IBM System z in a Mobile World: Providing Secure and Timely Mobile Access to the Mainframe

IBM System z in a Mobile World: Providing Secure and Timely Mobile Access to the Mainframe

by
Released November 2014
Publisher(s): IBM Redbooks
ISBN: None

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Today, organizations engage with customers, business partners, and employees who are increasingly using mobile technology as their primary general-purpose computing platform. These organizations have an opportunity to fully embrace this new mobile technology for many types of transactions, including everything from exchanging information to exchanging goods and services, from employee self-service to customer service. With this mobile engagement, organizations can build new insight into the behavior of their customers so that organizations can better anticipate customer needs and gain a competitive advantage by offering new services.

Becoming a mobile enterprise is about re-imagining your business around constantly connected customers and employees. The speed of mobile adoption dictates transformational rather than incremental innovation.

This IBM® Redbooks® publication has an end-to-end example of creating a scalable, secure mobile application infrastructure that uses data that is on an IBM mainframe. The book uses an insurance-based application as an example, and shows how the application is built, tested, and deployed into production. This book is for application architects and decision-makers who want to employ mobile technology in concert with their mainframe environment.

Table of contents

  1. Front cover
  2. Notices
    1. Trademarks
  3. IBM Redbooks promotions
  4. Preface
    1. Authors
    2. Now you can become a published author, too!
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  5. Part 1 Understanding the business context in a mobile world
  6. Chapter 1. Business drivers for a mobile enterprise
    1. 1.1 Positioning mobile in a business context
    2. 1.2 Business value of mobile technologies
    3. 1.3 Business drivers for putting mobile first
    4. 1.4 Mobile and the mainframe
    5. 1.5 Conclusion
  7. Chapter 2. Introducing IBM MobileFirst for enterprise mobile solutions
    1. 2.1 IBM MobileFirst: From strategy to insights
      1. 2.1.1 IBM MobileFirst Application and Data Platform
      2. 2.1.2 IBM MobileFirst Management
      3. 2.1.3 IBM MobileFirst Security
      4. 2.1.4 IBM MobileFirst Analytics
      5. 2.1.5 IBM MobileFirst Strategy and Design Services
      6. 2.1.6 IBM MobileFirst Development and Integration Services
      7. 2.1.7 Cloud and managed Services
    2. 2.2 Application lifecycle with IBM MobileFirst
    3. 2.3 Conclusion
  8. Chapter 3. Bridging the gap from mobile to transactional systems
    1. 3.1 The concept of optimized systems
      1. 3.1.1 System of record
      2. 3.1.2 System of engagement
    2. 3.2 Defining the gap
      1. 3.2.1 User experience
      2. 3.2.2 Platform considerations
      3. 3.2.3 Operational differences
    3. 3.3 Closing the gap
      1. 3.3.1 User interactions
      2. 3.3.2 Platform considerations
      3. 3.3.3 Security considerations
      4. 3.3.4 Mobile analytics considerations
    4. 3.4 Conclusion
  9. Chapter 4. IBM Worklight: The foundation for mobile solutions
    1. 4.1 Business benefits
    2. 4.2 IBM Worklight functional capabilities
      1. 4.2.1 Worklight Studio
      2. 4.2.2 Worklight Application Center
      3. 4.2.3 Device Runtime
      4. 4.2.4 Worklight Server
      5. 4.2.5 Worklight Console
    3. 4.3 IBM Worklight architecture
      1. 4.3.1 Block overview
      2. 4.3.2 Components
    4. 4.4 Conclusion
  10. Part 2 Designing and planning the solution
  11. Chapter 5. Deployment model for a mobile solution on IBM System z
    1. 5.1 Mobile applications and IBM Worklight
    2. 5.2 Operational type of mobile applications
      1. 5.2.1 Deployment of stand-alone mobile apps
      2. 5.2.2 Deployment of asynchronous mobile apps
      3. 5.2.3 Deployment of online transactional mobile apps
    3. 5.3 Integration of mobile apps with System z
      1. 5.3.1 Putting mobile first
      2. 5.3.2 Architectural options for leveraging existing applications
    4. 5.4 Security and deployment requirements
      1. 5.4.1 End-to-end high security
    5. 5.5 Conclusion
  12. Chapter 6. The mobile enterprise architecture IBM System z
    1. 6.1 Architectural overview
    2. 6.2 Security layers
      1. 6.2.1 IBM DataPower
    3. 6.3 Caching services
    4. 6.4 Worklight server, the mobile runtime environment
    5. 6.5 Transaction processing systems
      1. 6.5.1 z/OS operating environment
      2. 6.5.2 z/TPF, the z/Transaction Processing Facility operating system
      3. 6.5.3 z/VSE, the z/Virtual Storage Extended operating system
    6. 6.6 End-to-end development lifecycle
    7. 6.7 Network overview
    8. 6.8 Operational model
    9. 6.9 Conclusion
  13. Chapter 7. Designing for resilience
    1. 7.1 Resilience considerations
      1. 7.1.1 System z hardware is designed for resilience
      2. 7.1.2 Disk and data resilience
      3. 7.1.3 Network resilience
      4. 7.1.4 Virtualization layers and resilience
    2. 7.2 Designing for high availability
      1. 7.2.1 IBM DataPower
      2. 7.2.2 Linux high availability
      3. 7.2.3 WebSphere Application Server
      4. 7.2.4 Database for Worklight run time
      5. 7.2.5 High availability for the system of record
    3. 7.3 Designing for disaster recovery
    4. 7.4 Conclusion
  14. Chapter 8. Designing for security
    1. 8.1 Mobile security requirements
      1. 8.1.1 Mobile security roadmap
    2. 8.2 The IBM Mobile Security Framework
      1. 8.2.1 Security at the mobile device
      2. 8.2.2 Security over the network and inside the organization
      3. 8.2.3 Security for the mobile app
    3. 8.3 Topologies for securing mobile access to System z
      1. 8.3.1 Worklight security
      2. 8.3.2 DataPower as a policy enforcement point
      3. 8.3.3 WebSphere DataPower as reverse proxy for Worklight Server
      4. 8.3.4 z/OS Connect
      5. 8.3.5 WebSphere DataPower XI50z as a second security layer
      6. 8.3.6 IBM Security Access Manager for Mobile as a PEP
    4. 8.4 Conclusion
  15. Part 3 Customer scenario
  16. Chapter 9. Overview of scenario, requirements, and approach
    1. 9.1 Company overview
      1. 9.1.1 Current IT infrastructure
    2. 9.2 Business vision
    3. 9.3 Business requirements
    4. 9.4 Functional requirements
      1. 9.4.1 Build an agile approach to deliver apps
      2. 9.4.2 Secure every transaction
      3. 9.4.3 Build a scalable and highly available infrastructure
      4. 9.4.4 Use mobile analytics to gain customer insight
    5. 9.5 Design approach
      1. 9.5.1 Infrastructure design
    6. 9.6 Implementation steps
    7. 9.7 Conclusion
  17. Chapter 10. Agile approach to deliver application functionality
    1. 10.1 Introduction and terminology
    2. 10.2 Installing the GENAPP CICS application
      1. 10.2.1 Get started with JSON
      2. 10.2.2 Install CICS TS Feature Pack for Mobile Extensions V1.0
      3. 10.2.3 Create a JSON web service in CICS
    3. 10.3 Installing the Worklight project for GENAPP
      1. 10.3.1 Install Eclipse
      2. 10.3.2 Install Worklight Studio 6.1
      3. 10.3.3 Install the CICS Explorer SDK
    4. 10.4 Preparing and installing the GENAPP mobile application
      1. 10.4.1 Customize the Worklight project
      2. 10.4.2 Update the GENAPP mobile application
      3. 10.4.3 Test GENAPP mobile on a workstation
      4. 10.4.4 Customize and install CICS Java Application for policy search
      5. 10.4.5 Customize the CICS event binding for push notification
    5. 10.5 Running GENAPP on a mobile device
      1. 10.5.1 Deploy GENAPP to Worklight Server by using Liberty Profile
      2. 10.5.2 Install the application on a mobile device
    6. 10.6 Conclusion
  18. Chapter 11. Enabling end-to-end security
    1. 11.1 Introduction
    2. 11.2 Using LTPA-based authentication with Worklight
      1. 11.2.1 Modify the GENAPP mobile app
      2. 11.2.2 Update Worklight security configuration for LTPA
      3. 11.2.3 Update WebSphere Application Server security configuration
    3. 11.3 Enabling Worklight application authenticity checks
      1. 11.3.1 Update Worklight security configuration
      2. 11.3.2 Update application descriptor
      3. 11.3.3 Build and compile client
      4. 11.3.4 Manage authenticity
    4. 11.4 Using DataPower as a mobile security gateway
      1. 11.4.1 Copy the service pattern
      2. 11.4.2 Deploy the pattern
      3. 11.4.3 Adjust the configuration
      4. 11.4.4 Add monitoring
      5. 11.4.5 Control content type header
    5. 11.5 DataPower load balancing
    6. 11.6 Securing the connection from Worklight Server to CICS
      1. 11.6.1 Use certificates and RACF user IDs
      2. 11.6.2 Create X.509 certificates with RACF
      3. 11.6.3 Enable SSL
      4. 11.6.4 Enable SSL mutual authentication
      5. 11.6.5 Optimize SSL performance
    7. 11.7 Conclusion
  19. Chapter 12. Deploying the mobile app in to an HA infrastructure
    1. 12.1 Introduction
    2. 12.2 Preparation
      1. 12.2.1 Software checklist
      2. 12.2.2 Definition checklist
      3. 12.2.3 Preinstallation readiness activities
    3. 12.3 Installing and configuring the Worklight Server
      1. 12.3.1 Install Worklight Server
      2. 12.3.2 Configure the Worklight Server
      3. 12.3.3 Configure the Worklight Application Center
      4. 12.3.4 Enable DB2 HADR
      5. 12.3.5 Automate DB2 HADR takeover
    4. 12.4 Deploying the Worklight application to production
      1. 12.4.1 Import and customize the GENAPP project for production
      2. 12.4.2 Deploy the GENAPP WAR, app, and adapters
      3. 12.4.3 Configure CICS
    5. 12.5 Validating the deployed mobile app on the infrastructure
      1. 12.5.1 Mobile device
      2. 12.5.2 DataPower probe
      3. 12.5.3 HTTP Server access log
      4. 12.5.4 Worklight Server Console
      5. 12.5.5 Worklight embedded operational analytics
      6. 12.5.6 CICS Explorer
    6. 12.6 Enabling System z hardware-based cryptographic acceleration
      1. 12.6.1 Make the cryptographic hardware available to Linux
      2. 12.6.2 Enable Linux to exploit the cryptographic hardware
      3. 12.6.3 Enable Java and WebSphere Application Server to use the cryptographic hardware
      4. 12.6.4 Enable IBM HTTP Server to exploit cryptographic hardware
    7. 12.7 Workload management
      1. 12.7.1 DataPower layer
      2. 12.7.2 z/VM hypervisor
      3. 12.7.3 HTTP server layer
      4. 12.7.4 WebSphere and Worklight Server layer
      5. 12.7.5 z/OS Workload Manager
      6. 12.7.6 CICS
      7. 12.7.7 z/OS Directory Services
    8. 12.8 A dynamically scalable and fault tolerant environment
      1. 12.8.1 Dynamic scalability and manageability
      2. 12.8.2 Fault tolerance
    9. 12.9 Conclusion
  20. Chapter 13. Mobile analytics
    1. 13.1 IBM Worklight operational analytics
      1. 13.1.1 Comparison with the reports feature
      2. 13.1.2 Analytics flow
    2. 13.2 IBM Worklight Analytics Platform implementation
      1. 13.2.1 Analytics server installation
      2. 13.2.2 Enabling analytics
      3. 13.2.3 Analytics tab in the IBM Worklight Console
    3. 13.3 Conclusion
  21. Appendix A. Additional material
    1. Locating the web material
    2. Using the web material
  22. Related publications
    1. IBM Redbooks
    2. Online Resources
    3. Help from IBM
  23. Back cover
  24. IBM System x Reference Architecture for Hadoop: IBM InfoSphere BigInsights Reference Architecture
    1. Introduction
    2. Business problem and business value
    3. Reference architecture use
    4. Requirements
    5. InfoSphere BigInsights predefined configuration
    6. InfoSphere BigInsights HBase predefined configuration
    7. Deployment considerations
    8. Customizing the predefined configurations
    9. Predefined configuration bill of materials
    10. References
    11. The team who wrote this paper
    12. Now you can become a published author, too!
    13. Stay connected to IBM Redbooks
  25. Notices
    1. Trademarks

Product information

  • Title: IBM System z in a Mobile World: Providing Secure and Timely Mobile Access to the Mainframe
  • Author(s):
  • Release date: November 2014
  • Publisher(s): IBM Redbooks
  • ISBN: None