Appreciation Rising for Web Serving on IBM i
September 12, 2011 Dan Burger
Web serving using the IBM i platform is uncharted territory for most of the companies running their core applications on this often under utilized box. They don’t go there. They don’t think to go there. Or they think they don’t want to go there. No one knows how many shops are serving Web apps on their i boxes, but it’s likely the number is growing. It’s also likely the number is less than 20 percent of the installed base.
That number is a stab in the dark. I’ve heard guesses from members of the independent software vendors’ community as low as 10 percent and I’ve heard i-minded IBMers make estimates that it’s closer to 20 percent. Regardless of what the number is, there are, as IBM ‘s Tim Rowe says, more shops “thinking about and dealing with the Web.”
One of the reasons Web serving on the i is increasing is the interest in PHP as a Web development language and the partnership between IBM and Zend Technologies, the software and services company that created and commercialized the PHP language.
It’s been four years since Zend brought PHP to the IBM iSeries community and the adoption rate has been on a steady incline. Rowe, the business architect for application development on IBM i, describes it as “like bringing the Web to the masses–especially in RPG shops where there’s a lot of code.”
RPG developers have taken a shining to PHP. Attendance at IBM i educational sessions attests to that.
“A high percentage of IBM i customers plan to run PHP on that platform,” says Mike Pavlak, the PHP evangelist and solutions consultant at Zend. “The people who start with the i stay there,” Pavlak says. Although those customers have the choice of running PHP on a Windows or Linux server, the percentage of customers choosing to run PHP on the i is in the high 90 percent range, according to Pavlak. “When an iSeries shop decides to run PHP on a Linux server, it’s because they have a Linux expert on staff who wants it there and doesn’t want to take the time to learn the i. I have yet to find a customer who could not do the type of Web serving he wanted to do on the i,” he says.
Dave Brault, product marketing manager at LANSA, also says the customer base chooses to run Web apps on the i to the tune of 90 percent or more. And like Zend, LANSA offers Web serving products that can run IBM i apps through Windows and Linux servers if the customer chooses.
It all starts with knowing what you can do on the i. Of the IBM i shops that are managing to do Web application serving, it is thought that roughly half of those are off-loading that workload to another platform. That’s another stab in the dark figure. You’ll find no scientifically performed surveys or statistics to back that up, either. It’s simply a best guess provided by people in the IBM i independent software vendor community who are closest to the action. Most readily admit they view a topic like this through their own product-specific filters. Some of these vendors have Web enablement software that runs on the i. Others have products for the same purposes, but that run on other platforms. These don’t show up on IBM i ISV customer lists because the decision to Web serve off another platform is being made outside the IBM i staff’s sphere of influence.
The IBM i community may be loyal, but they aren’t particularly Web savvy and have left these matters to those whose allegiance lies with other platforms.
As Brault points out, he sees IBM i shops looking for a solution that runs on the IBM i.
“Generally, our customers would prefer to run everything on the IBM i. And since the Web server is built into the OS, running the Web serving on the IBM i is a no-brainer,” he says. “But if it means upgrading hardware to do so, then they will look at alternatives.”
That search for other options is likely when a company is running newer hardware that accommodates partitioning and Web serving from there. Right away this saves the cost of buying and paying maintenance on another machine. However, customers on older hardware can’t do partitions as easily. When they look into getting a separate box for Web serving, the cost of Windows versus IBM i comes into play.
“Cost is the ultimate deciding factor for where the Web serving function resides for these customers,” Brault says.
More on that later.
Web technologies have been slow in coming to the IBM midrange users. Blame IBM for not making it easier. Blame the RPG programmers for not modernizing their skills. Blame Congress if you want. But here we are at a Web-happy party and a lot of IBM i shops are dressed like they just came in from the barn.
Skills are frequently brought up as an issue. As companies make decisions about Web enabling their substantial investment in existing applications and developing applications for the future, they look to their IT staffs and infrastructure. Can they get there with what they have?
If you don’t know what you have, it’s not a good sign. What it means is that it is assessment time.
Don’t look for any pat formulas or checklist of rules, advises Alison Butterill, IBM’s application development offerings manager for Power Systems. There are so many variables from one organization to the next that no rules of the road exist. But don’t overlook the role that can be played by the IBM i.
Let’s start with the basics.
As part of the IBM i operating system, you already have an HTTP server (based on the open source Apache Web server), which establishes a connection with the Internet, and two options for Web application servers (the integrated server and the WebSphere Application Server), either of which is capable of providing program-to-program Web serving. The WebSphere Application Server is built for heavy duty use and does everything in a Java environment. The WAS and the integrated server are shipped with, and run on top of, the Apache HTTP server.
The setup of both IBM application servers is driven from the same graphical user interface, which means there’s a familiar look and feel to both. The setup is similar but not identical. As you would expect, the setup of WebSphere server is more complex–more features will have that effect.
For those interested in writing PHP Web applications, here’s how that fits into the mix. You install the Zend server and it installs PHP and configures an IBM i instance of the Apache server. When a transaction hits the Apache server, Apache gives it to the Zend server, which executes the PHP, builds the requested content (in HTML or XML, for instance), and sends it back to Apache, which sends it to the browser.
I asked Pavlak about skills that are required for the setup and operation of PHP Web serving on IBM i.
“If the company has no experience working with Web servers, it needs to get people familiar with IFS backup, because that’s where the PHP scripts live. There should also be someone who is familiar with how TCP/IP ports work. Zend is installed on an obscure port to guard against mistakes. After installation it is moved to the standard port for Web applications,” he cautioned.
IBM i has an advantage, Pavlak points out, because it doesn’t respond the same way a Windows or Linux server responds when it comes to “port sniffing” and challenging port numbers–a favorite method used by hackers. Because of its unique response, hackers are thrown off the trail and move on to easier targets.
Running internal applications on a production box doesn’t seem to raise many red flags, judging by the number of number of companies doing that.
Marcel Sarrasin, product manager at Business Computer Design International (BCD), was one of several sources who said most customers have no fear of running Web apps on production machines within the same partition. “We almost never hear of people using a separate partition just to host Web apps on the same box that has their DB2 files on a different partition. If they are using their IBM i as the Web server they usually have everything in the same partition as all their other production stuff.”
Sarrasin says people used to make security the issue for keeping the Web server on a separate machine or a separate partition, but it’s far less an issue today. “You can make a Web app on your iSeries as secure as you need,” he says. “I always tell people to be concerned about Web apps on any platform and in any language, because if you don’t know what you’re doing you can have security holes.”
Some companies handle their security concerns entirely with firewalls. Some use a combination of firewalls, a virtual private network (VPN), and secure sockets encryption (SSL). Others use a reverse proxy method that puts a Web server in the DMZ and it relays data to the production machine. The public user never has direct access to the IBM i production box.
“I remember having to explain every time I talked with a prospective customer that running the Web server on the IBM i is actually more secure than adding a Microsoft server in front of it,” Alex Roytman, CEO of Profund Logic told me. “If somebody hacks into that Microsoft server, you’ve exposed your IBM i data. It is a lot harder to hack into an IBM i with its object-based security.”
Running in a partition may be unsettling to some folks as well because that carries a connotation of complexity.
“We have many clients who have set up a separate partition for the Web server,” Butterill says. “So many that I’d have to believe it’s not that hard to do. There’s a cross-section of customers from big to small. This is more than just a security aspect. It’s also allows the workload to be isolated.”
In Butterill’s opinion, creating a partition is no more complicated than putting a Web server environment on a Windows server and having those applications connect from one box to another.
In certain instances, companies are required to have the Web server physically separate from the production server. (Partitioning is not good enough.) This sometimes comes up as a regulatory compliance issue. So IBM has a licensing arrangement–the Application Serving Authorization–that allows the purchase of an IBM i box designated for Web serving, but with database accessibility disabled. This avoids the necessity of turning to a Windows server to solve the “no partitioning allowed” problem and reduces the cost of buying an IBM i box that would normally have an integrated database.
Regardless of how it’s being handled, the amount of Web work in IBM i shops is on the increase. And it appears that running Web servers on IBM i boxes is gaining popularity, too–the main reason being a cost savings related to buying and maintaining another server in most instances. Skills, however, are lagging. And if it weren’t for that, Web serving on IBM i would be more frequent than it is.