Choices, Choices, Choices: Console Solutions for the New Mainframe Environment

Many companies are grappling with console management challenges in the New Mainframe Environment. Business and economic drivers demand the mainframe datacenter be responsive to this new environment in many ways:

New Applications

Companies continue to conclude that the mainframe environment is ideal for new strategic and mission critical applications.

Scalability

Data center consolidations, mergers and acquisitions, and outsourcing are forces fueling the trend towards increased consolidation of mainframe complexes and datacenters. As these events occur, companies exploit the OS390 Sysplex architecture to add logical system images or partitions (LPARs). The dynamics of the New Mainframe Environment increase the scalability requirement for the typical mainframe Sysplex to support more LPARs.

Better Disaster Recovery

Post 9/11, companies are reevaluating their disaster plans and identifying needs for better remote management and faster service recovery even as they increase pressure to reduce the disaster asset equipment inventory.

Strengthened Security

The epidemic of hacking and destructive viruses is forcing companies to authenticate users and encrypt access to all mission critical systems.

Reduced Staff and Cost

Companies continue to seek ways to do more with less in their datacenter operations. This means reducing raised floor space and moving towards more lights-out and remote operation staffing plans.

The ability of the New Mainframe architecture, with ESCON channel and EMIF/MIF LPARs, to respond to these factors is one of the reasons that the mainframe datacenter continues to reinvent its role in corporate IT infrastructures. However, console management is an aspect of this evolution that has IT management seeking better solutions.

Vendors are responding to this customer need. There is no shortage of alternatives to choose from when deciding how best to address the console management challenge. In fact, the number of choices available and the implications of the broad business scope of the solution add complexity to the evaluation and decision processes.

This paper examines the issues, the alternatives, and the pros and cons of each. In the end, you will be armed with the knowledge you need to make the correct choice for your console management requirements in the New Mainframe Environment.

The Console Challenge

The scalability driver is typically the catalyst for IT Managers to recognize the console management dilemma. Companies adding LPARs to their mainframe complex, for any of the reasons mentioned, are finding the additional processor and IPL console requirements to be problematic. In the past, requirements for new LPAR consoles were satisfied with the purchase and installation of additional channel-attached 3174 control units to service the console terminals, printers, and other mainframe peripheral devices that emulate terminals. Today’s New Mainframe architecture with ESCON channel and EMIF/MIF LPARs can easily scale the topology illustrated up to 30 LPARs today, and beyond when IBM delivers on its promised extension of the LPAR limit to 60. (See Figure 1.)

The console challenge in the new mainframe environment

With the discontinuation of IBM’s 3174 controller product family, companies are naturally hesitant before adopting a new standard solution. IBM’s new solution, described in more detail below, solves some problems but leaves several new questions unanswered. In addition to the required controller expansion, IT management is likely faced with one or more of these factors that further complicates their evaluation:

  • Insufficient raised floor space. For example, an acquisition-driven consolidation may not allow time for normal space planning.
  • Need to continue using legacy coax attached console terminals or printers.
  • Storage solutions like STK’s mass storage SILO with coax-attached LMU or other coax terminal emulating peripherals.
  • Need to network consoles for remote management over the Internet or corporate intranet.
  • Duplication of new LPAR equipment in disaster facilities. An acquired company may not have a disaster facility but the acquirer has a corporate mandate. This increases the incremental controller count and the need for remote operations.

Getting from Here to There

Another critical consideration for any solution that addresses some or all of a company’s console requirements is the solution’s migration implications. Alternative solutions must be weighed based on how they enable a company’s requirements for migrating from the current control unit based architecture to the consolidated and networked console environment that the company needs. Features of a particular solution, or lack of some features, may dictate: a sequence of migration, new console workstation hardware spending, operations changes, training and new maintenance procedures, and the availability of floor space.

The Solution Choices

The range of choices facing companies should feel familiar. Many times in the past, mainframe IT managers have weighed “the way we have always done it” versus IBM’s latest solution versus third party solutions with different attributes and additional features. Console management alternatives are no exception. Following is a summary of those alternatives with advantages and disadvantages of each. The sequence begins by contrasting IBM’s current solutions to the legacy console architecture and the New Mainframe Environments console management requirements. Following those are analyses of several 3rd party solutions.

Solution 1: Additional IBM 3174 Console Controllers

Description

One could call this the “more of the same” alternative. Additional LPARs and 3174 controllers would be deployed as in Figure 1. Companies may have some inventory of 3174 controllers warehoused or they might tap the used/refurbished equipment market for the required devices.

Advantages

  1. Cost - internal surplus equipment may have no cost.
  2. Simple - no new skills, processes, gens, etc.
  3. Compatibility for legacy displays, printers, peripherals.

Disadvantages

  1. Scalability limited - One or two 3174s per new LPAR.
  2. No console consolidation.
  3. Physical - Raised floor space, power, cooling requirements
  4. Cost - ESCON capable used-market 3174s or OEM controllers may represent up to $40k per LPAR.
  5. No network support for remote consoles.
  6. Serviceability and Support - As these devices fade further into obsolescence, even third party maintenance providers will be increasingly challenged to spare for hardware failures and maintain skills for trouble shooting, repair and configuration.
  7. The 3174s in the warehouse may not support Non-SNA console operations.

Conclusion

A company might decide for small, incremental LPAR expansions that adding incremental controllers is a viable, tactical solution, particularly if the company does have some warehoused 3174 equipment. New OEM controllers, like the Visara SCON, might also be cost effective for companies with a strong preference to continue with “more of the same”.

But, for New Mainframe Environments with significant LPAR expansion plans, severe floor space constraints, or strong network console support requirements, “more of the same” is no longer a viable solution to the console requirement.

Solution 2: IBM zOS SMCS consoles

Description

With the evolution of IBM mainframe operating systems to the z/OS platform, IBM added a capability called SNA Multiple Console Support (SMCS). This facility has the potential to solve some of the operational console issues that exist in the New Mainframe Environment, including network access to the z/OS master consoles and console consolidation.

Specifically, SMCS provides for access and command line capability for SNA defined network terminals to the OS console functionality that has historically been limited to non-SNA, channel-attached control unit terminals.

In addition, when used in conjunction with z/OS complexes running a native TCP/IP protocol stack with TN3270 server, SMCS provides IP network access to a consolidated system console facility.

Advantages

  1. Eliminates the control unit requirement for physical connectivity to the z/OS console.
  2. Supports both SNA and IP network access for networked console connections.
  3. Support for remote SNA terminal controllers offers a migration path for support of coax attached console displays.

Disadvantages

  1. Lack of Nucleus Initialization Phase (NIP) console support means no access during the processor initialization.
  2. No console availability until JES and VTAM are up and active for SNA network devices/emulators.
  3. No console availability until JES, VTAM and TCP/IP are active for IP network devices/emulators.
  4. Other SMCS console limitations:
    • No Synchronous WTO/R (also known as disabled console communication facility (DCCF).
    • Different console activation process will require operation changes and training.
    • No output-only consoles. SMCS is always full-capability consoles.
    • No console printer support and cannot be used as hardcopy device.
  5. Requires upgrade of MVS or OS390 to z/OS.
  6. No direct coax device connectivity supported. Migrating ports to remote SNA controllers requires
    additional remote control units.
  7. Additional VTAM and RACF definitions for console users.
  8. VTAM major node recycle will impact console availability.
  9. Disaster recovery time will increase to bring up VTAM and TCP/IP.
  10. No relief from the 99-console limit of the Sysplex.
  11. Network only console access means that mainframe console access is completely dependant on network availability.

Conclusion

SMCS support in z/OS is a potentially useful capability for some consolidated and network console access requirements. However, its limitations make the facility more of a complement to traditional non-SNA controller terminal master consoles rather than a replacement. Without the capability to completely replace consoles through hardware initialization and all phases of system IPL, the z/OS SMCS facility’s utility is restricted.

Migration

Migration to the z/OS consolidated network console environment is also not straightforward. Important considerations include:

  • Lack of direct coax support for legacy display connectivity limits integration and migration flexibility. Day 1, SMCS users will require new workstations with associated training, support and networks.
  • Exploiting SMCS will also require significant changes to mainframe OS definitions and operational procedures.

Most companies using SMCS will likely continue to support a significant number of legacy controllers for master consoles and possibly other legacy terminals. Thus the vision of all-network or all-IP consoles will likely be only partially realized with IBM’s z/OS solution. Many of the objectives and associated benefits may also be limited or delayed.

Solution 3: IBM 2074 Control Unit

Description

As IBM positioned itself to End-of-Life the venerable 3174 Control Unit family, the company introduced the 2074 Control Unit as the roadmap for z/OS and OS/390 processor and IPL console connectivity. The 2074 validates the inadequacy of Solution 1 for scalable and strategically thinking New Mainframe shops. The 2074 control unit is ESCON attached to the processor complex’s ESCON Director. It then emulates the channel control unit function for a large number of legacy 3174s. The terminal sessions genned to each of those channel addresses are then “served” to TN3270 equipped terminal emulators on PCs used by operators who may be attached through a LAN in the datacenter operations area or accessing the datacenter remotely over the company’s intranet or the Internet.

2074 Architecture

The IBM 2074 was developed on the IBM Netvista Intel PC hardware platform running the OS/2 operating system. The hardware platform is equipped with a hardware adapter for up to two ESCON channel connections. Terminal connectivity is IP TN3270 only and network connectivity is either Token-Ring or Ethernet LAN attachments.

Plug compatibility and emulation of the legacy controller and channel protocol functions is a significant benefit of the 2074 architecture. It eliminates the need for major revamping of the MVS IO Gen, console and user definitions, and mainframe operation procedures.

Advantages

  1. Scalable - effectively achieves the 3174 replacement and console consolidation objectives.
  2. Network and remote consoles support.
  3. Physical - achieves N:1 (or 2 for primary/secondary configurations) LPAR to console ratio making possible significant floor space, power, cooling savings.
  4. Plug compatible solution architecture - Outboard, non-SNA controller emulation eliminates requirement for I/O Gen or console definition changes.

Disadvantages

  1. No coax connectivity support for legacy terminals, printers, and mainframe peripherals that emulate terminals like STK’s mass storage LMU.
  2. Network only console access means that mainframe console access is completely dependent on network availability.
  3. OS/2-based 2074 architecture
    • OS/2 GUI configuration interface may be unfamiliar to 3174 experienced staff.
    • As OS/2 nears obsolescence, 2074 may be migrated to a Windows or Unix based platforms, requiring a disruptive upgrade.
    • General-purpose operating systems have hacking and virus security exposures.
  4. No SNA session support - limits the use of 2074 controller function to exclusively non-SNA console sessions.
  5. No Telnet Support - TN3270 only, limits client flexibility.
  6. Maximum 32 sessions per ESCON interface may be inadequate for large complexes. Newly announced 2074 Mod 3 achieved maximum of 48 sessions per ESCON card, but requires complete box replacement.

Conclusion

IBM’s roadmap solution for consolidated consoles, the 2074 Control Unit, viably satisfies the two primary solution requirements: control unit/console consolidation and IP network console services. There are, however, several considerations evaluators need to weigh for which the IBM 2074 solution may be less than ideal.

  • Lack of legacy device connectivity means a shop must either migrate all its terminals, printers, and other terminal emulating peripherals to IP access, which may not be physically possible or affordable, or evolve into a hybrid console management configuration where LPARs have both consolidated network console access and traditional 3174s. This scenario would significantly limit the value of the primary solution features.
  • Session support limited to 32 non-SNA sessions per ESCON interface for model 2 is quite restrictive for large complexes and where the same consoles may have a SNA session requirement. In addition, moving beyond these limits requires a 2074 model 3 which is a disruptive change and complete box replacement, providing no investment protection.
  • Not offering a single vendor console solution including network security significantly complicates an implementation using network consoles for remote console access or remote datacenter operations. The solution takes on security architecture implications that require a multi-vendor decision for encryption, VPNs, and authentication that will expand the scope of a decision into the realm of corporate network operations and security.

Migration

The plug compatibility of the 2074 solution resolves this significant limitation of the z/OS SMCS solution by eliminating major mainframe configuration changes. However, many of the migration concerns related to lack of coax connectivity for legacy displays and printer devices are still a limitation of the 2074 solution. As a result, many mainframe shops will keep some number of legacy controllers for support of those non-supported, but critical coax attached devices. Shops will find themselves with one foot in the New Mainframe Environment, but one foot stuck back in the old mainframe environment. Again, the objectives and associated benefits of console consolidation and networking may be limited or delayed.

Solution 4: PC-platform, Windows OS-based solutions

Description

Several companies market console consolidation solutions with hardware/software offerings architecturally similar to the IBM 2074. These products may be pure software offerings where the user company selects and procures the PC hardware themselves. Other vendors are bundling a software/hardware offering for more of a total solution approach.

Either way, this class of console consolidation product is implemented in the same way that the IBM 2074 solution is, to satisfy the consolidation and network console requirements. They make ESCON connections to the processor complex through the ESCON Director, emulating the channel control units for the consoles for each LPAR, they then “serve” console sessions to networked TN3270-equipped PCs for system operators.

Most of them also add features to expand the solution beyond some of the IBM 2074 limitations. Some offerings have support for legacy coax attached devices. Evaluators need to look carefully to verify that a solution has adequate coax port capacity. Also, some products implement coax support in ways that may not be desirable. For example, some solutions offer optional, external, network attached devices with the coax support. Alternatively, some solutions may serve consoles to downstream SNA controllers that provide the legacy coax ports.

Some of these solutions also bundle security services into their offering. This may be desirable to companies looking to purchase and implement a single vendor console solution that includes security. For buyers like this, a careful assessment of the security features is important. Some utilize proprietary encryption and authentication protocols and will require proprietary clients, significant per-client configurations and maintenance, and may lack in other centralized manageability features. Non-industry standard encryption methods may not satisfy security requirements for government agencies or contracts.

Platform Architecture

This class of product is based on an Intel processor and Microsoft Windows operating system platform. They utilize industry standard I/O adapter cards to implement the ESCON channel connections.

While many IT shops are comfortable with the Enterprise robustness of Windows 2000/XP, some shops still feel it does not meet the standard of mainframe-class reliability. In either case, the openness and prevalence of the environment in the public domain should give evaluators a couple of things to consider:

  • Should a company’s mainframe console server ever be compromised with the installation of additional applications or should it serve other infrastructure management purposes? Is the operations group prepared to take on the additional work of managing Microsoft security patches?
  • Is the availability and low cost of the platform a compelling enough reason to risk committing the company’s mission critical console server to the industry’s most hacker- and virus-targeted platform?

Advantages

  1. Scalable - effectively achieves the 3174 replacement and console consolidation objectives of the problem.
  2. Network and remote consoles support.
  3. Physical - achieves N:1 (or 2 for primary/secondary configurations) LPAR to console ratio making possible significant floor space, power, cooling savings.
  4. Plug compatible solution architecture - Outboard, non-SNA controller emulation eliminates requirement for I/O Gen or console definition changes.
  5. Some offerings support coax connections enabling migration and integration for legacy terminals, printers and terminal emulating peripherals.
  6. Some offer single vendor solutions with security.

Disadvantages

  1. Coax support may not have enough density or may be offered on additional, separate devices.
  2. Open-standard hardware/OS architecture limits vendors’ control of product roadmap and support.
  3. Maintenance intensive - software product upgrades plus separate Microsoft Windows OS patches.
  4. Platform OS poses significant hacking and virus vulnerabilities.
  5. Single server solutions with security may have several limitations:
    • The single processor environment may limit performance scaling.
    • Combined console server/security solutions increase single point of failure potential.
    • Security features may not be standards-based.
    • Client usability may be complicated by proprietary client software and per-client configuration requirements.
  6. Windows GUI for configuration interface may not be familiar to 3174 experienced staff.
  7. A new datacenter infrastructure product vendor.
  8. Software-only products will have disjointed hardware/software support structures.
  9. Network only console access, which is the case for some solutions means that mainframe console access is completely dependant on network availability.

Conclusion

The class of console consolidation software products based on Intel processors and Windows OS may have significant advantages to some companies when compared to the IBM 2074 product. Offerings in this category will need to be carefully evaluated to see if they meet an individual company’s requirements for coax connectivity, single vendor security, and overall suitability for an Enterprise-class, mission-critical infrastructure platform.

Migration

Products with coax support may make them better suited than the IBM 2074 for migration or, in the longer term, indefinite support for a mixed environment of IP networked PC/terminal emulators and legacy, coax-attached equipment. However, details of the implementation and its potential port density need to be understood.

All the products in this category utilize the plug-compatible solution architecture like the IBM 2074. This gives them the same simple, migration-enabling deployment path of the IBM 2074. As mentioned above, coax support for legacy terminal, printer, and peripheral devices varies by specific product. Each needs to be evaluated for its implementation specifics and coax port density. But as a category, these products can potentially provide a good migration capability.

Some of the PC hardware-based products may satisfy a company’s need for single vendor solutions with security. However, specific product implementations should be assessed for usability and compliance with industry security standards.

The standard PC hardware and general purpose Microsoft OS platform are the biggest shortcomings of these products. The solution vendors must be reactive to their respective hardware and OS roadmaps. The general purpose Windows OS environment poses a high ongoing maintenance burden and significant vulnerability to hacking and virus threats.

Solution 5: Visara SCON Console Controller

Description

Visara International’s SCON product family, the SCON-20L, -22L and -25L (-2XL) models, is a console consolidation and networking solution platform that meets the full range of New Mainframe console management requirements. As with the IBM 2074 and the PC-based software solutions, SCON’s connectivity and logical configuration is plug compatible with the IBM 3174 controllers that it emulates. Figure 2 illustrates the ESCON channel and Director connections for the multiple LPAR console consolidation. It also shows the Token-Ring and Ethernet LAN connection options for serving console sessions to Telnet and TN3270 users over the corporate intranet or remote users via Internet access.

SCON's supported coax ports for legacy terminals, printers and other peripherals

Figure 2 also illustrates SCON’s supported coax ports for legacy terminals, printers and other peripherals like the STK mass storage LMU shown here. With capacity for up to 256 non-SNA sessions per ESCON interface, SCON is the industry benchmark for session capacity to satisfy the console scalability requirements of the New Mainframe Environment.

Visara’s security solution offers users a robust authentication and encryption capability. The inclusion of security in a single product decision significantly simplifies the solution evaluation and its deployment. Because datacenter managers are responsible for controlling and administering console user access, extending that control to the administration of secure user authentication and console session encryption, autonomously from the corporate network and security organizations, is a major consideration. This allows them to maintain tight control and maximum security for the highly sensitive, centralized corporate processing utility.

The SCON 2XL’s security implementation is based on an optional, outboard security appliance. This device provides the following security services for network console users:

  • High-performance, off-loaded SSL-based, industry standard encryption.
  • Centralized SSL certificate management.
  • User authentication services.

The outboard appliance decouples the security functions from the operation of the console session server. For single appliance configurations, the session server that doesn’t share a processor with the security appliance can continue to function even if the security appliance becomes unavailable. And for mission-critical remote access requirements, redundant SCON security appliances offer an excellent high availability solution illustrated in Figure 3.

Redundant SCON Security Appliances

The primary/secondary transition is managed from the SCON server. This allows the redundancy configuration to remain transparent from the client perspective without requiring a backup connection configuration on the client workstation.

SCON Architecture

The SCON 2XL is based on a proprietary hardware processor platform and software environment, which has been the heart of Visara’s line of terminal and communication control products for years. The design points provide many benefits to Visara console management customers:

  • The SCON platform is designed from the ground up as a communication processor with plug compatibility to IBM’s 3174 and 2074 products.
  • It is a mature hardware/software base with years of service in the IBM mainframe environment. Because of its controller heritage, SCON also has a very 3174-like configuration interface that minimizes training time for operations staff familiar with 3174 microcode customization.
  • Because the SCON is not based on an open-standard hardware and operating system architecture, it doesn’t have the separate OS maintenance, virus patching, and hacking exposures to which any Microsoft Windows-based system is exposed.

Additional Features

Visara International is an engineering company first and a product company second. Because of this, the SCON family is highly flexible and has incorporated customized features requested by many customers over time. Amongst the most valuable ones are:

  • Hot Sessions - allows for individual console sessions to be reused by one or more users connecting and disconnecting in sequence. This simplifies operation because it reduces the need to VARY off- and online the logical terminal devices as console users logoff.
  • Session Sharing in SCON is a capability to allow multiple served session users to connect to the same console session. This is especially valuable for many display-only, status, or hardcopy console devices. With session sharing, a Sysplex can effectively support more than the Sysplex architecture’s limitation of 99 non-SNA console terminals. As Sysplex environments scale towards the maximum 30 (soon to be 60) supported LPARs, the value of session sharing will increase.
  • Telnet client support - most console products provide a TN3270 server function to support end-user PCs running emulators with TN3270 client support. Generally TN3270 is the preferred emulation to maximize session efficiency and user performance. But occasionally a remote user may need to login, perhaps on an emergency basis, from a home PC or other device that has only character-based Telnet display emulation support. For this scenario, the Visara SCON product incorporates a Telnet server function as well as TN3270.
  • eManager Management Software - software product installed on a workstation platform external to the SCON 2XL server, eManager provides extensive monitoring, status, backup operations, problem determination support and SCON code updates. Also, for customers deploying other Visara controller and thin client display products, eManager offers a centralized management tool.

Mainframe-class Support Structure

As an established vendor of controller and terminal hardware and microcode-based software products to the IBM mainframe world, Visara has developed a worldwide support structure that meets the expectations of both the old and New Mainframe Environments.

After the sale, Visara provides users with one year of onsite support. Spare parts, code fixes, and implementation support and troubleshooting are delivered by a qualified, Visara trained technician. Visara offers the industry’s strongest warranty support as well with three years coverage for hardware and code fixes.

Advantages

  1. Scalable console consolidation.
  2. IP network access for Telnet and TN3270 client console sessions.
  3. Physical - achieves N:1 (or 2 for primary/secondary configurations) LPAR to console ratio making possible significant floor space, power, cooling savings.
  4. Coax support enables migration and integration of legacy terminals, printers and peripherals.
  5. Complete scalable, single solution for both network and legacy console devices.
  6. Capacity for up to 256 non-SNA sessions per ESCON interface
  7. Proprietary hardware/software platform eliminates hacking and virus exposure common to systems based on general-purpose operating systems.
  8. Enterprise-class attributes:
    • IBM 3174/2074 plug compatibility with “controller-like” simplicity.
    • Closed, dedicated platform - no inadvertent installation of other applications.
    • Robust security solution:
    • Scales performance
    • Centralizes all security administration:
      • No per-client configuration
      • Based on open industry security standards
  9. Hot sessions capability improves the usability and availability of served session connections.
  10. Session sharing - allows an effective workaround to the 99-console-sessions-per-Sysplex limitation of the Sysplex architecture.
  11. Standalone eManager management application for Enterprise-class operations support and infrastructure management.

Disadvantages

  1. A new datacenter infrastructure product vendor for those shops not already using otherVisara controller and display products.

Conclusion

The Visara SCON console concentration solution is the most complete offering in the console consolidation category. It is a mature and robust Enterprise-class datacenter infrastructure product that delivers the full breadth of requirements for the spectrum of New Mainframe Environments.

Migration

Based on Visara International’s many years of experience with mainframe channel and controller emulation, SCON’s plug compatibility is complete and highly reliable. SCON’s industry leading session capacity and potential coax port density makes SCON the best solution for a migration that gives the customer complete flexibility with regard to when and how the cutover to consolidated and networked consoles will be managed. The SCON customer can perform a simple, plug-compatible cutover on Day 1 without changing any aspect of the end-user interface, mainframe configurations or operations. On Day 1, the legacy controllers can be completely displaced and the floor space and environmental savings begin to accrue immediately.

Recommendation

Visara International’s SCON solution for mainframe master console consolidation and networking is the industry’s most complete, most versatile, and most migration-friendly console solution available to companies looking to address the console issues of the New Mainframe Environment. SCON goes beyond the capabilities of the two IBM console roadmap solutions, z/OS SMCS and the 2074 controller, to provide a complete console implementation that delivers the benefits of console consolidation and networking with total migration flexibility. In addition, of the third party offerings on the market, only Visara’s SCON solution is based on a platform with mainframe class reliability and security and comes with a mainframe-class support program.

Click here to download this document as an Adobe Acrobat file.