Front cover IBM z Systems Integration Guide for the Mobile and API Economy Richard Gamblin Rob Jones Nigel Williams Redpaper International Technical Support Organization IBM z Systems Integration Guide for the Mobile and API Economy December 2015 REDP-5319-00 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. First Edition (December 2015) This edition applies to the current version of products at the time of publication. This document was created or updated on December 29, 2015. © Copyright International Business Machines Corporation 2015. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii IBM Redbooks promotions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Now you can become a published author, too! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Comments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Stay connected to IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Chapter 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1 The evolution of integration with core systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 Business imperatives of today . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3 Two-speed IT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.4 Mainframe connectivity landscape of today . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.5 Mobile connectivity challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 3 3 4 4 Chapter 2. Architecture options for service and API enablement . . . . . . . . . . . . . . . . . 7 2.1 APIs and API management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.1.1 From services to APIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.1.2 API management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.1.3 Benefits of APIs and API management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.2 REST and JSON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.2.1 REST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.2.2 JSON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.2.3 Advantages of REST and JSON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.3 SOAP web services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.3.1 Advantages of SOAP web services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.4 Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.4.1 MQTT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.4.2 Advantages of messaging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Chapter 3. Mobile integration architecture considerations. . . . . . . . . . . . . . . . . . . . . . 3.1 Mobile integration architecture overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2 System of record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3 Service access layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4 Enterprise service bus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.5 Application server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.6 Mobile platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.7 Security gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.8 API gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.9 Mobile app. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 18 18 19 19 20 20 21 22 23 Chapter 4. IBM z Systems mobile integration solutions . . . . . . . . . . . . . . . . . . . . . . . . 4.1 z/OS Connect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1.1 IBM WebSphere Liberty z/OS Connect. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1.2 IBM z/OS Connect Enterprise Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2 IBM API Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 26 27 28 30 © Copyright IBM Corp. 2015. All rights reserved. iii 4.2.1 When to use IBM API Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3 IBM StrongLoop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3.1 When to use IBM StrongLoop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.4 IBM DataPower Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.4.1 When to use an IBM DataPower Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5 IBM Integration Bus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5.1 When to use IBM Integration Bus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.6 IBM MobileFirst Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.6.1 When to use IBM MobileFirst Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.7 CICS mobile integration options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.7.1 CICS web services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.7.2 z/OS Connect for CICS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.7.3 CICS JSON web services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.7.4 JSON web services with CICS Transaction Gateway. . . . . . . . . . . . . . . . . . . . . . 4.7.5 Java applications in a Liberty JVM server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.8 IMS mobile integration options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.8.1 IMS Enterprise Suite SOAP Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.8.2 IMS Mobile Feature Pack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.9 DB2 z/OS mobile integration options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.9.1 When to use the DB2 Adapter for z/OS Connect . . . . . . . . . . . . . . . . . . . . . . . . . 4.10 IBM MessageSight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.10.1 When to use IBM MessageSight. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 31 32 33 34 34 35 35 36 37 37 38 39 39 40 41 41 42 43 44 44 45 Chapter 5. Real-world scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1 Web service enablement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1.2 Key decision factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1.3 Solution architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1.4 What’s next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2 Web service reuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.2 Key decision factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.3 Solution architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.4 What’s next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3 REST service enablement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.2 Key decision factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.3 Solution architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3.4 What’s next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.4 Mobile Enterprise Application Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.4.2 Key decision factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.4.3 Solution architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.4.4 What’s next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.5 API Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.5.2 Key decision factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.5.3 Solution architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.5.4 What’s next . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 48 48 48 50 50 51 51 51 53 54 54 54 55 56 57 57 57 57 58 60 60 60 61 62 63 Chapter 6. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 6.1 Common integration architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 6.2 Mobile integration solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 iv IBM z Systems Integration Guide for the Mobile and API Economy Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Contents 69 69 69 70 v vi IBM z Systems Integration Guide for the Mobile and API Economy Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk, NY 10504-1785 U.S.A. The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those websites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. © Copyright IBM Corp. 2015. All rights reserved. vii Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. These and other IBM trademarked terms are marked on their first occurrence in this information with the appropriate symbol (® or ™), indicating US registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at http://www.ibm.com/legal/copytrade.shtml The following terms are trademarks of the International Business Machines Corporation in the United States, other countries, or both: Cast Iron® CICS® CICS Explorer® DataPower® DB2® IBM® IBM MobileFirst™ IBM z Systems™ IMS™ RACF® Redbooks® Redpaper™ Redbooks (logo) WebSphere® z Systems™ z/OS® ® The following terms are trademarks of other companies: Connect:Direct, and N logo are trademarks or registered trademarks of IBM International Group B.V., an IBM Company. LoopBack, StrongLoop, and the StrongLoop logo are trademarks of StrongLoop, Inc., an IBM Company Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Windows, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Java, and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. Other company, product, or service names may be trademarks or service marks of others. viii IBM z Systems Integration Guide for the Mobile and API Economy IBM REDBOOKS PROMOTIONS IBM Redbooks promotions Find and read thousands of IBM Redbooks publications Search, bookmark, save and organize favorites Get up-to-the-minute Redbooks news and announcements Link to the latest Redbooks blogs and videos Download Now Android iOS Get the latest version of the Redbooks Mobile App Promote your business in an IBM Redbooks publication ® Place a Sponsorship Promotion in an IBM Redbooks publication, featuring your business or solution with a link to your web site. ® Qualified IBM Business Partners may place a full page promotion in the most popular Redbooks publications. Imagine the power of being seen by users who download millions of Redbooks publications each year! ibm.com/Redbooks About Redbooks Business Partner Programs THIS PAGE INTENTIONALLY LEFT BLANK Preface Today, organizations engage with customers, business partners, and employees who increasingly use mobile technology as their primary general-purpose computing platform. They have an opportunity to fully embrace this new mobile technology for many types of transactions, including everything from exchanging information to exchanging goods and services, from employee self-service to customer service. This mobile engagement allows organizations to build new insight into the behavior of their customers to better anticipate customer needs and gain a competitive advantage by offering new services. By extending existing enterprise applications onto a mobile platform you can capitalize on existing investments without the need to develop completely new solutions to support mobile services. Because nearly 70% of all enterprise transactions touch a mainframe, IBM® z Systems™ mainframes have an important role in enabling existing and new mainframes to be easily consumed by mobile applications, for example, through REST APIs. These same APIs can be consumed through other channels and applications, both on-premises and in the cloud. Many technologies and solutions can be used to enable mobile integration with the mainframe, including web APIs, services, connectors, messaging and so on. The primary goal of this IBM Redpaper™ publication is to help IT architects choose between the many mobile integration architectures and solutions and make the right choice based on the specific requirements of the project. This paper first outlines some of the business imperatives and challenges. It then reviews the main architecture options and the key considerations for planning mobile integration with the mainframe; it provides guidance for when to use specific solutions. Finally, it documents several mobile integration scenarios to illustrate how these technologies are used in real-world scenarios to build robust solutions. Authors This paper was produced by a team of specialists from around the world working at the International Technical Support Organization (ITSO), Poughkeepsie Center. Richard Gamblin is an IBM Technical Staff Member, IBM Redbooks® Mobile Thought Leader and Global Leader for Mobile for the zChampions Team. As the European Technical Leader for Digital Transformation, Richard works with clients to develop new solutions and capabilities with IBM Middleware, Mobile, and z Systems technologies. He has worked in a number of Technical Sales roles during his time in IBM, ranging from an Integration and Connectivity Specialist to an IBM WebSphere® Architect. Prior to joining IBM, Richard was a researcher at the University of Leeds, from where he obtained a doctorate in the field of Bioinformatics. © Copyright IBM Corp. 2015. All rights reserved. xi Rob Jones works at the IBM Hursley Software Laboratory, in the UK, with the IBM CICS® Strategy and Technical Planning team, with responsibility for the CICS Mobile enablement, including IBM z/OS® Connect. He has worked on the development of CICS Transaction Gateway products since 2002, specializing in the IBM z/OS platform and most recently has led work on z/OS Connect. He also produced the first CICS TG plug-in for IBM CICS Explorer® tool. Nigel Williams is an IT Specialist working at the IBM Client Center in Montpellier, France. Nigel specializes in CICS integration, API enablement, and mainframe security topics. He helps clients to design and test mainframe integration solutions. He is the author of many papers and Redbooks publications. Previously Nigel worked as a Developer and Tester at the IBM Hursley Software Lab. Thanks to the following people for their contributions to this project: Marcela Adan, Martin Keen IBM ITSO Aymeric Affouard, Stefano Delle Chiaie, Stephane Faure, Yann Kindelberger, Eric Phan, Frank Van Der Wal IBM Montpellier Client Center Carl Farkas IBM France Michael Casile IBM Competitive Project Office Bruce Armstrong, Asit Dan, Tom Shepherd IBM z Systems, US Matthew Leming IBM MQ Development Maryela Weihrauch, Jane Man IBM DB2 for z/OS Development xii IBM z Systems Integration Guide for the Mobile and API Economy Now you can become a published author, too! Here’s an opportunity to spotlight your skills, grow your career, and become a published author—all at the same time! Join an ITSO residency project and help write a book in your area of expertise, while honing your experience using leading-edge technologies. Your efforts will help to increase product acceptance and customer satisfaction, as you expand your network of technical contacts and relationships. Residencies run from two to six weeks in length, and you can participate either in person or as a remote resident working from your home base. Find out more about the residency program, browse the residency index, and apply online at: ibm.com/redbooks/residencies.html Comments welcome Your comments are important to us! We want our papers to be as helpful as possible. Send us your comments about this paper or other IBM Redbooks publications in one of the following ways: Use the online Contact us review Redbooks form found at: ibm.com/redbooks Send your comments in an email to: redbooks@us.ibm.com Mail your comments to: IBM Corporation, International Technical Support Organization Dept. HYTD Mail Station P099 2455 South Road Poughkeepsie, NY 12601-5400 Stay connected to IBM Redbooks Find us on Facebook: http://www.facebook.com/IBMRedbooks Follow us on Twitter: http://twitter.com/ibmredbooks Look for us on LinkedIn: http://www.linkedin.com/groups?home=&gid=2130806 Explore new Redbooks publications, residencies, and workshops with the IBM Redbooks weekly newsletter: https://www.redbooks.ibm.com/Redbooks.nsf/subscribe?OpenForm Stay current on recent Redbooks publications with RSS Feeds: http://www.redbooks.ibm.com/rss.html Preface xiii xiv IBM z Systems Integration Guide for the Mobile and API Economy 1 Chapter 1. Introduction Over the past few years, the adoption of mobile technologies by organizations has become widespread, providing new levels of engagement with consumers and great working flexibility and convenience to empower employees. Given the rapid pace of change of smartphone and tablet apps, and devices, initial efforts have been focused almost entirely on the user experience. Now, organizations are looking to optimize and refine how their business applications and core data can be made available through to mobile channels. Requirements have evolved from store- or branch-finders to delivering fully featured business services to those mobile devices. Given that nearly 70% of all enterprise transactions touch a mainframe1, integration with z Systems mainframes is a critical part of developing an efficient mobile service. Access to z Systems applications and data has long been available through multiple paths, with more being introduced to specifically satisfy mobile workloads. The real challenge is that enterprise architect teams have so many different options that it can be difficult to understand the factors involved in assessing and selecting one over another. This paper sets out the options and consideration factors necessary to make sound architectural decisions to integrate mobile services with z Systems applications and data. This chapter describes the following topics: The evolution of integration with core systems Business imperatives of today Two-speed IT Mainframe connectivity landscape of today Mobile connectivity challenges 1 Source: http://mobileenterprise.edgl.com/tech-spotlight/What-s-Powering-Huge-Mobility95644 © Copyright IBM Corp. 2015. All rights reserved. 1 1.1 The evolution of integration with core systems In the beginning, users accessed mainframe applications through a connected 3270 terminal. Although this interface remains commonly used today, access to mainframe applications has changed significantly over the past 50 years (Figure 1-1). Mobile /Cloud SOA Web/Desktop Client/Server 2015s Green screen 2005s 1995s 1985s 1975s Figure 1-1 The evolution toward self-service At each stage in the evolution, distinctive changes have occurred to the types of users who access the systems, and also to the user interface (UI). Table 1-1 shows how the UI has changed over time. Table 1-1 Characteristics of the evolutionary stages of access to mainframe systems 2 Stage Main characteristics Green screen Limited user community with a limited and very controlled UI. Client/server The user community remains limited, however the UI is increasingly richer. Web Wider user community (anyone with browser), UI controlled by web page (first z Systems web pages were similar in layout to green screens). SOA/Web 2.0 Much wider user community, with service-oriented architectures (SOAs) reusing existing services and exposing them through decoupled integration methods. The UI is controlled by a service requester application or, in the case of Web 2.0, by the user. Mobile/Cloud User community is anyone with a mobile device, rich flexible integrated UI, often reusing services developed for SOA. IBM z Systems Integration Guide for the Mobile and API Economy As different kinds of users access these systems, new terms have emerged to distinguish between the roles of systems: Systems of record Systems of record (SOR) are the core systems upon which organizations rely to house their mission-critical data and applications. A particular emphasis is placed on transactional integrity and data consistency and these systems are typified by IBM z Systems mainframes. Often these systems are accessed through a system of engagement. Systems of engagement Systems of engagement (SOE) are the systems through which people interact to access the applications and data in the system of record. Examples of SOEs are email applications, web sites and, more recently, are typified by mobile applications. 1.2 Business imperatives of today Organizations are undergoing significant change to respond to market challenges. Some of these are in response to regulatory requirements and others are simply in response to the emerging requirements of consumers of their products or services. Over the last five to ten years, a significant shift has occurred in the marketplace regarding how consumers and employees expect to interact with businesses and government institutions. Two recent Institute of Business Value studies2 have identified this shift away from an Enterprise-centric market to an Individual-centric marketplace. The confluence of mobile technologies, along with insight drawn from expanding pools of data, has led to this need for digital reinvention of enterprise IT to meet the demands of the Individual-centric economy. A key part of this approach is to ensure that IT systems are optimized and aligned to support this unprecedented speed of change. Consider that green-screen applications developed over the course of 40 years, that client/server did the same over 25 years, or that the Internet matured in 15 years. Contrast that with the mobile and digital age, in which consumer expectation has rocketed in a mere 5 years. Organizations need to respond more rapidly than ever to meet this demand and one approach has been to create a multi-speed enterprise IT. 1.3 Two-speed IT On average, the lifecycle for a mobile app is somewhere in the range of 3 - 6 weeks, after which it is typically updated in some way. A major core banking application, however, might see application updates every 3 - 6 months, which is a very different timescale. The fact is that these core systems are eminently able to handle updates on a much short lifecycle, even in days and weeks; however, this is typically not done because the core application forms the foundation upon which the entire organization’s applications, presentation layers, and integration components are based. Instead, we see the emergence of a bimodal, or two-speed IT, which combines the merits of a fast-paced digital landscape for a mobile app, and the stability and resilience of a more moderately paced enterprise landscape. 2 Digital transformation: Creating new business models where digital meets physical. 2011 http://www.ibm.com/services/us/gbs/thoughtleadership/ibv-digital-transformation.html Digital reinvention: Preparing for a very different tomorrow. 2013 http://www.ibm.com/services/us/gbs/thoughtleadership/digitalreinvention/ Chapter 1. Introduction 3 The critical part of this two-speed IT model is its ability for the digital and enterprise systems to work harmoniously together. For instance, suppose a company has identified a new service that can offer a competitive advantage in the existing market. If that service is prematurely introduced in the company’s mobile app but, critically, before it is available in the enterprise application, it might effectively wipe out the advantage as competitors put in place their own alternatives in that interim period. Similarly, if the capability is available in the enterprise system but yet to be reflected in the mobile app, the return on that investment cannot be realized. In short, the two systems (the digital and enterprise) must work in tandem, and it is the role of the integration layer to provide that seamless interlock. 1.4 Mainframe connectivity landscape of today A wide variety of options are available for connecting and integrating mainframe systems across the enterprise, all of which are in use in production today. Such direct connectivity options include these examples: Message-based connectivity, such as IBM MQ File-based connectivity, such as Sterling Connect:Direct® Standards-based connectivity, such as web services Custom connectivity options, such as IBM CICS Transaction Gateway or IBM IMS™ Connect In addition, several commonly used integration options are available for routing, aggregating, and disseminating information to and from mainframe systems: Enterprise service bus technologies, such as IBM Integration Bus Appliance-based technologies, such as IBM DataPower® Gateway Although these connectivity and integration options have been used for many years to support client/server, web, and SOA integration architectures, mobile services are placing new demands on connectivity infrastructures. In many cases, existing integration solutions can be extended to support mobile use cases, however there some unique aspects of mobile architectures exist and that affect decisions of the integration technology. 1.5 Mobile connectivity challenges By extending existing enterprise applications onto a mobile platform, a business can capitalize on its existing investment without the need to develop an entirely new solution to support mobile services. The requirement to provide users with continuity of transactions across multiple channels means that organizations that have well-established, multi-channel architectures are better placed to enable mobile access to their transaction processing systems. A channel integration approach based on a set of common reusable services offers the best framework for mobile integration. Consider, however, that although reusing what you already have is a good approach, mobile and cloud-based applications normally require a different style of service that is based on lightweight RESTful interfaces (see 2.2.1, “REST” on page 11), which are not normally available in today’s mainframe applications (see Figure 1-2 on page 5). 4 IBM z Systems Integration Guide for the Mobile and API Economy Figure 1-2 Mobile integration requirements Mobile services bring additional requirements for integration into the enterprise. One of these is the sheer volume of requests that is attributable to this new computing era. Historically, users of other channels are typically restricted in some way: whether through access from an office-only environment or, for early Internet users, access from the home. The advent of always-on, always-connected mobile access users can access these systems at their convenience, 24 hours per day, anywhere in the world. As a result, organizations have seen a significant increase in the volume of traffic reaching their core systems. Another integration requirement driven by mobile services is the support for push notifications. For mobile consumers and organizations alike, the convenience and personalization of publishing event-driven notifications to the device is hugely attractive. Historically, interactions with core systems have always followed an inbound request/response pattern. This model of push notifications places new requirements on the integration layer to propagate business events on the system of record through to the mobile user. The chapters ahead examine the architectural approaches and technologies available, which address these mobile integration challenges. Chapter 1. Introduction 5 6 IBM z Systems Integration Guide for the Mobile and API Economy 2 Chapter 2. Architecture options for service and API enablement This chapter introduces the main integration architectures that can be used for mobile integration with z Systems applications. This chapter describes the following topics: APIs and API management REST and JSON SOAP web services Messaging © Copyright IBM Corp. 2015. All rights reserved. 7 2.1 APIs and API management Computer programmers are familiar with the concept of an application programming interface (API). Historically, an API refers to the published details for a defined set of capabilities that an application programmer can build upon. The details of such an API might typically be published in a technical manual, and distributed as a binary runtime library with an associated license. The types of APIs discussed in this paper follow the same core principles, but operate in a connected world, where APIs can be easily discovered by any developer with the appropriate access, and are self-describing to the point where application development tools can generate code to use the API, accelerating adoption and promoting best practices. Although these APIs still represent common services for application programmers, the scope in which they are able to operate is dramatically different. APIs today might be consumed and used across the breadth of global organizations, between companies, or by private individuals; and they might be combined with other APIs from entirely unrelated providers to form innovative value propositions. With an API, developers can exploit functions of existing computer programs in other applications. Over the years, APIs have evolved based on advances in technology (such as network speed, security, and dynamic integration), and also maturation in business that allows for thinking of business functions as discreet, consumable entities. Competition is now possible for business functions based on business value as opposed to technology foundations. API architecture has also evolved over the years, in particular with the advent of service-oriented architecture (SOA). SOA provides for an architectural model to manage consumer and provider relationships in a dynamic environment. This model paved the way for producing and exposing APIs with better business enablement capabilities including request access, entitlement, identification, authorization, management, monitoring, and analytics, as shown in Figure 2-1. Mobile Transactions Public Cloud Internet of Things APIs SOA Gateway Integration Private Cloud Web Social Partners Analytics Data Services Figure 2-1 Systems of engagement consuming APIs, and systems of record providing services Mobile application developers today are able to compose high value applications by combining existing exposed business services or APIs, often made available by a variety of API providers, and discovered independently by application developers. Each service or API provider is unlikely to have envisioned all of the ways in which an API might be exploited, but if a mutual benefit exists, the API has a fair chance of success. Cost-effective APIs that provide rapid value to application developers, and which also build a reputation for reliability, can soon become the definitive method of providing a specific 8 IBM z Systems Integration Guide for the Mobile and API Economy capability within the mobile application development community (for example, location services using Google Maps APIs). APIs are needed for many reasons, including these reasons: Expose services for more flexibility. Want easier access to customers and partners. Need to reach more channels and devices. Make your place in the market. Today, progressive companies are exposing APIs to allow others to consume their business functions, for a profit. Where Windows and Linux have been traditional development platforms of the past, Google, Facebook, Twitter, and other companies are becoming the development platforms of the future. All of these companies built a functional platform of business capabilities and extended their business models by exposing APIs so that developers can exploit their functionality. Google Maps is a great example. Many developers write mashups on top of Google Maps for various reasons, for example retail store locator, traffic reports, road conditions, and so forth. One important business reason to enable APIs in your business is to monetize your business capabilities. For example, if you are a credit reporting agency and you produce an API that establishes credit scores and facts regarding a consumer’s credit history, then many banks, loan companies, insurance companies, and solicitation companies are more than happy to use (consume) your API for money. It provides them with the ability to perform the API functions, yet avoid having to develop and maintain their own API functions. In addition, they can easily disconnect yours if a better one comes along. This is the differentiator for APIs in an API economy: the ability to quickly subscribe to or unsubscribe to business functionality. It makes business more agile by driving a healthy competition for business function. The term API economy refers to the opportunities associated with productizing the exposure of your business functions as APIs. Consider that your API is a consumable product, and you need to market and position your product correctly for maximum profit. So, API economy deals with the additional channel opportunities associated with the proper exposure of your consumable business functions. For potential API consumers, business resources that reside on IBM z Systems, with products such as CICS, IMS, IBM DB2®, and IBM WebSphere Application Server, represent a rich source of capability if only their existence could be independently discovered by application programmers, and integration options were aligned with other API providers. Potential consumers of enterprise APIs might be either internal (inter-department, cross-function, employee), partner (affiliated, authorized business partners), or public (free or by registration). In all cases, access to enterprise APIs face a common set of challenges in terms of consumability, security, auditing, measurement, billing, and lifecycle. API management aims to provide a unified approach for addressing these challenges 2.1.1 From services to APIs APIs are the externalized aspect of services and as such should not be viewed as an alternative to SOA, but rather a part of a well-architected service-oriented enterprise. However, APIs are a specific genre of services with a lifecycle that is focused on “external” consumption. This externalization of enterprise services drives a focus on simplicity, security, and compatibility with standards-based external systems. Enterprise-scale businesses most likely already have many defined web services (see 2.3, “SOAP web services” on page 12). These mission-critical transactional services and Chapter 2. Architecture options for service and API enablement 9 business processes are likely to provide a rich source of content for new APIs. A collection of individual services providing operations upon a common resource might now be represented as a collective unit (an API). Such an API can be discovered, documented, invoked and maintained as a single entity. Developing for both internal enterprise services and external APIs enables the exploitation of distinct content pools, where completeness of content and operations upon a specific business resource might vary according to consumer. For example, an internal consumer in an HR department might have full access to an employee record, whereas an external employee directory might redact sensitive personal information from an employee record, such as home address or salary, while ultimately accessing the same system of record asset. An API is composed of operations that are offered in one of two styles: A REST API is structured according to the principles of Representational State Transfer, and typically uses the JSON data format (for more detail, see 2.2, “REST and JSON” on page 11). A SOAP API is a web service that is exposed as an API. Although a collection of independent services can be brought together under the auspices of an “API” facade, such an API might not be naturally “RESTful” if it does not intuitively reflect the create, retrieve, update, and delete operations through the set of HTTP methods. 2.1.2 API management API management brings a multitude of operational capabilities and insight to bear on APIs and services, including discovery through an API marketplace, access controls, lifecycle operations, rate control (or throttling), metering, auditing, and analytics. The combination of RESTful APIs and API management herald a significant evolution beyond the initial service enablement patterns of SOA, and the possibility to use JSON-encoded data promises to make z Systems business assets easily consumable for the rapidly expanding mobile and cloud-based application development community. A key success metric for API-enablement for z Systems assets is discovery and ease of consumption. An API enablement technology must make z Systems APIs discoverable and easily consumable on the terms of the consumer. Today, a Swagger1 document can provide a consumable unit for API consumers, providing everything they need to understand what the API provides and how to use it. Discovery of a self-describing API through a marketplace with the social capabilities such as number of existing users, ratings, and lifecycle updates allows great APIs to drive rapid adoption, while direct feedback can drive the evolution and requirements gathering process, or quickly identify unpopular modifications, all in one place. 2.1.3 Benefits of APIs and API management The major benefits of implementing an API management solution are as follows: Extend internal enterprise services to an ecosystem of innovators and new markets. Control access to enterprise services. Provide insight into who is accessing enterprise services. 1 10 Swagger is an open specification for describing, producing, consuming, and visualizing RESTful web APIs: http://swagger.io/specification IBM z Systems Integration Guide for the Mobile and API Economy 2.2 REST and JSON Mobile application developers today typically expect APIs to “talk” HTTP, to naturally use HTTP methods to represent the desired operation, to exchange data represented in JSON, and to return resource references as fully formed URIs, ready to flow on a subsequent request. All of these technologies are taken to be universally available for applications designed for modern mobile devices such as smartphones and tablets. 2.2.1 REST Representational State Transfer (REST) is a defined set of architectural principles by which you can design web services that focus on service resources. The REST architectural pattern takes advantage of the technologies and protocols of the World Wide Web to describe how data objects can be defined and modified. In contrast to a request-response model such as SOAP, which focuses on procedures made available by the system, REST is modeled around the resources in the system. In simple terms, REST prescribes a basic mapping from HTTP methods POST, GET, PUT, and DELETE, to logical operations create, retrieve, update, delete. Each resource is globally identifiable through its Uniform Resource Identifier (URI), and the HTTP methods are used as shown in the following list: POST Create a new resource representation. GET Retrieve a resource representation. PUT Update a resource representation. DELETE Delete a resource representation. 2.2.2 JSON JSON is an open standard format for data interchange. Although originally used in the JavaScript scripting language, JSON is now language-independent, with many parsers available in many languages. Example 2-1 shows a JSON message. Example 2-1 JavaScript using a JSON-encoded array of name data var employeesArray = [ { "firstName":"John" , "lastName":"Doe" }, { "firstName":"Anna" , "lastName":"Smith" }, { "firstName":"Peter" , "lastName":"Jones" }, ] JSON supports two structures: objects and arrays. Objects are an unordered collection of name-value pairs, where arrays are ordered sequences of values. JSON also supports simple types including strings, numbers, Boolean expressions, and null values. This support enables JSON to describe any resource. JSON can be seen as readable by both humans and machines. JSON is an easy language for humans to read, and for machines to parse. Chapter 2. Architecture options for service and API enablement 11 2.2.3 Advantages of REST and JSON REST and JSON have these advantages: They are prescriptive in terms of implementation patterns and security options, leading to a uniform approach that is intuitive for consumers and providers alike. The barrier of entry for mobile application programmers is set low; JavaScript application programmers can handle HTTP connections and JSON data without requiring additional specialist libraries (for example, for parsing) REST interfaces for z Systems assets are familiar to mobile application programmers, and can be consumed in the same way as industry-standard APIs. They are independent of platform, operating system, and programming language. They are flexible and extensible. JSON can often represent data more concisely than XML. Every element in the tree has a name, and the element must be enclosed in a matching pair of tags. JSON expresses trees in a nested array format similar to JavaScript. This way can enable the same data to be expressed in a relatively smaller data package than with XML, which can be a factor for mobile applications. 2.3 SOAP web services SOAP web services are an implementation of a service-oriented architecture (SOA). A service is an application component that has a well-defined published interface that allows other application components to invoke operations on the service without any knowledge of how the service is implemented. The technologies that can be used to implement a web services solution have received wide acceptance as the strategic way of building distributed IT solutions that integrate heterogeneous applications over the Internet and intranets. The web service specifications are completely independent of programming language, operating system, and hardware in order to promote loose coupling between the service requester (or consumer) and service provider. The technology is based on open standards such as these: Extensible Markup Language (XML) SOAP, which is a standard protocol for exchanging XML messages Web Services Description Language (WSDL), which defines an XML grammar for describing web services Using open standards provides broad interoperability among different vendor solutions. These principles mean that companies can implement web services without having any knowledge of the service requesters, and service requesters do not need to know the implementation specifics of service provider applications. This use of open standards facilitates just-in-time integration and allows businesses to establish new partnerships easily and dynamically. Figure 2-2 on page 13 shows how a SOAP message consists of an envelope that contains zero or more headers and a body. 12 IBM z Systems Integration Guide for the Mobile and API Economy Figure 2-2 SOAP messages Application designers determine the contents of the headers. The SOAP specification does not define what headers should be used. For example, application designers might define a header that contains authentication credentials or information for transaction management. The body is where the main end-to-end information (the payload) conveyed in a SOAP message must be carried. This information might be parameters for calling a service for a service request, or the result of calling the service for a service response (for instance, see Example 2-2). Example 2-2 SOAP body <employees> <employee> <firstName>John</firstName> <lastName>Doe</lastName> </employee> <employee> <firstName>Anna</firstName> <lastName>Smith</lastName> </employee> <employee> <firstName>Peter</firstName> <lastName>Jones</lastName> </employee> </employees> 2.3.1 Advantages of SOAP web services SOAP web services have the following major advantages: Provide a standard for exchanging data in XML format, for example, the parameters used in a program call (for the inbound message) and the data resulting from the call (for the outbound message). Are independent of protocol, platform, operating system, and programming language. Are flexible and extensible. Enable the use of web services standards such as WS-Security. SOAP supports the remote procedure call (RPC) style of web service, in addition to the document message style. Although HTTP is transport-protocol-independent, it is the most widely used protocol today for transporting SOAP messages. A web service is fully defined in a WSDL file. Most major environments that host applications have development tools that use the WSDL file to generate easy-to-use proxies or adapters to send and receive SOAP messages on behalf of applications. Chapter 2. Architecture options for service and API enablement 13 2.4 Messaging Instead of exchanging information directly from one application to another, in a messaging architecture, messages are placed in queues that store them until they are retrieved by an application. A queue manager maintains the queue and is responsible for the integrity and persistence of the message. It can also deliver messages across a network to other queue managers. The full benefits of a messaging architecture are realized when you are integrating disparate software components and you are not in control of the availability and connectivity between these components. Enabling all applications and data sources to communicate in this way requires a messaging backbone. The messaging backbone can be thought of as a pervasive communications infrastructure. It provides reliable and secure data communication between applications on all computing platforms and in all execution environments. And, it provides an inherently loosely coupled way of integrating applications. In addition to providing connectivity, the messaging backbone should also be able to provide guaranteed qualities-of-transport service (for example, reliable message delivery). A messaging backbone exists in many of today’s application integration architectures, and these are likely to be reused in mobile projects. 2.4.1 MQTT MQTT is an extremely lightweight machine-to-machine publish/subscribe messaging transport. It is useful for connections with remote locations where a small code footprint is required or network bandwidth is at a premium. For example, it is used in sensors communicating to a message broker through a satellite link, or in a range of home automation and small device scenarios. It is also ideal for certain types of mobile application because of its small size, low power usage, minimized data packets, and efficient distribution of information to one or many receivers. In terms of mobile devices, several specific differences exist between the MQTT and HTTP protocols. MQTT is a more efficient transport for data payloads, transferring them as minimally sized byte arrays, meaning that smaller data packets are needed to communicate the same useful information. This way is ideal for bandwidth-sensitive devices such as smartphones and tablets. The mechanism by which the data is moved also differs between MQTT and HTTP. MQTT follows a reliable-delivery publish/subscribe messaging pattern, rather than the try-and-retry request/response mechanism of HTTP. Again, this way is ideal for mobile applications because it supports the publication to multiple recipients over unreliable networks. 2.4.2 Advantages of messaging The use of messaging offers these major advantages: It provides an asynchronous communication mechanism, enabling two or more applications to communicate without both having to be available at the same time. It enables buffering of workloads between applications, such that one application does not overload another with requests. It supports the single-to-many propagation of requests, using practices such as publish/subscribe. The MQTT protocol can be used when network bandwidth is limited, connections are fragile, and mobile devices have limited memory or processing capabilities. 14 IBM z Systems Integration Guide for the Mobile and API Economy Industry standards exist for messaging, such as JMS, which enable Java applications to be developed that can be fulfilled by any messaging provider that adheres to the standard. Chapter 2. Architecture options for service and API enablement 15 16 IBM z Systems Integration Guide for the Mobile and API Economy 3 Chapter 3. Mobile integration architecture considerations Integration between mobile apps and mainframe enterprise applications can be seen from different perspectives including application integration, data integration, and security integration. But the goal of all of these approaches is to decouple systems in order to reduce the complexity and work effort involved in communicating with an enterprise application or data source, distant from the mobile application itself. In this chapter, we review the key considerations when planning a mobile solution that reuses mainframe applications and data. This chapter describes the following topics: Mobile integration architecture overview System of record Service access layer Enterprise service bus Application server Mobile platform Security gateway API gateway Mobile app © Copyright IBM Corp. 2015. All rights reserved. 17 3.1 Mobile integration architecture overview A mobile integration architecture must offer flexibility for the mobile user interface components to perform key business tasks (including the invocation of business processes and services) through the use of a service interface or API. Figure 3-1 shows the major components of a mobile integration architecture (not all solutions require all of the components shown in the figure). System of Engagement System of Record Mobile Platform CICS Security/API Gateway Enterprise Service Bus Other apps Service Access Layer Mobile apps IMS DB2 Other Application Server Figure 3-1 Mobile integration architecture These components of the mobile integration architecture are described next, starting with the systems of record and finishing with the mobile app. 3.2 System of record When mobile users access their bank accounts and other enterprise data, an important aspect is that they have access to the same data that can be accessed through other channels. A balance inquiry should give the same result, independent of whether the request is made from a mobile app or from the Internet banking application. The integrity and validity of the account data is maintained by the system of record (SOR). The way in which the mobile app accesses the SOR will depend on the type of SOR used (CICS, IMS, DB2, and others), the software version currency of the SOR, and what application interfaces are already exposed by the SOR (see 3.3, “Service access layer” on page 19). 18 IBM z Systems Integration Guide for the Mobile and API Economy 3.3 Service access layer Services are used to encapsulate the functional units of an application by providing an interface that is well-defined and implementation-independent. The service access layer may be implemented in a separate server instance or may be a layer within the SOR. Consider these questions when you decide how mobile applications should access the SOR: Does a service interface already exist? You might already have web services running in the SOR exposed through SOAP interfaces that can be used by the mobile client code. In this case, a component of the enterprise mobile solution is required to convert between the protocol used by the mobile app (normally JSON over HTTP) and the SOR interface (SOAP over HTTP). However, exposing a REST interface directly might be more convenient and streamlined. This way is why the traditional mainframe SOR products now provide options for accessing applications using JSON over HTTP. If the SOR is not service-enabled, a component of the enterprise mobile solution is required to convert the mobile request into the data format and transport protocol supported by the SOR application. What service granularity is exposed by the SOR application? An important characteristic of the existing service interface is the service granularity (course-grained or fine-grained). It is possible, even likely, that the granularity of the existing interface will need to be adapted. For example, performing aggregation of fine-grained services to expose a courser grained service might be necessary. In this case, a service aggregation component of the enterprise mobile application can be deployed in one of the layers of the mobile integration architecture. How will services be discovered? The lifecycle of a typical mobile app is much shorter than the traditional mainframe application lifecycle. To facilitate fast and agile development of mobile apps, and also other system of engagement (SOE) applications, you need a way to allow developers to determine quickly what services are available. Ideally, a developer should be able to discover the catalog of available services, and retrieve the necessary information (for example the JSON schema) to be able to call each service. 3.4 Enterprise service bus An enterprise service bus (ESB) connects service requesters and service providers, which are basic parts of a service-oriented architecture (SOA). Each invocation into an ESB from a service requester (for example, a client-side mobile application) results in one or many invocations out to a service provider (for example a mainframe SOR). Mobile service invocation messages should be lightweight, consisting mostly of limited numbers of primitive data types and operations. The ESB handles the necessary routing, mediation of service interface differences, data transformations, protocol transformations, caching, and orchestrations, retry logic, exception handling, and so on. Chapter 3. Mobile integration architecture considerations 19 Consider these questions when you decide what role an ESB should play in a mobile integration architecture: Is an ESB used in the existing application integration architecture? Probably the most compelling reason for using an ESB in a mobile solution is if the ESB is already being used today to enable integration with other non-mobile service requesters. The ESB often has a pivotal governance role in applying policies such as authentication, audit, logging, service versioning, and so on. In this case, mobile app requests will likely be subject to the same governance policies. Most ESBs have been enhanced in recent years to support specific mobile request protocols and data formats. How many types of service requesters and service providers need to be supported by the application integration architecture? The value of an ESB is partly determined by the range of different service requesters and providers that need to be integrated. When a significant and growing number of different endpoints exists, the ESB plays a crucial role in avoiding a spider web of point-to-point connections. An ESB also helps you more easily introduce new systems into the application integration architecture in the event of business mergers and acquisitions. Does the mobile solution need to support asynchronous requests? For asynchronous requests, the response of a service provider must be correlated to the original request from the service requester; the requester must be able to determine which request a response answers. An ESB is able to provide correlation for asynchronous invocations through a messaging engine. 3.5 Application server The application server provides facilities to create both web applications and a server environment to run them. Different servers may be used including Java Enterprise Edition (Java EE) servers running Java web applications or Node.js servers running server-side JavaScript applications. Because smartphones and tablets have mobile browsers, web applications may be shared between desktop web browsers and mobile browsers. The problem here is that most websites that are designed for desktop browsers are not easy to use on small mobile devices with touch screens. Therefore, building a special mobile web app is often the best practice. 3.6 Mobile platform “Roll-your-own” mobile solutions (for example, mobile web apps that reuse web applications) can be a tactical response to a short-term requirement; however, a strategic approach requires a specific SOE to cope with the particularities of the mobile engagement including the faster app development and deployment lifecycles, push notifications, and mobile security challenges, and the need for collecting mobile analytics data. A mobile enterprise application platform (MEAP) addresses the challenges of developing mobile software by managing the diversity of devices and user groups at the time of deployment and throughout the mobile solution’s lifecycle. 20 IBM z Systems Integration Guide for the Mobile and API Economy A MEAP solution is generally composed of two parts: mobile apps and a mobile server. Mobile apps connect to the mobile server, which handles communications, system integration, and security requirements. Most MEAPs also include a mobile development toolset that allows companies to create and maintain mobile applications. Consider these questions when you decide what role a mobile server should play in a mobile integration architecture: Should the mobile server perform protocol and message transformation? A mobile server can convert between the protocol used by the mobile app (normally JSON over HTTP) and the SOR. However, in an integration architecture that includes an ESB, this role will likely be performed by the ESB. What are the mobile security requirements? A mobile server can perform user authentication and authorization (as any other server can) but often has unique mobile security capabilities such as device and application authentication, device blocking, and encryption of data stored on the device. Does the mobile solution require push notifications? Whereas mobile devices are most often used to pull information from SOR systems, a push style of user interaction can often improve the user experience, especially when used in conjunction with location-based services. The mobile server often has an important role in enabling push notifications because the mobile server has awareness of what devices are connected, the type of device and the user/device mapping. 3.7 Security gateway The most effective mechanism to ensure that proper access management policies are enforced is through the use of a centralized security gateway. The gateway serves as an entry point for requests from mobile apps and other application traffic into the enterprise. It delivers a configurable set of modular capabilities to protect and enhance online mobile interactions. The security gateway acts as the policy enforcement point (PEP) for all authentication and authorization decisions related to mobile traffic. This architecture allows enterprises to decouple the enforcement of security policy from the underlying application and also provides functional offload of security capabilities to allow the SOR applications and resources to more efficiently scale to meet the high volume demands that inevitably occur with mobile traffic. For the most sensitive applications, a security gateway can be deployed as a physical appliance with tamper-proof protection. Consider these questions when you decide what role a security gateway should play in a mobile integration architecture: Is a security gateway used in the existing application integration architecture? The security challenges of mobile solutions overlap with those of other integration solutions, for example, protection against denial of service and other threats, rate limitation, and centralized security policy control. If these types of security policies are already implemented in a security gateway, extending the gateway functionality to control mobile access makes sense. Chapter 3. Mobile integration architecture considerations 21 What are the specific security requirements of the mobile solution? Different applications have different security requirements that are influenced by many factors, including these factors: – Type of user (employee, client, and others). For business-to-employee (B2E) apps, for example, deploying a mobile device management (MDM) solution is often necessary. – Type of device (company owned, bring your own device (BYOD), and others.) – Type of app (web, native, hybrid) – Type of SOR services reused by the mobile app – Authentication, authorization and audit requirements – Confidentiality and data integrity requirements – Company and industry standards that need to be respected A security gateway can play an important role in any mobile security solution, but it will probably not be the only security policy enforcement point. An end-to-end view is required in which access control is enabled in each component of the architecture. For example, some solutions require that the mobile user’s identity flows securely with the request message, passing through layers of the application architecture until it arrives in the mainframe SOR. 3.8 API gateway An API management solution simplifies mobile integration by enabling the following various roles to perform various tasks: API developers to create, secure, control, deploy, analyze, and manage SOAP and REST APIs API business owners to advertise, market, socialize, and sell APIs as products Application developers to easily find, understand, and consume APIs IT operations staff to manage and upgrade the API environment to use existing IT investments The API gateway is a runtime component of the solution that provides access to APIs and essential services, such as security, governance, and monitoring. For example, metering of API invocations enables rate-limiting to be applied and API use to be charged. The API gateway can also provide the underlying technology to support message-format translation, and version- and change-management. It can be deployed in the same physical or virtual server as the security gateway. Consider these questions when you decide what role an API gateway should play in a mobile integration architecture: Do you need to make your business services more consumable? Making APIs consumable means much more than providing only key technical information of how to invoke the APIs, that is, the interface description. APIs should be simple to find from an easily browseable and searchable catalog. Do you want to reach new markets and customers? By exposing core business functions as APIs to business partners, a business can deliver more comprehensive services and reach more customers. 22 IBM z Systems Integration Guide for the Mobile and API Economy Do you need more control over who uses your business services? The API gateway can check the entitlement for the invoking application, control workload, and generate audit data on each invocation. The collected audit data can then be analyzed and presented as a report for gaining insight into API invocation. For example, which APIs are invoked, how often, and by which applications. Do you need to charge consumers for accessing your business services? The audit data collected by the API gateway can be used for charging. 3.9 Mobile app The type of mobile application and its specific requirements can influence the type of mobile integration architecture used. Consider these questions: What type of mobile application is being used? Three types of mobile apps are available: – Mobile web apps are the same as those used in a desktop browser, but are adapted to fit on the smaller screen of a mobile device. They are typically written using HTML5, CSS, and JavaScript, and are portable across multiple devices and operating systems. Web applications cannot access the hardware on the mobile device (such as the camera and GPS chip). Web apps typically reuse web applications running in the application server, which then invoke an SOR application through the service access layer or through an ESB. – Native apps are written in an operating-system-specific language, and have full access to the mobile device hardware, features, and functions. Native apps typically invoke REST APIs exposed through the API gateway. – Hybrid apps combine both the web and native models; applications are written using HTML5, CSS, and JavaScript but wrapped in a container that allows the application to access the device hardware. With open source technologies like Apache Cordova, you can build applications using HTML5 but also wrap the application in a native shell. Cordova provides a JavaScript bridge into many of the native features on a device such as the camera, accelerometer, and so forth. MEAPs are normally based on open standards like Cordova, but they also provide additional capabilities that help with system integration and security. Hybrid apps therefore normally access the MEAP, which then invokes the SOR application through the service access layer or through an ESB. Note: Web apps and native apps may also access a MEAP server in order to benefit from MEAP services, including security and analytics. Does the mobile application use push notifications? Mobile applications can take advantage of a push style of user interaction that can significantly improve the user experience. Push notifications deliver messages, usually pointers to information that is relevant when a specific event occurs. When using the Apple iOS notification framework (APNS) or the Google Android notification framework (C2DM), the notification is bound to a specific app (as opposed to SMS, which is device-based). The notification framework delivers a message and the device shows a dialog that causes the user to open the app. Chapter 3. Mobile integration architecture considerations 23 In many cases, the event that needs to initiate a push notification occurs in the SOR, for example, an account balance falling below a certain level. To take advantage of push notifications, therefore, the SOR application must be enabled for the detection and emission of events to a MEAP. The MEAP then provides a unified push notification API that supports different mobile device types. Does the mobile app need to regularly refresh data stored on the device? If a mobile app needs to refresh its local data periodically, it can use a batch-scheduled interaction pattern. An example is an app for field or support representatives, where the app is scheduled to download the daily task list in addition to an updated product catalog, which can then be used offline. This pattern can also ensure delivery of information by using messaging protocols like MQTT. Such an app will normally access data (perhaps by subscription) in a message queue enabled by the ESB. 24 IBM z Systems Integration Guide for the Mobile and API Economy 4 Chapter 4. IBM z Systems mobile integration solutions This chapter introduces the main solutions and products that can be used for mobile integration with z Systems applications. The chapter has an overview of each solution and then provides guidance for when to use the solution. This chapter describes the following topics: z/OS Connect IBM API Management IBM StrongLoop IBM DataPower Gateway IBM Integration Bus IBM MobileFirst Server CICS mobile integration options IMS mobile integration options DB2 z/OS mobile integration options IBM MessageSight © Copyright IBM Corp. 2015. All rights reserved. 25 4.1 z/OS Connect z/OS Connect provides a single common gateway for REST HTTP calls to reach business assets and data on z/OS operating systems. Where these assets run is specified in the z/OS Connect configuration, relieving client applications in the cloud, mobile, and web worlds of the need to understand the details about how to reach them and how to convert payloads to and from the formats that the applications require. Services can be enabled without writing code and tooling is provided for creating the data transformation artifacts. Figure 4-1 shows an overview of z/OS Connect. CICS REST JSON z/OS Connect IMS DB2 Other Figure 4-1 z/OS Connect With z/OS Connect, mobile and cloud application developers, whether they work inside or outside the enterprise, can incorporate z/OS data and transactions into their applications without needing to understand z/OS subsystems. The z/OS resources appear as any other RESTful API. Note: z/OS Connect is an example of a service access layer as shown in Figure 3-1 on page 18. z/OS Connect capability is delivered in two ways: IBM WebSphere Liberty z/OS Connect The z/OS Connect function contained in WebSphere Liberty Profile is referred to as z/OS Connect V1. It provides basic REST function, enabling one subsystem service call per REST request, typically using a POST REST operation. IBM z/OS Connect Enterprise Edition IBM z/OS Connect Enterprise Edition (EE) V2.0 (referred to in this paper as z/OS Connect EE V2.0) extends the entitled capabilities of z/OS Connect V1 to support all REST verbs, such as GET, POST, DELETE, and PUT. It supports JSON message mapping in addition to data translation and provides new eclipse-based tooling to define RESTful APIs. 26 IBM z Systems Integration Guide for the Mobile and API Economy 4.1.1 IBM WebSphere Liberty z/OS Connect z/OS Connect V1 is a Liberty feature that provides a fast, secure, and reliable way of connecting to z/OS assets. It provides a way to identify and access assets by using standard REST HTTP calls. Figure 4-2 shows an overview of z/OS Connect V1. 1 Liberty Profile for z/OS 7 5 REST JSON CICS Data Transform 3 z/OS Connect Servlet Service Providers 4 IMS DB2 Interceptors 6 2 server.xml Figure 4-2 z/OS Connect V1 The following components are involved in processing a request in z/OS Connect V1: 1. z/OS Connect V1 function is contained in WebSphere Liberty Profile. It is available with WebSphere Application Server for z/OS, CICS TS (see 4.7.2, “z/OS Connect for CICS” on page 38), and IMS (see 4.8.2, “IMS Mobile Feature Pack” on page 42). 2. Services are configured in the Liberty server.xml file. 3. A servlet receives the request (normally an HTTP POST request) and invokes a service provider. 4. A service provider is software that provides the connectivity to the SOR. z/OS Connect has a Service Provider Interface (SPI) that supports the creation of service providers that are used to process requests arriving to the z/OS Connect servlet. Service providers can be written and delivered by any component to plug into an OSGi framework. A WebSphere optimized local adapters (WOLA) service provider is included with z/OS Connect, and is used to connect to CICS. IMS connectivity is enabled using IMS Connect. 5. z/OS Connect V1 provides the ability to transform JSON to the layout required by the SOR. It supports the conversion of the JSON request to a byte array, which can be mapped by a COBOL/PLI/C structure. A utility is provided that reads a COBOL copybook or PLI, or C structure file, and generates a data mapping (binding file) and a JSON schema. A similar utility is also provided for converting a JSON schema to a data mapping. 6. Interceptors are callout points where software can be invoked to do operations such as System Authorization Facility (SAF) authorization and SMF activity recording. The interceptor framework is particularly powerful for controlling which users can access which services. 7. The z/OS subsystems currently supported by z/OS Connect V1 are CICS, IMS, and DB2. As a feature in the Liberty profile server on z/OS, z/OS Connect V1 benefits from unique z/OS capabilities like SAF security integration, z/OS Workload Manager (WLM) and audit logging to SMF. SAF integration means that z/OS Connect V1 supports z/OS Identity Propagation that Chapter 4. IBM z Systems mobile integration solutions 27 can be used to map a distributed user id to IBM RACF® user ID, and then pass the mapped RACF user ID onto CICS. WLM integration means different URIs can have varying levels of priority and performance criteria. When to use z/OS Connect V1 Consider using z/OS Connect V1 for mobile integration when you want to: Provide a uniform and consistent REST/JSON access to the mainframe. Simplify the service development process by making the mainframe application owner responsible for data transformation, rather than the non-mainframe integration team. Manage service access control using SAF or map distributed identities to RACF identities. Audit service access (for example, arrival time, completion time, user ID, and others) to SMF. Use the lightweight, cost-efficient WebSphere Liberty environment for transforming and routing mobile requests. For more information about z/OS Connect, see the IBM Techdoc Liberty Profile z/OS Connect Quick Start Guide and Exploration of z/OS Connect Functions: http://www.ibm.com/support/docview.wss?uid=tss1wp102439&aid=7 4.1.2 IBM z/OS Connect Enterprise Edition The z/OS Connect Enterprise Edition (EE) V2.0 (announced in 2015) is a product that extends the support available with z/OS Connect V1. In particular, it enables z/OS based programs and data to participate fully in the new API economy. Figure 4-3 shows how z/OS Connect EE V2.0 enables the build, deploy, discovery and consumption of an API created from z/OS based CICS and IMS programs. Figure 4-3 z/OS Connect Enterprise Edition V2.0 Statement of Direction: IBM intends to support additional z/OS subsystems with z/OS Connect EE including DB2 and IBM MQ. 28 IBM z Systems Integration Guide for the Mobile and API Economy z/OS Connect EE V2.0 consists of two major components: Workstation-based interface The z/OS Connect EE V2.0 workstation tooling is designed to work with IBM Explorer for z/OS Aqua, and associated offerings. The Eclipse-based tooling is used for the composition of z/OS RESTful APIs. The API composition tasks include these: – Definition of the RESTful API and the JSON message formats that are required by the API (for both request and response) – Definitions to invoke a specific service on z/OS These definitions are encapsulated in an API package file, together with a matching Swagger 2.0 document. The user interface is designed to be intuitive for a z/OS developer who is familiar with RESTful API concepts. Behind each API definition, the JSON request-response schema associated with a specific HTTP method (GET, POST, PUT, and DELETE) can be mapped to an associated z/OS Connect service. In combination with values from the HTTP headers, JSON fields can be passed through, moved, omitted, or set to a default value, and taken together to form an API mapping model. The API mapping model provides a powerful degree of separation between the mobile or cloud application view of the API, and the underlying z/OS subsystem assets z/OS Connect EE V2.0 runtime z/OS Connect EE V2.0 enhances the z/OS Connect V1 runtime environment through its support for API package files which originate from the workstation tooling. A utility is provided to deploy an API package file to a specific instance of z/OS Connect EE. This utility can assist the automated deployment of APIs. API consumers can discover z/OS Connect EE APIs and the associated Swagger 2.0 descriptions. In this way, an API management solution can dynamically build a catalog of z/OS based API services. The z/OS Connect EE V2.0 runtime continues to support the interceptor framework for SAF authorization and SMF activity recording. Request-level logging of JSON payloads is also supported. When to use z/OS Connect EE V2.0 In addition to the benefits of z/OS Connect V1 (see “When to use z/OS Connect V1” on page 28), consider using z/OS Connect EE V2.0 for mobile integration when you want to: Provide intuitive, workstation-based tooling that enables a developer, with or without z/OS skills, to create RESTful APIs from traditional z/OS based assets. Support the discovery of defined APIs using the Swagger 2.0 standard to share API descriptions. For more information about z/OS Connect EE V2.0, see the following web page: http://www.ibm.com/software/products/en/zos-connect-enterprise-edition Chapter 4. IBM z Systems mobile integration solutions 29 4.2 IBM API Management The IBM API Management solution provides a complete set of REST and SOAP API capabilities to help an enterprise extend the “reach” of business services beyond the enterprise and to encourage innovation within the enterprise. The solution enables the four most significant entities in the API economy: API product managers API providers IT operations Application developers With the API Manager user interface that is provided with IBM API Management, you can surface z Systems assets as lightweight APIs that conform to REST principals. Also, you can accomplish this through simple configuration changes that involve zero coding. The API Manager provides multiple connectors such as the SOAP-to-REST and HTTP connectors. You can use these connectors to help create APIs from existing mainframe web services. If you already have an existing RESTful API (using z/OS Connect for example) that you want to expose and control, you can easily define that in the API Manager as a proxy service. IBM API Management supports iterative development of APIs with the ability to create versions and to revert to prior versions. You can add a REST API either by composing the API and its operations from “scratch” by importing a Swagger file, or by discovering a REST definition from a registry. You can make changes dynamically to an existing running API implementation, and the implementation can then be pushed and activated on the runtime with little to no disruption to the consumers. Figure 4-4 is an overview of the IBM API Management solution used for discovering mainframe services, and creating and consuming APIs. API Management API Developer 1. Discover services 2. Create APIs Development Time Run Time Cloud / Bluemix apps Mobile apps 3. Consume APIs API API Web apps API Figure 4-4 IBM API Management and z Systems 30 IBM z Systems Integration Guide for the Mobile and API Economy z/OS Connect REST REST Service REST Service Service CICS IMS DB2 SOAP SOAP Service SOAP Service Service Other An API management layer provides essential services, such as security, governance, and monitoring for APIs defined and developed by your team. For example, API management that provides metering of API invocations enables rate-limiting to be applied, API use to be charged, and security provided for business data. IBM API Management uses the IBM DataPower Gateway appliance as its gateway. DataPower is an industry-leading security gateway that also provides access control, integration, and optimized delivery of APIs (see 4.4, “IBM DataPower Gateway” on page 33). 4.2.1 When to use IBM API Management Consider using the IBM API Management solution for mobile integration with z Systems when you want to: Extend the value of your mainframe assets by socializing SOAP or REST APIs to developers, and providing controlled access to third parties. Streamline the development of new REST APIs through service discovery. Secure, govern, and monitor access to mainframe services. For more information about IBM API Management, see the following web page: http://www.ibm.com/software/products/en/api-management 4.3 IBM StrongLoop The IBM StrongLoop® solution provides a comprehensive set of tools to rapidly create, prototype, and industrialize new APIs. One of the fastest growing and most popular technologies for creating APIs is Node.js, an open source JavaScript runtime engine that is particularly well suited to API creation, owing to its ease of use and high performance. IBM StrongLoop embeds Node.js as its underlying runtime environment, providing enterprise support for Node.js. To accelerate the creation of new APIs, StrongLoop builds on the popular Node.js LoopBack® framework, enabling developers to quickly compose scalable APIs based on existing data models, application services, and Swagger 2.0-defined APIs. StrongLoop offers the choice of creating APIs with StrongLoop Arc, a graphical tool that enables users to visualize their APIs. Alternatively, StrongLoop provides slc, a command-line interface that offers a wider and more powerful suite of API creation capabilities. IBM StrongLoop offers a comprehensive adapter framework that allows new APIs to be created, based on a set of aggregated underlying services. StrongLoop Connectors are able to retrieve information from a multitude of databases (Relational and NoSQL), REST and web services providers, and also file- and messaging-based services. Chapter 4. IBM z Systems mobile integration solutions 31 Figure 4-5 shows an example of how an API, created with StrongLoop, might aggregate a set of services from underlying systems. Figure 4-5 IBM StrongLoop for API creation and aggregation of multiple endpoints After APIs are created with StrongLoop, they can be deployed and managed in the Enterprise Node.js environment. StrongLoop offers the following capabilities to create, deploy, manage, and secure its APIs: API creation, visually with Arc or through the command-line interface with slc Deployment and delivery of APIs to the Enterprise Node.js runtime environment Process management to scale and cluster instances of deployed APIs Performance metrics for monitoring the health of the runtime environment Profiling to identify bottlenecks, CPU hotspots, and aid root cause analysis An API services gateway, providing secured, throttled, and managed access between providers and consumers, and also API analytics. 4.3.1 When to use IBM StrongLoop Consider using the IBM StrongLoop for mobile integration with z Systems when you want to: Extend the value of your mainframe assets by rapidly creating new APIs based on an enterprise-grade Node.js and LoopBack framework. Augment and enrich existing mainframe services with other endpoints to aggregate multiple services into a single API. Manage, monitor, and secure access to Node.js based APIs that surface mainframe application logic and business data. 32 IBM z Systems Integration Guide for the Mobile and API Economy Important: The combination of IBM StrongLoop with IBM API Management and z/OS Connect provides a comprehensive solution for rapidly establishing an API framework, enriched with access to valuable mainframe assets. The speed with which innovative new APIs can be prototyped and created with StrongLoop, coupled with the comprehensive lifecycle governance of API Management, and backed by core business APIs surfaced through z/OS Connect EE V2.0, is a powerful combination for simplifying the reuse of mainframe assets by mobile, web and cloud-based clients. For more information about IBM StrongLoop, see the following web page: http://www.ibm.com/middleware/application-platform/en-us/strongloop.html 4.4 IBM DataPower Gateway DataPower Gateway appliances help quickly secure, integrate, control, and optimize access to a range of workloads through a single, extensible, DMZ-ready gateway. These appliances act as security and integration gateways for a full range of mobile, cloud, API, web, SOA, and business-to-business (B2B) workloads. Figure 4-6 shows the principal roles of a DataPower Gateway. Figure 4-6 IBM DataPower Gateway As shown in the figure, DataPower can play different roles in a mobile integration architecture: 1. As a mobile security gateway, DataPower can securely expose corporate data, applications, and services to mobile apps, while optimizing delivery of the workload. It can provide the following security capabilities: – – – – – – – – Enforcement point for centralized security policies Authentication, Authorization, SAML, OAuth 2.0, Audit Threat protection for XML and JSON Message validation and filtering Centralized management and monitoring point Traffic control / Rate limiting Security integration with z/OS Connect Security integration with MobileFirst Server (for example, DataPower can be used for single sign-on) Chapter 4. IBM z Systems mobile integration solutions 33 2. DataPower can also act as a gateway for API access and traffic management. It processes and manages security protocols and stores relevant user and appliance authentication data. The gateway server also provides assembly functions that enable APIs to integrate with various endpoints, such as databases or HTTP-based endpoints. 3. DataPower can be used for data transformation, for example, JSON to SOAP or JSON to MQ transformations. If you have an existing DataPower appliance, you can use it as your gateway for an API management solution. You might want to use physical DataPower appliances for your production gateway servers. The physical gateway servers provide improved performance throughput when compared with virtual gateway servers. 4.4.1 When to use an IBM DataPower Gateway Consider using the DataPower Gateway for mobile integration with z Systems when you want to: Protect Internet facing mobile applications against security attacks. Implement authentication and authorization standards that are not supported natively on z Systems, or by specific mainframe subsystems. Implement IBM API Management as part of the solution. For more information about the IBM DataPower Gateway, see the following web page: http://www.ibm.com/software/products/en/datapower-gateway 4.5 IBM Integration Bus The IBM Integration Bus (abbreviated as IIB in the figures) provides a strategic enterprise service bus functionality. It provides a complete runtime for interpreting, transforming, and routing a wide range of message formats. It fully supports message transports such as JMS, HTTP, native WebSphere MQ, and others. It includes libraries for all major message formats such as JSON, XML, SOAP, fixed length, variable length, tagged, SWIFT, EDI, and so on. In addition to a base set of more than 50 built-in visual nodes, various transformation languages are also supported, such as Java, extended SQL, XSLT, and WTX. Over the years, the Integration Bus has become a corporate standard for reliable, high-performance message handling running on all major platforms. Figure 4-7 shows several principal integration scenarios enabled by IBM Integration Bus. SOAP MQTT IBM Integration Bus REST FTP Other Integration Bus ERP/EIS Files Web 2.0 Devices Web Services MQ, JMS Applications Databases Figure 4-7 IBM Integration Bus 34 IBM z Systems Integration Guide for the Mobile and API Economy Mobile Mainframe CICS/IMS IBM Integration Bus provides secure, scalable access to critical data and back-end systems from mobile applications. Mobile apps can initiate message flows in IBM Integration Bus that can be used for aggregation of end-points, business rules based behavior, complex message mapping, transactionality across multiple resources, content-based routing, and much more. IBM Integration Bus provides several specific z Systems mobile integration capabilities: IBM Integration Bus provides a JSON parser and serializer that interprets a JSON bit stream using the JSON grammar, and generates a corresponding JSON domain logical message tree. IBM Integration Bus can connect to applications and devices that send and receive messages by using the MQ Telemetry Transport (MQTT) messaging protocol (see 2.4.1, “MQTT” on page 14). IBM Integration Bus provides multiple connectivity options for CICS, IMS and DB2. 4.5.1 When to use IBM Integration Bus Consider using IBM Integration Bus for mobile integration with z Systems when you want to: Reuse an existing application integration architecture based on IBM Integration Bus. Implement mobile solutions with complex and/or diverse application integration requirements. Implement mobile connectivity based on MQTT. For more information about IBM Integration Bus, see the following web page: http://www.ibm.com/software/products/en/ibm-integration-bus 4.6 IBM MobileFirst Server IBM MobileFirst™ Server is one component of the IBM MobileFirst Platform Foundation. It provides a runtime for adapters, analytics, push notifications and application hosting services. Server-side APIs are provided to integrate between the mobile application and back-end systems. JavaScript and Java APIs can be called to perform functions such as authentication, accessing web services, accessing a database, and subscribing to push notifications. By developing server-side application code, the mobile application can directly access SORs or cloud-based services, or it can access services through an ESB. Figure 4-8 on page 36 shows some of the integration adapters supported by the IBM MobileFirst Server. Chapter 4. IBM z Systems mobile integration solutions 35 WebSphere HTTP JMS CICS z/OS Connect MobileFirst server IMS DB2 Other IIB Packaged applications MQ Other SQL Mobile apps Other Adapters DB2 Figure 4-8 IBM MobileFirst Server adapter framework Adapters connect to SOR applications, deliver data to and from mobile applications, and perform any necessary server-side logic on this data. Figure 4-8 shows an HTTP adapter connecting to z/OS Connect. Another possibility is to connect directly to CICS or IMS using one of the natively supported HTTP protocols, for example, CICS web services. You can hot deploy adapters, meaning deploy, undeploy, and redeploy them at run time. This capability lends flexibility to the IBM MobileFirst Server-side development process. Some of the benefits of using IBM MobileFirst adapters are as follows: Ability to fully control the URL’s structure, the content types, the request and response headers, content, and encoding. Easy and fast development and testing by using IBM MobileFirst Studio and a command-line interface (CLI). Easy and fast deployment to a running IBM MobileFirst Server. Ready-to-use security integration with IBM MobileFirst security that uses simple annotations in the source code. A built-in security framework provides connectivity and integration into existing enterprise security systems, and sends connection credentials to the back end. This framework enables the mobile application to use existing security systems, with credentials residing on the server, not the device. 4.6.1 When to use IBM MobileFirst Server Consider using the MobileFirst Server adapter framework for mobile integration with z Systems when you want to: Enable mobile developers to develop server side integration code in JavaScript or Java. Have access to a range of “out-of-the-box” adapters including support for HTTP, SAP, SQL, JMS and IBM Cast Iron® connectivity. Extend SOR integration to third-party mobile or web apps through open standards (for example, REST and OAuth). 36 IBM z Systems Integration Guide for the Mobile and API Economy Enable user, device and application security using an XML-based configuration framework Use the IBM MobileFirst push notification framework. For more information about the IBM MobileFirst Server, see the following web page: http://www.ibm.com/software/products/en/mobilefirstplatform 4.7 CICS mobile integration options CICS is used extensively for high-volume transaction processing. Because new mobile solutions are rarely deployed on a single IT system, reuse of CICS programs from mobile apps is a common requirement. This section introduces the CICS family provided integration solutions that are most likely to be used in mobile projects: CICS web services z/OS Connect for CICS CICS JSON web services JSON web services with CICS Transaction Gateway CICS Java applications in a Liberty JVM server 4.7.1 CICS web services Application programs running in CICS can participate in a heterogeneous web services environment as service requesters, service providers, or both. Figure 4-9 shows an outline of the web services support in CICS. Client Service requester application CICS TS SOAP/ HTTP CICS web service pipeline Service provider application Service requester application CICS web service pipeline Endpoint Service provider application Figure 4-9 CICS web services The runtime support for CICS web services includes a pipeline that defines a set of message handlers that act on a service request and response. A message handler is a program in which you can perform your own processing of web service requests and responses, for example, security processing. CICS support for web services conforms to open standards, including SOAP, WSDL, and a number of web services standards like WS-Security. CICS also supports sending and receiving SOAP messages using IBM MQ. CICS web services is a mature solution that has been widely adopted. Chapter 4. IBM z Systems mobile integration solutions 37 When to use CICS web services Consider using CICS web services for mobile integration when you want to: Reuse an existing CICS web services infrastructure. Manage conversion of JSON messages to SOAP messages in an intermediary gateway (rather than on the mainframe), for example, in an enterprise service bus (ESB). Implement a security model using WS-Security. 4.7.2 z/OS Connect for CICS The CICS embedded version of z/OS Connect is an alternative deployment model to running z/OS Connect inside WebSphere Liberty for z/OS. Figure 4-10 shows an overview of z/OS Connect for CICS. CICS TS Liberty JVM server Data Transform RESTful JSON z/OS Connect Servlet CICS Provider CICS program Interceptors server.xml Figure 4-10 z/OS Connect for CICS z/OS Connect for CICS is optimized for local access to CICS and uses standard CICS services. The z/OS Connect service provider makes use of the Java CICS (JCICS) interface for access to CICS programs. These programs might then access DB2 or VSAM data, or other external subsystems. When to use z/OS Connect for CICS Consider using z/OS Connect for CICS for mobile integration when you want to: Provide REST/JSON access to CICS programs. Simplify the service development process by making the CICS application team responsible for data transformation. Use the z/OS Connect interceptor framework for security access and audit control. Provide a CICS REST service discovery capability. Statement of Direction: IBM intends for a future release of CICS TS to provide support for z/OS Connect EE to enable it to execute embedded within CICS. 38 IBM z Systems Integration Guide for the Mobile and API Economy 4.7.3 CICS JSON web services CICS also supports the processing of JSON requests using a Java pipeline. The JSON transformation is performed within an Axis2 JVM server. Figure 4-11 shows an overview of the CICS JSON web services support. CICS TS Axis2 JVM server Data Transform Java pipeline RESTful JSON Application handler CICS program Message handlers Figure 4-11 CICS JSON web services This support is similar to the z/OS Connect capability, and it shares the same data transformation tools and deployment artifacts. However, several key differentiators exist: CICS support for JSON web services can be used for REST service provider and requester applications (that is, both inbound and outbound requests are supported). z/OS Connect is better integrated with IBM API Management. Important: The strategic solution for REST/JSON support in CICS is z/OS Connect. When to use CICS JSON web services Consider using CICS JSON web services for mobile integration when you want to: Enable a CICS JSON service requester application. For more information about CICS JSON web services, see Implementing IBM CICS JSON Web Services for Mobile Applications, SG24-8161: http://www.redbooks.ibm.com/abstracts/sg248161.html?Open Note: In earlier versions of CICS (prior to CICS TS V5.2), CICS JSON support was provided with the CICS TS Feature Pack for Mobile Extensions. 4.7.4 JSON web services with CICS Transaction Gateway CICS JSON web services can also be enabled by using the CICS Transaction Gateway (CICS TG). The JSON transformation is performed within the CICS TG daemon, and a channel or COMMAREA payload is then passed to the CICS program. Figure 4-12 on page 40 shows an overview of the CICS TG support for JSON web services. Chapter 4. IBM z Systems mobile integration solutions 39 CICS TS CICS TG CICS program Data Transform RESTful JSON Figure 4-12 JSON web services with CICS TG The CICS TG daemon may run on z/OS or one of a wide range of supported distributed platforms. When to use CICS JSON web services with CICS TG Consider using CICS JSON web services with CICS TG for mobile integration when you want to: Support REST services with older versions of CICS. Reuse an existing CICS TG infrastructure, for example, a set of cloned CICS TG daemons that enable high availability. For more information about CICS TG, see the following web page: http://www.ibm.com/software/products/en/cics-ctg 4.7.5 Java applications in a Liberty JVM server The Liberty profile is a lightweight web container for Java application development. The CICS Liberty JVM server supports a subset of the features that are available in the Liberty profile; you can run OSGi applications, EJBs, Java servlets, and JSP pages. To develop a RESTful service, your program can use the Java API for RESTful Web Services (JAX-RS). To develop a SOAP-based service, your program can use the Java API for XML Web Services (JAX-WS). The Java program can link to existing CICS programs written in one of the non-Java languages. Figure 4-13 shows an overview of this scenario. CICS TS Liberty JVM server RESTful JSON Java program SOAP JAX-RS JAX-WS Bespoke Data Transform Figure 4-13 Java application in Liberty JVM server 40 IBM z Systems Integration Guide for the Mobile and API Economy CICS program The custom Java application can make use of JZOS classes for data transformation and can connect to CICS programs outside of the JVM using the Java CICS (JCICS) interface. The JZOS Batch Toolkit for z/OS supplies a set of handy tools for Java on z/OS. Within these tools, JZOS supplies a RecordClassGenerator utility for COBOL language structures. This utility takes a sequential file as input and generates the serialization/deserialization Java bean class. When to use Java applications in a Liberty JVM server Consider using custom Java applications in a Liberty JVM server for mobile integration when you want to: Develop new Java-based business services in CICS. Have complete control over the application interface (REST or SOAP). Develop custom data transformations. Develop Java integration logic that reuses existing CICS programs. For more information about running Java applications in a Liberty JVM server, see IBM CICS and the JVM server: Developing and Deploying Java Applications, SG24-8038: http://www.redbooks.ibm.com/abstracts/sg248038.html?Open 4.8 IMS mobile integration options IMS provides a high-performance application and data server environment for core business transaction execution and data base access. This section introduces the IMS family integration solutions that are most likely to be used in mobile projects: IMS Enterprise Suite SOAP Gateway IMS Mobile Feature Pack 4.8.1 IMS Enterprise Suite SOAP Gateway Application programs running in IMS can participate in a heterogeneous web services environment as service requesters or service providers using the IMS SOAP Gateway. Figure 4-14 shows an overview of the SOAP Gateway. Client Service requester application Endpoint Service provider application SOAP/ HTTP IMS TM IMS SOAP Gateway SOAP/ HTTP IMS Connect XML Transform Service provider application Service requester application Figure 4-14 IMS SOAP Gateway The SOAP Gateway acts as the gateway between external web services and IMS applications. It serves as a web service server where IMS applications are enabled as web Chapter 4. IBM z Systems mobile integration solutions 41 services. The SOAP Gateway communicates with IMS through IMS Connect, the TCP/IP gateway for IMS. Messages between IMS Connect and the SOAP Gateway are transmitted in XML format. IMS Connect converts the XML data into bytes and passes the request to the IMS application. Web service consumer applications are also supported. The SOAP Gateway enables IMS applications to make synchronous or asynchronous callout requests to external web services. The SOAP Gateway may run on z/OS, Linux on z or a Windows platform. It conforms to open standards, including SOAP, WSDL and WS-Security. When to use IMS Enterprise Suite SOAP Gateway Consider using the IMS Enterprise Suite SOAP Gateway for mobile integration when you want to: Reuse an existing IMS web services infrastructure. Manage conversion of JSON messages to SOAP messages in an intermediary gateway (rather than on the mainframe), for example, in an ESB. Implement a security model using WS-Security. For more information about IMS SOAP Gateway, see the following web page. http://www.ibm.com/software/products/en/imsentesuitsoapgate 4.8.2 IMS Mobile Feature Pack The IMS Mobile Feature Pack leverages the z/OS Connect feature so that you can discover, model, enable, and publish REST services based on IMS assets. These services can be consumed by mobile and cloud applications, which can access IMS assets on z/OS in a secure and managed way. Figure 4-15 shows an overview of how the IMS Mobile Feature Pack is deployed. Liberty Profile for z/OS Data Transform RESTful JSON z/OS Connect Servlet IMS Provider IMS TM IMS Connect IMS program Interceptors server.xml Figure 4-15 IMS Mobile Feature Pack When a request comes in, z/OS Connect handles the user access control and then forwards the request to the IMS mobile service provider. The request message is converted from JSON to the native representation of the input message (for example, byte array or arrays for segments in COBOL and PL/I applications) by the data transformation module. The request then goes through the IMS Connect adapter module to interact with IMS Connect to access IMS programs running in IMS Transaction Manager (IMS TM). These programs might the access IMS DB, DB2, or other external subsystems. 42 IBM z Systems Integration Guide for the Mobile and API Economy Tooling support for the IMS Mobile Feature Pack for modeling, creating, testing, and managing services is provided by the IMS Explorer for Development in the IMS Enterprise Suite. When to use the IMS Mobile Feature Pack Consider using the IMS Mobile Feature Pack for mobile integration when you want to: Provide REST/JSON access to IMS programs. Simplify the service development process by using a tool-driven process and making the IMS application team responsible for data transformation. Use the z/OS Connect interceptor framework for security access and audit control. Provide an IMS REST service discovery capability. For more information about the IMS Mobile Feature Pack, see the following web page: http://www.ibm.com/software/data/ims/mobile.html Statement of Direction: IBM intends that a future release of IBM IMS Enterprise Suite will provide support for z/OS Connect Enterprise Edition. 4.9 DB2 z/OS mobile integration options The DB2 Accessories Suite for z/OS (V3.3) enables the DB2 Adapter for z/OS Connect and allows existing DB2 assets such as SQL and Stored Procedures to be exposed as REST services. Figure 4-16 shows an overview of the DB2 Adapter for z/OS Connect. Liberty Profile for z/OS Data Transform RESTful JSON z/OS Connect Servlet SQL DB2 Provider Interceptors Stored procedure call DB2 for z/OS server.xml Figure 4-16 DB2 Adapter for z/OS Connect The DB2 Adapter for z/OS Connect provides a fast, dynamic, scalable, and secure solution for you to interact with protected DB2 assets through REST services in JSON data format. It leverages the IBM Data Studio for tooling support. Data Studio can create, deploy, or remove DB2 Adapter for z/OS services. The DB2 Adapter for z/OS Connect is capable of performing data conversion from JSON payload to the input of SQL or stored procedures and generates JSON payload from SQL and stored procedures results as output. Chapter 4. IBM z Systems mobile integration solutions 43 4.9.1 When to use the DB2 Adapter for z/OS Connect Consider using the DB2 Adapter for z/OS Connect for mobile integration when you want to: Simplify the deployment of mobile or cloud-based applications that require access to their mission-critical DB2 for z/OS assets. Use the z/OS Connect interceptor framework for security access and audit control. Provide a DB2 REST service discovery capability. Statement of Direction: IBM intends to support z/OS Connect EE V2.0 with DB2, and to provide DB2 RESTful API support that is fully integrated into the DB2 for z/OS Distributed Data Facility. 4.10 IBM MessageSight IBM MessageSight is an edge-of-network appliance that is designed to handle the massive volumes of connections associated with Internet of Things (IoT) and mobile environments. It provides a secure, DMZ-ready channel for lightweight, rapid, bidirectional messaging, based on the MQTT protocol. IBM MessageSight offers the following functions: Designed to operate in a DMZ, its appliance form factor means that it has restricted access with no user level operating system. Provides mechanisms for assured message delivery. Supports native mobile application development with developer-friendly APIs. Extends and connects to Java Message Service (JMS) providers, such as IBM MQ and WebSphere Application Server. Provides extremely high throughput, typically over one million concurrent connections, for persistent and non-persistent messages. Figure 4-17 shows an example mobile integration scenario enabled by IBM MessageSight. MQTT MQTT MessageSight JSON/ JMS Publish/Subscribe endpoint IIB Generate Topic CICS XML/MQ MQ IMS MQTT Mobile apps Figure 4-17 IBM MessageSight Appliance In Figure 4-17, an SOR application running in CICS or IMS initiates an event by putting an XML message on a queue. The message is read by IBM Integration Bus (IIB), transformed to JSON and a topic is generated. The topic is read by IBM MessageSight and then consumed by each of the subscribed mobile apps by using the MQTT protocol. 44 IBM z Systems Integration Guide for the Mobile and API Economy 4.10.1 When to use IBM MessageSight Consider using MessageSight for mobile or Internet of Things connectivity when you want to: Concentrate millions of MQTT requests. Enable bidirectional messaging connectivity to mobile devices. Fan out messages to multiple devices using a publish/subscribe pattern. For more information about IBM MessageSight, see the following web page: http://www.ibm.com/software/products/en/messagesight Chapter 4. IBM z Systems mobile integration solutions 45 46 IBM z Systems Integration Guide for the Mobile and API Economy 5 Chapter 5. Real-world scenarios This chapter summarizes five scenarios that integrate mobile apps with mainframe applications. Each scenario describes the project context, including business drivers and solution goals, and the key decision factors used for deciding on the most appropriate mainframe integration solution. We describe the solution architecture and conclude with the next steps the organization is pursuing at the time of publication. The examples in this chapter describe the following integration scenarios: Web service enablement Web service reuse REST service enablement Mobile Enterprise Application Platform API Management © Copyright IBM Corp. 2015. All rights reserved. 47 5.1 Web service enablement This scenario focuses on the enablement of CICS web services, which are consumed (indirectly) by mobile and other clients. 5.1.1 Introduction Many banks have embarked on a core banking transformation strategy to gain flexibility and reduce cost. A service-oriented architecture (SOA) is normally the preferred architecture because it facilitates maximum reuse of existing assets. After services are created, application developers (including mobile app developers) can more easily access the core banking services. Bank A uses a mainframe-based multi-channel core banking package that provides functions like transaction accounts, loans, mortgages, and payments. In the past, these transactions were tightly integrated with other business applications, where the transactions were invoked directly using connector and messaging technologies. With the new business drivers, such as enablement of mobile applications for better engagement with customers, and API economy for enabling partners to reach new markets and customers, Bank A wants to leverage its existing core banking application to create a new set of APIs. The Bank A business team knows that an increased mobile and device application presence will enhance the brand image and increase customer satisfaction. The goal is to be seen as an innovative bank that engages with its customers and partners in new ways, for example, through hackathons. The initial step for Bank A is to create a more flexible interface to the CICS core banking applications. These are the key questions to be addressed in this project: Which service enablement architecture should be used (REST or SOAP/XML-based web services)? Which CICS service enablement solution should be implemented? 5.1.2 Key decision factors Bank A considered several factors when deciding how to service-enable the CICS core banking application, but the primary factors were solution maturity and solution adoption. The key decision factors are reviewed next. Mainframe application interface The core banking functions expose a COMMAREA interface based on the package proprietary data protocol. With the existing CICS integration solutions, knowledge of this interface is required by the developers who are developing channel enablement applications. The new solution should provide tooling for service creation and a way to define and exchange well-defined service and message protocols. Existing application integration infrastructure The core banking application currently runs on CICS TS V4.2 and DB2 V10. The target solution must support the existing CICS version. 48 IBM z Systems Integration Guide for the Mobile and API Economy The existing application integration architecture includes an application server that is used for channel applications and an enterprise service bus (ESB) that is used for service composition. The target solution must be compatible with the existing integration architecture. Mobile app integration requirements Mobile apps that are used by Bank A clients use a REST interface and JSON payload to access core banking functions. Other applications also use a REST interface but many of the vendor packages that are used by the bank today support only a web service (SOAP) interface. An eventual goal is to develop a services catalog (REST and SOAP) and developer portal that will support Bank A developers and third parties. Non-functional requirements These are the main non-functional requirements of the project: Minimize risks The core banking application is a critical application that is used at high volume (peak transaction rate of 500 TPS). An essential project requirement is to be able to implement new mobile apps in a nondisruptive way. The business-critical core banking services must be available at all times. The infrastructure must be able to support continuous service availability across planned and unplanned outages. Optimize performance and scalability The solution must be optimized and must meet the performance and scalability expectations of Bank A. Security The solution must offer a range of security solutions based on open standards, and be protected against denial-of-service attacks. Bank A also wants to implement a service enablement solution that has been widely adopted in the banking industry. Chapter 5. Real-world scenarios 49 5.1.3 Solution architecture Bank A has chosen to implement a solution based on SOAP web services (Figure 5-1) because CICS web services is a mature solution that is widely deployed in the finance industry. Other channels SOAP/HTTP z/OS XML/MQ Other Web REST Gateway Application Server XML/MQ SOAP/HTTP SOAP/HTTP Enterprise Service Bus CICS JSON/REST z Systems Mobile Figure 5-1 Web service enablement The major components of the solution are briefly described next. CICS web services Core banking functions are exposed as web services for the following reasons: The web services specification offers a mature standard for service definition and a range of additional specifications like WS-Security. The CICS native web services support is a mature solution with a large deployment base. CICS web services are supported with CICS TS V4.2 and require only traditional CICS systems programming skills to implement. Enterprise service bus (ESB) An ESB is used for routing and protocol conversion. Application server The channel applications are exposed as XML-based services. REST Gateway The “homegrown” REST gateway converts REST/JSON requests that come from mobile and web clients to XML/MQ or SOAP/HTTP. 5.1.4 What’s next Bank A is currently rolling out the first wave of CICS web services, which are (indirectly) consumed by mobile apps. Future plans include the deployment of IBM DataPower for additional security capabilities, and a project has been initiated to replace the homegrown REST gateway with an API Management solution to improve service management and governance. 50 IBM z Systems Integration Guide for the Mobile and API Economy 5.2 Web service reuse This scenario focuses on the RESTful service enablement of a CICS/ DB2 application to improve integration efficiency between their digital channels services and the core Customer System on z/OS. In this scenario, reuse is made of the existing connectivity and integration architecture, which is based upon IBM MQ, CICS web services, IBM Integration Bus and IBM DataPower. 5.2.1 Introduction Bank B is a large national retail and commercial bank, offering a comprehensive set of banking, credit, and insurance services. The bank’s core Customer System is a CICS/DB2 z/OS application, largely developed in COBOL. This system is accessed through multiple routes, including MQ, web services and file transfer. Several integration layers sit between the bank's WebSphere Application Serving mid-tier and the Customer System. These include IBM Integration Bus, DataPower, and CICS Transaction Gateway. These layers support the traditional branch and call applications, and also the bank’s new digital platforms. To increase agility, improve efficiency and simplify the layers of integration, Bank B plans to rationalize the number of existing access points into CICS/DB2 from a little under a thousand discrete services today, to fewer than 150 over the next 18 months. To achieve this, the bank intends to establish a set of REST APIs through which all core services can be invoked. The bank is interested in exploiting JSON payloads because it avoids some of the more rigorous data coupling characteristics associated with more strongly typed data payloads, such as XML. As an example, if a new field is added to an XML payload, by a service provider, all consumers must then adhere to the news scheme. By contrast, the equivalent service provider change to a JSON payload would simply be ignored by the consuming applications. This decoupling of data payloads is attractive to Bank B. Bank B exploits a number of technologies in production, which can satisfy the bank’s requirement to expose the Customer System as a set of REST APIs. The question to be addressed by this project is which of the following options is the most appropriate to REST-enable the bank’s CICS/DB2 Customer System? IBM Integration Bus IBM DataPower Gateway z/OS Connect 5.2.2 Key decision factors Bank B considered a number of factors when deciding how to REST-enable the Customer System, however the bank’s primary drivers were to reduce the number of existing interfaces and exploit REST API interfaces with JSON data payloads. The key decision factors are reviewed next. Mainframe application interface Today, the Customer System is exposed through multiple connectivity options: IBM MQ, CICS web services, and CICS Transaction Gateway. The decision for which connectivity option is adopted largely depends on which channel or business silo is undertaking the development. Chapter 5. Real-world scenarios 51 The new solution should enable the Customer System to be invoked in a standard way, irrespective of the application language, location (on-premises or cloud-based application), or data model employed by the calling application. Existing application integration infrastructure The Customer System is based on CICS TS V4.2 and DB2 V10. The target solution must support these software versions; however Bank B is keen to use new functions as early as possible, as the bank moves through its upgrade cycle. The existing application integration architecture uses IBM MQ V6.0, WebSphere Message Broker v6.1 (precursor to IBM Integration Bus), CICS Transaction Gateway V6.1 and DataPower XI50 appliances. The target solution should reuse, where possible, the existing investments made in technology and architecture designs. Mobile app integration requirements The mobile services offered to Bank B’s consumers are available as an app iOS and Android users, also through a mobile web interface to both mobile OS users. Both the mobile and web apps access REST/JSON services through the bank’s digital platform, consisting of outward-facing DataPower security gateways, and mid-tier WebSphere Application Servers. This mid-tier then calls the Customer System via web services to DataPower, and then MQ to WebSphere Message Broker, which can aggregate multiple calls to the Customer System. The mobile app will continue to access the Customer System in a similar manner, however through a subset of the existing interfaces and, where possible, with a shorter path length to the underlying CICS subsystem. Non-functional requirements The primary non-functional requirements in this project are all related in some way to simplification, and can be categorized as follows: Simplification through fewer interfaces A critical objective is to reduce the current thousand existing interfaces down to a few dozen. This can be achieved in part by retiring duplicated interfaces and non-shared interfaces across multiple business silos. Performance and Scale Today, multiple connectivity and integration layers are in place to link the bank’s digital platforms to the Customer Systems, resulting in high latency and poor performance for mobile users. Security and Management The bank’s stringent security requirements mandate that any changes to integration designs must not reduce the security protocols associated with access to the Customer System. Indeed, a by-product of the reduced number of interfaces and simplification of integration layers is that the management and controls necessary to secure the Customer System are significantly reduced. This is similarly true for fault identification and resolution of the end-to-end service for mobile-to-Customer System. 52 IBM z Systems Integration Guide for the Mobile and API Economy 5.2.3 Solution architecture Bank B has chosen to adopt a solution based on the reuse of the existing DataPower appliances to provide a RESTful API interface across all channel application teams within the bank. The DataPower appliances, acting as a gateway between the WebSphere Application Server mid-tier and the mainframe, convert the REST APIs and invoke the Customer System using the existing CICS web service interface. This was considered to be the fastest way to expose REST APIs, while meeting the non-functional requirements. The solution is shown in Figure 5-2. Assorted service consumers Call Center / Branches z/OS Linux on Z Other Web IBM DataPower Gateway WebSphere Application Server IBM Integration Bus CICS IBM MQ SOAP/HTTP IBM DataPower Gateway Mobile JSON/REST z Systems Figure 5-2 Web service reuse The major components of the solution are briefly described next. IBM DataPower Gateway In this scenario, DataPower is positioned in two places: at the edge of the network, acting as a security appliance; and internally within the network, acting as a combined security enforcement point and integration appliance. The latter appliance is relevant to this discussion, because it performs the following functions: Data conversion between the inbound JSON to XML/SOAP payloads Request mapping from the inbound REST call to the appropriate CICS web service WebSphere Application Server WebSphere Application Server provides Java hosting for presentation and business logic that is tailored for each inbound channel. It accesses data from the Customer System through DataPower and IBM Integration Bus. IBM Integration Bus Where appropriate for the calling service, IBM Integration Bus provides additional levels of service aggregation and orchestration. For the purposes of this project, direct access to single, CICS-based services was largely sufficient to satisfy the requirements of the each of the channels platform team. Chapter 5. Real-world scenarios 53 5.2.4 What’s next Bank B is currently in the process of creating the REST/JSON service mappings to the CICS web services in the Customer System in DataPower. This gives the bank the speed and flexibility to establish a foundation that the bank can settle upon as its reduced set of core services. In parallel to this decision, the Customer System team made the decision to further explore the use of z/OS Connect as a mechanism to publicize and directly REST-enable the CICS application. The team sees RESTful APIs as a necessary interface for any major system within the bank. 5.3 REST service enablement This scenario focuses on the REST service enablement of IMS using z/OS Connect to support emerging mobile and digital channels. 5.3.1 Introduction Bank C is a mid-sized retail bank offering financial services to individuals and corporate clients. The bank’s core banking systems are “homegrown” applications developed in COBOL and Java and hosted predominantly in IMS, DB2 z/OS and WebSphere Application Server z/OS. In addition, further applications are hosted within CICS environments. These banking systems are all accessed using IBM MQ, which provides a reliable, request/response messaging model. This access method supports all existing channels across the bank, including branch, call center, Internet and, more recently, the bank’s smartphone and tablet banking apps. With the increasing need to respond quickly to regulatory changes, coupled with the expectation from lines of business that new offerings be delivered in weeks not months, there is great interest in the promise of the API economy to provide this agility. Some of the attractive features of this API-based approach are as follows: Self-service and discovery of services Standardized interfaces, based on REST over HTTP/S JSON payloads for flexible data representation To exploit this agility, Bank C is developing an enterprise-wide API framework to expose core services and data, both internally and with partner organizations. Bank C wants to surface its existing core banking systems in IMS, through a REST service interface. The objective is to unburden the bank’s development and partner communities from custom protocols and the details of the underlying implementation. Longer term, the intention is to manage access to a suite of APIs from which new applications can be created. The initial step for Bank C is to determine how best to surface its IMS core banking systems through a REST interface. The key question to be addressed in this project is this one: Which REST service enablement technology should be adopted: IBM DataPower Gateway or z/OS Connect? 54 IBM z Systems Integration Guide for the Mobile and API Economy 5.3.2 Key decision factors Bank C considered a number of factors when deciding how to REST-enable the IMS core banking application, but the primary factor was to use a common solution for all z Systems subsystems that would enable the bank to participate in an API framework. The key decision factors are reviewed next. Mainframe application interface At present, the core banking functions are exposed through a set of MQ queues, messages from which are read by the IMS application. Developers creating new applications must have knowledge of both the COBOL COPYBOOK data structure and details of the target MQ queues. The new solution should enable the service to be invoked as a REST API and, where relevant, allow the developer to discover all details of the service necessary to successfully invoke the IMS application. Existing application integration infrastructure The core banking application currently runs on IMS TS V10 and DB2 V10. The target solution must support the existing IMS and DB2 versions. The existing application integration architecture exploits IBM MQ V7.1 to provide a reliable and scalable pseudo-synchronous messaging service. However, the target solution does not need to rely on the existing messaging backbone. Mobile app integration requirements At present, Bank C’s mobile and tablet banking apps use a REST/JSON to access the bank’s core systems. All mobile requests are directed to a set of dedicated channel-specific WebSphere Application Servers, which perform a presentation-layer function before invoking the IMS core banking system through MQ. In the future, the presentation tier will be able to access enterprise-wide services through an API framework, in which services will be exposed through an API management layer. Application developers will have the option of consuming the new REST APIs or reusing the existing MQ backbone. Non-functional requirements The main non-functional requirements of the project are as follows: Improve agility Bank C is adopting REST-based JSON APIs in order to deliver services more quickly. The bank sees this as a way to enable developers and partners to self-discover and consume existing services. Moreover adopting the use of JSON payloads enables a decoupling of the data structures between requester and provider applications. Adopt a common integration architecture As the bank proceeds with its enterprise-wide API framework, it wants to consume a standardized set of APIs, irrespective of the underlying service provider. As such, the bank requires mainframe services to be consumed through the same REST API model. In addition, the longer-term aspiration is to be able to surface all mainframe applications through a common API mechanism, to reuse tools and skills. Chapter 5. Real-world scenarios 55 Security A by-product of offering discoverable services is that, if left uncontrolled, any individual with access to the IP address can identify and invoke these services. A key non-functional requirement is to be able to control which groups and individuals have access to different sets of services. This control includes the type of access, for instance some individuals might simply have discover-only access, but others can invoke the service. Performance and scale The solution should offer a low-latency, high throughput connectivity service to mainframe applications. At no time should the solution introduce bottlenecks or delays, particularly during the peak banking hours. 5.3.3 Solution architecture Bank C has chosen to implement a solution based on z/OS Connect (Figure 5-3) because this solution provides a unified REST/JSON interface and enables service. Mobile JSON/REST REST Gateway JSON/ REST Application Server z/OS z/OS Connect MQ Web IMS HTTP Gateway Application Server MQ MQ HTTP Other z Systems Other channels Figure 5-3 REST service enablement The major components of the solution are briefly described next. z/OS Connect Core banking services are exposed through z/OS Connect V1 for the following reasons: Application developers can discover services. It provides a common solution for IMS today and, in future, the WebSphere Application Server for z/OS, DB2 z/OS and CICS subsystems. Tooling for data transformation is available with the IMS Explorer. Security capabilities including authentication, authorization and audit. Application server The channel applications are exposed as both MQ and REST-based services. HTTP and REST Gateways The inbound HTTP and REST gateways act as channel aggregation points for each of the different channels entering the bank’s network. 56 IBM z Systems Integration Guide for the Mobile and API Economy 5.3.4 What’s next The first REST services are being rolled out in a pilot phase, fulfilling a balance-enquiry function from the IMS subsystem. In the near future, this will be extended to include amendment functions which support account transfers and payments. Longer term, REST APIs will be exposed through z/OS Connect EE V2.0 and will be consumed as part of the bank’s enterprise-wide API Management framework. 5.4 Mobile Enterprise Application Platform This scenario focuses on the implementation of IBM MobileFirst Server and reuse of an existing CICS warehouse management application. 5.4.1 Introduction Retailer A is one of the largest global retailers, operating stores and online in 12 countries around the world. The supply chain, logistics, and warehouse management systems are in-house-developed COBOL and PL/1 applications hosted in CICS, IMS, and DB2 z/OS. These systems are predominantly accessed by “green screen” terminals from stores, warehouses and regional offices in each of their operating countries. A significant competitive differentiator for the retailer is the optimization of the supply chain. The ability to efficiently source, warehouse and transport produce from supplier to consumer is an important competitive differentiator. All of the information relating to the performance of Retailer A’s warehouses is managed by a CICS Warehouse Management Solution (WMS). To deploy the warehouse team most effectively, the warehouse manager must regularly access WMS. This procedure requires the warehouse manager to regularly return to a single place in a vast warehouse to access a 3270 terminal. The retailer decided that a better approach might be for this information to be available to warehouse managers on a mobile device wherever they are in the warehouse. These key questions are to be addressed in this project: What is the most expedient method for mobile enabling WMS? What mobile technology should be used for developing the app and hosting the app in an enterprise app store? 5.4.2 Key decision factors Retailer A considered a number of ways to mobile-enable the CICS WMS application, but the primary factors were to implement a solution quickly, with no additional software components deployed to z/OS and with zero outages to WMS. The key decision factors are reviewed next. Mainframe application interface At present, WMS functions are exposed through a comprehensive set of green screen menus that are accessed from a 3270 terminal in each of the warehouses. The new mobile tablet solution should not offer the same menu of functions, but rather should focus on the most commonly used functions. Chapter 5. Real-world scenarios 57 Existing application integration infrastructure WMS currently runs on CICS TS V4.1 and DB2 V10. The target solution must support these same versions. Until now, WMS has been accessed through only a 3270 interface. Mobile app integration requirements Retailer A has not previously deployed any mobile apps that access its CICS applications. For this project, the following options were considered: CICS TS Feature Pack for Mobile Extensions z/OS Connect Web Services IBM MobileFirst adapter Non-functional requirements These are the main non-functional requirements of the project: Speed of deployment The new mobile service must be deployed as quickly as possible. The objective is to create and deliver a pilot mobile app within a few weeks, during a change freeze. Zero disruption to warehouse management services WMS operates 24x7 and, during the change freeze, it is not allowed to make significant changes to the system. Security Warehouse managers log in to WMS using their SAF-based user ID and password. Authentication with the mobile app must be done by using the same credentials. 5.4.3 Solution architecture Retailer A does not want to exploit features in the CICS Web Interface 3270 bridge (Web 3270 bridge), which allows the company to quickly and efficiently expose the green screen menus as a set of HTML pages. This solution requires minimal changes to the CICS infrastructure. IBM MobileFirst Platform Foundation on Linux on z Systems is used for the flexible adapter framework and the integrated app store. A summary of the solution architecture is shown in Figure 5-4 on page 59. 58 IBM z Systems Integration Guide for the Mobile and API Economy z/OS Linux on z Web 3270 bridge JSON/REST Mobile MobileFirst Server Adapter HT TP CICS 3270 Terminal z Systems Figure 5-4 Mobile Enterprise Application Platform with IBM MobileFirst Platform Foundation The major components of the solution are briefly described next. IBM MobileFirst Platform Foundation This technology was employed for several reasons, including to do these tasks: Create the mobile app for multiple devices. Rather than create custom apps for iOS and Android tablets, a hybrid app is created using the IBM MobileFirst Studio, for which the application code is 100% reusable across iOS and Android devices. Create HTTP adapters that invoke the Web 3270 bridge. Adapters are developed using IBM MobileFirst Studio and deployed in an IBM MobileFirst Server. An adapter processes a message from a mobile device as follows: – The adapter transforms the JSON request message from a mobile device into a request for the Web 3270 bridge. – The adapter sends the request to CICS in an HTTP request. – CICS starts the user application (the target 3270 transaction) running in a bridge environment. – The response message is returned to the adapter. – The adapter transforms the response into a JSON message that is returned to the mobile device. Simplify the mobile user interface. In many cases, navigating the complex green screen menu system from a tablet was impractical and so IBM MobileFirst adapter was used to aggregate multiple requests to the CICS application, and then present a much reduced set of pages to the mobile app. Web 3270 Bridge The Web 3270 bridge provides an interface so that you can run 3270-based CICS transactions without a 3270 terminal. The 3270 terminal and user are replaced by an application program (in this case an IBM MobileFirst adapter). Chapter 5. Real-world scenarios 59 5.4.4 What’s next Exploitation of the Web 3270 bridge is a tactical solution delivering a mobile interface into CICS quickly and with zero impact on the application or CICS infrastructure. However, although expedient, this approach is inflexible because each time a change is made to one of the green screen menus, the IBM MobileFirst adapters must also be changed. Longer term, other connectivity options will be explored for integrating the CICS application, specifically z/OS Connect Enterprise Edition V2.0 and web services. 5.5 API Management This scenario focuses on establishing a managed API framework that allows developers, both internally and externally, to discover and securely consume business services available in the organization. 5.5.1 Introduction Bank D is a boutique retail bank, offering a custom suite of retail and business banking and credit card services. Its modern core banking systems are based on CICS/DB2 applications, developed in COBOL and Java. Multiple access points exist to these systems, for example using IBM MQ and web services; however the predominant access method for new applications is through REST services. In recent years, the bank has made significant investment in its digital channels, supporting new web and mobile application services. Bank D has placed customer service as its top priority to encourage growth and has invested in new tablet applications for staff. These mobile services need to access the core banking systems, a Master Data Management (MDM) system and a business rules engine. A new mobile application is being planned that will enable the bank’s small business advisors to offer tailored financial products to customers in real time. The mobile app will allow an advisor to meet with clients at their place of business, retrieve customer profile and financial data, and be advised of what financial products to offer the client. Bank D is also under pressure to respond to regulatory change and new business requirements. Under a new regulatory directive, the bank will need to offer secure access to its payments systems to third-party payments providers. Based on the needs to deliver new mobile services quickly, and to comply with new regulations, Bank D wants to enable a set of enterprise-wide APIs. The intention is to improve agility and speed to market of new financial products by empowering the bank’s own development community; and also to offer a subset of APIs to the bank’s partner community in order to extend into a wider array of markets. The key decision to address in this project is how to enable an enterprise-wide API framework that supports these items: 60 Development and creation of APIs Self-discovery of APIs Robust security and traffic shaping Re-use of existing internal services Insight into the consumption of APIs IBM z Systems Integration Guide for the Mobile and API Economy 5.5.2 Key decision factors Bank D considered a number of factors when deciding how to deploy and manage APIs but these were the primary factors: To simplify the reuse of existing mainframe applications and data from internal and external clients. The governance (access control, management and monitoring) of the published APIs. Mainframe application interface Currently Bank D uses many different interfaces to the z/OS based applications. The requirement is to define a set of reusable APIs to increase speed of mobile app development, and improve integration with cloud-based applications and interoperability with third parties. Existing application integration infrastructure The core banking systems, including the Accounts and Customer applications run on CICS TS V5.2 and DB2 V10. The IBM Master Data Management (MDM) solution provides a comprehensive and searchable view of customer data, and Operational Decision Management (ODM) is used for processing business rules (for instance to determine the level of risk in extending a loan at a given rate of interest). Most core systems are already service-enabled as SOAP or REST services. The core banking services have in the past been exposed as SOAP services, and more recently the commonly called services, like balance inquiry and posting inquiry, have been REST-enabled using z/OS Connect. In other cases, for example the Cards Management System (CMS), applications are accessed as REST services though a Java JAX-RS layer deployed in a WebSphere Liberty server. The IBM DataPower Gateway is used today as a security gateway, for example, to protect against denial of service attacks and to authenticate client requests. Mobile app integration requirements The new mobile app is a native iOS app that is provided to bank advisors on company-owned Apple iPads. The app must display real-time client financial data, compare the financials against other similar businesses located in the same area, and allow the bank advisor to apply for a line of credit while at the client’s workplace. The app must securely integrate with several mainframe applications through a set of APIs, as in these examples: listClients Retrieve information about clients based on a set of filters, including type of business and geographic location. viewClientProfile View the client profile, including address, accounts, credit cards, outstanding loans and cash flow. listTransactions List the transaction history of the client. getCreditRating Get a credit rating. Chapter 5. Real-world scenarios 61 Non-functional requirements These are the main non-functional requirements of the project: Speed of deployment The mobile solution must be deployed quickly in order to gain a competitive advantage over other banks that offer similar small business financial services. Security All personal and financial data must be stored on the mainframe and encrypted in transit. 24/7 availability As the new primary way to engage small businesses, the new mobile solution must be available at all times. API lifecycle The creation, deployment, and discovery of APIs must support versioning and be simple to implement. Management and monitoring The solution must provide the operational metrics and analytics capability to be able to monitor API usage and manage the traffic demand when APIs are experiencing peak loads. 5.5.3 Solution architecture Bank D has chosen to adopt a solution based on IBM API Management because it meets the following key requirements: API enablement of both REST and SOAP-based mainframe services Governance of APIs shared across multiple channels Reuse of an existing security integration architecture based on IBM DataPower IBM API Management supports the set of REST APIs used by the bank advisor mobile app, and will be used in the future for hybrid cloud and partner integration. The solution in Figure 5-5 shows an example set of deployed APIs. API Management Linux on z z/OS CMS Mobile JSON/REST Cloud based apps WebSphere Liberty Server IBM DataPower Gateway listClients viewClientProfile listTransactions getCreditRating etc. CICS Accounts z/OS Connect JSON/REST CICS Loans Business Rules SOAP/HTTP JSON/REST Third Party Providers Master Data Management DB2 z Systems Figure 5-5 API enablement of core systems The major components of the solution are briefly described next. 62 IBM z Systems Integration Guide for the Mobile and API Economy z/OS Connect z/OS Connect V1 provides a REST interface to the CICS Accounts and Loans applications. These services are used by the viewClientProfile and listTransactions APIs. Business Rules IBM Operation Decision Management (ODM) provides a SOAP interface that is used by the getCreditRating API to calculate a risk score for a client. IBM Master Data Management (MDM) MDM contains customer profile information that is used by the listClients, viewClientProfile and listTransactions APIs. WebSphere Liberty A WebSphere Liberty server provides a REST interface to a Cards Management System (CMS) that is used by the viewClientProfile API. IBM DataPower Gateway IBM DataPower Gateway is used as a security gateway and provides a secure and highly available runtime for the deployed APIs. API Management The IBM API Management is used to manage the API lifecycle, to create new API versions, and to revert to prior versions when required. A developer portal is used to communicate information about the APIs, such as the API’s interface, API documentation, and code samples. This information allows the developers to test and try the APIs. 5.5.4 What’s next Bank D is in the process of establishing an API framework that will be called from mobile apps, including the bank advisor app. The bank will deploy z/OS Connect EE V2.0 to take advantage of the workstation-based tooling and Swagger 2.0 support, which the bank chose as the standard for API descriptions. There is recognition in the bank that the API framework can easily be extended to support upcoming regulations that require the bank to provide more open access to certain services, for example, to allow third parties to initiate payments. At this time, Bank D is also investigating the use of StrongLoop technologies to create new APIs based on a JavaScript framework. The bank sees StrongLoop advancing the speed with which the bank can create new APIs to then be governed by API Management, plus the enterprise support for Node.js as a necessity for the emerging skillset in the API world. Chapter 5. Real-world scenarios 63 64 IBM z Systems Integration Guide for the Mobile and API Economy 6 Chapter 6. Summary This chapter summarizes the integration architectures that can be used in mobile projects and compares the main mobile integrations solutions that are discussed in this paper. This chapter describes the following topics: Common integration architectures Mobile integration solutions © Copyright IBM Corp. 2015. All rights reserved. 65 6.1 Common integration architectures The mainframe supports a number of integration architectures that can be used in mobile projects. Table 6-1 compares the mobile integration architectures discussed in this paper. Table 6-1 Common integration architectures Integration architectures Description When to use APIs and API management Architecture for creating, assembling, managing, securing, and socializing web APIs. Use when business functions need to be discoverable and need a high degree of operational governance. Web services Service-oriented architecture based on standards like SOAP, XML, and Web services (WS.*) specifications. Not normally used by mobile app itself. Use when solution requires application integration between different service types and platforms, and XML is the predominant data payload. REST Resource-oriented architecture based on HTTP URL and verbs, and JSON. De facto standard for mobile, web, and cloud applications. JSON payloads are less brittle to application changes. Messaging Asynchronous transport mechanism. Exploit when app uses MQTT and for publish/subscribe applications, or when reusing existing messaging infrastructure. Use when assured delivery is required. 66 IBM z Systems Integration Guide for the Mobile and API Economy 6.2 Mobile integration solutions The mainframe provides a number of mobile integration solutions. Table 6-2 compares the main mobile integration solutions discussed in this paper. Note: For summary guidance about mobile integration solutions that are specific to the CICS, IMS, and DB2 subsystems, see Chapter 4, “IBM z Systems mobile integration solutions” on page 25. Table 6-2 Mobile integration solutions Integration solutions Description When to use z/OS Connect V1 WebSphere Liberty feature that enables REST interface to mainframe services and builds on existing connector technologies. Use to enable unified REST interface and interoperability with z/OS security and monitoring services (for example, RACF and SMF). Use when you want to avoid multiple data transformations (that is, REST/JSON used as message format from the mobile to the mainframe). z/OS Connect EE V2.0 Extends the support available with z/OS Connect V1. Includes tooling for API creation and deployment. Use when requiring workstation-based tooling for creation of RESTful APIs based on z/OS assets. Use to enable discovery of defined APIs based on Swagger 2.0 standard. IBM API Management Helps with managing the full lifecycle of creating, publishing and governing web APIs. Use to extend the value of mainframe and other assets by socializing SOAP or REST APIs to developers, and providing controlled access. IBM StrongLoop Helps with creating APIs from existing and aggregated services, based on a Node.js framework. Use to rapidly create APIs that re-use and aggregate mainframe services and other assets. APIs created here can subsequently be governed by API Management. IBM DataPower Gateway SOA and mobile security gateway. Use for securing mobile access to mainframe, and as deployment runtime for APIs. IBM Integration Bus ESB with comprehensive support for any-to-any transformation. Use for complex integration requirements, service aggregation, and industry-standard message formats. IBM MobileFirst Platform Comprehensive mobile enterprise application platform, including flexible adapter framework. Use to develop server side mobile integration code in JavaScript or Java. Use for push notifications. IBM MessageSight Appliance for handling large volume of connections from IoT or mobile devices. Use to enable bidirectional messaging connectivity to mobile devices. Use to deploy a publish/subscribe pattern. Chapter 6. Summary 67 68 IBM z Systems Integration Guide for the Mobile and API Economy Related publications The publications listed in this section are considered particularly suitable for a more detailed discussion of the topics covered in this paper. IBM Redbooks The following IBM Redbooks publications provide additional information about the topic in this document. Note that some publications referenced in this list might be available in softcopy only. CICS and SOA: Architecture and Integration Choices, SG24-5466 IBM CICS and the JVM server: Developing and Deploying Java Applications, SG24-8038 IBM System z in a Mobile World: Providing Secure and Timely Mobile Access to the Mainframe, SG24-8215 Implementing IBM CICS JSON Web Services for Mobile Applications, SG24-8161 IMS Integration and Connectivity Across the Enterprise, SG24-8174 The Power of the API Economy: Stimulate Innovation, Increase Productivity, Develop New Channels, and Reach New Markets, REDP-5096 You can search for, view, download or order these documents and other Redbooks, Redpapers, Web Docs, draft and additional materials, at the following website: ibm.com/redbooks Online resources These websites are also relevant as further information sources: Digital transformation: Creating new business models where digital meets physical. 2011: http://www.ibm.com/services/us/gbs/thoughtleadership/ibv-digital-transformation.html Digital reinvention: Preparing for a very different tomorrow. 2013: http://www.ibm.com/services/us/gbs/thoughtleadership/digitalreinvention/ Swagger: http://swagger.io/specification Liberty Profile z/OS Connect Quick Start Guide and Exploration of z/OS Connect Functions: http://www.ibm.com/support/docview.wss?uid=tss1wp102439&aid=7 StrongLoop: http://strongloop.com/ IBM API Management: http://www.ibm.com/software/products/en/api-management © Copyright IBM Corp. 2015. All rights reserved. 69 IBM DataPower Gateway: http://www.ibm.com/software/products/en/datapower-gateway IBM Integration Bus: http://www.ibm.com/software/products/en/ibm-integration-bus IBM MobileFirst Platform: http://www.ibm.com/software/products/en/mobilefirstplatform CICS TG: http://www.ibm.com/software/products/en/cics-ctg IMS SOAP Gateway: http://www.ibm.com/software/products/en/imsentesuitsoapgate IMS Mobile Feature Pack: http://www.ibm.com/software/data/ims/mobile.html IBM MessageSight: http://www.ibm.com/software/products/en/messagesight Help from IBM IBM Support and downloads ibm.com/support IBM Global Services ibm.com/services 70 IBM z Systems Integration Guide for the Mobile and API Economy Back cover REDP-5319-00 ISBN 0738454788 Printed in U.S.A. ibm.com/redbooks