AWS Partner Network (APN) Blog
Empowering Enterprise Mainframe Workloads on AWS with Micro Focus
By Neil Fowler, Vice President of Engineering at Micro Focus
By Phil de Valence, Solutions Architect for Mainframe Modernization at AWS
Large mainframes have challenging non-functional requirements in order to process large volumes of data and users for core-business workloads.
Micro Focus Enterprise Server mainframe capabilities, combined with Amazon Web Services (AWS) global infrastructure, provide the quality of service required by large business-critical applications.
With this solution, enterprises and public institutions deploy mainframe workloads on AWS with high security, high availability, elasticity, and robust system management.
In this post, we will describe the Micro Focus Enterprise Server solution on AWS along with some of its unique benefits.
Micro Focus is an AWS Partner Network (APN) Advanced Technology Partner with the AWS Data & Analytics Competency.
By applying proven expertise in software and security, Micro Focus enables customers to utilize new technology solutions while maximizing the value of their investments in critical IT infrastructure and business applications.
Mainframe Non-Functional Requirements
Large enterprises and public institutions often run business-critical applications that execute vast numbers of transactions securely, reliably, and with no downtime.
For this purpose, they use systems with high quality of service and that satisfy important non-functional requirements, such as security, availability, scalability, and system management.
Some customers still use decades-old mainframe systems which provide this quality of service on-premises:
- For high security, sensitive workloads need end-to-end security for which mainframes provide encryption of data at-rest and in-transit, centralized authentication and authorization, audit trails, key management and policy compliance.
- For high availability, we often see service-level agreements requiring 99.999% of availability, for which mainframes have extensive built-in hardware and software redundancy, the ability to run systems in parallel (Parallel Sysplex), and across sites or data centers (Geographically Dispersed Parallel Sysplex).
- For scalability, workloads require the ability to adjust capacity based on business needs, and mainframes can, for example, turn on/off CPUs within the limits of the mainframe physical machine.
- For system management and administration, a large variety of facilities are necessary, and mainframes provide centralized monitoring, alerting, logging, metering, patching, backup, and automation.
In the cloud, the Micro Focus Enterprise Server and AWS solution meets and often exceeds such non-functional requirements, further increasing the quality of service for most critical business workloads.
With more and more organizations identifying digital transformation as a key strategic objective, modernization of the application process and infrastructure provides the fastest, lowest risk route to delivering business value.
Micro Focus Enterprise Server Solution
Micro Focus specializes in ensuring the business value of applications is protected and modernized to take advantage of contemporary technologies and environments.
By bridging the old and the new, the investment and unique value of current applications can be deployed on AWS and extended to support digital interfaces. Micro Focus has been supporting customers’ choices for decades and has successfully helped thousands of organizations deploy their applications on the most appropriate platform using Micro Focus Enterprise Server.
The Micro Focus Enterprise Server on AWS solution enables:
- The ability to rehost mainframe applications with minimum change to Linux, Windows, or UNIX.
- The transition of DB2, IMS-DB, QSAM, and VSAM data into alternative database and file systems on Linux, Windows, or UNIX.
- Support for online CICS and IMS applications.
- A batch environment to support the move of current jobs, job control, JCL, and batch utilities.
Figure 1 – Micro Focus Enterprise Server architecture overview.
Enterprise Server on AWS tightly integrates with third-party products such as Relational Database Management Systems (RDBMS) for IBM DB2 emulation, IBM MQ, and LU6.2 communications products with transactional integrity and coordination.
To provide an equivalent operating environment, these capabilities are extended with LDAP-based security systems, providing RACF-equivalent support and many other monitoring, auditing, printing, and scheduling products. VSAM and sequential files can be supported directly within the product, or take advantage of an RDBMS for increased availability and scale.
The table below shows the mapping of mainframe components to components on AWS.
Figure 2 – Mainframe-to-AWS components mapping.
Implementing a DevOps process as part of the re-platforming exercise provides a solid foundation to support higher-quality, more frequent application updates and deployment that facilitates an ongoing modernization journey.
Once the application is available on a more agile, efficient, and cost-effective platform, it can be extended to provide API interfaces or refactored to leverage key services that can be deployed independently rather than as a monolithic system.
Enterprise Server on AWS
AWS and Micro Focus provide deployment flexibility and choice based on the mainframe workload requirements. Typically, Enterprise Server on AWS is deployed on Amazon Elastic Compute Cloud (Amazon EC2), while the application data is stored in a relational database such as Amazon Aurora or Amazon Relational Database Service (Amazon RDS), or in Amazon Elastic Block Store (Amazon EBS).
A foundational, highly-available environment can be deployed automatically with the Micro Focus Enterprise Server on AWS Quick Start. In addition to infrastructure-as-a-service (IaaS) deployment using Amazon EC2 instances, Enterprise Server can also be deployed in Docker containers and orchestrated using Kubernetes with Amazon Elastic Kubernetes Service (Amazon EKS).
Third-party utilities for batch job scheduling or output and print management can be deployed on Amazon EC2 instances. Managed AWS services minimize operational complexity with centralization and no server to manage.
Figure 3 – Micro Focus Enterprise Server on AWS architecture overview.
Mainframe workloads can have stringent, non-functional requirements, especially around performance with massive throughput and I/O. A fit-for-purpose approach requires choice to identify the most appropriate compute, storage, IOPS, and networking services on AWS.
AWS provides a wide selection of Amazon EC2 instance types, with one instance possessing up to 224 CPU cores, 12 TB of memory, 25 Gigabit networking (High Memory instances), or 4.0 GHz vCPU clock speed (z1d instances—the fastest of any cloud instance).
In most cases, it’s better to scale dynamically with multiple smaller instances (such as the general purpose m5 instances) and focus on improving redundancy, availability, and cost efficiency.
With this approach, we’re not limited by the capacity of one or few machines (scalability bottleneck), nor are we limited to vertical scaling or peak capacity sizing (expensive unused capacity). This gives virtually unlimited AWS resources by automatically scaling horizontally with the right number of instances to process the load at any point in time.
With Enterprise Server on AWS, instances and environments can be started and stopped in minutes on a pay-as-you-go basis. It gives much-needed flexibility to support new business initiatives with adjustable development and test environments, to launch and terminate test instances within a DevOps CI/CD pipeline, or to temporarily create a performance environment the same size as the production environment.
Deploying Enterprise Server on AWS enhances the quality of service for large-scale critical mainframe workloads, providing high security, high availability, elasticity, operational excellence, and cost optimization, as described in the following sections.
Security is our top priority, and one of the great things about the AWS Cloud is that customers inherit best practices of policies, architecture, and operational processes built to satisfy the requirements of security-sensitive customers.
For data confidentiality, integrity, and compliance, Enterprise Server on AWS provides extensive encryption of data options both at-rest or in-transit, without application changes.
TCP-based communication end points, for application access or administration, can be encrypted using TLS (SSL) for data in motion, and using AWS Virtual Private Network (AWS VPN), either over the internet or private network using AWS Direct Connect, to connect on-premises sites to AWS.
Data at-rest is encrypted with relational database features such as Amazon Aurora encryption or Amazon RDS encryption, as well as with Amazon EBS encryption, all of which benefits from centralized keys in AWS Key Management Service (AWS KMS) or in AWS CloudHSM hardware security module (HSM).
Leveraging LDAP capabilities, such as AWS Directory Service for Microsoft Active Directory, Enterprise Server on AWS extends the implementation to reuse existing mainframe security rules to protect resource access providing RACF-like authentication and authorization, including multi-factor authentication.
Micro Focus provides extensive security, risk, and governance products and hybrid IT management solutions that can be deployed on premise and in the cloud.
To highlight Enterprise Server’s integration with the AWS Cloud, the solution can leverage AWS Identity and Access Management (IAM) to centralize access control across all AWS services and regions with thorough auditing via AWS CloudTrail and notifications with Amazon CloudWatch Alarms.
Figure 4 – Micro Focus Enterprise Server on AWS security overview.
For network security, network segmentation and isolation techniques are configured with Amazon Virtual Private Cloud (VPC) network, public, or private subnets, and an AWS Direct Connect dedicated connection.
There are layers of firewalls including Security Groups, and Network Access Control Lists (ACL), and thorough IP traffic logging using VPC Flow Logs. Threats and malicious activity are detected with Amazon GuardDuty.
For centralized security governance, AWS Config continuously audits the configuration of AWS resources; Organizations Service Control Policies offer central control over the maximum available permissions for all accounts in your organization; and Amazon Inspector performs automated security assessments.
AWS maintains security at scale with automated reasoning technology. Overall, the customer’s security responsibilities are reduced with the Shared Responsibility Model, and compliance is simplified with numerous AWS Certifications and accreditations, such as PCI DSS, ISO 270xx, HIPAA.
Enterprise Server on AWS provides the combined redundancy and features that allow mainframe-like continuous availability with both high availability and continuous operations. Fundamentally, this relies on the ability to process transactions in parallel and to synchronize data across AWS-isolated physical data centers that are connected through low-latency links.
An AWS Availability Zone (AZ) consists of one or multiple data centers (typically three). The AZs are physically separated by many kilometers but interconnected with low-latency networking allowing synchronous data updates or replication. An AWS Region consists of multiple AZs (typically three) in a geographic location.
Enterprise Server on AWS has Sysplex-like features to fully benefit from Availability Zones, allowing processing CICS/COBOL transactions in active/active mode across isolated data centers. An Enterprise Server Performance and Availability Cluster (PAC) can be configured to keep two or more distinct instances synchronized as a single image, similar to a CICSPlex System Group.
Like a Coupling Facility, the Scale-Out Repository relying on Amazon ElastiCache is used to enable the caching and synchronization between instances. It can also be used for other data structures that need to be shared, such as CICS Temporary Storage and Transient Data Queues.
Traditional resources like VSAM and sequential files can be stored in Amazon Aurora relational database for high availability and scalability across the PAC. This also provides cross-instance resource locking to ensure synchronization of key activities across the cluster.
Data replication is provided by Aurora and ElastiCache, removing single points of failure. Aurora maintains automatically six copies of the data spread across three AZs. For higher availability of the Aurora database engine, Aurora Multi-Master makes every Aurora node in each AZ available for read and write requests.
Figure 5 – Micro Focus Enterprise Server on AWS availability overview.
The diagram above shows only two Availability Zones but can easily be expanded to the typical three AZs, or possibly six, within a region for higher availability. Such topologies across AZs with isolated data centers is business-as-usual for AWS and readily available on a pay-as-you-go model within the 69 Availability Zones and 22 regions globally.
For even higher levels of availability, or for disaster recovery purposes beyond the regional data center redundancy and failover, data and components can be replicated to other AWS Regions globally. For example, Aurora data can be replicated globally using Aurora Global Database.
Scalability and Elasticity
Scalability is important to adjust the hardware and software capacity to the workload needs. With few on-premises machines, mainframe scalability is mostly manual and vertical with a bottleneck due to the limited machines resources.
Vertical scaling also implies doing peak capacity sizing with expensive unused capacity. In today’s world where demand fluctuates drastically and customers want to pay only for what they use, elasticity is even more important with the ability to dynamically and horizontally scale the number of instances processing a workload.
The Enterprise Server PAC is designed for elasticity and horizontal scaling in active/active mode. Combined with an Elastic Load Balancer and AWS Auto Scaling Group, Enterprise Server on AWS instances are added or removed dynamically to or from the PAC across multiple AZs based on customizable thresholds such as CPU utilization.
A health check increases reliability with self-recovery by terminating and replacing unhealthy instances. Here again, the Coupling Facility-like Scale-Out Repository hosts the shared data structures, and Aurora provides elasticity for the persistent data.
Benchmarking such configurations using a complex CICS application like TPC-C has demonstrated more than 5,000 TPS, representing significant scale and capacity for a single Enterprise Server PAC.
Figure 6 – Micro Focus Enterprise Server on AWS elasticity overview.
Such topology has the additional advantage of increasing reliability and availability by making the application tolerant of disposable instance failures, reducing the blast radius and supporting taking instances offline to apply maintenance. When instances are added or restarted, they synchronize the changes across the PAC before they start processing client requests.
Enterprise Server on AWS is able to handle workload peaks and spikes while minimizing unused capacity, with no need to guess capacity or allocate and pay for idle hardware resources.
Administration and System Management
Mainframes have many facilities for system programming and operations. Similarly, AWS and Enterprise Server possess a large spectrum of system management features and services that provide operational excellence for enterprise applications.
For administration purposes, Enterprise Server on AWS instances and PAC are configured using the Enterprise Server Common Web Administration (ESCWA). This also provides secure, extensible support for RESTful APIs that can be used to integrate with or automate the configuration and management.
For AWS services administration, the web console, AWS Command Line Interface (CLI), and AWS Software Developer Kits (SDKs) are available.
Figure 7 – Micro Focus Enterprise Server on AWS system management overview.
For centralized monitoring, Amazon CloudWatch collects metrics about all components, display dashboards, and triggers alerts via CloudWatch Alarms.
In addition to the built-in monitoring and logging facilities, Enterprise Server on AWS can generate performance counters, metrics, and events consumed by CloudWatch. Centralized logging is facilitated by CloudWatch Logs, with the ability to trigger alerts or automated remediations based on specific log messages.
For automation, infrastructure-as-code, and Continuous Integration/Continuous Deployment (CI/CD) pipelines, AWS CloudFormation describes and provisions resources, AWS Cloud Development Kit (CDK) allows using familiar programming languages, Amazon Machine Images (AMI) pre-configures Enterprise Server on AWS instances, and ESCWA Client Web API provides the interface for administering Enterprise Server.
For centralized backup, AWS Backup takes snapshots of both Enterprise Server EBS volumes and the managed database. Backup snapshots are saved in an Amazon Simple Storage Service (Amazon S3) object store, with a lifecycle policy to move backups within storage classes from infrequent access to Amazon Glacier or Glacier Deep Archive.
For centralized cost chargeback and reporting, one can use a combination of granular Cost Allocation Tags, Cost Explorer, and AWS Cost and Usage Report.
For centralized software update, patching, configuration changes, AWS Systems Manager provides dashboards, automation, and control to perform maintenance tasks across numerous Enterprise Server on AWS instances and databases.
For governance and compliance, AWS Config continuously monitors, records, and alerts on configuration changes.
For additional system management needs, you can explore the many out-of-the-box AWS management and governance services. These allow comprehensive management and deployments of Enterprise Server on AWS instances in all regions, with automation and resources readily available.
Mainframe workloads moved to Micro Focus Enterprise Server on AWS provides a low risk, high value strategy to support application, process, and infrastructure modernization. The operating costs can be dramatically reduced while delivering improved agility, flexibility, and opening up more options to modernize the application portfolio to meet ever changing business needs.
The unique Enterprise Server on AWS capabilities enhance the quality of service beyond RACF-like security, Sysplex-like availability, mainframe-like scalability and operability.
Security, Reliability, Performance Efficiency, Operational Excellence and Cost Optimization are fundamental pillars of an AWS Well-Architected Enterprise Server deployment, with the ability to exceed the needs of some of the most demanding mainframe applications.
To get started with Enterprise Server on AWS, you can learn more and experiment essential components with Micro Focus Enterprise Server on AWS Quick Start.
Micro Focus – APN Partner Spotlight
Micro Focus is an AWS Competency Partner. They enable customers to utilize new technology solutions while maximizing the value of their investments in critical IT infrastructure and business applications.
Contact Micro Focus | Solution Overview
*Already worked with Micro Focus? Rate this Partner
*To review an APN Partner, you must be an AWS customer that has worked with them directly on a project.