e-Commerce and the Mainframe

• 12/01/1998

A huge installed base of applications and an robust, secure operating environment have ensured the mainframe's survival in the face of seemingly inexpensive, microprocessor-based alternatives. Over the years, a host of mainframe-based 3270-oriented applications have been created that generate revenue and profits through online transactions, control inventory and distribution, and do, in fact, generally run the company.

For example, First Union Corporation is the nation’s sixth largest banking company and fifth largest based on market capitalization. Although First Union serves customers in a number of states, many important banking records continue to reside on centrally located mainframe databases. To make these records readily available to employees, the bank is presently deploying Cisco Channel Attach routers, which mediate between IBM Systems Network Architecture (SNA) mainframes and Transmission Control Protocol/Internet Protocol (TCP/IP) networks, with a TCP/IP stack and associated management software, to transfer files as needed to the UNIX servers which support its internal network. However, beyond merely providing connectivity, First Union is concerned with proactive management of its TCP/IP communications.

They want to know, for example, if a bandwidth problem is about to occur. They also want their help-desk people to be able to determine what broke, drill down into the problem, and initiate remedial action while giving their engineers the tools necessary to gather and apply deeper diagnostics.

With the widespread use of the Internet and the World Wide Web, the mainframe is evolving from an information island surrounded by 3270 terminals to an applications and network super-server on an open, standards-based network. The process began in the late 1980s, when businesses began to open up mainframe/SNA network applications and databases to their TCP/IP-based client/server networks. With TCP/IP networks, businesses reduced costs and gave more users access to mainframe-resident applications and data. The result is that content is divorced from infrastructure. That is, any type of client can have transparent access to resources on any type of server as long as both support a Web interface.

The latest evolutionary developments are based on exploiting the Web’s capacity for e-commerce. International Data Corporation (IDC) says business-to-business Internet commerce is expected to grow from US$7.4 billion in 1997 to $33.7 billion in 2002. Much of this new electronic commerce activity requires access to MVS or OS/390 servers, since this is where the critical data continues to reside. This in turn introduces new management and security concerns because company data will now be accessible from beyond the organization’s internal firewalls.

Opening MVS applications to client/server networks requires providing the appropriate protocol stacks (software that handles network control and data packet assembly and disassembly) on either the SNA side or the UNIX/Wintel side of the network.

Initially, companies tended to put SNA-protocol stacks on clients, thus avoiding any changes to the mainframe – from the mainframe’s point of view, everything looked like a 3270 terminal. (Today there are also Web gateway products that convert 3270 screens to HTML for desktop connectivity, but these products have a rather narrow application range.)

However, the approach of turning clients that were designed for TCP/IP into SNA clients resulted in increased management headaches, because every IP client needed its own SNA stack. In addition, converting TCP/IP outbound packets from IP clients to SNA LU6.2 packets resulted in larger packets than pure TCP/IP, and this increased the load on network bandwidth.

Putting both an SNA stack and a single TCP/IP stack on the mainframe turns out to be a more manageable approach, and does not present a particularly burdensome additional processing load for the mainframe. In fact, in some cases, it is possible to offload part of the problem, checksum calculations for example, to the TCP/IP router.

However, the true virtue of using TCP/IP stacks on mainframes is that it is an open standard. With open standards, companies can choose among products from multiple vendors, who compete on the basis of product support, performance, and price.

There are other advantages to using TCP/IP stacks on the mainframe, rather than SNA stacks on clients: clients need no special software or hardware – they have TCP/IP support built-in – and running TCP/IP end-to-end means that the network runs at TCP/IP efficiency levels.

A simple stack was adequate when all mainframe access took place behind the company’s firewall. However, e-commerce requires a more comprehensive approach. There must be a provision for managing and updating the system’s hardware and software configurations, as well as providing visibility and control over system performance. IS managers need to know response and download times, and be informed of user complaints and status of remedial action.

In real time, operators should be able to call up the latest statistics on the number of active connections, connections/hour, connection rate/port/hour, security violations, ping times for defined hosts, and round-trip times for defined hosts. For capacity planning, the IS manager should be able to create and access reports providing historical information on connections to specific ports, or specific applications.

Further, whenever there is a major component failure or a security violation, an alert must be logged and sent to the systems operator and retained for administration. Rather than simply presenting cryptic alert messages, the system should tell the operator exactly what has happened and what to do next. If the security software allows the IS or security department to customize this information so that it is specific to the installation, this is the best of all possible worlds.

In addition, security is an overriding concern, especially where the mainframe, which is after all the heart of the company, is concerned. Security issues include not only establishing and managing firewalls inside the company’s main facilities and at remote locations, but extending secure access to vendors and customers without compromising internal security. General security management involves regular updating of passwords and encryption keys, authorizing new users and purging ex-users from the system, and dealing with attempts to hack the system. The latter requires the ability to detect hacking attempts, to maintain logs, and to analyze hacking attempts in order to detect patterns and sources.

About the Author:

Back to Article