Encryption, speed push the modern mainframe into the future



The CICS mainframe program leans toward cloud, DevOps with TS 5.3

The latest update for the CICS mainframe program comes via Transaction Server 5.3, with a focus on increased agility, efficiency, and cloud and DevOps support.

CICS is IBM's most popular mainframe transaction processor and application platform. It supports a multitude of legacy and modern languages, communication protocols and database management systems. The most recent version of the CICS mainframe program, Transaction Server 5.3, builds further on 5.2's service agility, operational efficiency and cloud with DevOps.

Service agility

Much of 5.3's service agility involves closer integration between the CICS mainframe program and WebSphere Liberty profile, with additional Liberty functions in a CICS Java virtual machine (JVM). Stand-alone Liberty instances can now link into CICS using JEE Connector Architecture.

Now, z/OS Connect will run in a CICS JVM server to ease and standardize mainframe interfaces for JavaScript Object Notation (JSON) and Representational State Transfer (RESTful) services. Users can now choose between JSON and RESTful facilities.

Version 5.3 also enables the Java Message Service (JMS) API to work through CICS' MQ interface. The CICS mainframe program supports JMS 1.1 and 2.0, if connected to an MQ V7.1 or higher queue manager. Using local connections, IBM's JMS classes convert the Java request into a standard MQ call that flows to the CICS MQ connection.

Operational efficiency

IBM continues to improve old functionalities. For example, IBM originally implemented web service initiation transaction CWXN to receive incoming messages, do some initial analysis and kick off the pipeline under the application transaction. CICS 5.3 skips CWXN for Application Transparent Transport Layer Security (AT-TLS) sessions. This allows the system-listening transaction, CSOL, to initiate the application task under the asserted user context without the additional analysis and password validation CWXN normally provides. Although there are other reasons for implementing AT-TLS, each enterprise will have to determine if skipping CWXN saves more CPU than the cryptographic protocol's overhead.

Through the authorized program analysis report (APAR) PI56897, CICS 5.3 offers a non-Java JSON processor. As IBM always says, "your mileage may vary," but performance may improve for some messages with the new parser, which will allow shops to process JSON messages without setting up a Java infrastructure.

There are several enhancements to CICS' Resource Access Control Facility (RACF) interface. The new EXEC CICS REQUEST PASSTICKET command allows applications to generate RACF pass tickets, which may be preferred to slinging passwords around the network. EXEC CICS SIGNON TOKEN and VERIFY TOKEN make it easier for the CICS mainframe program to operate with Kerberos.

CICS also supports a stronger password-encryption algorithm implemented with RACF APAR OA43999. However, CPU may increase during logon ID and password validation after implementing the new encryption, but maintenance coming out later this year should address the issue.

Cloud and DevOps support

Perhaps the most interesting twist in DevOps support is the CICS Transaction Server build toolkit, which provides a command-level interface that can be used from other deploy tools, like UrbanCode Deploy.

In a typical development flow, a programmer checks out an Open Systems Gateway Initiative (OSGi) bundle from a code repository. After making updates, the programmers run a deployment script, which can call the toolkit to create a CICS bundle with a dependent OSGi bundle and check them into a binary repository. When ready, a deploy script would call the toolkit again to install the bundle onto the CICS mainframe program. The toolkit uses a property file to make symbolic substitutions for directories, CICS and objects, depending on the target environment. You'll only need one script to promote code through development, test and production.

Next Steps

IBM rolls out new System z mainframe for cloud, mobility

Dig Deeper on IBM system z and mainframe systems