WebSphere Integration Architecture Workshop

Version 1

IBM and Connecticut Confidential

Integration Architecture Workshop

Table of Contents
1 EXECUTIVE SUMMARY............................................................................................3 2 BUSINESS GOALS AND DRIVERS...........................................................................4 3 CURRENT IT ENVIRONMENT..................................................................................4 4 REQUIREMENTS..........................................................................................................5 4.1 FUNCTIONAL REQUIREMENTS ...........................................................................................6 4.2 NONFUNCTIONAL REQUIREMENTS......................................................................................6 5 RECOMMENDATIONS................................................................................................7 5.1 EXPOSE EXISTING COLLECT ARTIFACTS – PHASE 1........................................................7 5.2 WEB BASED USER INTERFACE – PHASE 1........................................................................10 5.3 IMAGE STORAGE AND MANAGEMENT – PHASE 1...............................................................11 5.4 DATA TRANSFORMATION CAPABILITIES – PHASE 2............................................................12 5.5 SERVICE REGISTRY – FUTURE PHASE...............................................................................13 6 BENEFITS.....................................................................................................................14 6.1 BUSINESS BENEFITS......................................................................................................14 6.2 INFORMATION TECHNOLOGY BENEFITS.............................................................................14 7 MULTI-PHASE APPROACH ....................................................................................14 8 GETTING STARTED..................................................................................................15 9 APPENDIX....................................................................................................................17

Page 2

Version 1 IBM and State of Connecticut Confidential

Integration Architecture Workshop

1 Executive Summary
The Connecticut Department of Public Safety is in the discovery phase of a potential project to modernize the thirty year old Connecticut Online Law Enforcement Communications Teleprocessing system (COLLECT). The COLLECT system is available 24x7 and provides a comprehensive view of information to law enforcement agencies, court workers, the DEA, Connecticut Board of Education and other state agencies. The system currently supports 15,000 users and approximately 10 million transactions a month. While COLLECT is extremely responsive, long term areas of concern include usability and the ability to enhance and maintain the system. The Department of Public Safety unsuccessfully attempted a complete rewrite of the COLLECT system starting in 2004 so it is extremely important to reuse existing investments and leverage the current mainframe platform. To help assist with the above initiative, IBM conducted a six hour Integration Architecture Workshop (IAW) that explored the existing architecture, captured current requirements and challenges, and derived potential first steps towards modernizing the COLLECT system. This interactive workshop was held at Department of Public Safety’s Middletown, Connecticut facility. The team was comprised of technical resources and decision makers from Department of Public Safety and solution architects, software architects and technical specialists from IBM. The first part of the day was spent understanding the application architecture of COLLECT. A demo of the existing system was given to show the type of data accessible with COLLECT and to emphasize the response time that the existing system achieves. The COLLECT team spent some time describing the interfaces with NCIC, NLETS and other state agencies. Due to the nature of the data that COLLECT supports, the availability and responsiveness of the system are crucial requirements for any project moving forward. The last part of the workshop was dedicated to understanding all of the priorities, both business and technical, that the Department of Public Safety has while moving forward with any modifications to the COLLECT system. First and foremost, it is important to the Department that they remain on the mainframe and avoid a wholesale rewrite of the system as was attempted in the past. Any modifications must be maintainable by internal staff as well. Based on Department of Public Safety requirements, current environment and in house skills we recommend that Department of Public Safety pursue a phased, pragmatic approach to modernizing the COLLECT system. This approach will be comprised of exposing the existing COLLECT system as web services and J2EE components to help enable a move towards a Service Oriented Architecture at the state level. The following components are recommended for achieving modernization of the COLLECT system:


• •


Page 3

Expose existing CICS as web services – phase 1 Rational Developer for System Z – phase 1 WebSphere Application Server Network Deployment – phase 1 Rational Application Developer – phase 1

Version 1 IBM and State of Connecticut Confidential

Integration Architecture Workshop

• • •

IBM FileNet Content Manager – phase 1 WebSphere Transformation Extender – phase 2 WebSphere Transformation Extender Design Studio – phase 2 WebSphere Service Registry and Repository – future phase

2 Business Goals and Drivers
The COLLECT system is thirty years old and it is still fulfilling its purpose very effectively. However, this system is becoming more difficult to maintain and extend. Being built on older technologies, the skill sets necessary for supporting COLLECT are becoming difficult to find. The Department of Public Safety currently has only one resource to maintain and support the system. This is a tremendous risk considering the important purpose that the COLLECT system serves. The Department of Public Safety wants the usability of the system to be improved. Currently users are required to take a three day training class to learn the system and associated data entry codes. Moving forward the COLLECT system needs to be more intuitive, utilizing a browser based interface with usability features such as drop down menus. The COLLECT system needs to support additional features and tools to help its user base do their jobs more effectively. This includes support for images that may include mug shots, fingerprints images, digital signature and others. The system must also continue to support the encryption and message formats that are mandated by NCIC and NLETS. XML message formats will be a requirement in the future, NLETS in particular is moving towards the Global Justice XML Data Model (Global JXDM) as a standard.

3 Current IT Environment
The current Department of Public Safety environment has the following components and technologies:

-

Legacy applications running on CICS V2.x (moving to V3.1 in 2008 Q1) on IBM mainframes. All mainframe data is stored on VSAM files. There are 100+ COBOL II programs and 30+ Assembler programs Integration with NCIC and NLETS is happening through a dedicated pipe, using byte streams over TCP/IP sockets. WebSphere MQ is being used for system to system integration at the state but not by COLLECT Mocha W32 Telnet is being used as a terminal emulator

-

All connections to the COLLECT system are secured at a hardware level. Terminals are securely setup internally and all car based connections are established via an

Page 4

Version 1 IBM and State of Connecticut Confidential

Integration Architecture Workshop

MDT (Mobile Data Terminal) server at the local police department. The Department of Public Safety has no control over which MDT system is in use, is completely up to the local police department. A secure connection is established between a router at the Department of IT and a router at the local police department.

Figure 1: Current State – High Level Network Architecture of the COLLECT system

4 Requirements
The Department of Public Safety needs to modernize the COLLECT system to support enhancements around usability and to support new features that include the support of images. While undertaking this modernization, the system must sustain its current level of availability and features. These features include, but are not limited to, rapid response time for interfaces to NCIC and NLETS, encryption standards set forth by these organizations and a highly secure infrastructure. The Department of Public Safety wants to leave the system on the mainframe to leverage its existing investments and assets. This presents a challenge in that the

Page 5

Version 1 IBM and State of Connecticut Confidential

Integration Architecture Workshop

system must be internally maintainable. The Department currently has a single full time resource to support the system. While it is important to leverage the existing assets it is also necessary to grow skill sets internally to support the future of COLLECT.

4.1 Functional Requirements

Integration with Law Enforcement Systems and Databases: The solution requires integration with NCIC and NLETS and potentially many other systems and agencies. The current integration, security and encryption mechanisms must stay in place while allowing for future approaches and flexibility. These future approaches will include standardized XML message formats like JXDM. Rapid Response Time: The solution requires that a response for all transactions be returned in less than three seconds. This requirement excludes images. Cost of Ownership: The total cost of ownership must stay comparable to where it is today. However, it is understood that if action is taken the cost will change. Support for new features and functionality: The COLLECT system must become more flexible. The time to implement changes and add functionality must be reduced. The major piece of functionality that is on the horizon is the support of images that include mug shots, fingerprints, digital signatures, etc. Improved Usability: The Department of Public Safety would like COLLECT to become more usable and intuitive by providing drop down menus and other ease-of-use features. SSO/Portal Integration: Any solution put in place must integrate with the states single sign on and portal strategy based on a solution provided by Cimbrian. Audit History: Any solution put in place must have full audit trail capabilities that allow a look up of who ran what transaction and when.

4.2 Nonfunctional Requirements
The high-level non-functional requirements captured during the IAW include: • Remain on the mainframe: The proposed solution will execute on the mainframe platform.

Page 6

Version 1 IBM and State of Connecticut Confidential

Integration Architecture Workshop

Scalability: The environment needs to be highly scalable to meet seen and unforeseen transaction volumes and to ensure that all response time requirements are met. Availability: The environment needs to meet current system availability needs and provide provisions for continuous availability – meeting the needs for new product implementations, changes, additions, etc – all with limited interruption. Support for Industry Standards: The solution environment must support existing and emerging industry standards for application interoperability and technology advancements. Ease of Maintenance: The solution environment must be easily supported and maintained due to the limited staff size. Integration with WebSphere MQ: WebSphere MQ is the standard that the state has put in place for system to system integration. Any proposed solution must integrate with WebSphere MQ.

• •

5 Recommendations
We recommend that the Department of Public Safety take a phased, pragmatic approach towards modernizing the COLLECT system. This should be comprised of exposing the existing COLLECT system as a set of services that can participate in modern architectures and integration strategies. Secondly, a web accessible front end can be put in place to support image rendering and usability features. This can be achieved with various approaches, two of which are outlined in the subsections below. The Department of Public Safety should keep an eye towards service oriented architecture (SOA) enabling the COLLECT system as it undertakes the modernization process. A Service Oriented Architecture at the state level will allow various state agencies to integrate seamlessly to share information and roll out functionality rapidly. The Department of Public Safety needs to begin building modern skills in house if the adoption of new technology is to succeed. The Department can be confident that investments in skill sets such as XML, web services and J2EE will yield considerable benefit and ROI to the agency.

5.1 Expose Existing COLLECT Artifacts – phase 1
To fulfill the requirements of staying on the mainframe and leveraging as much of the existing COLLECT system as possible, we need to find new ways to expose the existing CICS transactions. Exposing the transactions in standards based ways will position the Department of Public Safety for the future SOA endeavors at the State of Connecticut and will allow for many new integration possibilities. CICS provides a number of ways of exposing CICS COMMAREA and terminal-oriented programs. If business logic and presentation logic is cleanly separated within a sys-

Page 7

Version 1 IBM and State of Connecticut Confidential

Integration Architecture Workshop

tem it is very straightforward to expose web service representations of CICS transactions. Indications are that business and presentation logic are intertwined within the current COLLECT system. This limits the approaches that are available. IBM CICS TS V3.1 provides a Link3270 bridge function that addresses the problem of intertwined business and presentation logic in a terminal-based program. The client uses the Link3270 Bridge to run 3270 transactions by linking to the program DFHL3270 and passing a COMMAREA that includes the transaction identifier and the data to be passed to the application. The response contains the 3270 screen data reply. If the target application used BMS, this information is presented in the form of an application data structure (ADS), which is another name for the symbolic map that is generated by the BMS macros used to define the mapping of the 3270 screen. No changes are required for the existing application code, and knowledge of 3270 data streams is usually not needed. As a result, the Link3270 Bridge provides a programmatic interface for terminal-oriented programs, enabling them to be reused without resorting to less-efficient and more-fragile screen scraping. Leveraging the CICS Service Flow feature is likely the best approach for the Department of Public Safety to expose the code base of the existing COLLECT system. The Rational Developer for System Z Service Flow Modeler (SFM) tooling and the CICS TS V3.1 Service Flow Runtime (SFR) together enable distributed applications to make business requests of existing CICS 3270 and COMMAREA applications as callable services. They enable Java EE applications to integrate seamlessly with business-critical 3270 and COMMAREA applications. The CICS Service Flow Runtime (SFR) can be used to capture and redeploy business information in modern mixed-workload environments, involving packaged applications written by independent software vendors and Java EE applications that are based on WebSphere Application Server. In addition, CICS SFR can be used to integrate existing CICS business value into the service-oriented architectures (SOA’s) that are used to speed business process integration and functional rollouts.

Figure 2: The CICS Service Flow Runtime

Page 8

Version 1 IBM and State of Connecticut Confidential

Integration Architecture Workshop

The Service Flow Modeler tooling provided with Rational Developer for System Z provides an Eclipse based method for exposing CICS transactions through the SFR and the Link3270 Bridge. SFM attempts to make transforming host applications to modern architectures as painless as possible: • Application flow, conversion, and integration are orchestrated in a Studio that is rich with host tools. • Code is generated with “near-Web service” interfaces to a set of runtime environments (which will grow in the future). • Round-trip connectivity to the host system is provided for development as well as deployment • A rich visual interface for orchestrating CICS based business processes

Figure 3: Example of a CICS based business process choreographed in SFM A positive byproduct of using this toolset is familiarity with the Eclipse platform. All of IBM’s development tools are based on the Eclipse platform. By taking the approach to expose web services, the transactions will be accessible from any platform. This will allow for greater flexibility with MDT vendors and external systems in the future.

Page 9

Version 1 IBM and State of Connecticut Confidential

Integration Architecture Workshop

Figure 4: A screen capture of Rational Developer for System Z

5.2 Web Based User Interface – phase 1
To support usability features such as drop downs and to support image rendering and functionality, we recommend that the Department of Public Safety put a Java Enterprise Edition front end in place. A Java EE based front end can leverage the service enabled CICS transactions to web enable the existing application. Such a solution will provide opportunities to integrate the existing COLLECT information with Web 2.0 technologies such as AJAX and new protocols such as Session Initiation Protocol (SIP). SIP can allow for VOIP features from a web browser. The recommended platform for this front end is WebSphere Application Server Network Deployment (WAS ND). IBM WebSphere Application Server Network Deployment is the premier Java Enterprise Edition and Web services application server, which delivers a highly available transaction engine with advanced performance and management capabilities.

Page 10

Version 1 IBM and State of Connecticut Confidential

Integration Architecture Workshop

WAS ND delivers exceptional deployment services that include near-continuous availability, clustering, edge-of-network services and Web services that can operate across disparate application frameworks. For enterprises that need 24x7 availability, advanced management, and automated performance optimization for their missioncritical applications, WebSphere Application Server Network Deployment delivers an environment that is highly available, dynamically scalable, and easily managed. WebSphere Application Server is current on support for the majority of web service standards. WAS also provides a fully compliant JMS messaging engine for Java based messaging. WAS ND provides a highly secure Java EE runtime: • • • • • Default security configurations set out-of-the-box Default user registry out-of-the-box Common Criteria Assurance Level 4 security certification Single sign on support (SPNEGO) Improved scalability for secure Web services

Aside from distributed platforms, WAS ND is support on z/OS and zLinux. To implement a Java front end from scratch will necessitate Java skills for development, support and maintenance. It will be important for the Department of Public Safety to build these skill sets.

5.3 Image Storage and Management – phase 1
Image support is key functionality that the Department of Public Safety is targeting with the modernization of the COLLECT system. The requirement encompasses the ability to search NCIC and NLETS for images as well as the ability to load images locally. We recommend that the Department of Public Safety utilize IBM FileNet Content Manager for the storage, retrieval and management of these images. IBM FileNet P8 Content Manager offers powerful features for creating, managing, and storing business content objects. Its capabilities include handling high volume ingestion, providing central information storage, and supporting active content. The FileNet Content Manager provides a secure, browser based interface for administering and searching the images repository. Beyond the secure user interface, FileNet Content Manager provides flexible classification capabilities, versioning functionality and a comprehensive search mechanism. FileNet Content Manager can be accessed via Java, .NET or standard web service APIs.

Page 11

Version 1 IBM and State of Connecticut Confidential

Integration Architecture Workshop

Figure 5: Example of the FileNet Content Manager’s Workplace user interface

5.4 Data Transformation Capabilities – phase 2
A requirement expressed by the Department of Public Safety is to integrate various systems both intrastate and otherwise. This requirement dictates that varying levels of data transformation are needed. Based on this requirement we are recommending the use of WebSphere Transformation Extender for Application Programming (WebSphere TX) used in conjunction with WebSphere Transformation Extender Design Studio. WebSphere TX is a universal data transformation and validation engine that helps enable a service oriented architecture. It delivers business agility through IT agility. It tackles the significant challenge of integrating enterprise business systems. WebSphere TX delivers transformation and content validation for large volumes of complex formatted, and large multipart documents using a codeless, graphical approach to development. The WebSphere TX Design Studio provides a common data transformation tool that can utilized regardless of the target runtime environment within the Department of Public Safety. WebSphere TX maps are graphically created and subsequently can be invoked from CICS, Java, C, .NET and a variety of other platforms.

Page 12

Version 1 IBM and State of Connecticut Confidential

Integration Architecture Workshop

By establishing a flexible data transformation strategy, the Department of Public Safety will be able to quickly adopt new message standards such as Global Justice XML Data Model (Global JXDM) or others as the emerge.

5.5 Service Registry – future phase
As the Department of Public Safety exposes and potentially develops more services, governance and manageability will be critical. By leveraging WebSphere Service Registry and Repository the Department will be able to define service lifecycles and classifications that fit its own model. WebSphere Service Registry and Repository can help the State of Connecticut achieve and maintain a Service Oriented Architecture by providing a mechanism for understanding what services exist, who are the service consumers and what impacts there may be if a service is changed or retired. The functionality represents more of a longer term need for Public Safety. The WebSphere Service Registry and Repository is fully accessible from integration points with WebSphere Datapower, WebSphere Process Server, WebSphere Message Broker and CICS. Additionally, WSRR provides SOAP and Java APIs for access from any product that supports these technologies.

Figure 6: Future logical architecture for COLLECT system

Page 13

Version 1 IBM and State of Connecticut Confidential

Integration Architecture Workshop

6 Benefits 6.1 Business Benefits
Flexibility and Growth


• •

Reduced time to integrate with other systems or applications: o More user enhancements and business requirements can be met. o New features can be implemented and adopted faster. Faster time to market: o Increased functionality will be a key differentiator to Department of Public Safety’s COLLECT system. Increased features and integration capabilities that are based on current technologies.

6.2 Information Technology Benefits
Agility and Maintainability


• •

Respond faster to needs of the business community and public. Current technologies offer a greater pool of resources on the market. Emerging Standards from law enforcement agencies can be supported.

7 Multi-phase Approach
With a multi-phased approach, the Department of Public Safety will mitigate a large degree of risk and be better positioned to succeed. Below is a detailed list of components for a recommended phased approach. Component CICS upgrade to v3.1 Rational Developer for System Z WebSphere Application Server Network Deployment Rational Application Developer Platform(s) z/OS Windows, Linux AIX, Solaris, Linux, HP-UX, iSeries, z/OS, Windows Windows, Linux Phase 1 Functionality Web Services support for CICS transactions Visual tool for exposing existing CICS transactions via SFR and SFM A comprehensive, secure, scalable Java EE runtime Integrated Java Development Environment based on the Eclipse platform, includes and integrated test environment Image storage and management capabilities

IBM FileNet Content Manager

AIX, Solaris, Linux, HP-UX, Windows

Page 14

Version 1 IBM and State of Connecticut Confidential

Integration Architecture Workshop

Component WebSphere Transformation Extender for Application Programming WebSphere Transformation Extender Design Studio Component WebSphere Service Registry and Repository

Platform(s) AIX, Solaris, Linux, HP-UX, z/OS, Windows Windows, Linux

Phase 2 Functionality Data Transformation Capabilities A visual design tool for data transformations run in WTX Future Phase Governance and management support for a dynamic SOA environment

Platform(s) AIX, Solaris, Linux, HP-UX, iSeries, z/OS, Windows

8 Getting Started
Product education is highly recommended as a first step. See Appendix for links to education roadmaps and other resources. Consulting and Implementation Services A variety of consulting and implementation services are available to support the products discussed in this document, including everything from customized training to complete implementation. IBM Software Services for WebSphere (ISSW) ISSW is a team of highly skilled IBM consultants with broad architectural knowledge, deep technical skills, best practices expertise, and close ties with IBM research and development labs. Our services include skills transfer, implementation, migration, architecture and design services, as well as customized workshops and education to fit your business needs. See recommended education in the Appendix. WebSphere software can support your infrastructure and help maximize business efficiencies: • Get your software solution up and running quickly with limited-scope installation, configuration, skills transfer, and proof-of-concept engagements. • Gain access to IBM's deep technical and product skills. • Minimize risk by exploiting best practices, repeatable processes, and proven experience. • Speed your time to market, while decreasing your solution's time to value. • Get a detailed report with recommendations specific to your business. Team with IBM Software Services for WebSphere to get architecture and design skills to build a robust and scalable solution: • Take advantage of deep, technical skills to develop a detailed architecture and design for your WebSphere software solution. • Assess the feasibility of your design through prototypes or pilot engagements. • Get best-practices advice about infrastructure, migration and performance considerations.

Page 15

Version 1 IBM and State of Connecticut Confidential

Integration Architecture Workshop

• Map functional requirements to the core capabilities of your software solution. Get help developing and deploying your WebSphere software solution: • Leverage infrastructure services that assist you with installation, configuration, system security, scalability, and availability. • Take advantage of comprehensive migration services, including skills enablement and application conversion, designed to minimize your risk. • Implement your software solution faster - and help to ensure that it is ready to deploy when the development stage is complete. IBM Software Services for WebSphere can help you review and maintain your business-critical systems: • Help you to maintain your WebSphere software solution by assessing your application environment. • Offer you deep technical skills to deliver a comprehensive review of your solution architecture and deployment. • Provide you with best practices guidance to ensure your WebSphere software solution continues to run smoothly. WebSphere Software Services URL can be found at: http://www-128.ibm.com/developerworks/WebSphere/services/services.html IBM also offers free Proof of Technology (PoT) Workshops to help customers understand the various technologies and capabilities of IBM software products. PoT’s offer significant value to customers and can be a great way to ensure representatives from IT and the Business understand product capabilities including the “when, where and why” planned uses of these technologies at Department of Public Safety. PoT details are available upon request and are scheduled on a regular basis in Waltham, MA and the Hartford area and on an as-needed basis throughout the Northeast. IBM has also delivered PoT’s on-site at customer facilities to help defray the cost of travel, scheduling issues, etc.

Page 16

Version 1 IBM and State of Connecticut Confidential

Integration Architecture Workshop

9 Appendix
Internet Resources and Educational Information
IBM Developer Works – Excellent “everything site” for the IT Professional: http://www-128.ibm.com/developerworks/ IBM Education Assistant – Quick demos and tutorials on IBM software products: http://www-306.ibm.com/software/info/education/assistant/ IBM WebSphere Education may be found at: http://www.ibm.com/education/us/ General Education Roadmaps: https://www-304.ibm.com/jct03002c/services/learning/itess.wss/us/en? pageType=page&c=a0003096 WebSphere Developer Business Integration Zone is at: http://www-128.ibm.com/developerworks/websphere/zones/businessintegration/ IBM RedBooks - http://www.redbooks.ibm.com/ A list of RedBooks about almost any IBM software product can be found by doing a keyword search, e.g., “WebSphere”. RedBooks provide real-world user experience, shortcuts and guidelines that can be very useful during project implementation.

Page 17

Version 1 IBM and State of Connecticut Confidential

Appendix B – Customer Scenario: CICS Web Support
The information in Appendix B was taken from the IBM Red Book “Architecting Access to CICS within an SOA” published in October of 2006.

Business description
The New Jersey State Police provides a computer system which services 767 local, county, state, and Federal agencies located across the state. This CICS/COBOL system contains information such as: motor vehicle data, "state only" warrants, firearms licensing, and criminal history information. It has over 10,000 users, which access the system 24 hours a day, 7 days a week.

In addition, New Jersey State Police is the conduit through which New Jersey law enforcement agencies access other state and federal agencies such as the New Jersey Administrative Office of the Courts, the New Jersey Department of Corrections, the National Law Enforcement Telecommunications System, and the National Crime Information Center. The New Jersey State Police services are about as mission critical as you can get. The difference between a 2 second response time and a 30 second response time can sometimes mean the difference between life and death. It is for that reason that the New Jersey State Police chose to implement their system on the mainframe using CICS and MQSeries (now known as WebSphere MQ). The National Crime Information Center is a computer system provided by the FBI, serving as the national repository for all sorts of criminal justice information. Located in Clarksburg, West Virginia, the FBI maintains 17 separate databases, containing in-

formation about wanted persons, stolen vehicles, violent gangs, and a host of other things. The National Crime Information Center uses a tree architecture, where over 80,000 criminal justice agencies across the nation access a designated control terminal agency to derive services. It is the responsibility of the control terminal agency to provide the interface to the end user, and a message switch to National Crime Information Center. The New Jersey State Police is the control terminal agency for the State of New Jersey. Each day the National Crime Information Center processes over 2 million transactions in sub-second fashion. In 1999 alone, information returned resulted in 113 000 individuals being arrested; 39,000 missing children and 8 500 missing adults being located; and 110 000 cars valued at over half a billion dollars being recovered.

Technology description
Using a CICS Web support solution designed by IBM Global Services, New Jersey State Police have provided the Web browser interface for their 10,000 users to access images of wanted or missing persons, stolen property, fingerprint data and more, in addition to text information such as person information and criminal history. This was accomplished by implementing a CICS TS region supporting CICS Web support, a Generic Converter solution, a Graphics Converter, application programs, and an MQSeries back-end. The design is such that business logic and presentation logic are completely separate. The specific software technology used consisted of the following products: • OS/390 V2.8 • CICS Transaction Server V1.3 • CICS Web support • CICS to TCP/IP Sockets interface • IBM MQSeries V5.1 (now known as WebSphere MQ) • IBM HTTP Server V5.2 When a Person Inquiry is submitted (based on name and date of birth) from the Web browser, the response that is returned from the National Crime Information Center includes all relevant text and images relating to that inquiry. The text is displayed in keyword/value format to maintain compatibility with existing systems and mitigate training issues. The Fingerprint Inquiry performs biometrics inquiries using file uploads to CICS from a Web browser. The response to a fingerprint inquiry could contain both text and images. JavaScript™ embedded in the Web pages prevent the user from transmitting an inquiry with the mandatory fields left blank, or basic relational edit errors. After the page is submitted, more comprehensive editing occurs within CICS. If any errors are found, the same Web page is returned to the client, with an error message, focus on the error field (cursor positioning), and all check boxes and selection boxes set correctly as the end user had submitted them. Any relevant images, such as "mugshots" or identifying tattoos are stored in a CICS VSAM data table, as a JPEG grayscale image using a compression ratio designed to reduce the image size to between 4 - 8K. An image reference is placed in the HTML response. Upon receiving the response, the browser links to a CICS based graphics converter that retrieves the image, which is inserted in the browser window. An entire response is usually received at the browser in under 3 seconds. That is a significant achievement considering the bundling being done, the number of systems which are

traversed, the telecommunications issues, and the data requests coming from West Virginia. Business logic interface Figure 11-2 on page 301 demonstrates the isolation of presentation and business logic which is supported by the CICS business logic interface. The converter programs perform conversion of symbol strings from the browser into a fixed length COMMAREA expected by the business logic application program and back again into HTML after processing.

Technical implementations
The "Generic Converter" solution, available from IBM Global Services, takes this idea one step higher. This single converter can be used in place of all other application specific converters because it is driven by a fast access VSAM Data table. This meta data table contains the output HTML template names and the COMMAREA data format for the business application program. Each application program entry is defined by using the "Application Entry" program. Generic Converter When Web-enabling a CICS application using the Generic Converter a relationship is established between an HTML template, the Generic Converter, an Application entry, and a CICS application program.

The Generic Converter shields the application program from interfacing with State Management, Template Management, and HTTP environmental modules. It also extends CICS Web support function by supporting input HTTP with enctype=multipart to handle file uploads. Graphics Converter While static images may be served from any Web server, the Graphics Converter provides a means to display JPEG or GIF images from a VSAM file. This allows CICS to store and serve dynamic images received in real time from remote systems. Statistics collection and reporting This feature of the Generic Converter system is used for stress testing, application problem determination, and system performance monitoring. It provides the following daily and interval statistics in real time: • Generic Converter statistics • Maximum, average, and last application program response time • Maximum, average, and last environmental response time • Transaction counts • Transaction rate • Maximum, average, and last HTML input and output sizes • Graphics Converter statistics • Transaction counts • Transaction rate • Maximum, average, and last image output size

Issues raised
This project has been a great success for both New Jersey State Police and IBM, however the following issues encountered during the project are summarized here: • A security design should be planned as early as possible. The solution required customization of the supplied sample CICS security analyzer, which now links to a customer security program that authorizes the target application program. Additional Web environmentals are retrieved to authorize the client IP address. An SSL implementation was undertaken in 2000 to improve authentication and provide text encryption. • File upload required further customization to the supplied security analyzer to prevent ASCII/EBCDIC data conversion of inbound binary data. Additionally, an ActiveX® control was used to process digital images into JPEG files, and Chapter 11. Customer scenario: CICS Web support 303 also to automate the selection of the JPEG file for upload at the browser workstation. • The supplied sample state management program uses a default size of 256 bytes for allocating state data area. While this size can be increased, it is a global value used for all state data requests. To provide support for update application programs, the state data program was modified to provide cleanup of temporary storage queues, created by application programs to store large amounts of state data. • Graphics support for the retrieval of "mugshot" images required further customization of the security analyzer to pass the image key to the Graphics Converter. • A "cookie cutter" design approach was developed as a standard methodology for Web-enabling applications. This approach proved to increase productivity for new members of the New Jersey State Police Web-enabling team.

Conclusions
The production CICS region supporting the Web components listener region was installed and a successful production system test was conducted on February 10, 2000. Beta sites began using the system in early March 2000. The New Jersey State Police was the first state agency in the US with the ability to perform fingerprint query of the National Crime Information Center 2000 database. CICS Web support, along with the Generic Converter suite of programs, is viewed by the New Jersey State Police as an excellent solution for their business requirements. Performance is a critical factor for this application and the fact that a textual inquiry is able to return a response, including a mugshot image, in an average of 3 seconds, exceeded expectations. The implementation was achieved at a low cost, mainly due to leveraging existing CICS COBOL skills, supplemented with basic HTML training. The Generic Converter solution is easy to use and additional applications are being Web-enabled without assistance from IBM. The New Jersey State Police is positioned to make use of WebSphere Application Server. All or part of their present system can be migrated into a Java environment. Since their present system has successfully implemented business logic that is separate from presentation logic, this business logic could be accessed from a Java application using the CICS Transaction Gateway and the External Call Interface (ECI). With minor modifications, the HTML templates could be converted to Java Server Pages.