IBM System z in a Mobile World
IBM Redbooks Solution Guide
Published 21 February 2014
Authors: Wilhelm Mild
Today, mobile transactions are important to hospital staff collaborating on patient care, supply chain managers optimizing responsiveness to sales orders, and anyone that uses a mobile banking app. Because nearly 70% of all enterprise transactions involve an IBM® System z®, System z can play an important role by providing the secure and stable base that you need to extend your existing enterprise data and transactions to mobile users.
Mobile devices have evolved to become the most preferred method of exchanging information and accessing business services for organizations and professionals of all kinds. The speed of adoption for mobile devices compares similarly with previous technology adoptions, including TV, radio, and the Internet.
IBM® System z® hardware and the IBM zEnterprise® System (zEnterprise) can deliver a secure and robust infrastructure with extreme scalability and flexibility for the mobile environment. These qualities of services are built from a hardware design point.
As illustrated in Figure 1, the capabilities of running heterogeneous environments on a System z platform and the IBM MobileFirst framework enable an organization to fully support a mobile strategy. The mobile environment, representing the System of Engagement, can integrate with existing back-end core transactional services and data on the System z platform, representing the Systems of Records. The products that are available within the MobileFirst framework can deliver the runtime environment, mobile device management, security, analytics, and development of the application and data platforms in a mobile environment on the System z platform. With its end-to-end solution, IBM enables an organization to benefit from mobile interactions with customers, Business P,artners, and within organizations.
Figure 1. Overview of the System z platform solution in a mobile world
Did you know?
The System z platform can deliver new levels of integration and can manage all varieties of complexity, from heightened security requirements to the development of seamless multi-channel experiences. Because of the speed of the mobile market, and the complexity and variety of users, devices, data, and transaction types, organizations need to run quality mobile apps at enterprise scale in a flexible and iterative approach. This situation is as much an operational challenge as a technological challenge. The System z platform supports the unified approach for mobile demands systems, technology platforms and even a core operating model that is designed with mobile capabilities.
There are technological advantages of running a mobile environment on the System z platform side by side with the core IBM CICS® transactions. You can take advantage of highly virtualized System z internal networks that provide a large amount of bandwidth and that enable scalability and flexibility with continuous operation.
To gain real business value that comes with fully embracing mobile technologies, the IBM MobileFirst solutions strategy can help organizations transition from being reactive to taking the initiative proactively in a constantly changing mobile landscape. IBM solutions emphasize an integrated, end-to-end security model with visibility across the enterprise, and they facilitate proactive responses.
IBM MobileFirst is the industry’s most comprehensive mobile portfolio that, for the first time, links critical mobile software technologies, services, expertise, and an ecosystem of partners. Figure 2 shows an overview of the IBM MobileFirst cross-industry ecosystem.
Figure 2. The IBM MobileFirst cross-industry ecosystem
By using an IBM System z platform for their mobile environment, organizations can maintain the flexibility and high service level agreements that are typical of System z systems and can gain business value while providing the following capabilities:
- Security for every transaction as a secure end-to-end mobile transaction at the center of an ever-growing network of billions of Internet-connected devices in constant communication and interaction worldwide.
- A comprehensive, insight-driven mobile strategy to gain competitive advantage and unlock opportunities to transform operating, revenue, and industry models.
- Access capabilities to more people to serve more markets by meeting increasing needs more quickly, with direct connections to all the people who matter to your organization.
- Process and operational effectiveness to do more with less, representing an advantage that ripples throughout the organization and grows in to the kind of buying experiences that keeps customers coming back.
- An enterprise mobile environment to host, on the same mobile enterprise application platform (MEAP), mobile apps for iOS, Android, and Windows system phones for various different mobile device types and characteristics.
With the System z platform at the core of a MobileFirst strategy, many organizations can take advantage of end-to-end secured transactions. Secured transactions are as important to casual users sending emails and making travel reservations as they are to insurance companies interacting with clients, hospital staff collaborating on patient care, and supply chain managers optimizing responsiveness and security.
A mobile solution today must build a System of Engagement that bridges the gap between mobile devices and Systems of Records on the System z platform. The design goals to be met by the new System of Engagement must have the following inherent characteristics:
- Mobile: Always on, everywhere, every time
- Social: To share facts and insights with others
- Real time: Because that is the requirement for a mobile request
- Secured: Every transaction must be secured and privacy must be maintained
IBM MobileFirst encompass the components on the System z platform to fulfill the requirements for an integrated mobile solution with a System of Engagement that accesses various Systems of Records. The most important product in the MobileFirst solution to build a mobile environment is IBM Worklight Server. This product provides functionality to host mobile apps for different mobile platforms with varied operating systems, such as iOS, Android, and Windows operating system phones, all at the same time.
Figure 3 illustrates an architecture overview diagram that includes the components for a mobile solution on the System z platform.
Figure 3. Architecture overview diagram for a mobile environment on System z
This ecosystem includes the following components:
- In a virtualized environment with IBM z/VM®, Linux on System z guests can host Worklight Server running in an IBM WebSphere® Liberty Profile or IBM WebSphere Full Profile environment. Worklight Server includes components for mobile devices, applications, and services.
- Operational support functions include a console user interface and enable analytical functions and monitoring for deployed mobile apps and their behavior.
- Worklight Server provides a component for its own Worklight application center to host mobile apps for iOS, Android, and Windows operating system phone, and BlackBerry, all at the same time.
- A secured layer in front of the System z mobile environment protects the Worklight Server. The caching layers allow accelerated responses if data is queried multiple times.
- The Worklight Adapters are flexible components that enable access to transactional back-end services and data on various back-end System z operating environments, including CICS, IBM IMS™, and IBM DB2®.
Running a mobile environment on the System z platform with access to core back-end services enables you to take advantage of features such as scalability, reliability, security, and availability in a System z environment.
A mobile solution architecture on the System z platform can fulfill service level agreements to provide scalability, reliability, and end-to-end security, which is realized with a heterogeneous implementation. In Linux on System z, Worklight Server delivers interfaces for mobile devices, and it connects to various back-end systems.
Figure 4 shows how Worklight Server can access various IBM z/OS® services by using the internal adapter library and specialized adapters for different services.
Figure 4. A mobile environment on Linux on System z accessing z/OS back-end services
The app on the mobile device contains functions for authentication, a secured container for locally stored data, and a small component to securely connect to the Worklight Server. When a mobile request reaches Worklight Server, further fine-grained security decisions can be incorporated into the application logic. After the correct access is granted, the application logic in Worklight Server then interacts with back-end services and data by using the Worklight Adapters in securely configured System z connections. For high performance requirements, Worklight can run protocol switching between the requester and back-end service.
The flexibility of Worklight integration functions enables existing web services on z/OS to be integrated into mobile apps. A Mobile Feature Pack in CICS enables the communication by using the lightweight Java Script Object Notation (JSON) protocol.
For highly scalable and reliable mobile solutions, System z can deliver the best platform to host these environments, and with the Worklight Application Center, you can build an enterprise app store for mobile apps.
Worklight solutions on the System z platform expand in to a broad range of industries and organizations. Use cases apply to financial institutions, healthcare, education, computer services, retail, and more.
For example, suppose that you need your mobile service to be ultra-reliable. You need to make sure that you protect against hardware failure, loss of a network, issues with the operating system, and the application server that provides the mobile service. To provide this service, you typically duplicate each of these components and have multiple environments to acquire, operate, and replace after a period. Depending on how important your app is, you might duplicate all of these components again throughout another region. This redundancy is built in to the System z platform.
Figure 5 shows an operational model of a general MEAP on the System z platform with access to back-end services in CICS.
Figure 5. Operational model of a general MEAP on System z
In this scenario, the fictional financial institution, Banking Company B1, selects IBM Worklight as its mobile application platform. Banking Company B1 wants to build a secure platform, ensure secure and easy access for customers, and accelerate development and deployment:
- Build a secure platform:
- Use Worklight on the System z platform, Banking Company B1 can take advantage of its existing security system. Worklight integrates with the company’s existing directories, data stores, and authentication mechanism on the System z platform.
- On the application level, Worklight enforces application updates in a timely manner and controls the authenticity of the applications on user devices.
- For on-device data, Worklight helps Banking Company B1 protect sensitive information from malware attacks and device theft by using an encrypted container on the mobile device and encrypted, secured data transfers.
- Using Worklight adapters, existing CICS applications are integrated and extended to mobile devices.
- Ensure secure and easy access for customers:
- Some customers of Banking Company B1 use both the mobile banking application and the stock trading application. The single sign-on feature of Worklight enables customers to start the other application if they are authenticated with one application already, depending on the global security policy that the bank has in place for their core back-end transactional environment.
- Banking Company B1 wants to implement additional risk-based authentication for high-value transactions of customers. It chooses to integrate Worklight with IBM Security zSecure™. Without required changes for the application, the company can add additional fraud detection systems to validate the location of the device and the time that the transaction is occurring.
- With the device provisioning and application authenticity features of Worklight, customers of Banking Company B1 have the liberty of registering multiple devices and disabling a device temporarily or permanently.
- Banking Company B1 can notify customers if important changes are required or if banking transactions happened with a certain amount. They use the push notification function in Worklight and can track the customer reaction.
- Accelerate development and deployment:
- Banking Company B1 uses Worklight Studio to develop multi-platform applications so that its applications are usable at the same time by devices running iOS, Android, and Windows operating systems phones or BlackBerry.
- Banking Company B1 uses Worklight Console to collect and analyze user statistics. Banking Company B1 can collect and analyze security-related data, including actual usage patterns, identify compromised or jail broken devices, and rapidly deploy new applications for testing and to solicit and map feedback on its applications.
In this scenario, the fictional healthcare company, Hospital H1, also chooses Worklight on the System z platform as its mobile application platform. Hospital H1 wants to build a secure platform, increase responsiveness and value perception, and reduce multi-platform development costs:
- Build a secure platform:
- Worklight provides an extensible authentication model as part of its function. To comply with the Federal Information Processing Standards (FIPS), Hospital H1 uses Worklight with WebSphere Application Server for added protection. The hospital configures WebSphere Application Server to protect the application and adapters for the back-end servers and data.
- Using Worklight, Hospital H1 can grant access to data on a role, time, and location basis. Doctors can access patient records on mobile devices. However, it requires an additional authentication approval if they are at home or on call to review the latest observations of patients. In addition, although doctors have access to the information of their patients, medical suppliers have access to check inventory and update stock.
- Increase responsiveness and perceived value perception:
- Hospital H1 is looking for a communication solution to find employees anywhere in the hospital. Using Worklight, the hospital can build an application that allows instant and secure communication. Doctors and nurses can quickly find colleagues without stopping what they are doing.
- Doctors at Hospital H1 must input prescriptions when their mobile devices are not connected to the network. JSONStore, the document-oriented storage system in Worklight, uses an encrypted container and ensures that the documents in the application are always available to doctors even when the devices running the application are offline.
- With the application, patients can pre-register for appointments and input their allergies and health history by using mobile devices. Worklight uses Secure Sockets Layer with server identity verification and enables communication over HTTPS to protect the information.
- Reduce multi-platform development costs:
- Worklight provides a standards-based platform and allows Hospital H1 to use third-party libraries and frameworks.
- Using Worklight, Hospital H1 can also create mobile applications quickly by using any combination of HTML5, native, and hybrid development methods.
Figure 6 illustrates the secured access from a mobile device to a back-end transactional core system on the System z platform by using the global security policies and end-to-end secure transactions.
Figure 6. Access from a mobile device to a back-end transactional core system on the System z platform by using the global security policies and end-to-end secure transactions
For all industries and use cases, the implementation of a mobile solution on the System z platform can provide substantial advantages if you consider an implementation that is designed for high availability. This capability is because of the share-everything concepts in the design of the System z technology, which allows the sharing of processors and network channels, and in case of a failover, the switch to a second logical partition, without doubling the resources or machine capacity.
Figure 7 shows the implementation of a highly available mobile environment on the System z platform with an IBM DataPower® secure gateway (which is positioned in front of the mobile environment), shared capacity, and access to a transactional z/OS environment by using the System z internal network capability.
Figure 7. A highly available mobile environment on the System z platform with an IBM DataPower secure gateway
The solution integrates well with IBM technologies and transactional and information services by using IBM Worklight adapters for the following items:
- IBM WebSphere MQ
- CICS through HTTP, JSON, and WebSphere MQ
IBM Worklight supports multiple database management systems and application servers. For detailed system requirements, a list of supported operating systems, prerequisites, and optional supported software (with component-level details and operating system restrictions), and other information about Worklight Server Enterprise Edition and its installation, go to this website:
This Solution Guide introduced a conceptual approach to building a MobileFirst deployment strategy with an IBM System z at the core of the solution. This solution encompasses way too many products and solutions to be listed here for ordering. To find individual product solution details, see the general IBM Offering Information page (announcement letters and sales manuals) at the following website:
For more information, see the following documents:
- System z in a Mobile World, REDP-5088
- IBM MobileFirst Strategy Software Approach, SG24-8191
- Securing Your Mobile Business with IBM Worklight, SG24-8179
- Enabling Mobile Apps with IBM Worklight Application Center, REDP-5005
- Securely Adopting Mobile Technology Innovations for Your Enterprise Using IBM Security Solutions, REDP-4957
- IBM MobileFirst product page
Others who read this publication also read
This material has not been submitted to any formal IBM test and is published AS IS. It has not been the subject of rigorous review. IBM assumes no responsibility for its accuracy or completeness. The use of this information or the implementation of any of these techniques is a client responsibility and depends upon the client's ability to evaluate and integrate them into the client's operational environment.
Follow IBM Redbooks
Follow IBM Redbooks