WebSphere

Integration Architecture Workshop

Version 1

IBM and Connecticut Confidential

 Integration Architecture Workshop

Table of Contents
1 EXECUTIVE SUMMARY............................................................................................3
2 BUSINESS GOALS AND DRIVERS...........................................................................4
3 CURRENT IT ENVIRONMENT..................................................................................4
4 REQUIREMENTS..........................................................................................................5
4.1 FUNCTIONAL REQUIREMENTS ...........................................................................................6
4.2 NONFUNCTIONAL REQUIREMENTS......................................................................................6
5 RECOMMENDATIONS................................................................................................7
5.1 EXPOSE EXISTING COLLECT ARTIFACTS – PHASE 1........................................................7
5.2 WEB BASED USER INTERFACE – PHASE 1........................................................................10
5.3 IMAGE STORAGE AND MANAGEMENT – PHASE 1...............................................................11
5.4 DATA TRANSFORMATION CAPABILITIES – PHASE 2............................................................12
5.5 SERVICE REGISTRY – FUTURE PHASE...............................................................................13
6 BENEFITS.....................................................................................................................14
6.1 BUSINESS BENEFITS......................................................................................................14
6.2 INFORMATION TECHNOLOGY BENEFITS.............................................................................14
7 MULTI-PHASE APPROACH ....................................................................................14
8 GETTING STARTED..................................................................................................15
9 APPENDIX....................................................................................................................17

Page 2 Version 1
IBM and State of Connecticut Confidential
 Integration Architecture Workshop

1 Executive Summary
The Connecticut Department of Public Safety is in the discovery phase of a potential
project to modernize the thirty year old Connecticut Online Law Enforcement
Communications Teleprocessing system (COLLECT). The COLLECT system is
available 24x7 and provides a comprehensive view of information to law enforcement
agencies, court workers, the DEA, Connecticut Board of Education and other state
agencies. The system currently supports 15,000 users and approximately 10 million
transactions a month. While COLLECT is extremely responsive, long term areas of
concern include usability and the ability to enhance and maintain the system.

The Department of Public Safety unsuccessfully attempted a complete rewrite of the

COLLECT system starting in 2004 so it is extremely important to reuse existing
investments and leverage the current mainframe platform.

To help assist with the above initiative, IBM conducted a six hour Integration
Architecture Workshop (IAW) that explored the existing architecture, captured
current requirements and challenges, and derived potential first steps towards
modernizing the COLLECT system. This interactive workshop was held at
Department of Public Safety’s Middletown, Connecticut facility. The team was
comprised of technical resources and decision makers from Department of Public
Safety and solution architects, software architects and technical specialists from IBM.

The first part of the day was spent understanding the application architecture of
COLLECT. A demo of the existing system was given to show the type of data
accessible with COLLECT and to emphasize the response time that the existing
system achieves. The COLLECT team spent some time describing the interfaces with
NCIC, NLETS and other state agencies. Due to the nature of the data that COLLECT
supports, the availability and responsiveness of the system are crucial requirements
for any project moving forward.

The last part of the workshop was dedicated to understanding all of the priorities,
both business and technical, that the Department of Public Safety has while moving
forward with any modifications to the COLLECT system. First and foremost, it is
important to the Department that they remain on the mainframe and avoid a
wholesale rewrite of the system as was attempted in the past. Any modifications
must be maintainable by internal staff as well.

Based on Department of Public Safety requirements, current environment and in

house skills we recommend that Department of Public Safety pursue a phased,
pragmatic approach to modernizing the COLLECT system. This approach will be
comprised of exposing the existing COLLECT system as web services and J2EE
components to help enable a move towards a Service Oriented Architecture at the
state level. The following components are recommended for achieving modernization
of the COLLECT system:

• Expose existing CICS as web services – phase 1

• Rational Developer for System Z – phase 1
• WebSphere Application Server Network Deployment – phase 1
• Rational Application Developer – phase 1

Page 3 Version 1
IBM and State of Connecticut Confidential
 Integration Architecture Workshop

• IBM FileNet Content Manager – phase 1

• WebSphere Transformation Extender – phase 2
• WebSphere Transformation Extender Design Studio – phase 2
• WebSphere Service Registry and Repository – future phase

2 Business Goals and Drivers

The COLLECT system is thirty years old and it is still fulfilling its purpose very
effectively. However, this system is becoming more difficult to maintain and extend.
Being built on older technologies, the skill sets necessary for supporting COLLECT are
becoming difficult to find. The Department of Public Safety currently has only one
resource to maintain and support the system. This is a tremendous risk considering
the important purpose that the COLLECT system serves.

The Department of Public Safety wants the usability of the system to be improved.
Currently users are required to take a three day training class to learn the system
and associated data entry codes. Moving forward the COLLECT system needs to be
more intuitive, utilizing a browser based interface with usability features such as
drop down menus.

The COLLECT system needs to support additional features and tools to help its user
base do their jobs more effectively. This includes support for images that may
include mug shots, fingerprints images, digital signature and others. The system
must also continue to support the encryption and message formats that are
mandated by NCIC and NLETS. XML message formats will be a requirement in the
future, NLETS in particular is moving towards the Global Justice XML Data Model
(Global JXDM) as a standard.

3 Current IT Environment
The current Department of Public Safety environment has the following components
and technologies:

- Legacy applications running on CICS V2.x (moving to V3.1 in 2008 Q1) on

IBM mainframes.
- All mainframe data is stored on VSAM files.
- There are 100+ COBOL II programs and 30+ Assembler programs
- Integration with NCIC and NLETS is happening through a dedicated pipe,
using byte streams over TCP/IP sockets.
- WebSphere MQ is being used for system to system integration at the state
but not by COLLECT
- Mocha W32 Telnet is being used as a terminal emulator
All connections to the COLLECT system are secured at a hardware level. Terminals
are securely setup internally and all car based connections are established via an

Page 4 Version 1
IBM and State of Connecticut Confidential
 Integration Architecture Workshop

MDT (Mobile Data Terminal) server at the local police department. The Department
of Public Safety has no control over which MDT system is in use, is completely up to
the local police department.

A secure connection is established between a router at the Department of IT and a

router at the local police department.

Figure 1: Current State – High Level Network Architecture of the COLLECT system

4 Requirements
The Department of Public Safety needs to modernize the COLLECT system to support
enhancements around usability and to support new features that include the support
of images. While undertaking this modernization, the system must sustain its current
level of availability and features. These features include, but are not limited to, rapid
response time for interfaces to NCIC and NLETS, encryption standards set forth by
these organizations and a highly secure infrastructure.

The Department of Public Safety wants to leave the system on the mainframe to
leverage its existing investments and assets. This presents a challenge in that the

Page 5 Version 1
IBM and State of Connecticut Confidential
 Integration Architecture Workshop

system must be internally maintainable. The Department currently has a single full
time resource to support the system.

While it is important to leverage the existing assets it is also necessary to grow skill
sets internally to support the future of COLLECT.

4.1 Functional Requirements

• Integration with Law Enforcement Systems and Databases: The

solution requires integration with NCIC and NLETS and potentially many other
systems and agencies. The current integration, security and encryption
mechanisms must stay in place while allowing for future approaches and
flexibility. These future approaches will include standardized XML message
formats like JXDM.

• Rapid Response Time: The solution requires that a response for all
transactions be returned in less than three seconds. This requirement
excludes images.

• Cost of Ownership: The total cost of ownership must stay comparable to

where it is today. However, it is understood that if action is taken the cost will
change.

• Support for new features and functionality: The COLLECT system must
become more flexible. The time to implement changes and add functionality
must be reduced. The major piece of functionality that is on the horizon is the
support of images that include mug shots, fingerprints, digital signatures, etc.

• Improved Usability: The Department of Public Safety would like COLLECT to

become more usable and intuitive by providing drop down menus and other
ease-of-use features.

• SSO/Portal Integration: Any solution put in place must integrate with the
states single sign on and portal strategy based on a solution provided by
Cimbrian.

• Audit History: Any solution put in place must have full audit trail capabilities
that allow a look up of who ran what transaction and when.

4.2 Nonfunctional Requirements

The high-level non-functional requirements captured during the IAW include:
• Remain on the mainframe: The proposed solution will execute on the main-
frame platform.

Page 6 Version 1
IBM and State of Connecticut Confidential
 Integration Architecture Workshop

• Scalability: The environment needs to be highly scalable to meet seen and

unforeseen transaction volumes and to ensure that all response time require-
ments are met.

• Availability: The environment needs to meet current system availability

needs and provide provisions for continuous availability – meeting the needs
for new product implementations, changes, additions, etc – all with limited in-
terruption.

• Support for Industry Standards: The solution environment must support

existing and emerging industry standards for application interoperability and
technology advancements.

• Ease of Maintenance: The solution environment must be easily supported

and maintained due to the limited staff size.

• Integration with WebSphere MQ: WebSphere MQ is the standard that the

state has put in place for system to system integration. Any proposed solution
must integrate with WebSphere MQ.

5 Recommendations
We recommend that the Department of Public Safety take a phased, pragmatic
approach towards modernizing the COLLECT system. This should be comprised of
exposing the existing COLLECT system as a set of services that can participate in
modern architectures and integration strategies. Secondly, a web accessible front
end can be put in place to support image rendering and usability features. This can
be achieved with various approaches, two of which are outlined in the subsections
below. The Department of Public Safety should keep an eye towards service oriented
architecture (SOA) enabling the COLLECT system as it undertakes the modernization
process. A Service Oriented Architecture at the state level will allow various state
agencies to integrate seamlessly to share information and roll out functionality
rapidly.

The Department of Public Safety needs to begin building modern skills in house if the
adoption of new technology is to succeed. The Department can be confident that
investments in skill sets such as XML, web services and J2EE will yield considerable
benefit and ROI to the agency.

5.1 Expose Existing COLLECT Artifacts – phase 1

To fulfill the requirements of staying on the mainframe and leveraging as much of
the existing COLLECT system as possible, we need to find new ways to expose the
existing CICS transactions. Exposing the transactions in standards based ways will
position the Department of Public Safety for the future SOA endeavors at the State
of Connecticut and will allow for many new integration possibilities.

CICS provides a number of ways of exposing CICS COMMAREA and terminal-oriented

programs. If business logic and presentation logic is cleanly separated within a sys-

Page 7 Version 1
IBM and State of Connecticut Confidential
 Integration Architecture Workshop

tem it is very straightforward to expose web service representations of CICS transac-

tions. Indications are that business and presentation logic are intertwined within the
current COLLECT system. This limits the approaches that are available.

IBM CICS TS V3.1 provides a Link3270 bridge function that addresses the problem of
intertwined business and presentation logic in a terminal-based program. The client
uses the Link3270 Bridge to run 3270 transactions by linking to the program DFH-
L3270 and passing a COMMAREA that includes the transaction identifier and the data
to be passed to the application. The response contains the 3270 screen data reply. If
the target application used BMS, this information is presented in the form of an ap-
plication data structure (ADS), which is another name for the symbolic map that is
generated by the BMS macros used to define the mapping of the 3270 screen. No
changes are required for the existing application code, and knowledge of 3270 data
streams is usually not needed. As a result, the Link3270 Bridge provides a program-
matic interface for terminal-oriented programs, enabling them to be reused without
resorting to less-efficient and more-fragile screen scraping.

Leveraging the CICS Service Flow feature is likely the best approach for the Depart-
ment of Public Safety to expose the code base of the existing COLLECT system.

The Rational Developer for System Z Service Flow Modeler (SFM) tooling and the
CICS TS V3.1 Service Flow Runtime (SFR) together enable distributed applications to
make business requests of existing CICS 3270 and COMMAREA applications as
callable services. They enable Java EE applications to integrate seamlessly with busi-
ness-critical 3270 and COMMAREA applications.

The CICS Service Flow Runtime (SFR) can be used to capture and redeploy business
information in modern mixed-workload environments, involving packaged applica-
tions written by independent software vendors and Java EE applications that are
based on WebSphere Application Server. In addition, CICS SFR can be used to inte-
grate existing CICS business value into the service-oriented architectures (SOA’s)
that are used to speed business process integration and functional rollouts.

Figure 2: The CICS Service Flow Runtime

Page 8 Version 1
IBM and State of Connecticut Confidential
 Integration Architecture Workshop

The Service Flow Modeler tooling provided with Rational Developer for System Z pro-
vides an Eclipse based method for exposing CICS transactions through the SFR and
the Link3270 Bridge. SFM attempts to make transforming host applications to mod-
ern architectures as painless as possible:
• Application flow, conversion, and integration are orchestrated in a Studio that
is rich with host tools.
• Code is generated with “near-Web service” interfaces to a set of runtime envi-
ronments (which will grow in the future).
• Round-trip connectivity to the host system is provided for development as
well as deployment
• A rich visual interface for orchestrating CICS based business processes

Figure 3: Example of a CICS based business process choreographed in SFM

A positive byproduct of using this toolset is familiarity with the Eclipse platform. All
of IBM’s development tools are based on the Eclipse platform.

By taking the approach to expose web services, the transactions will be accessible
from any platform. This will allow for greater flexibility with MDT vendors and
external systems in the future.

Page 9 Version 1
IBM and State of Connecticut Confidential
 Integration Architecture Workshop

Figure 4: A screen capture of Rational Developer for System Z

5.2 Web Based User Interface – phase 1

To support usability features such as drop downs and to support image rendering
and functionality, we recommend that the Department of Public Safety put a Java
Enterprise Edition front end in place. A Java EE based front end can leverage the
service enabled CICS transactions to web enable the existing application. Such a
solution will provide opportunities to integrate the existing COLLECT information with
Web 2.0 technologies such as AJAX and new protocols such as Session Initiation
Protocol (SIP). SIP can allow for VOIP features from a web browser. The
recommended platform for this front end is WebSphere Application Server Network
Deployment (WAS ND).

IBM WebSphere Application Server Network Deployment is the premier Java

Enterprise Edition and Web services application server, which delivers a highly
available transaction engine with advanced performance and management
capabilities.

Page 10 Version 1
IBM and State of Connecticut Confidential
 Integration Architecture Workshop

WAS ND delivers exceptional deployment services that include near-continuous

availability, clustering, edge-of-network services and Web services that can operate
across disparate application frameworks. For enterprises that need 24x7 availability,
advanced management, and automated performance optimization for their mission-
critical applications, WebSphere Application Server Network Deployment delivers an
environment that is highly available, dynamically scalable, and easily managed.

WebSphere Application Server is current on support for the majority of web service
standards. WAS also provides a fully compliant JMS messaging engine for Java based
messaging.

WAS ND provides a highly secure Java EE runtime:

• Default security configurations set out-of-the-box

• Default user registry out-of-the-box
• Common Criteria Assurance Level 4 security certification
• Single sign on support (SPNEGO)
• Improved scalability for secure Web services

Aside from distributed platforms, WAS ND is support on z/OS and zLinux.

To implement a Java front end from scratch will necessitate Java skills for
development, support and maintenance. It will be important for the Department of
Public Safety to build these skill sets.

5.3 Image Storage and Management – phase 1

Image support is key functionality that the Department of Public Safety is targeting
with the modernization of the COLLECT system. The requirement encompasses the
ability to search NCIC and NLETS for images as well as the ability to load images
locally.

We recommend that the Department of Public Safety utilize IBM FileNet Content
Manager for the storage, retrieval and management of these images. IBM FileNet P8
Content Manager offers powerful features for creating, managing, and storing
business content objects. Its capabilities include handling high volume ingestion,
providing central information storage, and supporting active content. The FileNet
Content Manager provides a secure, browser based interface for administering and
searching the images repository. Beyond the secure user interface, FileNet Content
Manager provides flexible classification capabilities, versioning functionality and a
comprehensive search mechanism.

FileNet Content Manager can be accessed via Java, .NET or standard web service
APIs.

Page 11 Version 1
IBM and State of Connecticut Confidential
 Integration Architecture Workshop

Figure 5: Example of the FileNet Content Manager’s Workplace user interface

5.4 Data Transformation Capabilities – phase 2

A requirement expressed by the Department of Public Safety is to integrate various
systems both intrastate and otherwise. This requirement dictates that varying levels
of data transformation are needed.

Based on this requirement we are recommending the use of WebSphere

Transformation Extender for Application Programming (WebSphere TX) used in
conjunction with WebSphere Transformation Extender Design Studio. WebSphere TX
is a universal data transformation and validation engine that helps enable a service
oriented architecture. It delivers business agility through IT agility. It tackles the
significant challenge of integrating enterprise business systems. WebSphere TX
delivers transformation and content validation for large volumes of complex
formatted, and large multipart documents using a codeless, graphical approach to
development.

The WebSphere TX Design Studio provides a common data transformation tool that
can utilized regardless of the target runtime environment within the Department of
Public Safety. WebSphere TX maps are graphically created and subsequently can be
invoked from CICS, Java, C, .NET and a variety of other platforms.

Page 12 Version 1
IBM and State of Connecticut Confidential
 Integration Architecture Workshop

By establishing a flexible data transformation strategy, the Department of Public

Safety will be able to quickly adopt new message standards such as Global Justice
XML Data Model (Global JXDM) or others as the emerge.

5.5 Service Registry – future phase

As the Department of Public Safety exposes and potentially develops more services,
governance and manageability will be critical. By leveraging WebSphere Service
Registry and Repository the Department will be able to define service lifecycles and
classifications that fit its own model. WebSphere Service Registry and Repository can
help the State of Connecticut achieve and maintain a Service Oriented Architecture
by providing a mechanism for understanding what services exist, who are the service
consumers and what impacts there may be if a service is changed or retired. The
functionality represents more of a longer term need for Public Safety.

The WebSphere Service Registry and Repository is fully accessible from integration
points with WebSphere Datapower, WebSphere Process Server, WebSphere Message
Broker and CICS. Additionally, WSRR provides SOAP and Java APIs for access from
any product that supports these technologies.

Figure 6: Future logical architecture for COLLECT system

Page 13 Version 1
IBM and State of Connecticut Confidential
 Integration Architecture Workshop

6 Benefits

6.1 Business Benefits

Flexibility and Growth

• Reduced time to integrate with other systems or applications:

o More user enhancements and business requirements can be met.
o New features can be implemented and adopted faster.
• Faster time to market:
o Increased functionality will be a key differentiator to Department of
Public Safety’s COLLECT system.
• Increased features and integration capabilities that are based on current
technologies.

6.2 Information Technology Benefits

Agility and Maintainability

• Respond faster to needs of the business community and public.

• Current technologies offer a greater pool of resources on the market.
• Emerging Standards from law enforcement agencies can be supported.

7 Multi-phase Approach
With a multi-phased approach, the Department of Public Safety will mitigate a large
degree of risk and be better positioned to succeed. Below is a detailed list of
components for a recommended phased approach.

Component Platform(s) Phase 1 Functionality

CICS upgrade to v3.1
Rational Developer for System
Z existing CICS transactions
WebSphere Application Server
Network Deployment
Rational Application Developer
IBM FileNet Content Manager
z/OS Web Services support for
CICS transactions
Windows, Linux Visual tool for exposing
via SFR and SFM
AIX, Solaris, Linux, A comprehensive, secure,
HP-UX, iSeries, z/OS, scalable Java EE runtime
Windows
Windows, Linux Integrated Java
Development Environment
based on the Eclipse
platform, includes and
integrated test environment
AIX, Solaris, Linux, Image storage and
HP-UX, Windows management capabilities

Page 14 Version 1
IBM and State of Connecticut Confidential
 Integration Architecture Workshop

Component Platform(s) Phase 2 Functionality

WebSphere Transformation
Extender for Application
Programming
WebSphere Transformation
Extender Design Studio
AIX, Solaris, Linux, Data Transformation
HP-UX, z/OS, Capabilities
Windows
Windows, Linux A visual design tool for data
transformations run in WTX

Component Platform(s) Future Phase

WebSphere Service Registry AIX, Solaris, Linux, Governance and
and Repository HP-UX, iSeries, z/OS, management support for a
Windows dynamic SOA environment

8 Getting Started
Product education is highly recommended as a first step. See Appendix for links to
education roadmaps and other resources.

Consulting and Implementation Services

A variety of consulting and implementation services are available to support the
products discussed in this document, including everything from customized training
to complete implementation.

IBM Software Services for WebSphere (ISSW)

ISSW is a team of highly skilled IBM consultants with broad architectural knowledge,
deep technical skills, best practices expertise, and close ties with IBM research and
development labs. Our services include skills transfer, implementation, migration, ar-
chitecture and design services, as well as customized workshops and education to fit
your business needs. See recommended education in the Appendix.

WebSphere software can support your infrastructure and help maximize

business efficiencies:
• Get your software solution up and running quickly with limited-scope installation,
configuration, skills transfer, and proof-of-concept engagements.
• Gain access to IBM's deep technical and product skills.
• Minimize risk by exploiting best practices, repeatable processes, and proven expe-
rience.
• Speed your time to market, while decreasing your solution's time to value.
• Get a detailed report with recommendations specific to your business.

Team with IBM Software Services for WebSphere to get architecture and de-
sign skills to build a robust
and scalable solution:
• Take advantage of deep, technical skills to develop a detailed architecture and de-
sign for your WebSphere software solution.
• Assess the feasibility of your design through prototypes or pilot engagements.
• Get best-practices advice about infrastructure, migration and performance consid-
erations.

Page 15 Version 1
IBM and State of Connecticut Confidential
 Integration Architecture Workshop

• Map functional requirements to the core capabilities of your software solution.

Get help developing and deploying your WebSphere software solution:

• Leverage infrastructure services that assist you with installation, configuration, sys-
tem security, scalability, and availability.
• Take advantage of comprehensive migration services, including skills enablement
and application conversion, designed to minimize your risk.
• Implement your software solution faster - and help to ensure that it is ready to de-
ploy when the development stage is complete.

IBM Software Services for WebSphere can help you review and maintain
your business-critical systems:
• Help you to maintain your WebSphere software solution by assessing your applica-
tion environment.
• Offer you deep technical skills to deliver a comprehensive review of your solution
architecture and deployment.
• Provide you with best practices guidance to ensure your WebSphere software solu-
tion continues to run smoothly.

WebSphere Software Services URL can be found at:

http://www-128.ibm.com/developerworks/WebSphere/services/services.html

IBM also offers free Proof of Technology (PoT) Workshops to help customers un-
derstand the various technologies and capabilities of IBM software products. PoT’s
offer significant value to customers and can be a great way to ensure representatives
from IT and the Business understand product capabilities including the “when, where
and why” planned uses of these technologies at Department of Public Safety.

PoT details are available upon request and are scheduled on a regular basis in
Waltham, MA and the Hartford area and on an as-needed basis throughout the
Northeast. IBM has also delivered PoT’s on-site at customer facilities to help defray
the cost of travel, scheduling issues, etc.

Page 16 Version 1
IBM and State of Connecticut Confidential
 Integration Architecture Workshop

9 Appendix

Internet Resources and Educational Information

IBM Developer Works – Excellent “everything site” for the IT Professional:

http://www-128.ibm.com/developerworks/

IBM Education Assistant – Quick demos and tutorials on IBM software products:
http://www-306.ibm.com/software/info/education/assistant/

IBM WebSphere Education may be found at:

http://www.ibm.com/education/us/

General Education Roadmaps:

https://www-304.ibm.com/jct03002c/services/learning/itess.wss/us/en?
pageType=page&c=a0003096

WebSphere Developer Business Integration Zone is at:

http://www-128.ibm.com/developerworks/websphere/zones/businessintegration/

IBM RedBooks - http://www.redbooks.ibm.com/

A list of RedBooks about almost any IBM software product can be found by doing a
keyword search, e.g., “WebSphere”. RedBooks provide real-world user experience,
shortcuts and guidelines that can be very useful during project implementation.

Page 17 Version 1
IBM and State of Connecticut Confidential
Appendix B – Customer Scenario: CICS Web Support
The information in Appendix B was taken from the IBM Red Book “Architecting
Access to CICS within an SOA” published in October of 2006.

Business description
The New Jersey State Police provides a computer system which services 767 local,
county, state, and Federal agencies located across the state. This CICS/COBOL sys-
tem contains information such as: motor vehicle data, "state only" warrants,
firearms licensing, and criminal history information. It has over 10,000 users, which
access the system 24 hours a day, 7 days a week.

In addition, New Jersey State Police is the conduit through which New Jersey law en-
forcement agencies access other state and federal agencies such as the New Jersey
Administrative Office of the Courts, the New Jersey Department of Corrections, the
National Law Enforcement Telecommunications System, and the National Crime In-
formation Center.
The New Jersey State Police services are about as mission critical as you can get.
The difference between a 2 second response time and a 30 second response time
can sometimes mean the difference between life and death. It is for that reason that
the New Jersey State Police chose to implement their system on the mainframe using
CICS and MQSeries (now known as WebSphere MQ).

The National Crime Information Center is a computer system provided by the FBI,
serving as the national repository for all sorts of criminal justice information. Located
in Clarksburg, West Virginia, the FBI maintains 17 separate databases, containing in-
formation about wanted persons, stolen vehicles, violent gangs, and a host of other
things. The National Crime Information Center uses a tree architecture, where over
80,000 criminal justice agencies across the nation access a designated control termi-
nal agency to derive services. It is the responsibility of the control terminal
agency to provide the interface to the end user, and a message switch to National
Crime Information Center. The New Jersey State Police is the control terminal agency
for the State of New Jersey. Each day the National Crime Information Center pro-
cesses over 2 million transactions in sub-second fashion. In 1999 alone, information
returned resulted in 113 000 individuals being arrested; 39,000 missing children and
8 500 missing adults being located; and 110 000 cars valued at over half a billion
dollars being recovered.

Technology description
Using a CICS Web support solution designed by IBM Global Services, New Jersey
State Police have provided the Web browser interface for their 10,000 users to ac-
cess images of wanted or missing persons, stolen property, fingerprint data and
more, in addition to text information such as person information and criminal history.
This was accomplished by implementing a CICS TS region supporting CICS Web sup-
port, a Generic Converter solution, a Graphics Converter, application programs, and
an MQSeries back-end. The design is such that business logic and presentation logic
are completely separate.

The specific software technology used consisted of the following products:

• OS/390 V2.8
• CICS Transaction Server V1.3
• CICS Web support
• CICS to TCP/IP Sockets interface
• IBM MQSeries V5.1 (now known as WebSphere MQ)
• IBM HTTP Server V5.2

When a Person Inquiry is submitted (based on name and date of birth) from the Web
browser, the response that is returned from the National Crime Information Center
includes all relevant text and images relating to that inquiry. The text is displayed in
keyword/value format to maintain compatibility with existing systems and mitigate
training issues.

The Fingerprint Inquiry performs biometrics inquiries using file uploads to CICS
from a Web browser. The response to a fingerprint inquiry could contain both text
and images. JavaScript™ embedded in the Web pages prevent the user from trans-
mitting an inquiry with the mandatory fields left blank, or basic relational edit errors.
After the page is submitted, more comprehensive editing occurs within CICS. If any
errors are found, the same Web page is returned to the client, with an error
message, focus on the error field (cursor positioning), and all check boxes and
selection boxes set correctly as the end user had submitted them. Any relevant im-
ages, such as "mugshots" or identifying tattoos are stored in a CICS VSAM data ta-
ble, as a JPEG grayscale image using a compression ratio designed to reduce the im-
age size to between 4 - 8K. An image reference is placed in the HTML response.
Upon receiving the response, the browser links to a CICS based graphics converter
that retrieves the image, which is inserted in the browser window. An entire re-
sponse is usually received at the browser in under 3 seconds. That is a significant
achievement considering the bundling being done, the number of systems which are
traversed, the telecommunications issues, and the data requests coming from West
Virginia.

Business logic interface

Figure 11-2 on page 301 demonstrates the isolation of presentation and business
logic which is supported by the CICS business logic interface. The converter pro-
grams perform conversion of symbol strings from the browser into a fixed length
COMMAREA expected by the business logic application program and back again into
HTML after processing.

Technical implementations
The "Generic Converter" solution, available from IBM Global Services, takes this idea
one step higher. This single converter can be used in place of all other application
specific converters because it is driven by a fast access VSAM Data table. This meta
data table contains the output HTML template names and the COMMAREA data for-
mat for the business application program. Each application program entry is defined
by using the "Application Entry" program.

Generic Converter
When Web-enabling a CICS application using the Generic Converter a relationship is
established between an HTML template, the Generic Converter, an Application entry,
and a CICS application program.
The Generic Converter shields the application program from interfacing with State
Management, Template Management, and HTTP environmental modules. It also ex-
tends CICS Web support function by supporting input HTTP with enctype=multipart
to handle file uploads.

Graphics Converter
While static images may be served from any Web server, the Graphics Converter
provides a means to display JPEG or GIF images from a VSAM file. This allows CICS
to store and serve dynamic images received in real time from remote systems.
Statistics collection and reporting
This feature of the Generic Converter system is used for stress testing, application
problem determination, and system performance monitoring. It provides the follow-
ing daily and interval statistics in real time:
• Generic Converter statistics
• Maximum, average, and last application program response time
• Maximum, average, and last environmental response time
• Transaction counts
• Transaction rate
• Maximum, average, and last HTML input and output sizes
• Graphics Converter statistics
• Transaction counts
• Transaction rate
• Maximum, average, and last image output size

Issues raised
This project has been a great success for both New Jersey State Police and IBM,
however the following issues encountered during the project are summarized here:
• A security design should be planned as early as possible. The solution re-
quired customization of the supplied sample CICS security analyzer, which
now links to a customer security program that authorizes the target applica-
tion program. Additional Web environmentals are retrieved to authorize the
client IP address. An SSL implementation was undertaken in 2000 to improve
authentication and provide text encryption.
• File upload required further customization to the supplied security analyzer to
prevent ASCII/EBCDIC data conversion of inbound binary data. Additionally,
an ActiveX® control was used to process digital images into JPEG files, and
Chapter 11. Customer scenario: CICS Web support 303 also to automate the
selection of the JPEG file for upload at the browser workstation.
• The supplied sample state management program uses a default size of 256
bytes for allocating state data area. While this size can be increased, it is a
global value used for all state data requests. To provide support for update
application programs, the state data program was modified to provide
cleanup of temporary storage queues, created by application programs to
store large amounts of state data.
• Graphics support for the retrieval of "mugshot" images required further cus-
tomization of the security analyzer to pass the image key to the Graphics
Converter.
• A "cookie cutter" design approach was developed as a standard methodology
for Web-enabling applications. This approach proved to increase productivity
for new members of the New Jersey State Police Web-enabling team.
Conclusions
The production CICS region supporting the Web components listener region was in-
stalled and a successful production system test was conducted on February 10,
2000. Beta sites began using the system in early March 2000. The New Jersey State
Police was the first state agency in the US with the ability to perform fingerprint
query of the National Crime Information Center 2000 database. CICS Web support,
along with the Generic Converter suite of programs, is viewed by the New Jersey
State Police as an excellent solution for their business requirements. Performance is
a critical factor for this application and the fact that a textual inquiry is able to return
a response, including a mugshot image, in an average of 3 seconds, exceeded ex-
pectations. The implementation was achieved at a low cost, mainly due to leveraging
existing CICS COBOL skills, supplemented with basic HTML training. The Generic
Converter solution is easy to use and additional applications are being Web-enabled
without assistance from IBM.
The New Jersey State Police is positioned to make use of WebSphere Application
Server. All or part of their present system can be migrated into a Java environment.
Since their present system has successfully implemented business logic that is sepa-
rate from presentation logic, this business logic could be accessed from a Java appli-
cation using the CICS Transaction Gateway and the External Call Interface (ECI).
With minor modifications, the HTML templates could be converted to Java Server
Pages.