What's the best way to access data residing on mission critical host systems?
An estimated 70 percent of mission critical data resides on host systems like the IBM mainframe. Today, you have more choices than ever to access this data. You can leverage a services-oriented-architecture (SOA) solution to build web services that access host data and feed it to a web-based application. Or you can use a next-generation terminal emulator optimized for Windows 7, Windows 8, and other new technologies.
What types of host systems and applications are still in use in 2012?
It's a long-running cliché that the mainframe is dead. In fact, it is more alive than ever, efficiently running new and legacy applications and workloads.
Enterprise host systems and server platforms that remain the most relevant include:
- IBM System z
- IBM AS/400, iSeries, IBM i, IBM Power Systems (OS400)
- Unisys Libra and ClearPath NX/LX (A Series)
- Unisys Dorado and ClearPath IX (2200 Series)
- UNIX (Oracle/Sun Solaris)
- Linux (SuSE, RedHat)
- HP 3000/e3000
- HP 9000 (HPUX)
- Tandem HP NonStop
- CRS/GDS systems for Airlines
Terminal emulation software allows Windows, Mac, and Linux desktops to connect to these host systems by emulating terminal types such as:
- 3270, TN3270
- 5250, TN5250
- VT520/525, VT500-7, VT500-8, VT420, VT400-7, VT400-8, VT320, VT286, VT220, VT102, and VT52; VT-UTF8 and UTF-8 (Unicode) character-set support
- TVI 950/955 (Televideo)
- Wyse 50+, Wyse60
- ADDS VP2
- SCO-ANSI, BBS-ANSI, Linux console, AT386, IBM 3151, QNX4, xterm
- VT382, VT282, VT100, VT80 (Japanese terminal emulation)
- VT340, VT330, VT241 (ReGIS, Sixel graphics terminal emulation)
- Tektronix 4010/4014
- HP 700/96, 700/98, 700/9x
- ALC (airlines network protocol)
Our company plans to migrate to the latest version of Windows. What should I be looking for in a terminal emulation solution?
If you're moving to Windows 7 or Windows 8, you'll want to be sure that your terminal emulator works as seamlessly as possible with next-generation Windows, so that you can get the most out of your Microsoft investment. Here are some of the most important qualities to look for in an emulator:
- It offers a user experience consistent with the latest versions of Windows, including enhanced productivity and security features.
- It allows users to work faster with support for next-generation productivity features, including Auto Complete, Auto Expand, Auto Correct, the Ribbon interface, application search, Trusted Locations, user account control (UAC) integration, tabbed session interface, and rich .NET application program interface (API) for integrating host data with Windows and web-based applications.
- It carries the Microsoft-certified Compatible with Windows 7 and Windows 8 Compatible logos, indicating strong security, better compatibility, and an optimized user experience.
- The software vendor (ISV) is a Microsoft Gold Certified partner, maintaining a close working relationship with Microsoft in order to optimize applications for the latest Microsoft platforms.
Our company is in the process of migrating to Windows 7. Should we stop our Windows 7 rollout and move to Windows 8 instead?
As Windows 8 enters the market, most organizations remain focused on their migrations to Windows 7. In fact, both Microsoft and industry analysts advise organizations not to let Windows 8 distract their adoption of Windows 7. Attachmate supports both Windows 7 and Windows 8.
Can we update our cryptic and cumbersome host applications to offer productivity benefits such as those in standard desktop applications?
Office applications from Microsoft, IBM, and Apache offer advanced productivity features that enable users to be more productive than ever. Examples include Spell Check, Auto Correct, Auto Complete, Auto Expand, the Ribbon interface, and Visual Basic for Applications (VBA).
Bringing these same functionalities to cryptic host applications can be extremely difficult and expensive, especially if your organization doesn't have COBOL or RPG skills to modify the host application source code. A better direction would be to find a terminal emulation solution that enables you to bring these advanced productivity features to your host applications without requiring costly changes to your host systems.
How can I protect customer credit card numbers on our IBM host screens in order to help my organization adhere to the PCI-DSS standard?
Updating host applications to meet new and evolving regulatory requirements such as PCI-DSS can be expensive. But terminal emulation solutions are now available that help you comply with PCI-DSS requirements without needing to make any changes to your host applications. With solutions like Attachmate Reflection, you can mask data on live host screens, redact data as it is entered into a host application, prevent users from connecting to host systems via wireless networks and other non-secured configurations and protocols, log credit card data access by employees, and define specific levels of data access for different user groups.
What options do we have for automating business processes?
An estimated 70 percent of mission critical business data still resides on host systems, and organizations often need to leverage this data for new business initiatives. Organizations traditionally have used the HLLAPI standard for integrating host data with Windows applications. Over the past 10 years, organizations have also developed web-based business applications, implemented services oriented architectures (SOA), and much more.
Most terminal emulation solutions offer basic tools to automate business processes using standard programmatic interfaces like HLLAPI and macro recorders. Look for a solution like Attachmate Reflection that also offers more sophisticated programming platforms, like VBA and a .NET interface. These solutions will tend to be more secure and better able to integrate legacy host data with Windows and web-based applications.
If we move to a Citrix, VMware, or Microsoft virtualization platform, can we still access legacy data?
Yes, if your terminal emulator offers application virtualization support for major virtualization platforms such as these.
You can start by looking for a terminal emulation solution
that you can deploy across a variety of virtualized environments. The solution vendor should have close partnerships with the largest virtualization vendors and offer outstanding support for these platforms in the enterprise. Because you can quickly and easily deploy a compatible solution with your virtualization platforms, you'll avoid frustrating application and operating system compatibility issues and be able to modernize your IT infrastructure—such as upgrading to Windows 7 or Windows 8—while deploying the latest virtualization technologies.
What should my terminal emulator offer in terms of encryption technology?
Full-featured terminal emulation clients provide support for SSL/TLS and SSH encryption at a minimum. The better ones provide a wide range of ciphers, including AES, DES, 3DES, Arcfour, and Blowfish, and difficult-to-break encryption bit levels. Some emulation solutions even provide encryption that is also validated against the U.S. government's rigorous FIPS 140-2 standard.
Providers of encryption technology should continuously look for SSL/TLS and SSH encryption vulnerabilities, determine whether the vulnerability affects their encryption solutions, and quickly publish findings on their web site for their customers to review.
We need a multi-factor authentication solution to restrict access to our host applications beyond the traditional RACF credentials of user ID and password. How can we do so?
Terminal emulation solutions should allow organizations to use multi-factor authentication via PKI support for host and user authentication, with SSH and SSL/TLS encrypted sessions.
The solution should include a certificate manager for managing digital certificates that lets you restrict the trusted root certificate store to a narrow list of Certificate Authorities that you are certain you can trust, rather than forcing you to use an operating system certificate store that includes hundreds of unnecessary Certificate Authorities from all around the world. It should also be configurable to use CRL (Certificate Revocation Lists) or OCSP (Online Certificate Status Protocol), and be configurable for user authentication using smart cards and other hardware tokens that conform to PKCS #11 specifications.
Can we leverage our existing access control infrastructure to secure our host systems?
Most enterprises leverage an LDAP directory like Microsoft Active Directory or Novell eDirectory to control access to mission-critical IT resources, including file systems, network applications, and more. In most cases, access control to host resources occurs outside of this model, as users need only get past one line of defense (usually RACF) to access a mission-critical host application.
But this does not this need to be the case. Look for a solution such as Attachmate Reflection that can bring IBM mainframe security into the era of modern 3-tier architectures and control access to emulation sessions by LDAP group, audit access to emulation sessions by LDAP identity, and revoke access to emulation sessions by LDAP group.
My company has invested heavily in automating business processes using legacy applications. What is the best way to leverage our investment?
Look for a terminal emulation provider that offers solutions built to allow you to run legacy automations without a macro or script conversion process. The solution should run macros from various vendors, existing HLLAPI applications, and sessions and custom keyboards created with competitive products.
Can I find a single emulation solution that will access multiple types of legacy systems?
Look for a terminal emulation provider that's been in the legacy host access business for a long time, and a solution that does the following:
- Enables users to access any type of host system that's still in use.
- Runs multiple host and web-based applications at the same time.
- Organizes application sessions using features like tabs or windows.
- Is fully customizable.
My organization is implementing the IPv6 protocol on our network. What does this mean for my terminal emulation solution?
Many network applications have been updated to support the IPv6 standard while maintaining legacy IPv4 support. As enterprises move from IPv4 to IPv6 or to a mixed IPv4/IPv6 network environment, look for a terminal emulation solution, such as Attachmate Reflection, that can support IP addresses in both standard IPv4 and IPv6 format.