How to Connect Mobile Workloads to System z

Despite potential security concerns, primarily data encryption and multiple-factor authentication related, mobile transactions continue to increase their share of the market, accounting for up to half of online transactions. Mobile payments now account for 30%+ of all global online transactions as of Q3 2015, continuing the upward trend experienced for the last several years. Although there are global differences in mobile transaction adoption, all global locations are experiencing rapid growth in mobile transaction adoption. Furthermore, as a general rule of thumb, seemingly ~66% of mobile transactions originate from a smartphone, a ~2:1 ratio when compared with tablet devices. Therefore it seems highly probable that smartphone originated mobile transactions will become the de facto standard for online transactions…

For System z users, the majority of their TCO continues to be IBM MLC software related and seemingly the realm of possibility exists for retail operations to reduce IBM MLC TCO as a result of modernizing their business for this mobile transaction phenomenon. Recognizing the security, scalability and transaction ability of the System z platform, why wouldn’t it be the ideal platform for mobile transactions? Furthermore, deploying mobile workloads that can take advantage of modern low cost System z pricing metrics, namely System z Collocated Application Pricing (zCAP) and Mobile Workload Pricing (MWP) for z/OS, could substantially reduce IBM MLC TCO. In theory, existing legacy applications might become somewhat static in nature, as mobile transactions replace existing traditional transaction mechanisms. Therefore the cost per business transaction reduces, potentially significantly.

So, just how easy is it to connect mobile transactions to the System z platform?

z/OS Connect is a software function engineered to leverage from the Liberty Profile for z/OS, acting as an enabler of connectivity between the mobile environment (client) and the System z platform (host). Put another way, z/OS Connect exposes System z assets for mobile and cloud workloads. Quite simply z/OS Connect delivers JSON (JavaScript Object Notation) and REST (REpresentational State Transfer) functionality to leverage from existing z/OS subsystems (E.g. CICS, IMS, Batch, et al). These traditional System z transaction systems (E.g. CICS, IMS) often integrated with DB2, are repositories for vast amounts of business transactions and data. There is no incremental cost for z/OS Connect usage, being packaged with WebSphere Application Server (WAS), CICS and IMS software products.

z/OS Connect provides a discovery function allowing developers to query services that have been configured for a z/OS Connect instance. A single z/OS Connect REST call returns a list of all configured services and another REST call will return the details of a given service. Importantly, developers only need to know the REST API service and associated JSON requirements to achieve this mobile device to System z interoperability; they do not need to know the underlying CICS or IMS subsystem. z/OS Connect incorporates a data conversion function that maps JSON to the host (I.E. CICS or IMS) data format requirement. Put really simply, when a request is received, z/OS Connect converts the data for CICS or IMS subsystem processing and when a response is produced, z/OS Connect converts the data back to JSON.

From a security viewpoint, standard or bespoke code can be used for control before and after a request is processed, identified as an interceptor. For Security, the calling user identity can be checked against defined roles, determining if they have authority to use z/OS Connect or the configured service. On z/OS the security interface is SAF, supplemented by an External Security Manager (ESM), namely ACF2, RACF or TopSecret. For Audit, request information can be logged via SMF for later analysis. Information about each request is logged, including timestamp, bytes processed, response time and USERID.

To summarize, z/OS Connect is designed to simplify the integration of mobile systems and z/OS assets. Delivering a consistent front-end interface for mobile systems via REST and JSON, z/OS Connect seamlessly integrates with WAS, CICS and IMS subsystems for data processing. In theory, a developer could code a mobile workload application, with no knowledge of the System z platform.

In conclusion, it seems we have to accept the adoption of the smartphone device for processing an ever increasing amount of online transactions. The realm of possibility exists that online transactions (click) will continue to displace traditional and legacy (brick) transactions. Therefore as businesses evolve to accommodate mobile transactions, they should strive to reduce their IBM MLC TCO accordingly, delivering JSON and REST applications that can leverage from optimal cost z/OS MLC software, primarily via the zCAP and MWP pricing mechanisms. z/OS Connect is one such option that simplifies the timely delivery of mobile workload applications.

Apple Style Meets IBM Substance

It was the early 1980’s when IBM first announced the Personal Computer (PC), a major breakthrough for delivering affordable and practical computing into the home.  One of the primary features of this computing evolution was the “open architecture” of the PC, built from off-the-shelf and commodity components.  Of course, we all know that around this time, DOS became MS-DOS via Bill Gates and Microsoft, where the rest as they say, is history!

At this time the IBM Mainframe (1964) had nearly 2 decades longevity and was already proving a scalable, secure and reliable platform.  So here we are, some 3 decades later, where Apple and IBM have announced a Global Partnership to Transform Enterprise Mobility.

Whatever your opinion of Apple technology, in the last decade or so they have undoubtedly delivered slick design and style for mobile devices, namely the smartphone and tablet.  Therefore whether the Enterprise accept the premise or not, Bring Your Own Device (BYOD) is inevitable, where employees expect to use their personal devices in the workplace.

IBM have continued to be a dominant force in the Enterprise market, whether with Mainframe technology or not, while establishing a credible presence in the Cloud market space.  As always the world of IT is constantly changing and even though IBM sold its PC business to Lenovo in 2004; some 10 years later, as part of the exclusive IBM MobileFirst for iOS agreement, IBM will sell iPhones and iPads with industry-specific solutions to business clients worldwide.

So what role if any will the IBM zSeries platform play in this Apple deal?  As always, the zSeries platform will deliver enterprise scalability and strength for Security, Database and Messaging integration, but beyond these features, I’m not so sure.  Of course, from a data presentation viewpoint, nothing changes, iOS integration and the ability to present Mainframe originated data remains forever thus for Apple and indeed all other mobile devices.  Similarly from a business transaction viewpoint, the zSeries platform participates in the delivery of mobile support, where from an IBM technology viewpoint, the Worklight solution is one example of an end-to-end integrated development studio software product.

Despite the obvious benefits for Apple, gaining access to the Enterprise via IBM technology and their customer base, and for IBM, delivering the market leading mobile technology into their customer base, what does this mean for the Enterprise?

Business as usual mostly, but Identity & Access Management (IAM) would appear to be a significant challenge.  Firstly, rightly or wrongly, most people don’t consider Apple software to have any security exposures, as the market place for iOS security solutions (E.g. Anti-Virus, Malware, zero day exploits, et al) is limited?  However, one might ponder why the Windows Operating System became such a target for the hacker.  Said hacker might be an opportunist, just because they can, or something more sinister, trying to gain government or business secrets.  So, if the Apple smartphone and tablet devices become ubiquitous if not de facto in the Enterprise, how long will it be before security exposures for iOS and related apps become common place?

I’m open-minded about BYOD (or am I)?  My heart tells me, yes, let the workers use their own device in the workplace, but my head tells me, no way!  Generally for technology decisions, my head always wins.  In this instance, I don’t think my head has a chance; overwhelming company worker desire to use their own mobile device in the workplace, whether iOS, Android, Java ME, Windows Phone, Blackberry, et al, will win out.  If this is the case, this is perhaps where the maturity and reliability of the IBM zSeries Mainframe can assist.

Therefore, at least for Identity & Access Management (IAM), secure access to the most valuable resource within an organization, the data itself via the zSeries server makes sense.  Whether this is via two if not several factor authentication remains to be seen.  However, I’m much more comfortable with an IAM solution that leverages from a Mainframe External Security Manager (ESM), namely ACF2, RACF or TopSecret, as opposed to a universal log-in via a Social Media web site, such as Facebook.  Just because you can log into an Enterprise and arguably mission critical CRM application, such as Salesforce via Facebook Authentication, doesn’t necessarily mean you should…