5 Things to Know about z/OS Connect
vasfi 1200008QSY Comment (1) Visits (14553)
Mobile computing is having a very significant impact on information technology. Connecting these mobile apps (Systems of Engagement) to core business systems (Systems of Record) can provide greater customer insight and value. Organizations are using application programming interfaces (APIs) to provide access to legacy systems and data in a form that is easier to be consumed by these mobile applications.
Adding the advances in Cloud computing to the mix, these fast advancing technologies are putting increasingly more pressure on business logic residing on z/OS environments like CICS, IMS, and batch. These systems represent a significant investment that must be leveraged to remain competitive. Having said that, customers want a common and consistent solution that can be used by mobile, cloud, web, and any other components that enables simple discovery and access to z/OS business logic assets in a secure fashion. That is the problem that z/OS Connect addresses. The illustration below shows where z/OS Connect fits in.
z/OS Connect is software function written by IBM that runs inside an instance of WebSphere Liberty Profile z/OS, and uses existing connector technology to get to the backend systems. Here are 5 things you should know about z/OS Connect.
Built on Liberty Profile for z/OS
IBM WebSphere Application Server Liberty Profile (Liberty Profile) is IBM's fast, dynamic and composable application server runtime. Liberty Profile for z/OS requires relatively little memory, and it starts very quickly. It has a simple configuration model consisting of one required file, namely, the server.xml. Even though it is a simplified and lightweight application-serving environment, it still provides enterprise qualities of service including security and transaction integrity.
z/OS Connect runs inside an instance of Liberty Profile for z/OS. You enable and configure z/OS Connect by updating the server.xml file. Liberty Profile is dynamic. What that means is that a change to the server.xml is detected and dynamically loaded, taking effect almost immediately.
To achieve high availability, you can run multiple instances of z/OS Connect. The configuration model of Liberty Profile allows for sharing of common configuration elements between instances, so a single configuration change can automatically propagate to multiple instances of Liberty Profile and z/OS Connect.
It can be monitored and controlled using common procedures and common system automation routines that z/OS customers are already very familiar with.
RESTful URI with JSON data payload interface
REST stands for REpresentational State Transfer and is a simple stateless architecture that is based on the HTTP Uniform Resource Indicator (URI) that is sent to the server. It uses the HTTP verbs (GET, PUT, POST, DELETE) along with the URI i.e. the portion of the URL that comes after the host and port, to indicate the function to perform. RESTfule services have grown in popularity because they are simple to understand and implement than some of the other web service protocols such as SOAP.
z/OS Connect is designed to accept REST URIs and JSON data. That makes it compatible with a wide variety of devices and systems. Developers of cloud or mobile applications do not need to think about the technical details of CICS or IMS. They simply need to understand the RESTful APIs and the JSON data for the service exposed by z/OS Connect that they wish to consume.
Configuration controls what is exposed
The behaviour of z/OS Connect is defined by configuration stored in the server.xml file which is the primary configuration file for Liberty Profile. To configure a service, i.e. identify a URI that z/OS Connect should handle and to define how it should handle it, you need to configure that information into the server.xml.
Only those backend programs, applications or data you configure in the server.xml are exposed via z/OS Connect. You have complete control of what gets exposed as an accessible service. All others are inaccessible. You can also use the security interceptor (discussed below) to further control access to z/OS.
Knowing what URIs the server supports is important, which is why z/OS Connect has a discovery function that can be used to query for the configured services and details on those services. It enables developers to query for a list of configured services, and drill down for details on a given configured service. The diagram below illustrates the call for a list of services and also the call to drill down for details of a particular service.
Interceptors to integrate Security and Audit components
Interceptors is a term used to indicate code that gets control before and after processing a request very much like a code exit. You do not have to configure any interceptors if you do not need them.
The security interceptor enables you to have the identity of the calling user checked for access permissions. In z/OS, the System Authorization Facility (SAF) is used to allow or deny users access to z/OS Connect services. SAF is the System Authorization Facility element of z/OS. Its purpose is to provide the interface between those products requesting security services and the external security manager installed on the z/OS system. Similarly, an audit interceptor enables you to have activity recorded using the System Management Facilities (SMF) in z/OS. It tracks requests by date and time, bytes sent and received, and response time. SMF collects and records system and job-related information that your installation can use.
And here is a bonus…. it works well with Bluemix! The following is a typical application architecture for a mobile system of engagement app that uses Bluemix as the Mobi
You can find a detailed coverage of z/OS Connect in the recently published Hybr
Please use the comments section of this post to leave comments or ask questions about this Redbooks to the authors.
Shahir Daya is an IBM Executive Architect in the GBS Global Cloud Center of Competence. He is IBM Senior Certified Architect and an Open Group Distinguished Chief/Lead IT Architect. Shahir has over twenty years at IBM with the last fifteen focused on application architecture assignments. He has experience with complex high volume transactional web applications and systems integration. Shahir is currently focused on Cloud application development services and in particular Plat