IBM z/OS online transaction processing on Azure

Online transaction processing (OLTP) systems interact directly with users and are the face of the business. With a dynamically adaptable infrastructure, businesses can realize and launch their products quickly to delight their users.

Source: IBM z/OS online transaction processing on Azure

With ever-evolving business needs and data, applications must produce and scale without creating infrastructure issues. This example workload shows how, using Azure platform as a service (PaaS) services, one can migrate a z/OS mainframe OLTP application to a secure, scalable, and highly available system in the cloud. Such a migration helps businesses in finance, health, insurance, and retail to minimize application delivery timelines, and it helps reduce the costs of running the applications.

The following diagram shows the architecture of the workload to be migrated, an OLTP system running on a z/OS mainframe:

1. Users connect to the mainframe over TCP/IP using standard mainframe protocols like TN3270 and HTTPS.
2. The transaction managers interact with the users and invoke the application to satisfy user requests.
3. In the front end of the application layer, users interact with the CICS/IMS screens or with web pages.
4. The transaction managers use the business logic written in COBOL or PL/1 to implement the transactions.
5. Application code uses storage capabilities of the data layer, typically DB2, IMS DB, or VSAM.
6. Concurrently with transaction processing, other services provide authentication, security, management, monitoring, and reporting. These services interact with all other services in the system.

In Architecture, we see how to migrate this architecture to Azure.

Potential use cases

This architecture is ideal for OLTP workloads that have these characteristics:

• They serve an international user base.
• Their usage varies greatly over time, so they benefit from flexible scaling and usage-based pricing.

Architecture

Download an SVG of this architecture.

1. Mainframe users are familiar with 3270 terminals and on-premises connectivity. In the migrated system, they interact with Azure applications via public internet or via a private connection implemented with Azure ExpressRoute. Azure Active Directory (Azure AD) provides authentication.
2. Input requests go to a global load balancer service, like Azure Front Door or Azure Traffic Manager. The load balancer can serve a geographically spread user base. It routes the requests according to rules defined for the supported workloads. These load balancers can coordinate with Azure Application Gateway or Azure Load Balancer for load balancing of the application layer. The Azure Content Delivery Network service caches static content in edge servers for quick response, secured using the Web Application Firewall (WAF) service.
3. The front end of the application layer uses Azure services like Azure App Service to implement application screens and to interact with users. The screens are migrated versions of the mainframe screens.
4. COBOL and PL/1 code in the back end of the application layer implements the business logic. The code can use services like Azure Functions, WebJobs, and Azure Spring Cloud microservices. Applications can run in an Azure Kubernetes Service (AKS) container.
5. An in-memory data store accelerates high-throughput OLTP applications. One such store is In-Memory OLTP, a feature of Azure SQL Database and Azure SQL Managed Instance. Another is Azure Cache for Redis.
6. The data layer can include, for example:
   1. Files, tables, and blobs implemented using Azure Storage services.
   2. Relational databases from the Azure SQL family.
   3. Azure implementations of the PostgreSQL and MySQL open-source databases.
   4. Azure Cosmos DB, a NoSQL database.
   These stores hold data migrated from the mainframe for use by the application layer.
7. Azure native services like Application Insights and Azure Monitor proactively monitor the health of the system. You can integrate the Monitor logs using an Azure dashboard.

Components

Networking and identity

• Azure ExpressRoute carries private connections between on-premises infrastructure and Azure datacenters.
• Azure Active Directory (Azure AD) is an identity and access management service that can synchronize with an on-premises directory.
• Azure Front Door provides global HTTP load balancing with instant failover. Its caching option can quicken delivery of static content.
• Azure Traffic Manager directs incoming DNS requests based on your choice of traffic routing methods.
• Azure Web Application Firewall helps protect web apps from malicious attacks and common web vulnerabilities, such as SQL injection and cross-site scripting.
• Azure Content Delivery Network (CDN) caches static content in edge servers for quick response, and uses network optimizations to improve response for dynamic content. CDN is especially useful when the user base is global.
• Azure Application Gateway is an application delivery controller service. It operates at layer 7, the application layer, and has various load-balancing capabilities.
• Azure Load Balancer is a layer 4 (TCP, UDP) load balancer. In this architecture, it provides load balancing options for Spring Cloud and AKS.

Application

• Azure API Management supports the publishing, routing, securing, logging, and analytics of APIs. You can control how the data is presented and extended, and which apps can access it. You can restrict access to your apps, or allow third parties.
• Azure App Service is a fully managed service for building, deploying, and scaling web apps. You can build apps using .NET, .NET Core, Node.js, Java, Python, or PHP. The apps can run in containers or on Windows or Linux. In a mainframe migration, the front-end screens or web interface can be coded as HTTP-based REST APIs. They can be segregated as per the mainframe application, and can be stateless to orchestrate a microservices-based system.
• WebJobs is a feature of Azure App Service that runs a program or script in the same instance as a web app, API app, or mobile app. A web job can be a good choice for implementing sharable and reusable program logic. For technical information, see Run background tasks with WebJobs in Azure App Service.
• Azure Kubernetes Service (AKS) is a fully managed Kubernetes service for deploying and managing containerized applications. AKS simplifies deployment of a managed AKS cluster in Azure by offloading the operational overhead to Azure.
• Azure Spring Cloud is a fully managed Spring Cloud service, jointly built and operated by Microsoft and VMware. With it, you can easily deploy, manage and run Spring microservices, and write Spring applications using Java or .NET.
• Azure Service Bus is a reliable cloud messaging service for simple hybrid integration. Service Bus and Storage queues can connect the front end with the business logic in the migrated system.
• Azure Functions provides an environment for running small pieces of code, called functions, without having to establish an application infrastructure. You can use it to process bulk data, integrate systems, work with IoT, and build simple APIs and microservices. With microservices, you can create servers that connect to Azure services and are always up to date.
• Azure Cache for Redis is a fully managed in-memory caching service for sharing data and state among compute resources. It includes both the open-source Redis (OSS Redis) and a commercial product from Redis Labs (Redis Enterprise) as a managed service. You can improve performance of high-throughput OLTP applications by designing them to scale and to make use of an in-memory data store such as Azure Cache for Redis.

Storage

• Azure Storage is a set of massively scalable and secure cloud services for data, apps, and workloads. It includes Azure Files, Azure Table Storage, and Azure Queue Storage. Azure Files is often an effective tool for migrating mainframe workloads.
• Azure SQL is a family of SQL cloud databases that provides flexible options for application migration, modernization, and development. The family includes:
• Azure Cosmos DB is a fully managed NoSQL database service with open-source APIs for MongoDB and Cassandra. A possible application is to migrate mainframe non-tabular data to Azure.
• Original Postostgresql" target="_blank" rel="noreferrer noopener">Azure Database for PostgreSQL is a fully managed, intelligent, and scalable PostgreSQL that has native connectivity with Azure services.
• Azure Database for MySQL is a fully managed, scalable MySQL database.
• In-Memory OLTP is a feature of Azure SQL Database and Azure SQL Managed Instance that provides fast in-memory data storage. For technical information, see Optimize performance by using in-memory technologies in Azure SQL Database and Azure SQL Managed Instance.

Monitoring

• Azure Monitor collects, analyzes, and acts on telemetry from your Azure and on-premises environments.
• Log Analytics is a tool in the Azure portal used to query Monitor logs using a powerful query language. You can work with the results of your queries interactively or use them with other Azure Monitor features such as log query alerts or workbooks. For more information, see Overview of Log Analytics in Azure Monitor.
• Application Insights is a feature of Monitor that provides code-level monitoring of application usage, availability, and performance. It monitors the application, detects application anomalies such as mediocre performance and failures, and sends telemetry to the Azure portal. You can also use Application Insights for logging, distributed tracing, and custom application metrics.
• Azure Monitor Alerts are a feature of Monitor. For more information, see Create, view, and manage metric alerts using Azure Monitor

Considerations

Availability

• This OLTP architecture can be deployed in multiple regions and can have a geo-replicated data layer.
• The Azure database services support zone redundancy and can fail over to a secondary node in the event of an outage, or to allow for maintenance activities.

Scalability

• This architecture uses Azure PaaS services like App Service, which has autoscaling capabilities.
• For guidance on autoscaling in Azure, see Autoscaling.

Security

• ExpressRoute creates a private connection to Azure from an on-premises environment. You can also use site-to-site VPN.
• Azure AD can authenticate resources and control access using Azure role-based access control (RBAC).
• Database services in Azure support various security options like data encryption at rest.
• For general guidance on designing secure solutions, see Overview of the security pillar.

Resiliency

• This scenario uses Azure Monitor and Application Insights to monitor the health of the Azure resources. You can set alerts for proactive management.
• For guidance on resiliency in Azure, see Designing reliable Azure applications.