Bring your legacy systems to the forefront of e-business

Organizations that have legacy systems (e.g., IBM mainframes, AS/400 minicomputers) have long used SNA gateways to connect their Windows PC networks to these legacy systems. A traditional SNA gateway eliminates the need for dumb terminals connected with coaxial cable to mainframes and lets a Windows computer running terminal-emulation software (e.g., a 3270 client) in an IP or IPX network access mainframe and AS/400 hosts in an SNA network.

As Windows NT made its way into large corporations, Microsoft realized the importance of integrating Windows with mainframe and AS/400 hosts. Microsoft delivered SNA Server, an SNA gateway for NT. Since the product's first release, Microsoft has incorporated several integration tools (OLE DB Provider for AS/400 and Virtual Storage Access Method—VSAM, COM Transaction Integrator—COMTI, and Microsoft Message Queue Server—MSMQ­MQSeries Bridge) into SNA Server and its service packs. These tools let organizations seamlessly integrate their Windows applications with mainframe and AS/400 data and applications. This ability eases business-software development and reduces implementation costs by preserving existing legacy systems and applications. The integration tools also help integrate legacy systems into the modern world of the Internet and e-commerce. (The sidebar "E-Commerce and HIS 2000" provides an example of this integration.)

When Microsoft was developing a version of SNA Server (formerly code-named Babylon) for Windows 2000, the company determined that SNA Server wasn't an appropriate name for the new product. Instead of using SNA Server 5.0 or SNA Server 2000, Microsoft named the new product Host Integration Server (HIS) 2000 to better reflect the product's features. HIS works not only with mainframe and AS/400 systems running SNA but also with mainframe, AS/400, and UNIX systems running TCP/IP. HIS 2000 delivers a comprehensive set of host-integration tools—including those in SNA Server 4.0 and its service packs—the traditional SNA gateway service, and new features.

HIS offers three types of host integration: network integration, data integration, and application integration. Network integration provides a traditional SNA gateway service and host security integration. The SNA gateway service glues IP and SNA networks together and lets native 3270/5250, TN3270/5250, and Advanced Program-to-Program Communications (APPC)/CICS clients access mainframe and AS/400 hosts from Windows PCs and print host data on LAN printers. The host security integration maps domain accounts to host accounts, letting users employ single sign-on (SSO) functionality for Active Directory (AD) or NT domains and mainframe or AS/400 systems. Host security integration also supports automatic one-way password synchronization from AD or NT domains to AS/400 systems and mainframes. Two-way password synchronization requires third-party support. Network integration also supports RAS over SNA.

Data integration includes data access and heterogeneous replication. Data access integration provides OLE DB Provider for AS/400 and VSAM, OLE DB Provider for DB2, ODBC Driver for DB2, AS/400 Data Queues, Host File Transfer, and Shared Folders Gateway. HIS 2000 also supports APPC file transfer protocol (AFTP). Table 1 details each component's functionality. The heterogeneous-replication features work with Microsoft SQL Server 2000 to provide a process for copying and distributing data from one database to another in a distributed-computing environment and synchronizing databases for redundancy and consistency.

Application integration involves COMTI and MSMQ-MQSeries Bridge. COMTI lets component services in Win2K and Microsoft Transaction Server (MTS) in NT invoke and execute CICS and Information Management System (IMS) transaction programs (TPs) in mainframes as if the TPs were COM+ or COM components. COMTI can automatically build a COM+ or COM component from the COBOL data declaration of mainframe applications. COMTI delivers mainframe data to Windows without rewriting mainframe applications and ensures highly reliable synchronous communication between Windows and mainframes through the transaction support. (For more information about COMTI, see "Related Articles in Previous Issues.")

MSMQ-MQSeries Bridge provides asynchronous communication between Windows applications and mainframe applications. MSMQ, Microsoft's message queue service, uses a store-and-forward queuing system in a Windows network to provide high-reliability and high-availability asynchronous communication between Windows applications. (To learn more about MSMQ, see "Related Articles in Previous Issues.") MQSeries is IBM's message queue service for mainframes and other platforms (e.g., NT, UNIX). MSMQ-MQSeries Bridge links the incompatible MSMQ and MQSeries queuing systems, translates the systems' data formats, and lets MSMQ and MQSeries applications transparently communicate.

Among the three integration types, network integration is the fundamental type that organizations use to provide IP and SNA connectivity and conversion for terminal-emulation software and data- or application-integration tools. In addition to SNA communication, HIS 2000 lets a data- or application-integration tool use TCP/IP to interact with a mainframe or AS/400 host. For example, a COMTI application can use a CICS and IMS over TCP/IP remote environment to use TCP/IP to talk to mainframes directly rather than use SNA. In this scenario, the data- or application-integration tool doesn't need network integration. However, if a DB2 or COMTI data- or application-integration tool uses the SSO feature for application security and two-phase commit (2PC) for high-reliability transactions in OLE DB, that tool still requires network integration.

New Features
The features that I've discussed so far are available in SNA Server 4.0 and its service packs (except heterogeneous replication in data integration). In addition to this functionality, HIS 2000 offers several important new features and enhancements.

For Win2K network integration, HIS 2000 uses AD for user authentication and SNA service location. To maintain user-credential information for SSO and password synchronization and improve security and scalability, HIS 2000 replaces SNA Server's flat file database with Microsoft Data Engine (MSDE) from SQL Server 2000. HIS 2000 supports Resource Access Control Facility (RACF), Advanced Communications Function (ACF)/2, and Top Secret for one-way password synchronization to mainframes. The new 3270 client in HIS 2000 lets users open as many sessions as they want, whereas the 3270 client in earlier versions allows only one open session. HIS 2000 supports as many as 4096 printer sessions in its host print service; SNA Server 4.0 supports a maximum of only 1024 printer sessions. In addition, the new version includes an LU6.2 load-balancing and hot-backup mechanism.

For HIS 2000 data integration, Microsoft enhanced OLE DB for DB2 and ODBC Driver for DB2 to provide improved performance and support new features, such as the 2PC transaction function and connection pooling. The 2PC transaction function works in a similar manner to the Sync Level 2 transaction function in mainframes. Both either commit or roll back each element in a transaction for high reliability. HIS 2000's connection-pooling capability establishes a pool of connections to serve database connection requests. In addition, the functionality improves performance by letting middle-tier applications (e.g., Microsoft IIS) hold on to open connections to the back-end database (rather than close the connections) and hand them to Web clients when clients make new database connection requests. AS/400 Data Queues is also a new feature in HIS 2000.

In HIS 2000 application integration, COMTI supports COM+ applications and COM+ object pooling in Win2K. COM+ object pooling is a new COM+ technique that maintains a cache of object instances between client calls and eliminates the additional operations of creating and removing object instances. This technique saves computing resources and improves performance. To manage workload and prevent client requests from flooding the host, HIS 2000 lets you define the maximum number of COMTI instances that can run on a server. In addition, COMTI in HIS 2000 supports a new type of remote environment—IMS transactions through Open Transaction Management Architecture. OTMA makes IMS TPs accessible through TCP/IP without requiring developers to recompile the IMS TPs to adopt TCP/IP. MSMQ-MQSeries Bridge in HIS 2000 supports MSMQ 2.0 in Win2K and MQSeries 5.1.

HIS 2000 Server and Clients
HIS 2000 includes server, end-user client, and administrator client software. The server software supports all versions of Win2K Server and provides all integration functions. You can install the server software on Win2K Professional, but Microsoft doesn't recommend this setup. You can also install the server software on NT Server 4.0 with Service Pack 6a (SP6a), but this configuration doesn't let you take advantage of HIS 2000's Win2K-centric features (e.g., the product's use of AD and COM+ object pooling).

SNA Server's client software lets end users load SNA Server's administrative tools on their client machines. In contrast, HIS 2000 differentiates the administrator client software from the end-user client software. The end-user client supports Win2K Pro, NT Workstation 4.0 with SP6a, and Windows 9x. (Microsoft offers a Windows 3.x and MS-DOS version, but with limited functionality.) The only administrative tool that the end-user software includes is Host Account Manager.

Only the administrator client software, which supports Win2K Pro and NT Workstation 4.0 with SP6a, provides administrative tools (e.g., SNA Manager, COMTI Component Builder, COMTI Manager, MSMQ-MQSeries Bridge Manager). Among these tools, SNA Manager, COMTI Manager, Component Services, and OLE DB Provider for AS/400, and the VSAM are Microsoft Management Console (MMC) snap-ins. As Figure 1 shows, you can set up in the same console the Component Services snap-in to manage COM+ components and the OLE DB Provider for AS/400, and the VSAM snap-in to define data descriptions. The other administrative tools aren't MMC snap-ins.

The end-user and administrator clients both include data-integration tools (e.g., OLE DB Provider for AS/400 and VSAM, OLE DB Provider for DB2, ODBC Driver for DB2, AS/400 Data Queues, and Host File Transfer, as well as 3270, 5250, and AFTP clients). In SNA Server 4.0, you can install COMTI as a client component on an NT workstation or server. HIS 2000 doesn't include this component in the client software; you must install COMTI from the server software. In versions earlier than HIS 2000, SnaBase, a basic function that lets you connect a client to the SNA Server system, runs as a service and requires a service account on the NT system. SnaBase in HIS 2000 end-user client software runs only as an application (rather than a service) on Win2K and NT, but the administrator client gives you the option to run SnaBase as a service.

HIS 2000 server and clients require you to preinstall Microsoft Internet Explorer (IE) 5.0, Microsoft Data Access Components (MDAC) 2.5, MMC 1.2, Windows Management Instrumentation (WMI) 1.5, MSMQ as a routing server for MSMQ-MQSeries Bridge, and SQL Server MSDE 8.0 for host security integration. To use AD, NT clients need Active Directory Service Interfaces (ADSI) 2.5 and Win9x clients need Directory Service (DS) Client.

HIS 2000 and AD
As do SNA Server 4.0 and earlier, HIS 2000 groups a set of servers providing SNA gateway services into an HIS subdomain for resource sharing, load balancing, and fault tolerance. (In SNA Server 4.0 and earlier, Microsoft calls this subdomain an SNA subdomain.) All HIS 2000 servers in the same subdomain share the same SNA service configuration, including link services, connections, APPC definitions, LU pools, TN3270 service, TN5250 service, host printing service, and host security service. The first server you install in a subdomain is always the subdomain's primary server. It stores the master copy of the subdomain configuration file. All other servers you install in the subdomain are backup servers that store only a read-only copy of the configuration. A subdomain can contain as many as 16 servers. A difference between HIS subdomains in HIS 2000 and SNA subdomains in SNA Server 4.0 and earlier is that HIS subdomains don't support member servers. SNA subdomains can contain member servers, but a member server in an SNA subdomain doesn't have a local copy of the subdomain configuration file.

Before a client can use an SNA gateway service, it must connect to one of the servers in the SNA subdomain. The client can establish this connection, called a sponsor connection, by searching for an available server in the subdomain; however, this method requires the client to be on the same subnet as the servers, which is often not the case in midsized to large organizations. Alternatively, you can configure a client to explicitly use two or more servers in the subdomain rather than have the client search the subdomain. With this method, a client will attempt to connect to the first server. If the first server is unavailable, the client tries the next server. If neither of the servers in the client configuration are available, the client can't use the SNA services in the subdomain, even if other servers in the subdomain are available. After a client connects to a server, the client must maintain the SNA sponsor connection—even when it's not using SNA resources—or the client loses the connection.

HIS 2000 provides a new SNA resource location option that lets clients search AD to find and use SNA services and resources. To enable this functionality, you need to extend the AD schema to support HIS 2000. To do so, log on to AD as Administrator (or as a user who is a member of the Domain Admins and Schema Admins groups and has permissions to control the domain), then run addschema hiserver.schema from the \setup\server\activedir directory on the HIS 2000 installation CD-ROM. Next, create an organizational unit (OU) or identify an existing OU in an AD domain for your HIS 2000 servers. An OU can contain multiple HIS 2000 servers that are in the same HIS subdomain (i.e., two subdomains can't be in the same OU and a single subdomain can't be in two OUs). After you install an HIS 2000 server, you can enable the option to include support for AD clients in the server's SNA Resource Location Wizard for SNA Service dialog box, which Figure 2 shows. In Figure 2, the OU HISOU1 in the AD domain contains the primary server of the HISDOMAIN1 subdomain. The HIS OU and subdomain names can be the same but don't have to be. To configure the client to use AD to locate servers, add a fully qualified OU name in the format of domain/OU in the client's SNA Resource Location Wizard dialog box. Figure 3 shows the OU that I added.

Locating SNA resources through AD eases client configuration, ensures high-availability of SNA services, and eliminates the need for permanent sponsor connections between the HIS 2000 server and clients. Users don't need to know the physical HIS 2000 server names or IP addresses. Including two or more HIS OUs in the client configuration provides access to a backup HIS subdomain if the primary subdomain fails. For example, in Figure 3, I added the SNA OU.

HIS 2000 uses AD to authenticate users when they access a specific SNA resource, such as an LU pool in an HIS subdomain. However, HIS 2000 uses NT LAN Manager (NTLM) rather than Kerberos as the authentication protocol.

Enhanced Load Balancing
HIS 2000 provides load-balancing and fault-tolerance features, some of which are better than those in SNA Server 4.0. As with SNA Server 4.0 and earlier, HIS 2000 lets you group 3270 display LUs in multiple connections (aka physical units—PUs—in mainframe terminology) on the same server or different servers into a 3270 display LU pool in an HIS subdomain. The HIS subdomain will evenly distribute workload across the available connections for native 3270 clients. Similarly, you can group TN3270 LUs in multiple connections on the same server or different servers into an LUA LU pool in an HIS subdomain and assign the pool to one or more TN3270 servers for load balancing and fault tolerance. SNA Server 4.0 doesn't let you assign one TN3270 LU pool to multiple TN3270 servers unless you apply SNA Server 4.0 SP1 or later. Assigning the same TN3270 LU pool to multiple TN3270 servers eases your TN3270 configuration and lets you have more than one TN3270 server available for users without dedicating a different pool to another TN3270 server for failover. HIS 2000 and SNA Server 4.0 and earlier don't provide TN3270 client load balancing and failover across multiple TN3270 servers, but you can use Win2K Advanced Server's Network Load Balancing (NLB) server to accomplish this setup.

SNA Server 4.0 doesn't adeptly load-balance LUs across multiple PUs in multiple servers in a TN3270 LN pool. For example, suppose two PUs, PU1 on SERVER1 and PU2 on SERVER2, exist in a TN3270 pool of an SNA subdomain. When you restart PU1 on SERVER1, SNA Server's TN3270 server service will always prefer assigning an LU in PU2 on SERVER2 to a new TN3270 client rather than an LU in PU1 on SERVER1 unless no LUs are available in PU2. SNA Server 4.0 SP3 and later provide an option for the TN3270 server service to allocate LUs from a restarted PU rather than favoring other PUs and to provide load balancing. To enable this option, add the ResLocFlags registry entry with a REG_DWORD value of 0x8001 to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TN3270\Parameters subkey and restart the TN3270 server service on the server.

To provide load balancing and fault tolerance to APPC or LU6.2 applications, you can use the same LU6.2 alias name on each LU6.2 pair on each HIS 2000 server. However, an APPC application running on an HIS 2000 or SNA Server system always prefers directing its LU6.2 requests to a specific server after it has had a conversation with that server. This behavior is similar to the TN3270 behavior when load-balancing LUs across multiple PUs in a TN3270 LN pool. To achieve load balancing of LU6.2 requests across multiple servers that have configured redundant pairs, HIS 2000 includes an optional registry setting. To enable this setting, add the ResLocFlags registry entry with a REG_DWORD value of 0x8001 to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SnaBase\Parameters\Client subkey and restart the SnaBase service on the server. This capability is available only in HIS 2000 (i.e., not in SNA Server 4.0 SP3).

Upgrading to HIS 2000
Microsoft released HIS 2000 in September 2000; thus, most organizations with Windows and host environments still use SNA Server 4.0, and some still use SNA Server 3.0. As a result of the increasing need for data and application integration among Windows systems and hosts, upgrading to HIS 2000 will become mandatory. You can upgrade from SNA Server 4.0 and SNA Server 3.0 to HIS 2000. If you upgrade the server's OS from NT to Win2K before you upgrade SNA Server to HIS 2000, you must upgrade from SNA Server 4.0 SP3 or later, which support Win2K. However, certain link services of interface adapters in SNA Server 4.0 SP3 and SP4 don't work on Win2K. The SNA Server 4.0 SP3 and SP4 README files contain information about this concern. If SP3 or SP4 doesn't support your adapter, contact the adapter's vendor to get an updated link service. In addition, AFTP file transfer and SNA RAS services in SNA Server 4.0 SP3 and SP4 don't work on Win2K. If you upgrade SNA Server to HIS 2000 before you upgrade the server's OS, you must install NT SP6a on the server and also install all HIS 2000 software requirements before the upgrade.

Before upgrading SNA Server, back up your SNA subdomain configuration in SNA Manager and save the configuration file in case you must restore the configuration. I discovered that I could input an SNA Server 4.0 configuration into HIS 2000. To upgrade all SNA Server systems in an SNA subdomain, you must first upgrade the primary SNA Server, then back up the backup servers and member servers. HIS 2000 will convert an SNA Server 4.0 or SNA Server 3.0 member server to a HIS 2000 backup server because HIS subdomains don't contain member servers.

SNA Server 4.0 clients can access HIS 2000's SNA service, and HIS 2000's end-user and administrator clients can access SNA Server 4.0's SNA service. Therefore, you can upgrade client software before or after you upgrade the server. However, SNA Server 4.0's SNA Manager can't modify HIS subdomain configurations, and HIS 2000's SNA Manager can't edit SNA subdomain configurations. I recommend reading the release notes on the HIS 2000 installation CD-ROM before you upgrade.

Hosts Meet Integration
With HIS 2000 in your Win2K network, you can provide a better host-integration platform to marry Windows and host applications and leverage the power of Win2K and .NET services for legacy systems and applications. HIS 2000 lets you not only preserve your investment in legacy systems but bring them to the forefront of the e-business world.

Related Articles in Previous Issues
You can obtain the following articles from Windows 2000 Magazine's Web site at

"Inside Babylon," December 1999, InstantDoc ID 7510
"Using COMTI to Connect NT and IBM Mainframes," March 1999, InstantDoc ID 4903
"Queuing Data With Microsoft Message Queue Server," October 1998, InstantDoc ID 3860
"Building Fault-Tolerant SNA Functionality," July 1998, InstantDoc ID 3574