Infocrossing and S/390 Linux: An ASP's Story - page 5
A Visit to the Co-Lo PenitentiaryChief Technical Officer Robert Graham says that while Infocrossing's preference is Linux on S/390, their management environment is by necessity a hybrid of several platforms and many technical components. IBM's SecureWay and Tivoli products underlie much of this infrastructure, and Microsoft's Internet Information Server (IIS) is actually being used as the web server for host administration. Graham describes a typical ASP administrative user's access to the system. "A customer connects to a component of SecureWay called Webseal, using HTTPS, and it authenticates you. For now we're just assigning userid and password security, but it flows over a secured channel. We will be using something like SecurID [in the future]. Webseal effectively acts as a proxy and extends each [HTTP] request header to include the userid and some other parameters. When you are in the IIS environment, you can count on every header containing a trusted user authentication. Webseal also contains some ACLs that can keep users from reaching certain URLs. In our case, we give each customer an acronym and they can only access the pages that are associated with their acronym."
"If the system management product is something that is not web friendly, we use a product called nFuse which is an integration product from Citrix that provides connections between the web environment and the Citrix environment. It allows you to launch a Citrix application from the web and returns a single-use token that enables access." Examples include allowing customers access to Netview. They run Netview's fat Java client under Citrix and let the customer access it using a Citrix protocol called ICA which runs as a plug-in to the browser. "It's not completely seamless," says Graham. "You can tell that you are transitioning from the web over to the Citrix environment, but you do get full functionality." Some of the decision support tools such as Service Desk, Master Cell browser (an event viewer from IT Masters), and Tivoli Decision Support rely on the Citrix environment.
Though Windows and the related Citrix products are used where they are needed, both Graham and Laudati said Windows is not Infocrossing's preferred platform. They continue to support it as customers demand, but they use Linux on S/390 or on Intel whenever possible. Says Laudati, "We have... several Linux environments running on Intel systems. Why don't we port that to S/390? Because some of the software isn't available there yet." He adds, "Not all of the Tivoli products are available yet on Linux for S/390, so we have to use some other products there. We are committed to migrate back to the Tivoli products as they become available."
When asked about Microsoft's Windows 2000 Data Center Edition, Laudati took a neutral tone, saying, "We don't have enough information to make a solid evaluation of Data Center Edition yet." He also mentioned that this product is very new in the marketplace, without a proven track record, but stopped short of ruling it out entirely for the future.
Robert Graham was spoke very directly to the issue of security concerns for enterprise customers in Microsoft environments. "Who wouldn't be worried about Microsoft?" he asked rhetorically. "We have an alliance with Foundstone, a security consulting firm. They have a neat demo where they come in and show you how quickly they can break into an NT box. Because Microsoft is so prevalent, it's a big target for hackers." Infocrossing has a three-level firewall setup, and it is not running on NT.
Tom Laudati seemed to trust Linux security for the most part, but he says that the VM environment makes Linux even more secure because VM's security is layered on top of the virtual machines that support each customer's Linux instances. Infocrossing allows its customers to remotely access the VM hosts, but each customer only has access to its own Linux instance. Each Linux virtual machine runs under its own VM login session.
IBM and S/390 Linux advocates claim cost savings for the S/390 Linux environment over rack-mount Intel or RISC servers, and these cost savings increase as more applications are added to a single physical mainframe. So what are the numbers like in the real world, and how big does a company need to be to be a customer of Infocrossing? Tom Laudati answers, "We gear ourselves to the larger customers. But we are pretty competitive against Intel box hosting." He says the entry point for managed hosting on a Linux for S/390 virtual server is about $2000 per month. Limited managed services are included, but not the full spectrum offered by the company. As for the cost savings versus racks of Intel hardware, Laudati says the numbers aren't in yet. "We're just starting to capture that information. Because we already had System/390 sitting on the floor, there was no additional hardware cost."
Tom Laudati is optimistic about the future of Linux on the S/390 architecture, including IBM's new zSeries mainframes. "Mainframe Linux is a pretty hot growth area," he says, adding, "If Linux is not the hottest mainframe growth area, it's right up there. It bridges the gap between IT and IP technologies." IBM, as well as mainframe mavens everywhere, are hoping Laudati's prediction comes true.
Infocrossing home page
IBM Linux for S/390 home page
Application Service Provider sites on Internet.com