Enable modern applications to communicate with IBM zSystems using AWS services

Enterprises are transforming their technology to accommodate fit-for-purpose architecture. Leveraging the right tool for the job is key to a hybrid cloud strategy and deployment, and doing so enables these organizations to accelerate digital transformation and application modernization. Customers are building hybrid cloud applications on AWS, and they are interested in taking advantage of the diverse set of AWS services and other flexible deployment options. They are accelerating their adoption on IBM mainframes to deploy highly secure, high volume, high throughput transactional applications that require ultra-low latency (for example, ATM transactions, cash deposits, or insurance renewal).

A hybrid architecture offers a way forward for their applications on AWS, to safely connect to mainframe apps, resources, and data. But how do you expose essential mission important workloads as APIs for consumption by the digital side? Creating those REST APIs for z/OS applications can be challenging and time to market is crucial.

Lack of subject matter expertise of current banking services or payment choices makes it even harder to respond with confidence. In addition, development teams want the agility of the public cloud to update their z/OS applications, offering the flexibility to spin-up environments on demand and embrace more common DevOps tooling.

This is where the IBM Z and Cloud Modernization Stack can help by offering an easy way to create REST APIs, which are a popular choice for integration between AWS-hosted applications and data running on the mainframe. With some basic information, a developer can quickly build consumable APIs and innovate faster by delivering hybrid solutions that easily and securely access the mainframe applications and data.

In this article, we showcase the capabilities of IBM Z and Cloud Modernization Stack that can help you accelerate your application modernization journey on AWS. We present the use case of a digital banking transformation journey, which enables cloud native development for z/OS applications and mainframe augmentation of channel-facing applications on AWS.

IBM Z and Cloud Modernization Stack

The IBM Z and Cloud Modernization Stack is a software solution that can help you accelerate your mainframe application modernization journey.

With this solution, clients can create and integrate z/OS APIs in minutes to applications running on Red Hat OpenShift Container Platform. Digital applications can securely access and update applications and data on the mainframe. Developers needing to update z/OS applications quickly spin up development and test environments with the services needed for z/OS specific applications while working with the DevOps toolsets. In addition, developers can select and quickly bring up and tear down mainframe resources needed to test on demand through a standard, self-service OpenShift catalog on AWS.

Clients pay for only the tools and capabilities that they use from the following solution components: z/OS Connect, Wazi Sandbox, Wazi Code, Wazi Analyze, and z/OS Cloud Broker.

z/OS Connect IBM z/OS Connect includes cloud native development support and API-first mapping for creating OpenAPI 3 interfaces to z/OS applications and data. Two new components have been added: a new container-based deployment model that is known as the IBM z/OS Connect Server and a powerful new browser-based tool called the z/OS Connect Designer.
Wazi Sandbox With the Wazi Sandbox, developers can develop and test their z/OS application in a personal z/OS sandbox. This sandbox can be used run different scenarios and test code more thoroughly.
Wazi Code With Wazi Code, developers can edit, build, and debug applications through z/OS language support, providing a familiar experience for developers when they work with z/OS applications. Developers gain interactive access to z/OS systems, and integration with modern source code management systems, such as Git.
Wazi Analyze Wazi Analyze is a rapid analysis tool used by developers to quickly discover relationships between the components of their mainframe applications and understand the impact of potential changes. They can use the graphical visualization of C, COBOL, PL/I, Java, and Assembler application artifact dependencies in a web user interface to see and drill down into relationships along with generating reports in multiple formats to act as reference.
z/OS Cloud Broker The z/OS Cloud Broker enables developers to automatically spin up mainframe resources on demand through a standard, self-service OpenShift catalog. It augments the capabilities of Red Hat Ansible automation for zSystems resources by rendering existing automation in Red Hat OpenShift and delivering a uniform z/OS hybrid cloud experience.

IBM Z and Cloud Modernization Stack provides developers with a more modern DevOps journey and a cloud-native experience using familiar, common tools:

For the z/OS application and data, developers can create a parallel REST interface that fits alongside the pre-existing integration channels.
By modernizing DevOps procedures and methods, developers can increase automation and accelerate development and delivery.

IBM Z and Cloud Modernization Stack plays a crucial part in implementing DevOps in a hybrid cloud environment. z/OS applications can be updated in a cloud native experience that can be easily integrated into your DevOps pipeline. Developers can create secure APIs for z/OS applications and data using Open Standard APIs. They can also select from the catalog to automatically provision mainframe resources across mainframe and clouds.

IBM Z And Cloud Modernization Stack on AWS

The IBM and AWS joint approach to mainframe application modernization allows you to innovate faster and reduce the need for specialized skills. As shared in this AWS blog, “a hybrid strategy that includes IBM zSystems and AWS can significantly reduce talent gaps, allow for rapid innovation with an agile DevOps approach, make it easier to access applications and data without significant changes, and optimize the costs of running or extending applications. Together, this approach maximizes business agility and return on investment (ROI).”

IBM Z and Cloud Modernization Stack on AWS extends the z/OS reach to the AWS Cloud by making z/OS business functions and data available for new use cases via AWS services. These new services provide secure access mainframe applications and data with REST APIs that adhere to the Open API standards, and can be built in minutes with the IBM no-code API solution, z/OS Connect.

Consider the Payment Initiation use case. The architecture diagram below illustrates how IBM Z and Cloud Modernization Stack’s z/OS Connect integrates with the Amazon API Gateway, which supports Open Banking API Standard. z/OS Connect will interact with a mainframe CICS system to perform the operations. The core assets are on z/OS, which is running on CICS, and the application is built using the COBOL programming language and Db2 is the data store on the mainframe. IBM Z and Cloud Modernization Stack helps you interact and get the data from the CICS application on the mainframe by using z/OS connect and Amazon API Gateway to securely expose the application.

Payment Initiation architecture

Here is the flow of this architecture:

The payment service user (PSU) initiates the transaction.
The request goes through a 3rd party payment gateway payment initiation service provider (PISP). PISP follows the Open Banking API standards.
The user authorizes the consent that is created by the PISP, that can happen through a one-time password (OTP).
After the user authorizes it, another API named payment order is called. Once the actual payment is made, the user can check the status of the payment order sent.
Actual payment transaction happens via PISP which interacts with the Bank via Open Banking APIs.
Open Banking APIs are Interacting with Mainframe CICS system via z/OS connect of IBM Z And Cloud Modernization Stack.
Open Banking APIs are exposed to 3rd party application via Amazon API Gateway and secured using Amazon Cognito.

Given the payment initiation use case and its solution for building Open Banking APIs on mainframe CICS applications, IBM BankofZ can start with using z/OS Connect as an API enabler having deployed it on AWS Cloud Modernization Stack on AWS can leverage the various components to integrate APIs with the backend COBOL CICS application without requiring z/OS knowledge. API developers can use the Red Hat OpenShift Dev Space to build APIs. The OpenShift Dev Space can connect with AWS CodeCommit and z/OS Connect Designer.

API developers can use the z/OS Connect Designer to create APIs by importing API specifications files, such as Swagger. It will load all the path and methods of the APIs into z/OS Designer. z/OS Connect Designer simplifies creating APIs and integrating them with the backend CICS application using a z/OS asset by importing the COPYBOOK associated with the CICS program.

z/OS Connect Designer also allows developers to map request parameters within the CICS program and configure responses for each response code. API developers can define the mandatory fields in the request. z/OS Connect supports JSON data expressions that let developers define any single character status in the response.

Lastly, the cloud administrator can use the z/OS Connect Operator of RedHat OpenShift to create service endpoints for the APIs to be consumed. The z/OS Connect Operator needs to be installed on the OpenShift Cluster workspace. The cloud administrator can use AWS Services to secure the API like the Amazon API Gateway configured to use Amazon Cognito identity and authorization, Amazon CloudFront for content delivery with low latency, and Amazon Route 53 for public hosting.

Reference Architecture of IBM Z Mod Stack and Cloud on AWS

IBM Z and Cloud Modernization Stack on AWS will help us to achieve two different architecture patterns and use cases:

Mainframe augmentation with new channels
Cloud-native development for z/OS applications

Mainframe augmentation with new channels

This reference architecture depicts secure and scalable hybrid cloud environment for business-critical APIs using z/OS capabilities on AWS Cloud by making z/OS data available via AWS services.

Mainframe augmentation architecture

Here is the flow of this reference architecture:

The AWS environment is set up on a single region.
An Amazon VPC with two private subnets and two public subnets is configured.
The AWS region spans across two availability zones.
A Red Hat OpenShift cluster is deployed on each availability zone. IBM Z and Cloud Modernization components are deployed on the OpenShift cluster.
The Fintech Services are deployed on Amazon Elastic Container Service (ECS).
The Amazon RDS database is set up on a private subnet with real time data replication.
AWS Lambda is set up to act as the front-end for the Fintech Services API and integrated with the Amazon API Gateway. AWS Lambda is triggered when it receives a request on an API endpoint.
A network load balancer is configured to balance the load between the two availability zones.
An Amazon API Gateway is set up with Amazon ElastiCache, which is integrated with Amazon Cognito as an identity service to authenticate and authorize users using a JWT token.
An Amazon Simple Storage Service (S3) bucket is used to store logs.
Amazon CloudFront is set up to distribute content with low latency from specific availability zones.
Amazon Route 53 is configured for public hosting URL.
Amazon Cognito is used as an identity pool to set up users.
AWS Direct Connect is used to establish a private secure link between AWS and on-premises data center.
CICS, db2, and other services are running on on-premises data center.
Consumers use the Fintech Services (OpenBanking APIs).

Cloud-Native Development for z/OS applications

Cloud Native development environment reference architecture for modernizing z/OS application which helps to easily modify existing COBOL, Java, PL1 programs by choice of development environment (IDE) while developer can also take advantage of new language including Python, Node.JS and go that all can run on z/OS also it integrates with enterprise-wide CICD toolchains such as Git and Jenkins and open-source tools that are familiar to developers.

Cloud-native development for z/OS applications architecture

Here is the flow of this cloud-native development architecture:

Developers start coding and debugging the application by cloning the feature branch in the Wazi Code Dev Space and uses Wazi Analyze to understand the relationships between the different z/OS artifacts of the OpenBanking API application (Fintech Services).
To implement the change, the developer will build using Wazi Sandbox and DBB (IBM Dependency Based Build) to compile and link the programs.
Developer will use AWS CodeCommit Service to commit the code and raise the pull request.
AWS CodeCommit service will trigger the build and unit test pipeline upon PR merge.
Pipeline will perform build and run unit tests on Wazi Sandbox and DBB using AWS CodeBuild.
Pipeline will also drive the deployment of the code changes to the Wazi Sandbox environment on CICS and DB2 thru AWS CodeDeploy.
Developer will raise a pull request from developer branch to release branch.
PR will trigger the Integration pipeline driven by AWS CodePipeline.
This pipeline will perform build and run Unit Tests on release branch using the DBB installed on Test LPAR from On-premise Data Centre. This pipeline will also perform the code review to check the quality of the committed COBOL source code.
Deployment is driven by Ansible playbook of the generated artifacts to the CICS and DB2. Developer will have Test LPAR populated with artifacts generated and will be able to perform some advance testing with the API. There will be another process to deploy artifacts to the Production LPAR.

How it works

Video will open in new tab or window.

Summary

To help customers increase agility, maximize the value of their investments, and innovate faster, IBM and AWS are collaborating to level the playing field. Together, we are extending the available application modernization options for our customers to select the right modernization path for their business.

By adopting a hybrid cloud architecture with mainframe and AWS, you create a digital platform to support business transformation initiatives with a resilient and secure transaction environment that is cost-efficient as it scales.

IBM Z and Cloud Modernization Stack on AWS provides a straightforward and user-friendly method for integrating the power of RESTful APIs into your mainframe. You can develop applications on AWS and take advantage of the vast array of services and other flexible deployment options such as serverless.

In the digital banking use case in this article, we discussed how banks are modernizing the way they architect, build, deliver, and grow their services. Implementing Open Banking Standards can enable them to take advantage of innovative channels and give their consumers a better experience. IBM Z and the Cloud Modernization Stack on AWS provides the common tools that developers need to support DevOps and provide API access to data from mainframe systems with little to no mainframe expertise.

To get started now, check out the IBM Z and Cloud Modernization Stack and deployment template on the AWS Marketplace. And check out the IBM Developer Amazon Web Services (AWS) hub to learn more about IBM and AWS.