrsa -out private.pem 1024

openssl req -new -key private.pem -out certrequest.csr

openssl x509 -req -in certrequest.csr -signkey key.pem -out cert.pem

I ran these commands in my /HOME/ANDY directory on the IFS, but they can be in any location you desire.

Next we have to make changes to our Node-RED settings file, called settings.js.  This is normally located in the users home/.node-red directory (notice the dot prefix on that directory, it is a hidden directory).

The settings.js file is a node.js module, not that we need to know that.

It would be my recommendation that you take a copy of the settings file prior to any changes. 

Use the CP command to achieve this.

cp settings.js settings.bak

then open the settings.js file in your favourite editor.  No choice for me, always Microsoft’s Visual Studio Code, but any editor will suffice.

The Node-RED settings.js file has all the settings we require to make it HTTPS, albeit, they are commented out (have two // at the beginning of a line).

As can be seen in the figure below, uncomment lines 93 to 96 and place the names of your certificates in lines 94 and 95.

To those developers who have some knowledge of the Node.js Express application, this will seem very similar.

Now when starting the Node-RED server, we can see it now asks us to point our browser to an https connection.

All very straightforward.

On pointing your browser to the secured location, it may ask you to ignore any self signed certificates.

Restricting User Access

Another security feature we can employ is to only allow certain users to access Node-RED from the browser.  Let us take a look at this.

The first thing to say about allowing user authentication is that we cannot achieve this task using our traditional user profiles for this functionality.

Maybe, this will change in future enhancements.  If not, maybe I’ll write an interface to allow IBM i profiles to be used within Node-RED.

To enforce user authentication, we have to uncomment another section of our settings.js file, this time the adminAuth section.

As we can see from line 76 below, the users section is an array of users, within each element, the username, password and permissions properties.

We can insert our own users into this section, if we desire.

The permission property, can be either * for all permissions, and read for restricted read only access (read permissions ensures users cannot edit or create new flows).

The admin user has been created with a password of password.  Testing only of course!

Now when we try to access our flows we get user name and password prompts.

Each users password is encrypted using the bcrypt hashed algorithm.

To encrypt a password, to save in the settings.js file, Node-RED provides a command to easily generate passwords using bcrypt.

We use the following command from a shell session.

node-red admin hash-pw

On running this command, it will prompt you to input a password, then the encrypted password will be output on the screen.  Copy this value into your settings.js for that user.  All very easy.

New Version

Please note that at the time of writing this article Node-RED version 3.1.0-beta 1 has just been released. 

We have this running on our Power server without any issues to date.

If you are interested in trying this new version, along with your current version, please check-out our instructions which can be found on our GitHub repository  https://github.com/FormaServe/f_Learning/blob/master/NodeRED/nodeRed%2031beta.md

Conclusion

In conclusion, using TLS/SSL to secure the traffic on your Node-RED application is a crucial step in ensuring the privacy and security of sensitive information transmitted over your network.

Then, by adding user security, you can further enhance your security procedures.

Please be aware that Node-RED can also use OAuth2 tokens, to enable enhanced security.  I will cover this in a future article.

All the examples I have written for this article, and previous ones, can be found on my open-source repository on GitHub, which can be found at https://github.com/formaserve/f_Learning

If you have any questions, either on this article, or anything else on the IBM i, use the comments below, or send me a message on twitter @AndyYouens

Andy Youens is an IBM i consultant/instructor at Milton Keynes, UK-based FormaServe Systems with over 40 years IBM midrange experience. 

IBM Champion