Connecting the Mainframe to the Internet

The Internet
As with intranets, the Internet has produced an abundance of information in trade journals. Internet usage grows more with each passing day. While most businesses are interested in utilizing this medium, several questions must be asked. If the company mainframe is placed on the Internet, will it be secure? Is the benefit of an Internet presence worth the initial and ongoing expenditures to maintain the presence? In order for a company to justify an Internet site, these questions must be answered. As explained last month, it is possible to place your Unisys mainframe on your company intranet. However, before connecting it to the actual Internet, several security concerns must be addressed. Once theses concerns are addressed, the mainframe can be placed on the Internet to allow direct access to your applications via the World Wide Web.

How Secure Is It?
The news media is full of cases of “hackers” breaking into large corporations and U.S. government organizations. With each of these high profile cases, comes additional worries regarding the security of any computer placed on the Internet. What one must remember about these cases is that generally the transgression involves some form of UNIX system. It is a well-documented fact that the UNIX operating system has many security “holes” that a knowledgeable person can exploit. As UNIX has evolved, many of these items have been removed, especially in proprietary UNIX systems like those offered by Sun, HP and Unisys. But with a long history in the educational and research communities, UNIX still contains esoteric options to infrequently used programs that allow compromising of security. This is not to say that a security breach is impossible on a mainframe. Simply put, security on a mainframe will be compromised far less than on a UNIX system because someone e-mailed themselves a copy of the password file. One example of robust password security is with the Unisys A-Series. Once a password is stored, it can never be retrieved in its original form. An algorithm exists that changes the password into an encrypted form. This form does not allow reversing the password into a legible form. Whenever a user logs into the system, the password they supply is converted, then compared to the converted password present in the password file. Therefore, it becomes easy to understand that a user will not be using a program to ask for a list of passwords on an A-Series. Of course, if a technical support person with high security clearance uses their spouse’s name as a password, all bets are off. As with any computing platform, a well-documented and well-executed security policy is the best and safest policy.

Data Security
Another security issue is the actual data sent over the Internet. Certainly, you would not want customers to feel uncomfortable sending credit card numbers over the Internet. Fortunately, technology exists to allow encryption of the data from the user to your system to ensure data security. This encryption method involves a unique “key” of at least 40, but normally 128 bits. It ensures that only the intended person can de-encrypt the messages. To put this in perspective, most Internet security experts calculate the amount of time to “crack” a 128-bit key in terms of Supercomputer-Months. Of course, while people involved with the Internet may be comfortable sending credit card information over the Internet, getting your customers to be comfortable with the idea is another story. Just as with any new technology, customer education is key. Many call center operations find a high initial resistance to Interactive Voice Response systems. Once the concept is marketed correctly, the customer population becomes accustomed to the idea and even embraces it. With time and accurate information, you and your customers can overcome any security concerns to the point where useful Internet applications can be created for your mainframe.

Order Processing
One such mainframe application is order processing. Order processing, or order entry, is one of the more common uses of a business-based mainframe. In the typical scenario, an order processor situated at a fixed terminal enters information into an application. The application, after receiving the screen, processes the incoming data according to a set of business rules contained in the mainframe application. The result is then written to a database, and the output is sent back to the terminal to confirm or deny the order. This type of transaction occurs literally millions of times per day at Unisys customer sites. An analysis of this system illustrates several advantages of a large, centralized system. The primary advantage is that the business rules are contained in a single, central location. Second, all the information regarding the order is kept in a single database available to all users from all locations. Of course, central reliance upon a single computing platform may pose a problem, but on a highly reliable and resilient mainframe this risk is far outweighed by the benefits.

A Different Approach
A different approach to the standard type of order processing is to enable the existing applications to accept input from the Internet. As with enabling applications to work on an intranet, a method is required to connect the existing applications to a web server. Again, a web server is the software that runs on the mainframe to send data to a web browser like Netscape’s Navigator or Microsoft’s Internet Explorer. One method to connect the applications with the web server is to use a tool that translates the standard forms data to the language of the World Wide Web, HTML. HTML, or Hyper Text Markup Language, is a page definition language that instructs web browsers about how to display the supplied data. With HTML, your existing order entry screens can be displayed to users of the World Wide Web to allow placing orders from the Internet. While this may be an interesting ability from a technology standpoint, the real question is how can it be used for actual business. Well, in the order entry case, the business application can fall into several categories. If your company has a field sales force, salespeople can enter their own orders right from the customer site. This occurs without having to create special applications in specialized languages on the mainframe or the PC. Another option is to allow your customers to connect to your system over the Internet and place their orders on their own time. Since the users are not using your toll-free telephone lines, the cost savings will add up rapidly especially for larger call centers. Keep in mind that even though your applications are now available to users of the Web, your existing terminal users can still enter data through your large terminal investment. Of course, once the applications are enabled to accept data from the Web, the same applications can accept data from your web browser-equipped internal users.

Service After the Sale
Most sales-oriented companies pride themselves on their customer service, and one area where customer service can be improved is to allow customer access to data over the Internet. Normally if a customer has questions about the status of an order, a toll-free call is placed to a customer service representative (CSR). The CSR greets the customer and inquires about the request. The CSR then looks up the customer order based upon an order number or the customer’s name. Assuming that an item was shipped to the customer, the CSR then takes the tracking number of the package and locates the package with the shipper. Some companies call the shipper while the caller is still on hold. The costs involved in this system are obvious. The web-enabled customer service applications on the mainframe can perform the same functions either directly for the customer or via the CSR. If the customer has Internet access, they can connect to your system, enter their identification information, then check on the status of an order without any assistance. Since many of the shipping companies like United Parcel Service, Federal Express, and Roadway Package Systems offer Internet tracking of packages, customers can track their own packages simply by clicking a button on their web browser. Of course, this all occurs without a single customer service person involved or any toll-free phone charges to the company. Even if the customer calls into Customer Service, the web browser will allow the CSR access to all the data in one place in a clean, efficient fashion. No longer are phone calls or dedicated data connections required to track a UPS package. The CSR can click on the same button the customer would have to track a package. Greater accuracy, reduced costs and quicker service are the benefits of this system. Coupled with your intranet operations, a mainframe Internet presence results in a faster, streamlined organization that will enhance your company’s image in the eyes of your customers, your competition, and your stockholders.

Summary
I hope these articles have improved your understanding of Internet technology. We have covered methods and applications for placing your system on the Internet. Additionally, we have discussed specific applications that your company can use to gain a competitive advantage over your competition. As with any new technology, customers, and frequently internal users, will have to be coddled into accepting this new approach to your business. While the Internet has been the subject of excessive “hype,” make no mistake – the Internet, and more specifically the sensible business uses of it, will make or break the companies of the 21st century. Good luck and I look forward to using your “World Class Web Site.”