Moving from a Mainframe to a Web-Based Design
ABSTRACT
Conversion from mainframe to web-based design provides straightforward access to information and allows new applications to be developed at a faster rate. User adaptation to a web-based design is an integral part of the conversion process and key to its success. This paper explores many of the issues involved and provides the tools for strategic planning that produce a mainframe to web based design conversion process.
The main issues concerning conversion are: end-user behavior modification, developer process modification, security risks, and outsourcing. This paper reviews how the database, as well as the network, can be secured through encryption, controlling user access, identifying users, and authenticating users. Business process implications are reviewed including outsourcing and testing procedures. New development tools and implementation of standards are explored as ways to ease the conversion process allowing future applications to be developed faster. This paper also shows how user involvement in the process not only increases user productivity, but also modifies the application design.
INTRODUCTION
In today’s diverse technological society, maintaining legacy applications on a mainframe system is becoming increasingly difficult to justify. Companies are becoming increasingly diverse and are relying heavily on information that is available anytime, anywhere. This often requires that applications be web-based and relational database driven. Migrating to a web-based system often dictates migrating legacy systems, to insure compatibility. Mainframes, which were once the standard, are becoming too expensive, increasingly difficult to maintain, and do not perform enough tasks for the growing web-enabled world. Web technology can breathe new life into older systems, improving information quality and associated processes, lowering costs associated with getting information, and at the same time exposing the process to a wider audience (Wiseth, 1998a) . Converting from a mainframe to web-based system allows companies to continue moving forward in the world of technology while facilitating straightforward access to information.
Between the promise and the reality of the Internet lie two sweet spots for corporate developers. The first one is the ability to use the Internet as a wide-area network (WAN). The second is the ability to use the Internet, specifically, the World Wide Web, as a new interface to existing corporate applications (Scheier, 1996) . To cut management costs and enhance relationships with their business partners, some users are nudging customer management functions to the web. Web-based customer information systems offer definite advantages over mainframe systems, including easier user training, less expensive support, faster upgrades, and better information sharing (Girard, 1998) . Web-based systems are no longer the wave of the future, they are the present requirement for continued successfulness.
While the benefits are numerous, if not planned and implemented properly, the conversion can be a nightmare. Organizations face many problems when migrating from a mainframe to web-based design. This paper discusses these problems, lays out a process for converting from a mainframe to web-based design based on these problems, and demonstrates the need for this conversion.
PROBLEMS ORGANIZATIONS FACE CONVERTING FROM A MAINFRAME TO WEB-BASED DESIGN
Migrating to the web entails many changes. Unfortunately, users often resist change. Mainframe applications generally use keyboard navigation. Though inflexible, keyboard navigation is straightforward and memorizable. It is easy for a user to go through the motions and stop thinking about process. Mouse navigation of a graphical user interface provides so many possibilities. Despite the fact that many users want a graphical user interface, they can become intimidated by the interface and overwhelmed by the options. Applications are a failure if the end user cannot determine how they work, regardless of their stability. As a result, developers should take care to ensure ease of use for this new interface.
End-users are having greater demands placed on them for a better understanding of applications. Although they should, many users do not have much input into the design and development of applications. Consequently, applications may require several redesigns. These redesigns are inefficient and can create frustration for both the user and developer, thus, increasing the risk for application failure. To overcome this pitfall, standards are a must for application development. These development standards require coordination between the end-user and developer to ensure that all of the users needs are met.
Developer’s skill sets must also be addressed. Much like users, some developers are also resistant to change. This new skill set is essential to ensure successful conversion from the mainframe to web-based design. This resistance is more common in veteran IT professionals. That having been said, the desire to learn new technology is often seen as a positive experience among most IT professionals (Wetherbe, et al, 1996).
Many companies have recently moved or are in the process of moving to the Internet and harbor fears about an insecure network or database (McKendrick, 2000) . Security must be considered when migrating to a web-based design. It is important to understand that security risks can originate from both inside and outside the organization. “Security quickly becomes critical when a company does anything more ambitious than posting a home page with electronic versions of its press releases” (Scheier, 1996) . In addition to preventing attacks, recovering from attacks in a timely manner is also a security issue. Security risks are increasing everyday and should be taken seriously.
Converting mainframe legacy systems to a web-based design is time consuming and expensive. Although outsourcing can increase short-term cost, many companies don’t have the staff or time to do the conversion in-house. If only certain aspects of applications are outsourced, consideration must be given so that all facets of the application are compatible when the conversion process is completed. In addition, organizations that perform conversion outsourcing may not understand the complete functionality of applications. As a result, testing applications can pose a serious risk. To ensure a seamless conversion, a mapped process can minimize migration problems for a seamless conversion.
THE PROCESS OF CONVERTING FROM MAINFRAMES TO WEB-ENABLED SYSTEMS
This paper lays out a tactical plan for converting from a mainframe to web-based design based on the important issues that an organization faces. These issues include: end-user adaptation, developer adaptation behavior, security risks, and outsourcing issues. With proper planning, mainframe to web-based design conversion can allow organizations to insure data integrity and take advantage of current technology.
End-User Adaptation
End user adaptation is influenced by many factors including the use of graphical user interfaces, training and the availability and use of query tools.
Converting to a useful graphical user interface (GUI) is important for the success of a web-based design. The World Wide Web has proven to be a great training ground as it has provided a graphical user interface to which many people have become accustomed. Standards development is a good way to ease the process of learning to use a graphical user interface. The success of an application is based not only on its technical design but also on how useful it is. Standards should be established based upon a combination of user requests and the development team’s input. The user must be satisfied with the look and feel of the application. After all, if the user doesn’t know how to use the application, it is ineffectual.
End-user adaptation also requires training. There are various approaches to training including, traditional classroom training and web or computer-based training. The type of training used depends on the situation and the user. Computer-based training is more cost effective and less time consuming as it eliminates travel time and expenses typically related to classroom training (McGee, 1998) . On the other hand, traditional classroom training provides a unique one on one interaction, but typically involves more costs. All methods of training offer different advantages and disadvantages. Each situation should be evaluated to determine the best solution, rather than putting just one medium out there” (McGee, 1998) . Reducing the risk of implementation failure through training strengthens the relationship with the customer, while at the same time it opens additional service opportunities for integrators (Torode, 1998) . Training is an integral part of the migration process. Therefore, every business should carefully evaluate their needs to determine which type of training is best.
Moving to a web-based design encourages user input and query as a whole. Users can be trained to use query tools so they are able to design their own reports. However, caution must be taken so that the user does not have full access to production databases. With new query tools, such as BI/Query and Crystal Reports, more users are able to develop their own reports. If the users know how to use query tools, they will be better able to assist in the design of new applications, as they will have a better understanding of how applications are put together. This increases the users knowledge of applications development. User input in the design process increases productivity, allowing the user to have direct input not only in the initial design but throughout the development of applications. This user input decreases the need for several redesigns, thus decreasing the time to develop new applications.
Developer Adaptation Behavior
The developer must be trained in the use of new software to maintain the converted applications as well as developing new applications. To keep pace in today’s faster growing and moving world of technology, experts suggest that IT leaders should look to raise training’s profile from that of a necessary evil to the cornerstone of application development, deployment, and maintenance efforts (Levin, 1998) . Training developers helps to eliminate confusion with new development tools while at the same time increasing developer productivity.
The development of standards is another important task that influences developer behavior. Standards help speed up the development process for new applications. One popular standard that helps with developer productivity is the use of design templates. For example, each time a new application is developed, the designer could use the template (ex, see Figure 1: A Design Template). There are a number of things that should be standardized including: the color of the screen, color of the font, size of the screen, size of the font, size of the fields, the use of images, the size of images, and the basic graphics to be used, if any. Establishing template standards not only decreases the time it takes to develop new applications, but also insures consistency across all applications. The results are applications that are more user friendly.
Figure1: A Design Template
Designing applications using a template helps to ensure that applications maintain the same look and feel. The result is an application that is easier to use and more intuitive to the user.
Another area that influences the success of adopting a web-based design is training developers in the testing methods employed with the new technology. Constantly dealing with problems in testing can cause frustration and resistance on the part of the developer. Learning not only how to develop systems using new technology, but how to properly test these applications, will help ensure the implementation of systems that better meet users needs. The result is increased user satisfaction.
Security Risks
Converting legacy applications to web-enabled applications also has security risks. There are many different tools that can be used to increase security for an organization. One of the most common ways to handle security is through user authentication. Many applications that have confidential data prompt for a username and password. Many database administrators suggest changing passwords at frequent intervals as well as removing default user groups.
Encryption is also a common means of security. Most databases, as well as web browsers, have some form of encryption. Though, one should take care that there is also encryption on the network link as well as other software used to access applications.
Maintaining up-to-date software is another security measure that many organizations take. The longer software is available and the more widespread its use is, the more likely the software is to have security issues. As the vendor becomes aware of these security issues, they begin to create patches or upgrades for the software to fix the problems. Applying the patches or upgrades can help to prevent attacks through these holes in security.
Firewalls are a common primary defense against external attacks. Firewalls prevent unauthorized access to a network by authenticating the source and destination of Internet Protocol (IP) addresses, as well as port sources and destinations. Network Address Translation (NAT) is another way a firewall may be used to address security. NAT addressing only allows internal users direct access to IP addresses. The IP addresses are, “phantom” IP addresses, meaning the IP address an external user sees doesn’t actually exist. This will limit the direct access outside users have, thus increasing security.
Hackers do not always cause security risks. They may be caused by the users. For instance, the user may accidentally download viruses or corrupted files. There are many software packages that check for viruses and corrupted files, such as McAfee VirusScan or Norton Antivirus. However, the user does not always have to download files to put his/her computers at risk. The user’s browser might have inappropriate default settings. Failing to turn off Java, for instance, will subject the system to network activities that users probably don’t need or want (Chamberlin, 1999) . Heightened security often leads to limited access and services, but limiting access and eliminating unneeded services can increase security. Reducing services reduces log entry thus making the detection of unexpected or unwanted behavior easier. Therefore, it is imperative to keep a close eye on users and their behavior.
In addition, there should also never be anything of great value, such as passwords or credit card numbers, stored on the web server. It is a good idea to have applications and data stored on different servers, eliminating the assurance that just because someone has access to one server, means they have access to another. Physical access should also be limited to the proper individuals. With the proper design, a web server can be like a house with a well-designed security system.
It is not only important to take measures to prevent attacks, but to also be able to recover from an attack. A back up of each server should be made everyday. There should also be a manual recovery procedure in place to help ensure faster recovery. If you manage your web server appropriately, you can be confident that any attack on your server will send alerts to the network manager so that the effort can be stopped in its tracks” (Rash, 1999) . It is almost impossible to be totally secure from hackers, but if the server is backed up and the security is designed thoughtfully, one can be confident that a recovery from an attack could be done quickly.
Sure it is possible to break into a house with the best security system money can buy, but that doesn’t mean you shouldn’t have one. It is much easier to break into the house that does not have a security system at all. In the case of criminals who want to break into a web server, it pays to make it hard enough that they will go elsewhere (Rash, 1999) . Security issues are becoming increasingly important, and one should take precautions to prevent attacks.
Outsourcing
If certain aspects of the migration are not core to your business, you will probably benefit from outsourcing some, if not all of the work (Wiseth, 1998b) . Converting legacy applications can be a resource intensive task. Many firms focus on the conversion of legacy applications and can convert them faster and cheaper than converting the applications in-house. Some companies may choose to outsource only part of the migration process, such as forms conversion, and convert the programs, such as SQL, C, or COBOL, in-house. Outsourcing can give companies the benefit of the conversion process with comparable cost implications and a reduction in resource consumption, while allowing development of new applications to continue.
Choosing what and when to outsource is a critical task for a successful business. Although outsourcing is a good way to get the job done faster, no one knows the applications better than the designer and user. Therefore, to insure quality assurance, it is critical for testing to be in-house. Testing should occur on a development database. After testing the converted applications should be moved to a production database. This allows testing of all applications, while users continue with day-to-day activities.
CONCLUSION
Web-based design allows employees and customer’s straightforward access to information needed to perform tasks. To continue to be successful, it is almost mandatory to move to a web-based design. Converting legacy applications to a web-based design allows programmers to move towards the new technology needed to develop new applications. This eliminates support for two different types of systems, eventually reducing costs. Therefore, a conversion makes good business sense.
The question information systems professionals should be asking today is not whether client/server computing has a future but whether a browser-based application can handle their business needs. If uncertainty still exists about whether the World Wide Web is the wave of the future and critical to the success of a business, consider that it took only five years for the web to get fifty million users, whereas it took almost forty years for the radio to get the same number of listeners (Niemiec, 1998) . Moving to web-enabled applications will prepare a company for the next turn of the wheel by allowing users straightforward access to information with a secure database and network, by saving long-term costs, and allowing the developers and end-users the ability to take advantage of current technology. The key is using the proper conversion process.
REFERENCES
Avolio, F. M. (2000, March 20). Best practices in network security. Network Computing, 11, 60.
Chamberlin, C. (1999, June). Web Security Sourcebook: A Complete Guide to Web Security Threats and Solutions. Security Management, 43, 119.
Dewan, R. M., Freimer, M. L., & Seidmann, A. (1998, August). Internet service providers, proprietary content, and the battle for users’ dollars. Association for Computing Machinery. Communication of the ACM, 41, 43-48.
Girard, K. (1998, May 11). Know our customers. Computerworld, 32, 47-48.
Levin, R. (1998, June 8). Train at the speed of change. Informationweek, 1A-12A.
McGee, M. K. (1998, June 22). Save on training. Informationweek, 141-146.
McKendrick, J. (2000, March 13). Open access, tight security. Midrange Systems, 13, 34-41.
Niemiec, R. (1998, November/December). Getting Ready for E-Commerce. Oracle Magazine, 7, 89-92.
Parker, T. (1999, March). MultiView V.4. UNIX Review’s Performance Computing, 17, 57-58.
Rash, W. (1999, June 7). Web Security: Let’s Make A Federal Case Out Of It. Internetweek, 74.
Scheier, R. L. (1996). Doing Business on the Internet. Available: http://www.oracle.com/oramag/oracle/96-Jan/16ins1.html.
Tiazkun, S. (1999, August 9). Paying the price for compliance. Computer Reseller News, 8.
Torode, C. (1998, October 12). SAP stresses value of user training on ERP. Computer Reseller News, 61.
Wetherbe, James C., Bond Wetherbe, and Mark N. Frolick. “Mass Customization of Motivation and Reward Systems: Different Strokes for Different Folks,” Journal of Computer Information Systems, Vol. 39, No. 3, Spring 1999, pp. 29-37.
Wiseth, K. (1998a, November/December). Next – Generation Web. Oracle Magazine, 7, 46-66.
Wiseth, K. (1998b, November/December). When to Outsource for Strategic Advantage. Oracle Magazie, 7, 68.
Leave a Reply