Many enterprises that rely on IBM mainframes were caught out when the pandemic hit as they were not set up to enable large numbers of staff to access applications remotely. However, the enforced switch to home working has provided the much-needed impetus to evaluate the best ways to make the mainframe platform easily and securely accessible – not just from home, but around the office and also for employees who need to work on the go using different devices.
Let’s face it, the genie is now out of the bottle. Having had a taste of working from home over the course of the pandemic, many people are unlikely to go back to working full time from the office. Most want to have the flexibility of a mix of office and homeworking. Which means they want it to be just as easy to use their business applications from home as it is from their computer in the office. And ideally, they want the convenience of having access from their preferred devices, whether that’s a laptop, an iPad or their smartphone.
Today if we want the mainframe to be viewed as a truly modern platform, we should be aiming to ensure it embraces a work-from-anywhere model.
How the pandemic highlighted the mainframe access problem
Let’s reflect on what happened during the pandemic. Mainframe shops suddenly had to find an effective way of keeping large numbers of locked down employees productive while at home. Although most probably had remote access facilities in place for key technical staff and developers who support the mainframe, getting other business users set up will have been a challenge.
For example, it is normal for large organizations in sectors such as financial services and government to have thousands of employees accessing mainframe applications from their offices. Staff who work in customer-facing jobs often rely on enterprise applications running on the mainframe to perform business tasks such as processing insurance quotes or benefits claims, for example. Most enterprises would never have imagined suddenly needing to enable these employees to work from home for an extended period and access the mainframe remotely.
The traditional options for mainframe access
When working in the office, most users access the mainframe through a terminal emulator on their desktop PC or laptop. In order to allow people to work from home, mainframe IT teams traditionally think of two main options. One of these is to use tools such as Microsoft Remote Desktop Protocol (RDP) which allow employees to remotely log in to Windows on their office desktop via the computer they use at home. From there they can access the mainframe through their existing terminal emulator.
The other most common choice is to add employees’ home computers to the enterprise Virtual Private Network (VPN), so they can access the corporate network and the mainframe.
The problem with both these approaches is that they increase the IT department’s administration workload and incur additional ongoing software license costs. For example, both VPN and RDP software (if using a Mac or tablet) has to be downloaded onto the end user’s laptop or home desktop. And for those using a VPN, it is still necessary to download expensive terminal emulators on
the home computer or laptop. And of course, the software has to be kept updated, so the cost and administrative burden for the IT department cannot be easily dismissed.
The importance of the user experience
On top of this, it’s important to consider the user experience of these traditional approaches. While tech-savvy users will know how to install, update, and log in via VPN software, general business users who are less familiar with technology might find it a less than straightforward process, resulting in reduced productivity and an increase in calls to the support desk.
Moreover, traditional terminal emulators use the mainframe’s green screen command line interface which looks very old fashioned to modern users and does not support touch screen access for tablets and smartphones.
Today the user experience is paramount, and most platforms are designed to work across all devices. So why not the mainframe? In some businesses employees no longer even use PCs, relying instead on tablets and phones. They expect to be able to walk around their offices – in and out of meetings – interacting with their iPads. The mainframe must be able to keep up with the more mobile, flexible, modern ways of working that are expected today.
Why web-enabled session management could provide the answer
Thankfully, a solution that can address the mainframe’s accessibility problems is within easy reach of most mainframe customers: switch to using session management software that offers the option of a web interface. This provides an instant way of web enabling mainframe applications, allowing staff to access mainframe systems remotely from any device with a web browser. There’s no need to install additional software on a user’s PC or other device and no additional licensing and administration costs.
Introduced around 30 years ago to streamline access to mainframe applications, session managers are still used by most mainframe users today. They aid productivity and improve user experience by providing a single point of entry to all of the applications an individual is authorized to access. They allow people to switch between applications as required, without having to log in and out of each one individually.
The new generation of web-enabled session managers go a step further, modernizing mainframe access by delivering a better user experience, with an improved user interface and easier navigation within a web browser. Users can work with traditional 3270 applications directly using any device, with support for small screen sizes and the ability to use mouse clicks and touch screen commands.
A better user experience without additional overhead
A session manager avoids the expense and administration overhead of deploying and supporting terminal emulators. And the experience is very user friendly. It’s not dissimilar to asking employees to log into their company website or bank through their browser. Once they’ve logged in, they can click through to their applications with the same security rules as if they were in the office.
In fact, modern session managers can play a role in improving security by making it easier to replace traditional password security with stronger Multi-Factor Authentication (MFA). If users are accessing applications remotely from a variety of devices, then authentication becomes even more important. Session managers make adopting MFA simpler because it needs to be implemented in only one
place – the session manager itself – rather than separately on the many individual applications that are typically hosted on a mainframe.
If the mainframe is going to be part of the new normal, enterprises will have to find a way to modernize access to provide a user experience that is akin to other modern technology platforms. At the same time, it is important to minimize both the admin burden on the IT team and the costs to the business. Web enablement through a session manager may prove to be the answer the mainframe community has been looking for.
Keith Banham has worked in IT for over 35 years and is the mainframe R&D manager at Macro 4, a division of UNICOM Global. Keith started as an Assembler programmer at a major bank and during his 30+ years at Macro 4 he has worked on many of the company’s solutions for application lifecycle management, application performance management, document management and session management. He is responsible for driving the modernization of these solutions by building web, Eclipse and mobile interfaces, and architecting cross-platform solutions utilizing UNICOM’s open systems and IBM i capabilities.