[SEO Subhead]
This Guidance shows how to implement and operate highly available, resilient mainframe applications on AWS using the AWS Mainframe Modernization service. It provides a comprehensive framework for utilizing the maturity, reliability, security, and performance of AWS to modernize mission-critical mainframe workloads. This Guidance also outlines best practices for deploying, configuring, and maintaining mainframe applications on the AWS infrastructure, helping you to achieve high availability through failover mechanisms and disaster recovery protocols. Furthermore, it explores strategies for optimizing performance, scalability, resource utilization, and cost efficiency, allowing you to maximize the benefits of cloud computing for your mainframe environments.
Please note: [Disclaimer]
Architecture Diagram
-
Management interfaces
-
Cloud management and governance
-
Management interfaces
-
This architecture diagram shows how to operate modernized mainframe applications at scale using the various management interfaces with the AWS Mainframe Modernization service.
Step 1
Users access the service using the AWS Command Line Interface (AWS CLI) or the AWS Management Console (users are prompted to sign in or create an account). Users can also deploy migrated applications using AWS CloudFormation templates or AWS Cloud Development Kit (AWS CDK) scripts.
Step 2
The network traffic between these AWS services and the AWS Mainframe Modernization service is always encrypted.
Step 3
With a web browser or mobile device, end users access the modernized mainframe application on AWS through calls to the AWS Mainframe Modernization APIs.Step 4
AWS Mainframe Modernization uses HTTPS for API endpoints, which are also configured by default.Step 5
An application in AWS Mainframe Modernization contains a migrated mainframe workload. These applications can be deployed in multiple Availability Zones. It is analogous to a workload on the mainframe and is associated with a runtime environment.Users can add batch files and data sets to applications and monitor applications as they run. Users create AWS Mainframe Modernization applications for each migrated workload.
Step 6
Both refactored and replatformed applications use a database and/or a file system. Users must create, configure, and manage the database according to specific requirements for each runtime engine. Amazon FSx or Amazon Elastic File System (Amazon EFS) can be used for storing application data on files.Step 7
Third-party solutions for messaging, scheduling, and printing integrate with AWS Mainframe Modernization using its management interfaces.
Step 8
AWS CloudTrail enables operational and risk auditing, governance, and compliance of a user’s AWS account. Actions taken by a user, role, or AWS service are recorded as events in CloudTrail.AWS Identity and Access Management (IAM) will return ‘allow’ or ‘deny’ based on standard IAM policy evaluations. Amazon Simple Storage Service (Amazon S3) is used for storing binaries, application build artifacts, configuration files, console, application, and database logs.
-
Cloud management and governance
-
This architecture diagram shows how applications modernized using AWS Mainframe Modernization have native integrations with AWS Cloud management and governance services.
Step 1
Users can connect to AWS services over the network with AWS Direct Connect.Step 2
Clients can use Amazon Route 53 to do name resolution and use Elastic Load Balancing to set up an Application Load Balancer that distributes traffic across multiple targets.Step 3
The AWS Mainframe Modernization service achieves cloud management by providing a managed runtime that takes care of various aspects of centralized logging, monitoring, billing, and licensing for operating in the cloud.Modernized mainframe applications on AWS benefit from cloud governance by having preventative and detective controls, account management, and auditing available on AWS.
Step 4
Events in the user’s AWS account, including events for AWS Mainframe Modernization, create trails in CloudTrail. CloudTrail can deliver these trails as log files to an Amazon S3 bucket.Step 5
Amazon CloudWatch monitors the user’s AWS resources, including the applications on AWS Mainframe Modernization, in real-time. Users can collect and track metrics by creating rules in CloudWatch Events to invoke AWS Lambda functions when a specified metric reaches a threshold that users specify.These notifications are received using various services, like Amazon Simple Notification Service (Amazon SNS) or Amazon Simple Email Service (Amazon SES).
Step 6
The AWS Mainframe Modernization service supports IAM identity-based policies.
Well-Architected Pillars
The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
-
Operational Excellence
The AWS Mainframe Modernization service allows you to develop or update your mainframe applications using Common Business Oriented Language (COBOL) or Programming Language One (PL/I) and implement an automated continuous integration and continuous delivery (CI/CD) pipeline. With CloudWatch, you can monitor your resources and applications in real-time by collecting metrics and setting alarms. Amazon CloudWatch Logs helps you track and store log data, while CloudTrail captures API calls and events for auditing purposes. Further, CloudFormation allows you to manage your environments and applications using infrastructure as code (IaC) best practices, ensuring repeatable, standardized deployments.
-
Security
IAM allows you to control access to your resources through identity-based policies, with only authorized users and roles able to perform actions. AWS Mainframe Modernization integrates with AWS Secrets Manager to securely store application database credentials, with AWS Key Management System (AWS KMS) providing the encryption keys. These services work together to protect your sensitive data and maintain the overall security of your modernized mainframe environment.
-
Reliability
CloudTrail tracks API calls and events, so you can maintain a comprehensive audit trail of your AWS activities. Amazon SES and Amazon SNS deliver notifications and alerts, keeping you informed of any issues or events that may impact your modernized mainframe applications.
-
Performance Efficiency
AWS Mainframe Modernization provides a range of compute capacity options, allowing you to choose the right resources to meet your transactional, batch processing, and other operational requirements. Define and continuously monitor the performance metrics of your infrastructure and application components with CloudWatch, which helps you identify and address any performance bottlenecks.
-
Cost Optimization
AWS Cost Explorer gives you a visual representation of your AWS costs and usage over time, allowing you to make informed decisions about resource utilization and cost management. AWS Mainframe Modernization includes several built-in batch utilities, such as M2SFTP (for secure file transfer using the SFTP protocol), M2WAIT (which waits for a specified amount of time before continuing with the next step in a batch job), and TXT2PDF (which converts text files to PDF format). These utilities allow you to perform common functions without incurring additional licensing fees, optimizing your overall costs.
-
Sustainability
AWS Mainframe Modernization allows you to scale your infrastructure based on user demand, avoiding overprovisioned capacity. The service is also available in multiple AWS Regions, so you can optimize the geographic placement of your workloads. Lastly, CloudWatch provides insights into your resource utilization, allowing you to identify and eliminate any inefficiencies, reducing your environmental impact, and enhancing the overall sustainability of your modernized mainframe applications.
Implementation Resources
A detailed guide is provided to experiment and use within your AWS account. Each stage of building the Guidance, including deployment, usage, and cleanup, is examined to prepare it for deployment.
The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.
Related Content
[Title]
Disclaimer
The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.
References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.