RD&T is a tool that allows development and testing of mainframe applications on remote systems. Rogers Communications used RD&T to modernize their cable subscriber management application. It allowed them to overcome constraints of their mainframe environment like limited development resources. RD&T enabled faster prototyping and testing of new technologies like web services APIs. It helped Rogers streamline development processes and meet compliance requirements for their application.
11. 11
Rogers Communications
Overcome your Continuous
Integration blockers with
RD&T Webinar – API
Modernization Use Case
David.Callingham @ rci.rogers.com
Calin.Groza @ rci.rogers.com
12. 12
• Overview of Rogers Communications
• Cable Subscriber Management Application
• API Modernization with RD&T
Presentation today will cover
Agenda
Overview
Disclaimer: The views and opinions expressed in this presentation are those of the authors and do not necessarily
represent official position of Rogers Communications.
All products, brand names, or company names mentioned in this presentation are properties and trademarks or
registered trademarks of their respective companies.
13. 13
• Rogers Communications Inc. is a diversified Canadian telecommunications and media company.
In Wireless, we are Canada's largest voice and data telecommunications services provider and
the country's only national carrier operating on the combined world standard GSM/HSPA+/LTE
technology platforms.
• Our Cable segment is a leading Canadian cable services provider, offering high-speed Internet
access, television, and telephony products
• Business Solutions segment, we provide business telecom, networking, hosting, managed
services and IP solutions to small, medium and large enterprise, government and carrier
customers.
• Our Media segment is Canada's premier group of category-leading broadcast, specialty, print and
online media assets, with businesses in radio and television broadcasting, televised shopping,
sports entertainment, magazine and trade journal publishing and digital media.
Introduction to Rogers
Rogers Communications Inc. Overview
Corporate overview
http://www.rogers.com/web/ir/overview/
14. 14
• Functional Capabilities
o Customer Management
o Product Ordering
o Work Order and Service Order Scheduling
o Billing Credit & Collection
In-house developed, continuously evolved
Cable Subscriber Management Application
Introduction
1981 –
Dev start
1993 –
GUI &
SOA 3270
1998 – MQ
SOA
2001 –
GUI VB
2004 –
ESB Web
Services
2012 –
Moderniza
-tion
15. 15
• Technical Profile
o Over 1000 online programs
o 140 CICS Services consumed by GUI (via 3270)
o 60 CICS Services consumed by ESB (via MQ)
o SOA
o Telnet 3270 and MQ initiated CICS transactions
• Volumetrics
o 2.2 million customers
o 15,000 online users, 6000 concurrent users
o 7 million transactions per day
o 250 peak tps
o 60% via 3270 40% via MQ
CICS/COBOL/IMS/VSAM
Cable Subscriber Management Application
RD&T Webinar
Application Overview
16. 16
• Begun in 2012
• System Software Upgrade
o z/OS 1.4 to z/OS 1.13
• Hardware Replacement
o Z9 to BC12
o new disk and tape sub-systems
• Improve GUI and ESB APIs with SOAP/REST Web services
o Limitations GUI Client
o message size & 3270 emulator costs
o ESB mediation
o Reduce Middleware dependency
o XML-COBOL mapping logic in 3rd team
Bring application and infrastructure current
Modernization Project
RD&T Webinar
Modernization
17. 17
SOA since 1993 2004
Current API Implementations – 3270 & MQ COBOL
Current APIs
17
GUI
Mapping-Comms
HLLAPI
…CICS AOR
Server1
Server1
Server1
Comms
Scheduler
Server1
Comm Server
TCP/IP
Z/OS
3270
Transport
COBOL
messages
over Telnet
3270
ESB
CICS MOR
Broker
CICS AOR
Server1
Server1
Server1
Comms’
Scheduler’
Server 1
SERVICE_REQUEST_Q SERVICE_REPLY_Q
MQ Client
Channels
XML-
COBOL
xform
Web service
provider -
HTTP
COBOL
COMMAREA
1998
18. 18
Chapter 3 Scenario 2 - modernize API
Design Pattern – API Modernization
RD&T Webinar
Enterprise Architecture
http://www.redbooks.ibm.com/redbooks/pdfs/sg248225.pdf
developerworks
19. 19
RD&T increased agility and time to market
Goal - Web Service APIs by end of 2015
RD&T Webinar
RD&T
March
RD&T
CICS 5.2
and
Liberty
April
end-to-end
PoC
May
Deployment
alternatives &
logging
June
HTTP Basic
Auth
August
SSL
September 2015
DEV LPAR
available
• zIAW February 2015 - Liberty or classic CICS
pipeline (IBM SWG Workshop)
• Problem
• CICS 5.2, Java 7.1 and Liberty not available on
DEV LPAR till September 2015
• Solution
• RD&T w/CICS 5.2
• Full authority
• No process barriers
20. 20
Complete an end-to-end test to uncover technical issues & confirm design
Technology Validation Prototype
RD&T Webinar
RD&T
CICS 5.2
Liberty 8.5.5
Test Client
CICS 5.1
RD&T
DEV LPAR
IPICSOAP
HTTP
Prototype Scope
• Eclipse 4.2.2 Java EE, WLP,
CICS Explorer plug-ins
• WSDL definition
• AdminService:ExecutePgm
• Java code gen JAX-B
• CICS 5.2
• CICS CONTAINERS
• Liberty jaxws and cicsts features
Out of Scope
• Basic Auth
• HTTPS
• Authentication with RACF
RD&T Benefits
• Hands on learning
• Quick cycle time for app
changes
• No security – full access to
config, logs and commands
LINK
COBOL
Service
ExecutePgm
method
ExecutePgm
Map Java objects to byte arrays
Create CICS channel and containers
Put the byte arrays in the
containers
Link to CICS program
Get data from containers
Map container data into
Java objects
GET CONTAINER
INTO(request)
Proceed as per usual
PUT CONTAINER FROM
(response)
Return
<server>
<feature>cicsts:core-1.0</feature>
<feature>jaxws-2.2</feature>
<feature>jaxrs-1.1</feature>
<feature>servlet-3.0</feature>
<feature>cdi-1.0</feature>
<feature>jndi-1.0</feature>
<applicationMonitor
dropins="dropins”
pollingRate="60s”
updateTrigger="polled"/>
21. 21
How Liberty authentication interacts with RACF, Java method and CICS-COBOL
HTTP Basic Authentication
RD&T Webinar
RD&T
CICS 5.2
Liberty 8.5.5
Client
CICS 5.1
RD&T
DEV LPAR
IPICUser
Pw
Prototype Scope
• RACF SAF user-repository
• Change Password
• Password Expired
• Revoked ID
• Session Token handling
• Failed Authentication
Challenge
• HTTP Basic Auth does not support
password change or errors for
expired/revoked Ids
Solution
• Use Basic Auth protocol and
Lightweight Third-Party
Authentication (LTPA)
• Second level of authentication in
the COBOL application layer
RD&T Benefits
• Full access to server config and
logs
• Quick cycle time for app changes
LINK
COBOL
Logon
BA+ Login
method
<server>
...
<feature>cicsts:security-1.0</feature>
<feature>appSecurity-2.0</feature>
....
<safCredentials unauthenticatedUser="CWSABC"/>
<safCredentials profilePrefix="CWSABC"/>
<webAppSecurity ssoCookieName="SessionId"/>
....
</server>
EXEC CICS VERIFY
USERID() PW()
Angel
RACF
RACF
22. 22
Configure Certificate in RACF and configure Liberty for SSL
SSL-TLS
RD&T Webinar
RD&T
CICS 5.2
Liberty 8.5.5
Test Client
RD&T
HTTPS
Angel
RACF
• Challenge
o Minimum level of security (MLOS) compliance
mandates SSL/TLS for web-services invocations
o RACF configuration certificates complex with many
options
• RD&T Benefits and Solution
o RD&T has separate RACF database
o Full access to RACF admin and server.xml
o RACF steps tested
o Create a self-signed certificate as placeholder
o Generate a Certificate Signing Request
o Receive the signed certificate
o Replace certificate, add to key ring
o Other things we learned
o Managing SSL certificates is a complex activity
o Have tools handy to check and troubleshoot the SSL
configuration: openssl, portcle
o Intermediate and root CA certificates for GeoTrust
already on desktop configuration
o Liberty config details for keystore - RACF keyring, ssl-
id referring to RACF certificate name
<server>
...
<feature>ssl-1.0</feature>
<keyStore filebased="false" id="racfKeyStore”
location="safkeyring://CWSDABC/RNGABC"
password=”..."
readOnly="true"
type="JCERACFKS"/>
<ssl id="defaultSSLConfig”
keyStoreRef="racfKeyStore"
sslProtocol="SSL_TLS"
serverKeyAlias=”ABC LPAR CERT-CA"/>
</server>
23. 23
Build simple and reliable application deployment procedures
Web-Services Application Deployment
RD&T Webinar
RD&T
• Challenge
o Web-services java code is packaged in a WAR file
o Multiple deployment options: dropins, Liberty application , CICS bundle. Pros and cons for each option
o z/OS java deployment new at Rogers Communication, existing tools only partly applicable
• RD&T Benefits and Solution
o Experiment with different deployment options
o Final decision – dropins for developers, deploy as a Liberty “application” for QA and PROD
o Procedure tested till perfect
o Other lessons learned
o Keep in mind that the process will be automated. Scripts can easily manipulate files as a whole
(copy, rename) but are less suitable to modify a configuration file (e.g. change an XML attribute)
o Instrument the application to report what version of the application is running and what is the build
number/date-time
o In a clustered environment, provide an endpoint on each node for support and monitoring purposes
24. 24
• Disconnect development from the z/OS software upgrade cycle
o Early access to new features
o Reduce distraction of sys prog staff
o No differences when code moved to z/OS LPAR
• Bypass normal security constraints
o Loose security for CICS, RACF, USS etc
o Config changes by dev team with sys prog assistance
o Test ID for RACF crypto setup
o Eliminate hand off delays, request/approval/configure/test repeat
• Fail fast
o Learn by trying - cycle time reduced
o Liberty/CICS docs provide examples with slight differences – able to quickly try out config changes
RD&T enabled agile design of complex solutions
Conclusions
RD&T Webinar
Enterprises are looking to evolve their current heterogeneous datacenters and public cloud services into an integrated enterprise hybrid cloud. This brings them the best of all worlds, the ability to exploit the benefits of centralized and distributed technologies, the best of private and public cloud and the best of enterprise and open computing. We are seeing a new role for z Systems emerging in the enterprise. The backbone of the enterprise hybrid cloud. Bringing all the strengths of the mainframe to critical business services. Acting as a point of integration for end-to-end transactions, data from multiple sources and analytics workloads and enabling developers to unlock the huge potential value in the investments in mainframe workloads and data.
From a business perspective, Rogers embarked on API enablement to:
1. Simplify infrastructure topology to improve response time and availability - 1st class APIs provided by z/OS applications reduces the middleware requirements, improves response time an reduce outages
2. Reduce costs - 3270 emulator support and maintenance costs for 15000 users eliminated by using open transport - HTTP
Sources:
“2.2T Size of API Economy market by 2018”. Source: IBM announces new solutions for the API economy, http://betanews.com/2015/11/05/ibm-announces-new-solutions-for-the-api-economy
“70% of U.S. Organizations have an API Strategy today.” Source: IDC. “The State of Mobile Enterprise Software in 2015.” https://www.idc.com/getdoc.jsp?containerId=258126. Aug 2015. 21 Mar 2016.
By 2017, there will be 1B connected things in smart homes, including appliances, smoke detectors and cameras.