Securing Information Access in Today's Networks

Multiprotocol networks are a reality in the enterprise today. But while the number ofTCP/IP installations is growing exponentially (almost any PC-based communications packageused today includes the IP stack), few of the 50,000+ SNA installations have migratedtheir mission-critical applications to IP. More than 80 percent of corporate data stillresides on mainframes, and a hefty 68 percent of the networking budget is spent by SNAmanagers. IBM mainframes and AS/400 midrange systems have proven over time to be reliable,highly functional, and widely popular workhorse platforms. And IBM has continued toimprove and expand the functionality of its SNA and APPN products with encouragingresults. A recent IDC survey shows that the number of SNA gateway installations in themid-1990s continues to grow at a rate of 15 to 20 percent annually. It is not surprisingthen, that enterprise customers are demanding ways to combine the best of both the SNA andLAN worlds.

Historically, enterprise networks have consisted of terminals directly attached viaterminal or cluster controllers to SNA-based host mainframes running mission-criticalapplications. These physical connections were invariably made over coax or twinax cabling.In the early 1980s, PCs began appearing on the floors of corporate businesses connectedtogether in LANs over Token Ring or Ethernet media. Although network vendors developedterminal and printer emulation software for PCs to share the host resources with theLAN-based clients, true integration was limited.

In most cases, SNA and LAN networks still exist side by side. Such a network strategymay be safe, but it's costly. Maintaining parallel networks for different protocols can,at the extreme, cost twice as much as a single network.

Because of the ever-growing variety of PC-based applications and productivity tools inthe enterprise network, there's an expanding need to integrate, not just PC- andhost-based applications, but the data residing on these platforms. New businessapplications are requiring advanced functionality such as integration of multimedia datafrom multiple hosts, servers, and workstations into a single screen view; or integrationof server- and workstation-based files, data bases, security systems and transactions. Inaddition, TCP/IP Web applications have spurred the development of Web browser-basedpresentation techniques. This new phenomenon will radically change the way information isaccessed and presented in traditional mainframe-based environments.

Over the years, organizations have tried to extend access to their established SNAenvironment host systems and applications to LAN-based PCs through ASCII terminalemulation software and dial-up 3270 protocol conversion products. Most of these effortsachieved only limited success due to extensive end-user training, maintenance, and supportissues.

Today's browser-based host access technology, solves these problems. With browser-basedWeb-to-host access, PC users can effortlessly access mission-critical SNA applicationsrunning on mainframes, using the same familiar Web browsers they use to surf the Internet.

The browser-based solution's overriding advantage is its ability to provide immediateaccess to host applications with minimal changes to the host and host-based applications.The Web browser can act as a universal client for all types of applications and dataaccess, regardless of base platform. This platform independence significantly reducesuser-training costs while tangibly improving user productivity and satisfaction.

End-to-end connectivity solutions, utilizing Internet/intranet networks for mainframebased information access are becoming more and more popular every day, and for a goodreason: The Internet's growing popularity promises easy and effective access toinformation. Frank Dzubeck, president of Communication Network Architects Inc., predicts,"By 2003, service providers will have effectively replaced most dedicated privateline data networks with virtual network services. This phenomenon is well founded inhistory: it will mirror, for data, a similar fate that befell dedicated voicenetworks."

Internet growth, however, is affected by security concerns. One solution is theemerging VPN (Virtual Private Networking) technology, which defines virtual tunnels ­point-to-point-like, secure connections over shared, routed networks, such as theInternet. Tunneling is not a new concept. The innovation of VPN is in the implementationof tunneling over public data networks using standards, such as the emerging PPTP(Point-to-Point Tunneling Protocol).

VPN products are already available (and continue to be developed) by major networkingvendors. And products available today allow secure end-to-end connectivity from Internetconnected workstations to a variety of servers, including IBM's OS/390 and AIXCommunications Servers with OS/400 and Windows NT soon to come.

Enterprise network managers are searching for ways to integrate their separatenetworking infrastructures into a single multiprotocol network, with TCP/IP playing acrucial role supporting mission-critical data. SNA gateways have become a strategicsolution in most organizations that need to reliably connect TCP/IP-based networks withhost systems.

Web browser-based SNA access will become the key to seamlessly integrating intranetsand data centers. Without this integration, intranets will remain of limited use to thosemid- to large-size enterprises that keep their vital corporate data on mainframes locatedin centralized data centers.

About the Author:

Eddie Rabinovitch is Senior Network Design Consultant at 3Com Corporation's Global Systems Design Center (Rutherford, N.J.), and has more than 20 years experience in information technology and data communications.

Back to Article