Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure Front Door
Azure Traffic Manager
Azure Kubernetes Service (AKS)
Azure Managed Redis
Solution ideas
This article describes a solution idea. Your cloud architect can use this guidance to help visualize the major components for a typical implementation of this architecture. Use this article as a starting point to design a well-architected solution that aligns with your workload's specific requirements.
Because customers interact directly with online transaction processing (OLTP) systems, these systems are often a customer's first point of contact with your business. When you migrate z/OS mainframe OLTP workloads to Azure platform as a service (PaaS) services like Azure App Service, Azure Kubernetes Service (AKS), Azure Functions, and Azure SQL, your business gains a dynamically adaptable infrastructure that enables faster product launches and reduces operational costs.
Architecture
Before Azure migration
The following diagram shows an architecture of an OLTP system that runs on a z/OS mainframe before migration to Azure:
Users connect to the mainframe by using standard mainframe protocols like TN3270 and HTTPS.
The transaction managers interact with the users and invoke the application to satisfy user requests.
In the front end of the application layer, users interact with the Customer Information Control System (CICS) or Information Management System (IMS) screens or with webpages.
The transaction managers use the business logic written in common business-oriented language (COBOL) or Programming Language One (PL/I) to implement the transactions.
Application code uses the storage capabilities of the data layer, such as Db2, IMS DB, or VSAM.
In addition to transaction processing, other services provide authentication, security, management, monitoring, and reporting. These services interact with all other services in the system.
After migration
The following diagram shows this same architecture after it's migrated to Azure.
Download a Visio file of this architecture.
Workflow
Mainframe users are familiar with 3270 terminals and on-premises connectivity. In the migrated system, they interact with Azure applications via the public internet or via a private connection that's implemented via Azure ExpressRoute. Microsoft Entra ID provides authentication.
Client requests are routed through a global load balancing service such as Azure Front Door or Azure Traffic Manager, which helps serve users across regions. Based on workload rules, traffic can then be directed to Azure Application Gateway or Azure Load Balancer for application-level distribution. A web application firewall (WAF) helps protect the service.
The front end of the application layer uses Azure services like Azure App Service to implement application screens and to interact with users. The screens are migrated versions of the mainframe screens.
COBOL and PL/I code in the back end of the application layer implement the business logic. The code can use services like Azure Functions, WebJobs, and Azure Container Apps. Applications can run in an AKS container.
Azure Managed Redis provides in-memory caching to speed up high-throughput OLTP transactions. In-Memory OLTP, a feature of Azure SQL Database and Azure SQL Managed Instance, provides additional transaction-processing speed.
The data layer can include:
- Files, tables, and blobs implemented by using Azure Storage.
- Relational databases from the Azure SQL family.
- Azure implementations of the PostgreSQL and MySQL open-source databases.
- Azure Cosmos DB, which is a NoSQL database.
These stores hold data migrated from the mainframe for the application layer to use.
Azure-native services like Application Insights and Azure Monitor proactively monitor the health of the system. You can integrate Azure Monitor Logs by using an Azure dashboard.
The data layer can store migrated mainframe data in Azure Storage (Azure Files, Azure Table Storage), Azure SQL family databases, Azure Database for PostgreSQL, Azure Database for MySQL, or Azure Cosmos DB.
Application Insights and Azure Monitor provide application and infrastructure monitoring. Azure Monitor Logs feeds Log Analytics dashboards and alerts to provide operational visibility.
Components
This architecture consists of several Azure services. It's divided into four categories of resources: networking and identity, application, storage, and monitoring. The following sections describe the services for each resource and their roles.
Networking and identity
When you design application architecture, it's crucial to prioritize networking and identity components to help ensure security, performance, and manageability during interactions over the public internet or private connections. The following components in the architecture are essential to address this requirement effectively.
An Azure WAF is a web application firewall that protects applications from malicious attacks and common web vulnerabilities, such as SQL injection and cross-site scripting. In this architecture, it secures the migrated mainframe applications by filtering and inspecting incoming traffic to web-facing services.
Application Gateway is a layer 7 application delivery controller. In this architecture, it manages HTTP traffic routing and provides load balancing for the migrated mainframe web applications.
Azure Front Door is a global HTTP load balancer with instant failover capabilities. In this architecture, it accelerates content delivery and ensures high availability for geographically distributed mainframe users.
ExpressRoute is a private connectivity service that establishes a dedicated connection between on-premises infrastructure and Azure. In this architecture, it provides secure network access for users familiar with mainframe terminal connectivity who require private connections.
Load Balancer is a service that distributes incoming network traffic across multiple back-end resources and handles layer 4 TCP and UDP traffic. In this architecture, it balances traffic for containerized applications and microservices that replace mainframe transaction processing components.
Application
Azure provides managed services that support more secure, scalable, and efficient deployment of applications. The application-tier services that the preceding architecture uses can help you optimize your application architecture.
AKS is a managed Kubernetes service for containerized applications. AKS simplifies deployment of a managed AKS cluster in Azure by offloading the operational overhead to Azure. In this architecture, it hosts microservices that replace monolithic mainframe transaction processing components like CICS and IMS.
App Service is a fully managed service for building, deploying, and scaling web apps. You can build apps by using .NET, Node.js, Java, Python, or PHP. The apps can run in containers or on Windows or Linux. In a mainframe migration, the front-end screens or web interface can be coded as HTTP-based REST APIs. They can be segregated according to the mainframe application and can be stateless to orchestrate a microservices-based system. In this architecture, it delivers REST APIs and web interfaces that replace 3270 terminal screens and mainframe user interfaces.
Container Apps is a fully managed serverless platform that reduces your infrastructure maintenance and saves money when you run containerized applications. In this architecture, it integrates with Azure API Management, Azure Service Bus, and Azure Front Door and provides built-in scaling (including scale-to-zero), which makes it ideal for event-driven and HTTP-based workloads in this architecture.
WebJobs is a feature of App Service that runs a program or script in the same instance as a web app, API app, or mobile app. A web job can be a good choice for implementing sharable and reusable program logic. In this architecture, it runs batch processing tasks and background tasks that were previously handled by mainframe job schedulers.
API Management is a fully managed platform as a service (PaaS) that supports the publishing, routing, securing, logging, and analytics of APIs. You can control how the data is presented and extended and which apps can access it. You can also restrict access to your apps or allow third parties. In this architecture, it manages access to modernized APIs that expose mainframe business logic and controls how legacy data is accessed by new applications.
Azure Managed Redis is a managed in-memory caching service for sharing data and state among compute resources. You can improve the performance of high-throughput OLTP applications by designing them to scale and to use an in-memory data store such as Azure Managed Redis. In this architecture, it accelerates data access for high-throughput OLTP workloads that replace mainframe transaction processing systems.
Azure Functions is a serverless compute service. It provides an environment for running small pieces of code, called functions, without having to establish an application infrastructure. You can use it to process bulk data, integrate systems, work with Internet of Things, and build simple APIs and microservices. Use microservices to create servers that connect to Azure services and are always up to date. In this architecture, it handles event-driven processing and lightweight business logic components migrated from mainframe transaction managers.
Service Bus is a reliable cloud messaging service for simple hybrid integration. Service Bus and Storage queues can connect the front end with the business logic in the migrated system. Service Bus enables reliable messaging between distributed systems. In this architecture, it facilitates asynchronous communication between migrated mainframe components that previously used mainframe messaging systems.
Storage and database
This architecture addresses scalable and secure cloud storage as well as managed databases for migrating mainframe data and supporting modern application requirements.
Azure Cosmos DB is a fully managed NoSQL database service that you can use to migrate mainframe, nontabular data to Azure. In this architecture, it stores nonrelational data migrated from mainframe systems like VSAM files and provides global distribution for international user bases.
Azure Database for MySQL is a fully managed MySQL database service. In this architecture, it supports applications that require open-source database compatibility during the mainframe modernization process.
Azure Database for PostgreSQL is a fully managed, intelligent, and scalable PostgreSQL that has native connectivity with Azure services. In this architecture, it hosts relational data migrated from mainframe databases with advanced indexing and analytics capabilities.
Azure SQL is a family of cloud-based SQL database services. In this architecture, it hosts relational data migrated from mainframe databases like Db2 and IMS DB:
SQL Managed Instance is a fully managed, cloud-based deployment option that provides near 100% SQL Server compatibility. In this architecture, it hosts migrated mainframe databases with minimal code changes and built-in high availability.
SQL Server on Azure Virtual Machines is an infrastructure as a service (IaaS) offering that provides full SQL Server functionality. In this architecture, it supports legacy workloads that require specific database engine features during migration.
In-Memory OLTP is a high-performance feature that accelerates transaction processing in SQL Database and SQL Managed Instance. In this architecture, it provides the high-performance transaction processing capabilities that mainframe OLTP workloads require.
Storage is a set of massively scalable and more secure cloud services for data, apps, and workloads that provides foundational cloud storage services. In this architecture, it supports Azure Files, Azure Table Storage, and Azure Queue Storage for various mainframe data migration scenarios.
Monitoring
The following monitoring tools provide comprehensive data analysis and valuable insights into application performance.
Application Insights is a feature of Azure Monitor that provides code-level telemetry for applications. It monitors the application, detects anomalies such as mediocre performance and failures, and sends personal data to the Azure portal. You can also use Application Insights for logging, distributed tracing, and custom application metrics. In this architecture, it tracks application performance, detects anomalies, and supports distributed tracing and custom metrics to ensure reliability and responsiveness.
Azure Monitor is a comprehensive platform for collecting, analyzing, and acting on telemetry from Azure and on-premises environments. In this architecture, it serves as the central hub for monitoring infrastructure, applications, and services.
Azure Monitor alerts are a feature of Azure Monitor that notifies users when metrics or logs exceed defined thresholds. In this architecture, they trigger automated responses or escalate problems to operations teams for timely intervention.
Log Analytics is a query tool within Azure Monitor that uses a powerful language to analyze log data. In this architecture, it enables deep diagnostics, supports custom dashboards, and integrates with alerts and workbooks for operational insights.
Scenario details
Because of evolving business needs and data, applications must scale and produce results without creating infrastructure problems. This example workload shows how you can migrate a z/OS mainframe OLTP application to a more secure, scalable, and highly available system in the cloud by using Azure platform as a service (PaaS) services. This migration helps businesses in finance, health, insurance, and retail minimize application delivery timelines. It also helps reduce the costs of running the applications.
Potential use cases
This architecture is ideal for OLTP workloads that have the following characteristics:
They serve an international user base.
Their usage varies greatly over time, so they benefit from flexible scaling and usage-based pricing.
Complex monolithic mainframe business logic can be modernized to RESTful APIs and scaled with traffic management and load balancing services.
Contributors
Microsoft maintains this article. The following contributors wrote this article.
Principal authors:
- Ashish Khandelwal | Principal Engineering Architecture Manager
- Nithish Aruldoss | Engineering Architect
To see nonpublic LinkedIn profiles, sign in to LinkedIn.
Next steps
- For more information, contact datasqlninja@microsoft.com.
- Azure Database migration guides
Related resources
See the following related architectures and related technical information.
Related architectures
- High-volume batch transaction processing
- IBM z/OS mainframe migration by using Avanade AMT
- Replicate and sync mainframe data in Azure