Posted by Julien DUMEZ
October 14, 2020
Remote work: How to simplify your mainframe environment?
Let's face it: predicting the future is hard. COVID19 is a painful reminder that no one can predict the future. However, we can learn some valuable lessons from this terrible crisis. One of them is how to handle the boom of remote working.
As you can guess, quarantine and other containment measures have caused a sharp rise in the number of teleworkers. In France for instance, they grew from 3% of the total workforce to more than 40%! These are staggering figures considering the average 0.5% growth per year. I'll let you imagine what pressure this put on IT infrastructures and support teams.
While things will eventually settle down, there is no doubt that the new normal will differ significantly from the pre-COVID19 era: 75% of companies say that they will maintain some level of a permanent remote workforce according to Gartner.
As such, companies must accommodate remote working to become more resilient in the face of future crises. This includes companies relying on 3270 applications for their day-to-day activities.
We’ve reached out to our customers to understand how they faced the current crisis. Here are four key points on how they managed to transform their IT architecture to support remote working.
Build an agile mainframe environment
A lot of companies still rely on heavy clients 3270 emulators to access their IBM Mainframe. These pre-web solutions have some advantages but lack agility since they require a client to be installed. This can become a problem during a crisis.
Companies that still relied on this type of architecture encountered real difficulties to rapidly deal with users using fixed computers. When they had to massively send back entire teams to work from home, they had two choices: provide them with a company laptop or allow them to work from their personal computer.
In the first case, they had to interface with desktop IT teams to set up laptops for the 3270 user population and install the client on it. This proved difficult, if not impossible in the heat of the moment with overwhelmed support teams.
Allowing personal computer usage didn’t prove easier: installing a corporate piece of software on an unknown PC was too much of a security breach. Not to mention the impossibility to import existing macros.
On the other hand, our customers who had deployed a thin-client 3270 emulation solution were able to quickly give their users access to 3270 applications. Either they decided to give laptops or allowed their teams to use their personal PC. The only thing needed was a standard web browser. They could continue their business processes with little to no change.
An interesting side effect was that this solution automatically worked on tablets, smartphones, and VDI desktops. This kind of agile architecture made it easy to include a new population of users (internal or partners) and therefore opened new business processes, digitalizing their company furthermore.
Achieve mainframe scalability
This brings us to the question of scalability.
Classical terminal emulators running on heavy clients usually need a VPN infrastructure to work from outside company premises.
VPN concentrator platforms are often connected to the Internet with limited bandwidth over which companies have no control. And this infrastructure has been under heavy pressure.
Several companies using this kind of architecture encountered performance issues due to poor bandwidth or difficulties negotiating with network capacity planning teams.
On the other hand, our customers who had deployed a solution that required no specific infrastructure between the user’s browser and the mainframe enjoyed a good quality of service.
In other words, a browser-based terminal emulator is a solution that scales on its own. Of course, IT teams will still have to deal with Internet connection capacity, NAT or DHCP scalability, but all these elements are not specific to 3270 terminal emulation.
Interesting insight: some of our customers used to maintain a VPN setup for the exclusive use of 3270 applications. Moving to a thin client with an HTTPS connection allowed them to get rid of this expensive setup.
Create a mainframe environment with simplified administration and support
The mainframe teams who proved more efficient in their organization’s transformation were the ones who had deployed solutions necessitating small teams to administrate and less complex coordination with the rest of the IT team. In other words, it’s easier to manage a solution with fewer components but which uses more standards.
From a 3270 emulation perspective, the simpler architecture is the Two-Tier thin client:
No software to deploy on a user’s device: no need to interface with the desktop team to install, validate and secure a specific software;
No VPN: no need to talk to the dedicated team to coordinate and check the ability to scale
No intermediate server between PCs and Mainframe: no server capacity planning.
Moreover, customers told us that fewer components meant less support to be done. Furthermore, light architectures allowed all support to be performed by the mainframe team: no need to involve desktop, network, or distributed servers support.
Choose a simple solution to secure your mainframe operating system
During the pandemic, CISOs were compelled to ease security constraints to allow business processes to reconfigure quickly. But attacks have risen by 400% according to the FBI. Therefore, it is highly likely that they will quickly ask to strengthen security for remote working, among other things.
Fortunately, the IT teams who had implemented a 2-Tier Light 3270 Terminal Emulation infrastructure didn’t have much trouble convincing their CISO that the solution was secure.
With a 2-Tier Light 3270 Terminal Emulator architecture, the only component that needs to be installed and configured is directly on the mainframe:
The application converts 3270 screens into web pages on the fly. It doesn’t require a separate server between the PC and the mainframe (which would be called 3-Tier architecture)
2 elements, 2 devices… that’s it. Nothing more!
The good news is that the 2 required elements (mainframe and PC), are usually already protected by the general corporate security policy! Moreover, the communication between the user’s device and the HTTP server hosted on the mainframe can very easily be secured by using HTTPS protocols.
One thing is sure: there will be a “post” COVID19. We could see a resurgence of the crisis in countries where things have settled down, sending back home millions of workers. But even if we don’t, home working will rise in the next months, and companies need to prepare their infrastructure.
From what we learned from our customers during these past months, being ready means having a light, standard, and secured 3270 Terminal Emulation solution.