Modernize mainframe batch printing workloads on AWS by using Rocket Enterprise Server and LRS VPSX/MFI - AWS Prescriptive Guidance

Modernize mainframe batch printing workloads on AWS by using Rocket Enterprise Server and LRS VPSX/MFI

Created by Shubham Roy (AWS), Abraham Rondon (Micro Focus), Guy Tucker (Levi, Ray and Shoup Inc), and Kevin Yung (AWS)

Summary

This pattern shows you how to modernize your business-critical mainframe batch printing workloads on the Amazon Web Services (AWS) Cloud by using Rocket Enterprise Server as a runtime for a modernized mainframe application and LRS VPSX/MFI (Micro Focus Interface) as a print server. The pattern is based on the replatform mainframe modernization approach. In this approach, you migrate your mainframe batch jobs to Amazon Elastic Compute Cloud (Amazon EC2) and migrate your mainframe database, such as IBM DB2 for z/OS, to Amazon Relational Database Service (Amazon RDS). The authentication and authorization for the modernized print workflow is performed by AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD. The LRS Directory Information Server (LRS/DIS) is integrated with AWS Managed Microsoft AD. By modernizing your batch printing workloads, you can reduce IT infrastructure costs, mitigate the technical debt of maintaining legacy systems, remove data silos, increase agility and efficiency with a DevOps model, and take advantage of on-demand resources and automation in the AWS Cloud.

Prerequisites and limitations

Prerequisites

  • An active AWS account

  • A mainframe printing or output management workload

  • Basic knowledge of how to rebuild and deliver a mainframe application that runs on Rocket Enterprise Server (For more information, see the Rocket Enterprise Server data sheet in the Rocket documentation.)

  • Basic knowledge of LRS cloud printing solutions and concepts

  • Rocket Enterprise Server software and license (For more information, contact Rocket sales.)

  • LRS VPSX/MFI, LRS/Queue, and LRS/DIS software and licenses (For more information, contact LRS sales.)

Note

For more information about configuration considerations for mainframe batch printing workloads, see Considerations in the Additional information section of this pattern.

Product versions

Architecture

Source technology stack

  • Operating system – IBM z/OS

  • Programming language – Common Business-Oriented Language (COBOL), job control language (JCL), and Customer Information Control System (CICS)

  • Database – IBM DB2 for z/OS and Virtual Storage Access Method (VSAM)

  • Security – Resource Access Control Facility (RACF), CA Top Secret for z/OS, and Access Control Facility 2 (ACF2)

  • Printing and output management – IBM mainframe z/OS printing products (IBM Tivoli Output Manager for z/OS, LRS, and CA View)

Target technology stack

  • Operating system – Microsoft Windows Server running on Amazon EC2

  • Compute – Amazon EC2

  • Programming language – COBOL, JCL, and CICS

  • Database – Amazon RDS

  • Security – AWS Managed Microsoft AD

  • Printing and output management – LRS printing solution on AWS

  • Mainframe runtime environment – Rocket Enterprise Server

Source architecture

The following diagram shows a typical current state architecture for a mainframe batch printing workload:

From user to mainframe service, Db2 for z/OS, job scheduler, batch job, and output in six steps.

The diagram shows the following workflow:

  1. Users perform business transactions on a system of engagement (SoE) that’s built on an IBM CICS application written in COBOL.

  2. The SoE invokes the mainframe service, which records the business transaction data in a system-of-records (SoR) database such as IBM DB2 for z/OS.

  3. The SoR persists the business data from the SoE.

  4. The batch job scheduler initiates a batch job to generate print output.

  5. The batch job extracts data from the database, formats the data according to business requirements, and then generates business output such as billing statements, ID cards,  or loan statements. Finally, the batch job routes the output to printing output management for processing and output delivery, based on the business requirements. 

  6. Printing output management receives print output from the batch job, and then delivers that output to a specified destination, such as email, a file share that uses secure FTP, a physical printer that uses LRS printing solutions (as demonstrated in this pattern), or IBM Tivoli.

Target architecture

The following diagram shows an architecture for a mainframe batch printing workload that’s deployed in the AWS Cloud:

Batch application on AWS with scheduler, Rocket Enterprise Server, and database in four steps.

The diagram shows the following workflow:

  1. The batch job scheduler initiates a batch job to create print output, such as billing statements, ID cards, or loan statements.

  2. The mainframe batch job (replatformed to Amazon EC2) uses the Rocket Enterprise Server runtime to extract data from the application database, apply business logic to the data, format the data, and then send the data to a print destination by using Rocket Software Print Exit (Micro Focus documentation).

  3. The application database (an SoR that runs on Amazon RDS) persists data for print output.

  4. The LRS VPSX/MFI printing solution is deployed on Amazon EC2 and its operational data is stored in Amazon Elastic Block Store (Amazon EBS). LRS VPSX/MFI uses the TCP/IP-based LRS/Queue transmission agent to collect print data through the Rocket Software JES Print Exit API and deliver the data to a specified printer destination.

Note

The target solution typically doesn’t require application changes to accommodate mainframe formatting languages, such as IBM Advanced Function Presentation (AFP) or Xerox Line Condition Data Stream (LCDS). For more information about using Rocket Software for mainframe application migration and modernization on AWS, see the Empowering Enterprise Mainframe Workloads on AWS with Micro Focus blog post.

AWS infrastructure architecture

The following diagram shows a highly available and secure AWS infrastructure architecture for a mainframe batch printing workload:

Multi-AZ deployment on AWS with Rocket Software and LRS components in seven steps.

The diagram shows the following workflow:

  1. The batch scheduler initiates the batch process and is deployed on Amazon EC2 across multiple Availability Zones for high availability (HA).

    Note

    This pattern doesn’t cover the implementation of the batch scheduler. For more information about implementation, see the software vendor documentation for your scheduler.

  2. The mainframe batch job (written on a programming language such as JCL or COBOL) uses core business logic to process and generate print output, such as billing statements, ID cards, and loan statements. The job is deployed on Amazon EC2 across two Availability Zones for HA and uses Rocket Software Print Exit to route print output to LRS VPSX/MFI for end-user printing.

  3. LRS VPSX/MFI uses a TCP/IP-based LRS/Queue transmission agent to collect or capture print data from the Rocket Software JES Print Exit programming interface. Print Exit passes the necessary information to enable LRS VPSX/MFI to effectively process the spool file and dynamically build LRS/Queue commands. The commands are then run using a standard built-in function from Rocket Software.

    Note

    For more information on print data passed from Rocket Software Print Exit to LRS/Queue and LRS VPSX/MFI supported mainframe batch mechanisms, see Print data capture in the Additional information section of this pattern.

  4. Note

    A Network Load Balancer provides a DNS name to integrate Rocket Enterprise Server with LRS VPSX/MFI. : LRS VPSX/MFI supports a Layer 4 load balancer. The Network Load Balancer also does a basic health check on LRS VPSX/MFI and routes traffic to the registered targets that are healthy.

  5. Note

    The LRS VPSX/MFI print server is deployed on Amazon EC2 across two Availability Zones for HA and uses Amazon EBS as an operational data store. LRS VPSX/MFI supports both the active-active and active-passive service modes. This architecture uses multiple AZs in an active-passive pair as an active and hot standby. The Network Load Balancer performs a health check on LRS VPSX/MFI EC2 instances and routes traffic to hot standby instances in the other AZ if an active instance is in an unhealthy state. The print requests are persisted in the LRS Job Queue locally in each of the EC2 instances. In the event of recovery, a failed instance has to be restarted for the LRS services to resume processing the print request. : LRS VPSX/MFI can also perform health checks at the printer fleet level. For more information, see Printer fleet health checks in the Additional information section of this pattern.

  6. AWS Managed Microsoft AD integrates with LRS/DIS to perform print workflow authentication and authorization. For more information, see Print authentication and authorization in the Additional information section of this pattern.

  7. LRS VPSX/MFI uses Amazon EBS for block storage. You can back up Amazon EBS data from active EC2 instances to Amazon S3 as point-in-time snapshots and restore them to hot standby EBS volumes. To automate the creation, retention, and deletion of Amazon EBS volume snapshots, you can use Amazon Data Lifecycle Manager to set the frequency of automated snapshots and restore them based on your RTO/RPO requirements.

Tools

AWS services

  • Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for use with EC2 instances. EBS volumes behave like raw, unformatted block devices. You can mount these volumes as devices on your instances.

  • Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the AWS Cloud. You can use Amazon EC2 to launch as many or as few virtual servers as you need, and you can scale out or scale in.

  • Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud. It provides cost-efficient, resizable capacity for a relational database and manages common database administration tasks.

  • AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use Microsoft Active Directory in the AWS Cloud.

Other tools

  • LRS VPSX/MFI (Micro Focus Interface), co-developed by LRS and Rocket Software, captures output from a Rocket Enterprise Server JES spool and reliably delivers it to a specified print destination.

  • LRS Directory Information Server (LRS/DIS) is used for authentication and authorization during the print workflow.

  • TCP/IP-based LRS/Queue transmission agent is used by LRS VPSX/MFI to collect or capture print data through the Rocket Software JES Print Exit programming interface.

  • Rocket Enterprise Server is an application deployment environment for mainframe applications. It provides the execution environment for mainframe applications that are migrated or created by using any version of Rocket Software Enterprise Developer.

Epics

TaskDescriptionSkills required

Set up Rocket Enterprise Server and deploy a demo application.

Set up Rocket Enterprise Server on Amazon EC2, and then deploy the Rocket Software BankDemo demonstration application on Amazon EC2.

The BankDemo application is a mainframe batch application that creates and then initiates print output.

Cloud architect
TaskDescriptionSkills required

Get an LRS product license for printing.

To get an LRS product license for LRS VPSX/MFI, LRS/Queue, and LRS/DIS, contact the LRS Output Management team. You must provide the host names of the EC2 instances where the LRS products will be installed.

Build lead

Create an Amazon EC2 Windows instance to install LRS VPSX/MFI.

Launch an Amazon EC2 Windows instance by following the instructions from Launch an Amazon EC2 instance in the Amazon EC2 documentation. Your instance must meet the following hardware and software requirements for LRS VPSX/MFI:  

  • CPU – Dual Core

  • RAM – 16 GB

  • Drive – 500 GB

  • Minimum EC2 instance – m5.xlarge

  • OS – Windows/Linux

  • Software – Internet Information Service (IIS) or Apache

Note

The preceding hardware and software requirements are intended for a small printer fleet (around 500–1000). To get the full requirements, consult with your LRS and AWS contacts.

When you create your Windows instance, do the following:

  1. Confirm that the EC2 host name is the same host name used for the LRS product license.

  2. Enable CGI in Amazon EC2 by completing the following:

    1. Connect to your EC2 instance by following the instructions from

Cloud architect

Install LRS VPSX/MFI on the EC2 instance.

  1. Connect to your EC2 instance by following the instructions from Step 2: Connect to your instance in the Amazon EC2 documentation. 

  2. Note

    Open the link to the product download page from the LRS email that you should receive. : LRS products are distributed by electronic file transfer (EFT). 

  3. Download LRS VPSX/MFI and unzip the file (default folder: c:\LRS).

  4. Launch the LRS Product Installer from the unzipped folder to install LRS VPSX/MFI. 

  5. In the Select Features menu, select VPSX® Server (V1R3.022), and then choose Next to start the installation process. You will receive a success message when installation is complete.

Cloud architect

Install LRS/Queue.

  1. Connect to your Rocket Enterprise Server EC2 instance by following the instructions from Step 2: Connect to your instance in the Amazon EC2 documentation.

  2. Open the link to the LRS product download page from the LRS email that you should receive, download LRS/Queue, and then unzip the file.

  3. Go to the location where you downloaded the files, and then launch the LRS product installer to install LRS/Queue.

Cloud architect

Install LRS/DIS.

  1. Connect to your LRS VPSX/MFI EC2 instance by following the instructions from Step 2: Connect to your instance in the Amazon EC2 documentation.

  2. Open the link to the LRS product download page from the LRS email that you should receive, download LRS/DIS, and then unzip the file.

  3. Go to the location where you downloaded the files, and then launch the LRS Product Installer.

  4. In the LRS Product Installer, expand LRS Misc Tools, select LRS DIS, and then choose Next.

  5. Follow the rest of the instructions in the LRS Product Installer to complete the installation process.

Cloud architect

Create a target group and register LRS VPSX/MFI EC2 as the target.

Create a target group by following the instructions from Create a target group for your Network Load Balancer in the Elastic Load Balancing documentation.

When you create the target group, do the following:

  1. On the Specify group details page, for Choose a Target Type, choose Instances.

  2. For Protocol, choose TCP.

  3. For Port, choose 5500

  4. On the Register targets page, in the Available instances section, select the LRS VPSX/MFI EC2 instances.

Cloud architect

Create a Network Load Balancer.

Follow the instructions from Create a Network Load Balancer in the Elastic Load Balancing documentation. Your Network Load Balancer routes traffic from Rocket Enterprise Server to LRS VPSX/MFI EC2.

When you create the Network Load Balancer, do the following on the Listeners and Routing page:

  1. For Protocol, choose TCP

  2. For Port, choose 5500.

  3. For Default action, choose Forward to for the target group that you created earlier.

Cloud architect
TaskDescriptionSkills required

Configure Rocket Enterprise Server for LRS/Queue integration.

  1. Connect to your Rocket Enterprise Server EC2 instance by following the instructions from Step 2: Connect to your instance in the Amazon EC2 documentation.

  2. In the Windows Start menu, open the Rocket Enterprise Server Administration UI.

  3. In the menu bar, choose NATIVE.

  4. In the navigation pane, choose Directory Server, and then choose BANKDEMO.

  5. From General in the left navigation pane, scroll down to the Additional section to configure the environment variables (LRSQ_ADDRESS, LRSQ_PORT, LRSQ_COMMAND) to point to LRSQ.

  6. For LRSQ_ADDRESS, enter the IP address or DNS name of the Network Load Balancer that you created earlier.

  7. For LRSQ_PORT, enter VPSX LRSQ Listener Port (5500).

  8. For LRSQ_COMMAND, enter the path location of the LRSQ executable.

Note

LRS currently supports a maximum character limit of 50 for DNS names, but this is subject to change in the future. If your DNS name is greater than 50, then you can use the IP address of the Network Load Balancer as an alternative.

Cloud architect

Configure Rocket Enterprise Server for LRS VPSX/MFI integration.

  1. Copy the VPSX_MFI_R2 folder from the LRS VPSX/MFI installer to the Rocket Enterprise Server location at C\BANKDEMO\print.

  2. Connect to your Rocket Enterprise Server EC2 instance by following the instructions from Step 2: Connect to your instance in the Amazon EC2 documentation.

  3. In the Windows Start menu, open the Rocket Enterprise Server Administration UI.

  4. In the menu bar, choose NATIVE.

  5. In the navigation pane, choose Directory Server, and then choose BANKDEMO.

  6. Under BANKDEMO, choose JES.

  7. Under JES Program Path, add the DLL(VPSX_MFI_R2) path from the C\BANKDEMO\print location.

Cloud architect
TaskDescriptionSkills required

Associate the Rocket Software Print Exit module to the Rocket Enterprise Server batch printer Server Execution Process.

  1. Connect to your Rocket Enterprise Server EC2 instance by following the instructions from Step 2: Connect to your instance in the Amazon EC2 documentation.

  2. In the Windows Start menu, open the Rocket Enterprise Server Administration UI.

  3. In the menu bar, choose NATIVE.

  4. In the navigation pane, choose Directory Server, and then choose BANKDEMO.

  5. Under BANKDEMO, choose JES, and scroll down to Printers.

  6. In Printers, associate the Rocket Software Print Exit module (LRSPRTE6 for Batch) to the Rocket Enterprise Server batch printer Server Execution Process (SEP). This allows print output routing to LRS VPSX/MFI.

  7. Sign in to the Enterprise Server Administration UI.

For more information about configuration, see Using the Exit in the Micro Focus documentation.

Cloud architect

Add a printer in LRS VPSX/MFI.

  1. Connect to your LRS VPSX/MFI EC2 instance by following the instructions from Step 2: Connect to your instance in the Amazon EC2 documentation.

  2. Open the VPSX Web Interface from the Windows Start menu.

  3. In the navigation pane, choose Printers.

  4. Choose Add, and then choose Add Printer.

  5. On the Printer Configuration page, for Printer Name, enter Local.

  6. For VPSX ID, enter VPS1.

  7. For CommType, select TCPIP/LRSQ.

  8. For Host/IP Address, enter the IP address of the physical printer that you want to add.

  9. For Device, enter the name of your device.

  10. Choose either Windows Driver or Linux/Mac Driver.

  11. Choose Add.

Cloud architect

Create a print user in LRS VPSX/MFI.

  1. Connect to your LRS VPSX/MFI EC2 instance by following the instructions from Step 2: Connect to your instance in the Amazon EC2 documentation.

  2. Open the VPSX Web Interface from the Windows Start menu.

  3. In the navigation pane, choose Security, and then choose Users.

  4. In the User Name column, choose admin, and then choose Copy.

  5. In the User Profile Maintenance window, for User Name, enter a user name (for example, PrintUser).

  6. For Description, enter a brief description (for example, User for test print).

  7. Choose Update. This creates a print user (for example, PrintUser).

  8. In the navigation pane, under User, choose the new user that you created.

  9. From the Command menu, choose Security.

  10. On the Security Rules page, choose all the applicable printer security and job security options, and then choose Save.

  11. To add your new print user to the Administrator group, go to the navigation pane, choose Security, and then choose Configure.

  12. In the Security configuration window, add your new print user to the Administrator column.

Cloud architect
TaskDescriptionSkills required

Create an AWS Managed Microsoft AD domain with users and groups.

  1. Create an Active Directory on AWS Managed Microsoft AD by following the instructions from Create your AWS Managed Microsoft AD directory in the AWS Directory Service documentation. 

  2. Deploy an EC2 instance (Active Directory manager) and install Active Directory tools to manage your AWS Managed Microsoft AD by following the instructions from Step 3: Deploy an EC2 instance to manage your AWS Managed Microsoft AD in the AWS Directory Service documentation.

  3. Note

    Connect to your EC2 instance by following the instructions from Step 2: Connect to your instance in the Amazon EC2 documentation. : When you connect to the EC2 instance, enter your administrator credentials (for the directory that you created in step one) in the Windows Security window.

  4. In the Windows Start menu, under Windows Administrative Tools, choose Active Directory Users and Computers.

  5. Create a print user in the Active Directory domain by following the steps from Create a user in the AWS Directory service documentation.

Cloud architect

Join LRS VPSX/MFI EC2 to an AWS Managed Microsoft AD domain.

Join LRS VPSX/MFI EC2 to your AWS Managed Microsoft AD domain automatically (AWS Knowledge Center documentation) or manually (AWS Directory Service documentation).

Cloud architect

Configure and integrate LRS/DIS with AWS Managed Microsoft AD.

  1. Connect to your LRS VPSX/MFI EC2 instance by following the instructions from Step 2: Connect to your instance in the Amazon EC2 documentation.

  2. In the Windows Start menu, open the VPSX Web Interface.

  3. In the navigation pane, choose Security, and then choose Configure.

  4. On the Security Configuration page, in the Security Parameters section, for Security Type, select Internal.

  5. Enter your preferences for the rest of the options in the Security Parameters section.

  6. Open the LRS Output Management folder from the Microsoft Windows Start menu, choose Server Start, and then choose Server Stop.

  7. Log in to LRS VPSX/MFI with your Active Directory user name and password.

Cloud architect
TaskDescriptionSkills required

Initiate a batch print request from the Rocket Software BankDemo app.

  1. Open the 3270 terminal emulator in your Rocket Enterprise Server EC2 instance.

  2. Connect to the BankDemo app by running the following command: connect 127.0.0.1:9278

  3. On the BankDemo command line interface, for User id, enter B0001. For Password, enter a non-blank key.

  4. For the Request printed statement(s) option, enter X on the blank line.

  5. In the Send statement by section, for Mail, enter Y, and then press F10.

Test engineer

Check the print output in LRS VPSX/MFI.

  1. Connect to your LRS VPSX/MFI EC2 instance by following the instructions from Step 2: Connect to your instance in the Amazon EC2 documentation.

  2. In Windows Start menu, open the VPSX Web Interface.

  3. In the navigation pane, choose Printers, and then choose Output Queue.

  4. In the Spool ID column, choose the spool ID for the request in the printer queue.

  5. On the Actions tab, in the COMMAND column, choose Browse

You can now see the print output of an account statement with columns for Account No., Description, Date, Amount, and Balance. For an example, see the batch_print_output attachment for this pattern.

Test engineer

Related resources

Additional information

Considerations

During your modernization journey, you may consider a wide variety of configurations for both mainframe batch processes and the output they generate. The mainframe platform has been customized by every customer and vendor that uses it with particular requirements that directly affect print. For example, your current platform may incorporate the IBM Advanced Function Presentation (AFP) or the Xerox Line Condition Data Stream (LCDS) into the current workflow. Additionally, mainframe carriage control characters and channel command words can affect the look of the printed page and may need special handling. As part of the modernization planning process, we recommend that you assess and understand the configurations in your specific print environment.

Print data capture

Rocket Software Print Exit passes the necessary information to enable LRS VPSX/MFI to effectively process the spool file. The information consists of fields passed in the relevant control blocks, such as:

  • JOBNAME

  • OWNER (USERID)

  • DESTINATION

  • FORM

  • FILENAME

  • WRITER

LRS VPSX/MFI supports the following mainframe batch mechanisms for capturing data from Rocket Enterprise Server.

  • BATCH COBOL print/spool processing using standard z/OS JCL SYSOUT DD/OUTPUT statements

  • BATCH COBOL print/spool processing using standard z/OS JCL CA-SPOOL SUBSYS DD statements

  • IMS/COBOL print/spool processing using the CBLTDLI interface (For a full list of supported methods and programming examples, see the LRS documentation that’s included with your product license.)

Printer fleet health checks

LRS VPSX/MFI (LRS LoadX) can perform deep dive health checks, including device management and operational optimization. Device management can detect failure in a printer device and route the print request to a healthy printer. For more information about deep dive health checks for printer fleets, see the LRS documentation that’s included with your product license.

Print authentication and authorization 

LRS/DIS enables LRS applications to authenticate user IDs and passwords by using Microsoft Active Directory or an LDAP server. In addition to basic print authorization, LRS/DIS can also apply granular-level print security controls in the following use cases:

  • Manage who can browse the printer job.

  • Manage the browsing level of other user's jobs.

  • Manage operational tasks. For example, command-level security such as hold/release, purge, modify, copy, and reroute. Security can be set up by either the User-ID or Group (similar to AD group or LDAP group). 

Attachments

To access additional content that is associated with this document, unzip the following file: attachment.zip