Mainframe methods have been the spine of enterprise computing for many years, famend for his or her reliability, efficiency, and safety. Nevertheless, the evolving enterprise panorama calls for agility, scalability, and cost-effectiveness, prompting organizations to discover cloud-based options. Main expertise firms, together with cloud suppliers and system integrators, have invested closely in mainframe migration practices, recognizing the importance of this transformation.
Mainframes and cloud computing every have their strengths and particular use instances. It is not truthful to generalize both, and in follow, a hybrid strategy is widespread. This put up will discover a sensible answer for mainframe workload migration utilizing a hybrid sample, the place sure workloads transfer to the cloud whereas nonetheless interacting with on-premises purposes and information sources.
I goal to offer an end-to-end workflow with detailed, hands-on info crucial for implementing production-ready options. The main focus is on migrating a mainframe workload to IBM Cloud, however the answer stays cloud-agnostic. To emphasise this, I am going to conclude with a reference structure for AWS.
This documentation takes a options architect’s perspective, outlining a mainframe workload migration. Whereas some commonplace assumptions are made for simplicity, the state of affairs stays real looking. The put up additionally covers a multi-zone deployment technique for prime availability and catastrophe restoration.
Do word that we’ll not be diving into the points of code transformations and database migrations on this weblog. The aim right here is to provide the crucial instruments and structure so that you can leverage if you embark upon a mainframe modernization journey.
Methodology
The proposed mainframe modernization technique adopts a hybrid strategy, enabling the co-existence of mainframe and cloud environments. By leveraging refactoring methods, mainframe workloads are reworked into cloud-native purposes, whereas sustaining integration with on-premises methods and information sources. The answer encompasses numerous points, together with:
- Utility refactoring: Reworking mainframe purposes, equivalent to CICS and BMS maps, into trendy, cloud-native Java purposes
- Information migration: Migrating mainframe information shops, together with DB2 and VSAM datasets, to cloud-based managed database providers, equivalent to IBM Db2 on Cloud or AWS Aurora PostgreSQL
- Safe connectivity: Establishing safe connectivity between the cloud setting and on-premises methods, leveraging applied sciences like Direct Join or Digital Personal Community (VPN)
- Integration and interoperability: Facilitating seamless integration and interoperability between the migrated purposes and current on-premises methods by way of safe file transfers and API-based interactions
- Safety and compliance: Implementing strong safety measures, together with encryption, entry controls, community segmentation, and risk detection, to make sure information safety and regulatory compliance
- Excessive availability and catastrophe restoration: Deploying multi-zone and multi-region methods to attain excessive availability and catastrophe restoration, aligning with the unique mainframe setting’s uptime necessities
For the aim of this weblog, we are going to think about the next technical particulars.
Assumptions
- 5000 MIPS relies on a single LPAR and never unfold throughout LPARS.
- 1 TB whole storage being listed is all sizzling storage and the design provisions for DASD-like entry. Any chilly storage found within the evaluation section can be factored in later.
- 50% of the applying consists of batch processing.
- The migrated software would nonetheless want to speak with current on-premises purposes.
- The present software has entry to all their underlying code which can be used for refactoring.
The tip-to-end challenge plan will comply with this path:
Following is the cloud migration mannequin encompassing completely different points of the goal state (cloud). Shifting to the cloud additionally comes with completely different duties and finest practices.
Reference Structure (IBM Cloud)
The part gives detailed reference architectures tailor-made for each IBM Cloud and Amazon Net Providers (AWS), demonstrating the cloud-agnostic nature of the proposed answer. These architectures illustrate the combination of assorted cloud providers and parts, equivalent to load balancers, digital personal endpoints, bastion hosts, and role-based entry controls (RBAC), to handle the precise necessities of the migrated mainframe workload.
Reference structure on IBM cloud
- Net customers with completely different personas work together with the UI screens (refactored from CICS/BMS maps) over the general public web. The visitors right here is proven to be routed by way of IBM Cloud Web Service, which incorporates Area Title Service (DNS), World Load Balancer (GLB), Distributed Denial of Service (DDoS) safety, Net Utility Firewall (WAF), Transport Layer Safety (TLS), Price Limiting, Sensible Routing, and Caching.
- On-premises purposes talk by way of Direct Join for a safe, quick, and dependable connection to the platform.
- The on-premises purposes change information with the migrated software operating on the IBM cloud utilizing a managed file switch service.
- Safe Sockets Layer (SSL) or Transport Layer Safety (TLS) are used to authenticate information transfers originating from exterior the community.
- The incoming visitors hits a Load Balancer; SSL offloading occurs on the Net Utility Firewalls. All in-transit information is aggregated and analyzed for threats and compliance adherence.
- East-West visitors is managed by way of Entry Management Lists (ACL) and Safety Teams (SG). ACL and SG assist isolate workloads from each other and safe them individually.
- ALB will route the visitors primarily based on commonplace well being checks and different routing guidelines offering crucial resiliency.
- Incoming and outgoing information would leverage a predefined Touchdown Zone, which can be arrange utilizing any File Gateway (e.g., IBM Sterling File Gateway) utilizing commonplace file switch protocols.
- Each On-line and Batch purposes had been refactored into Java Purposes operating on Digital Machines on the cloud.
- Leveraging the Digital Personal Endpoint, the applying layers connect with the native providers (Managed and Hosted) on the IBM cloud with out traversing by way of the general public web.
- All information at relaxation (datastore, database, backups, snapshots) can be encrypted for enhanced safety.
- Outbound information are being transferred to on-premises downstream purposes utilizing the identical secured community.
- Admin and Administration visitors could be regulated with privileged entry for operations and upkeep.
- Bastion Host gives admin entry to the digital machines (VMs), maximizing safety by minimizing open ports.
- Service-based authentication is used to determine trusted identities to regulate entry to providers and assets.
- Position-based entry controls (RBAC) can be used to offer required authorization to limit entry rights and permissions.
- All of the logs, uncooked safety, and occasion information generated by the purposes, databases, safety units, and host methods can be despatched to a regular SIEM interface for aggregation, evaluation, and detection.
- All Infrastructure, Administration, and Safety providers and parts are deployed to help the Manufacturing Utility and Information Availability necessities aligned to the present on-premises Mainframe setting.
Deployment Technique for Excessive Availability and Catastrophe Restoration
Typically, mainframe purposes are extremely out there. A few of them truly ship as much as 5 9s of availability which could be additional elevated by way of clustering expertise like Parallel Sysplex. The deployment mannequin should meet the provision and resiliency necessities of on-premises mainframe environments.
For this software, we are going to goal a two-zone deployment on the Major area with redundancy in-built by way of one other single-zone deployment on the DR facet. This can give an optimum price case for the applying with 5000 MIPS the place solely 50% (2500 MIPS) is OLTP.
Batch processing, generally, doesn’t warrant that a lot built-in redundancy. Based mostly on the enterprise case, we are able to all the time transfer to a 2-zone deployment even on the DR facet, however that may have an effect on the fee. Additionally, whereas migrating mainframe purposes, it must be assessed whether or not they can leverage multi-zone deployments each on an Utility and Database layer to achieve the utmost advantage of distributed processing.
At this level, we’re not contemplating any RTO and RPO necessities. The deployment technique might change primarily based on the precise RTO and RPO necessities.
Reference Structure (AWS Cloud)
Reference structure on AWS cloud
As beforehand famous, I am going to conclude this put up by presenting an equal AWS reference structure. This illustration will display that, regardless of some variations within the underlying providers, the general architectural construction stays largely constant.
For simplicity’s sake and ease of readers, I’ve maintained the fundamental structure whereas changing the providers and parts with equal ones in AWS.
A key level to focus on is the strategy to database internet hosting. Although it’s potential to run Db2 as a self-managed or AWS-managed software on Amazon Net Providers (AWS), for the aim of showcasing heterogeneous migration, now we have leveraged Aurora PostgreSQL for each the DB2 and VSAM datasets.
Conclusion
I’ve tried to seize the integral parts by way of this answer, however each use case could be completely different and may have additional refinements. Nonetheless, this might be referenced as a place to begin in your migration options.