The Health Insurance Commission (HIC) is no stranger to mining: for years data mining has been helping it to dig up the gems that have let it substantially reduce the risk of fraud and minimise abuse of the schemes it administers. But now HIC is using a different kind of mining altogether - application mining - to help it leverage its extensive CICS infrastructure as it moves towards Web-based information delivery.
Application mining is a term used to embrace numbers of technologies that can help organisations to simplify the management and exploitation of their valuable legacy systems. By presenting a modern, simplified interface to existing applications, application mining can allow organisations to deliver self-service PC and Internet access to customers and staff, thereby opening up the potential for far broader e-business activity. The process centres around the use of desktop developer skills to build new graphical applications that can "mine" legacy systems while building upon and reusing those systems' existing CICS, MQSeries or IMS business logic.
It involves getting greatly increased value out of legacy applications using a technique that for some organisations is proving a relatively simple way to get started on Web self-service access to existing systems as they move into e-business. After all, users may have known ambivalence over their legacy applications for some time - but as Mark Twain would have put it, reports of the mainframe's death have been greatly exaggerated. These days many companies recognise that anything that lets them capitalise on those legacy systems has to be a good thing.
A Bloor Research paper on application mining written last March put the situation well: "It has become fashionable to use the terms 'legacy' and 'IT' in the same sort of context as 'millstone' and 'bottleneck'. It is described as something we have to tolerate or escape from. This is hardly a true reflection of the value of legacy systems to the organisation."
According to research company Meta Group, global supply chain requirements, electronic interchange, and externalising business computing are all driving the renovation and revitalisation of users' legacy application investments, while creating a need for ubiquitous Web/browser technologies for global business interaction.
By mid this year, Meta Group says, at least 40 per cent of users will have implemented tools for externalising legacy applications via the Web. By 2004, more than 90 per cent of legacy data will be accessible via Internet technologies. "Anyone who wants the world of e-business must leverage legacy systems, because they can't replace them quickly enough and still be responsive to business needs," says Meta Group VP Enterprise Data Centre Carl Greiner.
That's where application mining comes in. Coined by IBM, the term describes a range of technologies designed to simplify the management and exploitation of legacy systems. Under this kind of mining the focus is on integration with back-end enterprise applications. The applications so developed would be capable of extending the services of the back-end applications both within and without the enterprise.
Chris Engel, manager of e-business for IBM business partner Synergy Systems, says Websphere, the Web application server at the core of IBM's application mining offering, is "fantastic" and "very strong". "[Using it] in conjunction with its classes and with Java, we've done an enormous amount of work in refreshing or Web-enabling existing legacy applications," Engel says.
For HIC the need to mine its applications became an imperative when the body became responsible for providing detailed immunisation information to service providers. The Australian government required HIC manage an Australian Childhood Immunisation Register (ACIR) as part of its response to a nationwide decline in childhood immunisation and the alarming increase in preventable childhood diseases. The government also made HIC responsible for providing information to immunisation service providers and other health professionals that would let them improve immunisation service delivery and the overall health of Australia's children. But this proved a taller order than the government first imagined.
HIC started by using a generic reporting system to provide reports to immunisation service providers on an ad hoc basis. This worked well enough, but it made huge support demands on the IT team. So, instead, HIC looked for a solution which would let it make information readily accessible to clients via the Internet, without forcing it to re-engineer its tried and extremely well-proven IBM CICS applications. The result is a world-leading innovation. It is a system that lets service providers access the information via the Internet, request the report they want, and then be able to view or download the report via the Internet the next day. The system also features real-time updates and ad hoc queries.
HIC used IBM CICS Web Interface, part of IBM CICS Transaction Server version 1.2 for OS/390, in conjunction with IBM Websphere Application Server for OS/390 (formerly Domino Go Webserver for OS/390), to provide Web access to the ACIR. "It may have been possible to run a Web site on a Unix or Windows NT server and then pass messages up to the host," notes Edward McCarthy, manager of CICS in the Technical Services Branch of HIC's IT division. "However, we saw CICS Web Interface as a more efficient way to provide direct Web connectivity. Using it in conjunction with Websphere Application Server provided the most secure platform for delivery of Web-based applications."
From an applications point of view, the system means programmers don't have to learn new skills, since HIC is running the same programs on the back end that it always has, with only the input and output being different.
HIC IT general manager Lou Nulley says the system is an example of where the HIC's systems are heading, providing real-time interactivity with the health industry for the exchange of information. "The design of this system was as advanced as what anyone else in the world was doing at the time with regards to authenticated access through the Internet," he says. "We're enabling doctors to view and update immunisation records through the Internet, and obviously this involves sensitive information, so appropriate security and authentication mechanisms were needed. Authentication access is currently being enhanced in line with advances in technology and the government's PKI requirements."
HIC manager Associate Government Systems John Clarkson won't describe his organisation's use of application mining as "simple" for fear of drawing the wrath of the programmers who report to him. However, he does say it's been "straightforward". But then again, "we have high calibre staff, many of whom have been with the organisation for many years now", he adds.
"There have been some complex issues, but we've got around those by writing standard modules that deal with all aspects of page and form handling and so on, and using an architecture that is heavily weighted towards reuse. When you've written it once, it's then available for use in any CICS application we want to Web-enable. So we write it once and then we use it in many applications."
Open to Many
IBM says just about every medium and large enterprise can potentially benefit from application mining. It says mainframe programs that have been doing sterling duty for years, carrying out the core business of the enterprise, can be given a whole new layer of value by making them available on the Web to a completely different audience of new customers and suppliers.
The Seybold Group agrees. "One of the important chores in many Web implementations is integrating legacy application systems and their data with new Web applications," says John Mann, a senior consultant/analyst at the Patricia Seybold Group in Boston. "Paraphrasing famous depression-era bank robber Willie Sutton, we go to the legacy systems 'because that's where the money is'. Indeed, much of the data on legacy systems is actually money, or something nearly equivalent to it."
But Mann says that when it comes to the legacy systems that manage financial and other business assets, it is impossibly reckless to allow users to access the data per se. That makes protecting the integrity of the data - by ensuring that all changes to any date are assuredly correct - all-important. "Such data needs the protection of both the operational procedures in the data centre and the business logic contained in the applications that are 'in front of' the data between the data and any human being. Thus, the only proper access path to such legacy data is through the applications that are written to deal with that data."
Any system relying on application mining to deliver Web self-service must be kept open, warns IBM's AIM marketing manager Jack Verdins. "You can have a whole network of people coming into your systems through this one point, so if it gets busy you need to be able to move it to different platforms. Portability and scalability are major issues, so think scalability right from the start and don't paint yourself into a corner."
And when it comes to the design of the back end, HIC's Clarkson says it is vital to have an architecture that separates the interface layer from the processing and accesses. That way you can put virtually anything you want - from 3270 terminals to handheld devices - in front to provide access, without having to change the back end.
"It's not something you can do in half measures, and in some cases it might mean re-engineering aspects of systems," Clarkson says. "For us it's something that over a period of time we've been moving towards, while trying to make much greater reuse of code and having standard methods and standard modules for performing functions. Certainly, at the moment we can put a Web front end onto existing CICS functionality quickly and easily - compared to the alternatives of developing something running on NT through a server, or a Notes-based application trying to perform the same function, for example."
And, of course, without rigorous security you run the risk of opening your legacy systems to anyone with Internet access. To avoid those problems HIC has partitioned the system so that although CICS provides the connectivity, it's not possible for any unauthorised person to gain direct access to the operating system or to the data itself.
On the other hand, Clarkson says, MVS is immune to a host of traditional types of attacks to which other operating systems are vulnerable and is poorly understood by hackers. "And it was a lot easier selling that solution two and a half years ago when we began than it was to try to put it out there on a separate platform, on which we may not have had the same experience in security.
"Certainly, when we started it seemed the easiest and best supported way for us to extend our applications out to the end user - the GPs, clinics, hospitals and others providing immunisation healthcare in the community, which is where the information is needed."
Getting Closer to Customers
Alcatel Australia's successful deployment of business to business e-commerce has led to a closer partnership with its customers and set a new standard for business in Australia, according to strategic systems manager Roland Persson. And it's all thanks to application mining of its legacy systems. Persson says using application mining to share important operational information over the Web has given both Alcatel - a leading supplier of telecommunications equipment - and its customers a consistent and easily accessible view of the same data.
Alcatel's Web-enabled Order Status Inquiry system combines the convenience of browser technology with the reliability of established systems. At the system's core is an existing business application running under the CICS Transaction Server on OS/390. An IBM CICS connector allows access to the CICS application from the Web server, and maintains the transaction management and logging required for the application. Meanwhile, the Web server handles data transfer, protocol conversion and other Web issues.
Thanks to the eyes-only security offered by the S/390 platform, only authorised users get in. In separate mailings, Alcatel issues a diskette containing a personal digital certificate and a user ID and password. From a single administrative interface, Alcatel security personnel can ensure that users have access only to the transactions, data and Web pages they are entitled to. In addition, data flowing between server and end user is also encrypted to protect it from unauthorised users.
"Early in the evolution of online systems, Alcatel adopted a two-tier architecture for CICS application design by separating 3270 presentation services from the business logic. This enabled application mining by externalising the complexities of 3270 dialogue management from legacy applications and left the analyst/programmer free to concentrate on the business processes," Persson says. "This simplified application design provided a consistent end-user interface and greatly improved programmer productivity."
Persson says being able to use Alcatel's existing mainframe server let it implement the system - from concept to rollout - in just 12 weeks. Today, over the Internet, the system lets customers quickly investigate order information, determine the status of orders, contact appropriate personnel and research catalogue informationPersson says Alcatel has found that the "self-service" capability has eliminated the back-and-forth faxing and telephone calls that used to accompany customer enquiries. The company has also seen response times improve by 90 per cent, and its sales, marketing and other departments freed up to concentrate on more value-added activities.
Since the system is securely linked with applications on Alcatel's IBM S/390 enterprise server, the company is free to plan future enhancements that will help reduce customer inventory requirements and lead to "open-book" relationships. Following implementation and rollout during 1998, the e-commerce business-to-business operation has now been now extended to other customers and distributors.
- S Bushell
According to John Mann, a senior consultant/analyst with the Patricia Seybold Group, legacy integration tools aim to "use existing legacy applications as the means to read and write the underlying data that those legacy applications protect and manage". Typically, the legacy integration tools will operate the legacy applications and intercept screen inputs and outputs to insert and retrieve the information in them. They will also, to varying degrees, transform and place the data for the programmer's convenience.
Mann says one well-known approach for accessing legacy applications has been to use HLLAPI. This is a simple, IBM-defined interface, which lets programmers extract data fields from data streams directed by 3270 terminals. However, a better approach is to access legacy applications through an object model by using a product like WRQ's Apptrieve.
Mann says Apptrieve is a completely new approach to addressing application integration with legacy data and applications. "Legacy access is widely acknowledged to be a key requirement, and it is rare that a vendor does not mention its capabilities in this area," Mann says. "However, there are a number of different scenarios for legacy access, each requiring different means."
Aside from WRQ, other examples of server-based, legacy-access products include:
* Blue Lobster Software's Mako Server: accesses only CICS via its ECI interface. (Blue Lobster has been acquired by Saga Software.)* Mitem Corporation's MitemView 5: earlier versions were desktop-based, not server-based; the program can work with almost any terminal type and OS.
* OpenConnect System's OC://WebConnect Enterprise Integration Server.
Mann predicts the market will become more confusing with time as other vendors enter it. He advises users to consider both the programming and deployment environment, saying a situation characterised by rapid change in the mainframe applications may make one or more of these products more or less manageable than others in practice.
- S Bushell
(c) 1999 Patricia Seybold Group's Enabling Technologies