Embed Size (px)
Citation preview
IBM z/OS Connect Enterprise Edition V2.0
z/OS Connect Enterprise Edition V2.0 provides a way to host RESTful APIs on z/OS and provide access to the valuable business data that resides there. It provides a focal point for managing and controlling RESTful calls coming into mainframe environment:
z/OS Connect EE V2.0
RESTClients
CICS
IMS
Other
z/OS Connect EE V2.0 is a separately licensed and priced product consisting of the z/OS runtime (based on Liberty z/OS) and an Eclipse-based tooling environment (no-charge download from the web)Product Number: 5655-CEEFor pricing, contact your IBM sales representative.
https://<host>:<port>/path?parameters
GETPOSTPUTDELETE
JSON
+
Secure the request
Receive the request
Map the request
Transform the request
Backend System
Audit and logging
Process the response (data transform, JSON create) back to to client
A simplified view, but one that conveys the key points about what z/OS Connect EE V2.0 provides: a RESTful API interface to the z/OS environment, with a security model, the ability to map the request to the backend data requirements, the ability to create audit (SMF) records, the ability to log the request and response, and data transformation to-and-from the data layout of the target backend program. This is z/OS Connect EE V2.0 at a high level; this is what it provides.
z/OS Connect EE V2.0
z/OS Started Task
z/OS Connect EE V2.0Installation File System
Configuration anddeployed APIs
From a system perspective, z/OS Connect EE V2.0 is a file system (install image) and a started task (the Liberty z/OS server that hosts the z/OS Connect EE V2.0 function).The behavior of z/OS Connect EE V2.0 is based on the configuration and APIs you create and deploy.
1© 2016, IBM Corporation WP102604 at ibm.com/support/techdocs
z/OS Connect EE V2.0
API Editor
Eclipse Platform The tooling environment is provided as a plug-in to Eclipse, and provides the ability to compose the API (path, parms) and the data mapping (input and output relationships).The input is a SAR file, which contains the service information and JSON schema from the mainframe data transform utility; the output is an AAR file, which is the deployable API.
SAR AAR
SAR = Service ArchiveAAR = API Archive
IBM z/OS Connect Enterprise Edition V2.0
2© 2016, IBM Corporation WP102604 at ibm.com/support/techdocs
z/OS ConnectEE V2.0
Liberty z/OS
Data Conversion
Discovery Audit Logging AccessAuthority
CICS
IMS
REST
Task
RESTClients
2
3
4
DeployedAPIs
1
Here is a more detailed overview of the functional framework of z/OS Connect EE V2.0. The numbered blocks correspond to the descriptions provided here:
(1) z/OS Connect EE V2.0 is a software function that runs inside IBM Liberty z/OS. The box labeled "Deployed APIs" represents the APIs you compose in the API Editor and deploy to z/OS Connect EE V2.0.
(2) This represents the connectivity to the backend systems. This is called the "Service Provider." For CICS the WebSphere Optimized Local Adapters (WOLA, a cross-memory function) is used. For IMS, the IMS Java API for network connectivity to IMS Connect is used.
(3) This represents function that can be used for each request and response. These are called "Interceptors." They represent call-out points for additional handling for RESTful requests received by z/OS Connect EE V2.0.
(4) z/OS Connect EE V2.0 is designed to be extensible. Both the Service Provider interface (backend connectivity) and the Interceptor interface (request/response processing) can be customized and extended if you wish.
A detailed discussion can be had for each box in that picture*. This diagram is provided to illustrate what z/OS Connect EE V2.0 does. z/OS Connect EE V2.0 provides a rich framework for handling RESTful calls to your z/OS environment. If you were to write your own RESTful handling function, it would end up consisting of similar functions. Here IBM has written the framework. It is IBM-written and IBM-supported function you can utilize to the benefit of your business.* For a more detailed discussion, contact your IBM sales representative to arrange for a technical specialist discussion.
Any conversation about RESTful calls into the z/OS environment will eventually arrive at the topic of security. It is an essential discussion, and it can be a very detailed and extensive discussion. Here we will provide you with a few basics about z/OS Connect EE V2.0 and the topic of security:
z/OS Connect EE V2.0 Web Page: http://www.ibm.com/software/products/en/zos-connect-enterprise-editionz/OS Connect EE V2.0 Techdoc: http://www.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/WP102604
RESTClients
Firewall Firewall
ProxyFunction
Mid-TierFunction
z/OS ConnectEE V2.0
BackendSystem
This is a very generic representation of a typical architecture topology. It is useful in showing where z/OS Connect EE V2.0 operates; that is, well back in the secure network behind several layers of security functions.
We use this picture as a starting point for discussing the security elements of a z/OS Connect EE V2.0 design.
For a more detailed converation, contact your IBM sales representative to arrange for an IBM technical specialist to discuss this topic with you.
● Encryption – z/OS Connect EE V2.0 makes use of the capabilities of Liberty z/OS to support TLS using either file-based or SAF-based trust/key-stores. If you wish, you indicate no encryption to z/OS Connect EE V2.0 is required.
● Authentication – you may use client certificates to authenticate to z/OS Connect, or flow an identity token, or have z/OS Connect EE V2.0 peform authentication, or no authentication at all. The user registy may be in SAF or LDAP (on or off z/OS).
● Authorization – with the authorization interceptor you may configure different levels of access authority based on identity.
● Propagation – you may flow the identity to the backend based on the connectivity mechanism used (CICS and IMS support this).
Mobile? API Management? IBM Strongloop? IBM z/OS Connect EE V2.0 is a complimentary function within the context of those topics. There are many different ways to architect RESTful calls to the z/OS environment. If your objective is mobile access, or if your objective is integration pattern simplification … z/OS Connect EE V2.0 can play a role in the architectural design.
