My guess is this original poster is working with people who manage a gateway, firewall, network protocol handler, or something like that. So they're fundamentally asking about the network protocol(s) involved in the mainframe connection, and how to continue to support them (or an alternative) with the replacement of the Windows 2000 server. Also, it sounds like they'd like what's called a "2-tier" architecture: mainframe direct to (browser) client. (Good idea.)
As previously mentioned, you could use something like WebSphere (or Rational) Host On-Demand (HOD). You install the product on any Web server, including z/OS. (And z/OS really is the best place to install it for access to z/OS.) It uses either the IBM HTTP Server Version 5.3 for z/OS or the new Version 7 server, your choice, both no additional charge. (The latter is orderable in the Ported Tools for z/OS.) And the HTTP Server serves up Web pages containing Java applets (HOD applets) to your Web browser. If your Web browser has previously cached these applets -- and there is an HOD option to permanently cache them -- then the HTTP conversation is very short and quick indeed. Once the Java applets start they connect to your mainframe per normal TN3270E protocol, directly. (There is an option to tunnel through certain types of proxy servers, although only certain types of proxy servers will route TN3270E.) Host On-Demand also supports other connection types, like ordinary Telnet, TN5250E, SSH, FTP, Secure FTP, FTPS, etc. So, if there is something blocking these connections to your mainframe, you'd need to find a way to get them unblocked or design a network architecture that handles them. (A VPN, for example.) Long discussion follows at that point.... Please note that I can't think of good reason to encrypt (HTTPS) the HTTP connection for fetching Host On-Demand. All you'd be preventing is wire interception of a commercially available software product. In other words, you'd be encrypting content that's not a secret. While that's noble, and IBM would thank you, it's superfluous. The TN3270E connection is the one where you should focus your security considerations, not the HTTP connection that merely delivers HOD applets to the browser. Also, there is an optional HOD capability to log onto a very optional HOD started task in order to fetch session preferences from the HOD server, and that logon communication uses its own port. Most people don't use this feature, and I'm inclined to agree with their reasoning. There are other ways to support "roaming preferences," which is what this does. Also as mentioned in this thread, WebSphere (or Rational) Host Access Transformation Services (HATS) does many things, but among its talents is to take any arbitrary TN3270E data stream thrown at it and convert it to HTML, on the fly, for Web browser users. You can even make that HTML look exactly like green-on-black -- just start with the "ClassicTerminal" template. And hotkeys work, too, thanks to Javascript (not Java -- HATS does not require the browser to have a Java plug-in). You can install HATS directly on z/OS. (It runs in WebSphere Application Server for z/OS.) More precisely, you create your desired HATS application on a PC (using the HATS Studio), to choose your preferred appearance(s) and whatnot. Then the HATS Studio generates a single, self-contained application package that you then deploy to WebSphere, with no prerequisites except WebSphere. (Of course you can test on the PC's little WebSphere before deploying.) So it's all very simple. Since the only protocol flow between the browser and WebSphere Application Server is HTTP (or HTTPS -- with HATS that often makes sense), it's quite tolerant of hostile firewalls, proxy servers, etc. It's just like any other Web site. The downsize is that it won't do things like end-user keyboard remapping, end-user written macros, etc. -- the sort of things a "power" terminal emulator user might enjoy. Also, you get Web-like response, so when you hit Enter (or a function key) you might wait a little longer for the next screen. So I wouldn't necessarily recommend it for, say, high performance call center users where each second is critical. It's very common to offer both HOD and HATS to users, from a common Web page. Users who prefer HOD can choose link #1, and users who prefer HATS (or need it for network reasons) can choose link #2. IBM sells HOD and HATS together in something called the Host Integration Solution (HIS) to facilitate this single license. There are other products from other vendors in both categories (the HOD and HATS categories). Although I happen to think HOD and HATS are both wonderful and best-in-class, of course any reasonable person would compare alternatives. The solutions will generally split along some clear lines. For example, not all the solutions can be 100% z/OS hosted. (HOD and HATS both can. Moreover, HATS is highly zAAP-eligible. HOD is simple HTTP file delivery -- straight up I/O -- once per client, so it's extremely minor workload.) Vendors in either or both of these market segments (besides IBM) include companies like (in no particular order) Attachmate, Seagull (part of Rocket), Zephyr Development, OpenConnect, Aviva, Jacada, Platypus Partners, GT Software, illustro Systems, and many, many more. (Apologies in advance if I haven't mentioned someone's favorite.) - - - - - Timothy Sipples IBM Consulting Enterprise Software Architect Based in Tokyo, Serving IBM Japan / Asia-Pacific E-Mail: [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
