Migrate IBM z/OS OLTP workloads to Azure

Online transaction processing (OLTP) systems are the face of your business because they interact directly with customers. By migrating to a dynamically adaptable infrastructure, your business can create and launch products quickly so that customers can use your products sooner.

Architecture

The following diagram shows an architecture of an OLTP system that runs on a z/OS mainframe before migration to Azure:

Workflow

The following workflow corresponds to the preceding diagram:

1. Users connect to the mainframe over Transmission Control Protocol (TCP) or Internet Protocol (IP) by using standard mainframe protocols like TN3270 and HTTPS.

2. The transaction managers interact with the users and invoke the application to satisfy user requests.

3. In the front end of the application layer, users interact with the Customer Information Control System (CICS) or Information Management System (IMS) screens or with webpages.

4. The transaction managers use the business logic written in common business-oriented language (COBOL) or Programming Language One (PL/I) to implement the transactions.

5. Application code uses the storage capabilities of the data layer, such as DB2, IMS DB, or VSAM.

6. In addition to transaction processing, other services provide authentication, security, management, monitoring, and reporting. These services interact with all other services in the system.

The following diagram shows how to migrate this architecture to Azure.

Download a Visio file of this architecture.

1. Mainframe users are familiar with 3270 terminals and on-premises connectivity. In the migrated system, they interact with Azure applications via the public internet or via a private connection that's implemented via Azure ExpressRoute. Microsoft Entra ID provides authentication.

2. Input requests go to a global load balancer service, like Azure Front Door or Azure Traffic Manager. The load balancer can serve a geographically spread user base. It routes the requests according to rules defined for the supported workloads. These load balancers can coordinate with Azure Application Gateway or Azure Load Balancer to load balance the application layer. The Azure Content Delivery Network service caches static content in edge servers for quick response. A web application firewall (WAF) helps secure the service.

3. The front end of the application layer uses Azure services like Azure App Service to implement application screens and to interact with users. The screens are migrated versions of the mainframe screens.

4. COBOL and PL/I code in the back end of the application layer implement the business logic. The code can use services and features like Azure Functions, WebJobs, and Azure Spring Apps microservices. Applications can run in an Azure Kubernetes Service (AKS) container.

5. An in-memory data store accelerates high-throughput OLTP applications. Examples include In-Memory OLTP, which is a feature of Azure SQL Database and Azure SQL Managed Instance, and Azure Cache for Redis.

6. The data layer can include:

   • Files, tables, and blobs implemented by using Azure Storage.
   • Relational databases from the Azure SQL family.
   • Azure implementations of the PostgreSQL and MySQL open-source databases.
   • Azure Cosmos DB, which is a NoSQL database.

   These stores hold data migrated from the mainframe for the application layer to use.

7. Azure-native services like Application Insights and Azure Monitor proactively monitor the health of the system. You can integrate Azure Monitor Logs by using an Azure dashboard.

Components

This architecture consists of several Azure cloud services. It's divided into four categories of resources: networking and identity, application, storage, and monitoring. The following sections describe the services for each resource and their roles.

Networking and identity

When you design application architecture, it's crucial to prioritize networking and identity components to help ensure security, performance, and manageability during interactions over the public internet or private connections. The following components in the architecture are essential to address this requirement effectively.

• An Azure WAF is a web application firewall that protects applications from malicious attacks and common web vulnerabilities, such as SQL injection and cross-site scripting. In this architecture, it secures the migrated mainframe applications by filtering and inspecting incoming traffic to web-facing services.

• Application Gateway is a layer 7 application delivery controller. In this architecture, it manages HTTP traffic routing and provides load balancing for the migrated mainframe web applications.

• Azure Front Door is a global HTTP load balancer with instant failover capabilities. In this architecture, it accelerates content delivery and ensures high availability for geographically distributed mainframe users.

  • Content Delivery Network is a distributed caching service that optimizes static content delivery by storing cached copies on edge servers to enable faster response times for users. It uses network optimizations to improve response for dynamic content. Content Delivery Network is especially useful when the user base is global. In this architecture, it improves performance for mainframe screen elements and static assets across global edge locations.

• ExpressRoute is a private connectivity service that establishes a dedicated connection between on-premises infrastructure and Azure. In this architecture, it provides secure network access for users familiar with mainframe terminal connectivity who require private connections.

Load Balancer is a service that distributes incoming network traffic across multiple back-end resources and handles layer 4 TCP and UDP traffic. In this architecture, it balances traffic for containerized applications and microservices that replace mainframe transaction processing components.

• Traffic Manager is a DNS-based traffic routing service that helps distribute user requests across multiple endpoints. In this architecture, it distributes traffic across regional endpoints to optimize availability for mainframe users across different geographic locations.

Application

Azure provides managed services that support more secure, scalable, and efficient deployment of applications. The application-tier services that the preceding architecture uses can help you optimize your application architecture.

• AKS is a managed Kubernetes service for containerized applications. AKS simplifies deployment of a managed AKS cluster in Azure by offloading the operational overhead to Azure. In this architecture, it hosts microservices that replace monolithic mainframe transaction processing components like CICS and IMS.

• App Service is a fully managed service for building, deploying, and scaling web apps. You can build apps by using .NET, .NET Core, Node.js, Java, Python, or PHP. The apps can run in containers or on Windows or Linux. In a mainframe migration, the front-end screens or web interface can be coded as HTTP-based REST APIs. They can be segregated according to the mainframe application and can be stateless to orchestrate a microservices-based system. In this architecture, it delivers REST APIs and web interfaces that replace 3270 terminal screens and mainframe user interfaces.

  • WebJobs is a feature of App Service that runs a program or script in the same instance as a web app, API app, or mobile app. A web job can be a good choice for implementing sharable and reusable program logic. In this architecture, it executes batch processing tasks and background tasks that were previously handled by mainframe job schedulers.

• Azure API Management is a fully managed platform as a service (PaaS) that supports the publishing, routing, securing, logging, and analytics of APIs. You can control how the data is presented and extended and which apps can access it. You can also restrict access to your apps or allow third parties. In this architecture, it manages access to modernized APIs that expose mainframe business logic and controls how legacy data is accessed by new applications.

• Azure Cache for Redis is a fully managed in-memory caching service for sharing data and state among compute resources. It includes open-source Redis and Redis Enterprise, a commercial product from Redis Labs, as a managed service. You can improve the performance of high-throughput OLTP applications by designing them to scale and to use an in-memory data store such as Azure Cache for Redis. In this architecture, it accelerates data access for high-throughput OLTP workloads that replace mainframe transaction processing systems.

• Azure Functions is a serverless compute service. It provides an environment for running small pieces of code, called functions, without having to establish an application infrastructure. You can use it to process bulk data, integrate systems, work with Internet of Things, and build simple APIs and microservices. Use microservices to create servers that connect to Azure services and are always up to date. In this architecture, it handles event-driven processing and lightweight business logic components migrated from mainframe transaction managers.

• Azure Service Bus is a reliable cloud messaging service for simple hybrid integration. Service Bus and Storage queues can connect the front end with the business logic in the migrated system. Azure Service Bus enables reliable messaging between distributed systems. In this architecture, it facilitates asynchronous communication between migrated mainframe components that previously used mainframe messaging systems.

Storage and database

This architecture addresses scalable and secure cloud storage as well as managed databases for migrating mainframe data and supporting modern application requirements.

• Azure Cosmos DB is a fully managed NoSQL database service that you can use Azure Cosmos DB to migrate mainframe, nontabular data to Azure. In this architecture, it stores nonrelational data migrated from mainframe systems like VSAM files and provides global distribution for international user bases.

• Azure Database for MySQL is a fully managed MySQL database service. In this architecture, it supports applications that require open-source database compatibility during the mainframe modernization process.

• Azure Database for PostgreSQL is a fully managed, intelligent, and scalable PostgreSQL that has native connectivity with Azure services. In this architecture, it hosts relational data migrated from mainframe databases with advanced indexing and analytics capabilities.

• Azure SQL is a family of cloud-based SQL database services. In this architecture, it hosts relational data migrated from mainframe databases like DB2 and IMS DB:

  • Azure SQL Edge is a specialized version of the SQL Server database engine that's optimized for IoT and edge deployments. In this architecture, it processes data close to edge devices in scenarios where mainframe applications have been distributed to edge locations.

  • SQL Database is a fully managed relational database service. In this architecture, it supports modernized workloads with elastic scaling for variable mainframe transaction loads.

  • SQL Managed Instance is a fully managed, cloud-based deployment option that provides near 100% SQL Server compatibility. In this architecture, it hosts migrated mainframe databases with minimal code changes and built-in high availability.

  • SQL Server on Azure Virtual Machines is an infrastructure as a service (IaaS) offering that provides full SQL Server functionality. In this architecture, it supports legacy workloads that require specific database engine features during migration.

  • In-Memory OLTP is a high-performance feature that accelerates transaction processing in SQL Database and SQL Managed Instance. In this architecture, it provides the high-performance transaction processing capabilities that mainframe OLTP workloads require.

• Storage is a set of massively scalable and more secure cloud services for data, apps, and workloads that provides foundational cloud storage services. In this architecture, it supports Azure Files, Azure Table Storage, and Azure Queue Storage for various mainframe data migration scenarios.

Monitoring

The following monitoring tools provide comprehensive data analysis and valuable insights into application performance.

• Application Insights is a feature of Azure Monitor that provides code-level telemetry for applications. It monitors the application, detects anomalies such as mediocre performance and failures, and sends personal data to the Azure portal. You can also use Application Insights for logging, distributed tracing, and custom application metrics. In this architecture, it tracks application performance, detects anomalies, and supports distributed tracing and custom metrics to ensure reliability and responsiveness.

• Azure Monitor is a comprehensive platform for collecting, analyzing, and acting on telemetry from Azure and on-premises environments. In this architecture, it serves as the central hub for monitoring infrastructure, applications, and services.

  • Azure Monitor alerts are a feature of Azure Monitor that notifies users when metrics or logs exceed defined thresholds. In this architecture, they trigger automated responses or escalate problems to operations teams for timely intervention.

  • Log Analytics is a query tool within Azure Monitor that uses a powerful language to analyze log data. In this architecture, it enables deep diagnostics, supports custom dashboards, and integrates with alerts and workbooks for operational insights.

Scenario details

Because of evolving business needs and data, applications must scale and produce results without creating infrastructure problems. This example workload shows how you can migrate a z/OS mainframe OLTP application to a more secure, scalable, and highly available system in the cloud by using Azure platform as a service (PaaS) services. This migration helps businesses in finance, health, insurance, and retail minimize application delivery timelines. It also helps reduce the costs of running the applications.

Potential use cases

This architecture is ideal for OLTP workloads that have the following characteristics:

• They serve an international user base.

• Their usage varies greatly over time, so they benefit from flexible scaling and usage-based pricing.

Considerations

These considerations implement the pillars of the Azure Well-Architected Framework, which is a set of guiding tenets that you can use to improve the quality of a workload. For more information, see Well-Architected Framework.

Reliability

Reliability helps ensure that your application can meet the commitments that you make to your customers. For more information, see Design review checklist for Reliability.

• You can deploy this OLTP architecture in multiple regions. It can also have a geo-replicated data layer.

• The Azure database services support zone redundancy and can fail over to a secondary node if an outage occurs or to allow for maintenance activities.

Security

Security provides assurances against deliberate attacks and the misuse of your valuable data and systems. For more information, see Design review checklist for Security.

• ExpressRoute creates a private connection to Azure from an on-premises environment. You can also use site-to-site VPN.

• Microsoft Entra ID can authenticate resources and control access by using Azure role-based access control.

• Database services in Azure support various security options like data encryption at rest.

• For general guidance about how to design more secure solutions, see Security quick links.

Cost Optimization

Cost Optimization focuses on ways to reduce unnecessary expenses and improve operational efficiencies. For more information, see Design review checklist for Cost Optimization.

Use the Azure pricing calculator to estimate costs for your implementation.

Operational Excellence

Operational Excellence covers the operations processes that deploy an application and keep it running in production. For more information, see Design review checklist for Operational Excellence.

This scenario uses Azure Monitor and Application Insights to monitor the health of the Azure resources. You can set alerts for proactive management.

Performance Efficiency

Performance Efficiency refers to your workload's ability to scale to meet user demands efficiently. For more information, see Design review checklist for Performance Efficiency.

• This architecture uses Azure PaaS services like App Service, which has autoscaling capabilities.

• For more information, see Autoscaling.

Contributors

Microsoft maintains this article. The following contributors wrote this article.

Principal authors:

• Ashish Khandelwal | Principal Engineering Architecture Manager
• Nithish Aruldoss | Engineering Architect

To see nonpublic LinkedIn profiles, sign in to LinkedIn.

Next steps

• For more information, contact datasqlninja@microsoft.com.
• Azure Database migration guides

Related resources

See the following related architectures and related technical information.

Related architectures

• High-volume batch transaction processing
• IBM z/OS mainframe migration by using Avanade AMT
• Micro Focus Enterprise Server on Azure VMs
• Refactor IBM z/OS mainframe coupling facility to Azure
• Replicate and sync mainframe data in Azure
• Migrate IBM mainframe applications to Azure by using TmaxSoft OpenFrame

Related technical information

• Run background tasks by using WebJobs in App Service
• Optimize performance by using in-memory technologies in SQL Database
• Azure Monitor overview
• Create or edit a metric alert rule
• Create and share dashboards of Log Analytics data