Why Curbstone Picked iSam Blue for HA
September 12, 2018 Alex Woodie
When it comes to picking an IBM i high availability vendor, there are a lot of factors that come into play. Does the product do what I need it to do? Are the license and maintenance fees reasonable? Will the vendor give me the support I need? When the folks at Curbstone considered HA offerings for its IBM i-based credit card authorization portal, all signs pointed to iSam Blue.
Founded in 2002, Curbstone has built a business around credit card authorization software, particularly on the IBM i platform. The company’s founder and CEO, Ira Chandler, wrote the first commercial credit card software for the AS/400 back in 1993, when the AS/400 was still called the AS/400. Remember the “ROI Guy” who graced old issues of AS/400 Technology SHOWCASE magazine at the turn of the millennia? He was selling software that Chandler wrote.
A lot has changed over the years – in computing, in publishing, and (thankfully) in credit card processing, too. As a result of the Payment Cardholder Initiative, companies now are required to adhere to certain security standards when it comes to handling the alphanumeric data that controls trillions of dollars in commerce each month. To avoid the toughest PCI requirements, many companies have outsourced as much of the handling of credit card data as they possibly can.
Curbstone has rolled with the PCI punches, and adapted its business model accordingly. Instead of selling software, the Ball Ground, Georgia, company now earns revenue by providing the credit card processing services that connect merchants with banks. In fact, it doesn’t even sell software anymore. All new clients are enrolled in its software as a service offering, dubbed Curbstone CorrectConnect, or C3, which the company introduced in 2013.
Curbstone’s C3 offering minimizes the scope of its clients’ PCI requirements by allowing them to segregate the different pieces of data that go into a credit card transaction. If an employee is taking an order via the phone, they may enter the credit card number using their workstation, but use a separate tablet to enter other required pieces of data, like expiration date and security code. As long as the tablet doesn’t live on the same LAN as the IBM i-connected workstation, they qualify for a much less onerous PCI audit than if they were processing all the data through the workstation.
While C3 customers no longer complete credit card purchases with their on-premise IBM i software, they’re still using an IBM i. That’s because the C3 service itself runs on Curbstone’s own IBM i servers, with a supporting cast of networking and security equipment built up around IBM i.
Ensuring High Availability
Because the C3 service is critical to the businesses of more than 200 customers, Curbstone takes pains to ensure that it’s highly available. The company initially developed its own data replication and failover mechanisms to allow a backup IBM i server to take over transaction processing if the primary IBM i server went down.
“Instead of journaling, we literally did it with transactions,” Chandler says. “Every time we touched a file on any machine, whatever machine, we would send a duplicate of that record that we’re writing. We had a one-to-many design with our own replication and we’d send the record to other participating machines.”
While the mechanism worked and was reliable, it had disadvantages, including being a bandwidth hog. “Let’s say we have a 2 KB record we’re updating. Even if though we might be updating some fields in that record, we’d send the entire a 2 KB record,” he says. “So we were very inefficient on the communication side, and we were pumping huge amounts of data between the systems because our system would send the full record.”
The folks at Curbstone also grew weary of supporting their own HA software, says Ryan Nichols, Curbstone’s security compliance manager, who was in charge of implementing a new HA system.
“We basically had one of our main RPG programmers throw it together to satisfy a need,” he says. “It was clunky and heavy, but it did the job. But it also generated errors, which required our main RPG programmer to go in and investigate and review. So we really appealed to a corporate solution that had support, that we could trust, that we knew would do its job, and was done right.”
Search For HA
Curbstone investigated four HA solutions from prominent names in the market. The price tags of some of the offerings did not engender positive reactions from the Curbstone folks. “We don’t have the luxury of an unlimited budget,” Chandler says. “Therefore some of the clustering opportunities that we have down the road are just going to have to wait.”
Chandler also noted that, while there are many data replication offerings that vendors ostensibly call “high availability” products, many of them are geared more toward recovering from a disaster, not avoiding one in the first place.
“There are so many people who do replication, but they’re not looking at instantaneous true HA,” he says. “They’re looking at more of a DR. If the system went down – OK, shut it down. They expect to be back up in six hours or eight hours. We’re talking about, we need real time replication.”
But the proposal from iSam Blue hit all the right notes. iSam Blue is a Utah company owned and operated by Robert Seal that develops an IBM i HA solution called iSB-HA. The product is largely based on the RSF-HA product originally developed by Bug Busters Software Engineering, and which is now owned by HelpSystems. iSam Blue retained the rights to OEM the RSF-HA codebase following that acquisition, and has made several changes to the software in developing iSB-HA, including its own failover mechanism, a different user interface, and unique auditing capabilities.
“There were four vendors in the mix,” Chandler says. “What came out very quickly was that Robert had the two things we needed, including the willingness to work with us and develop an HA scenario for what is truly a HA portal; and a knowledge of the product, where he truly deeply understands what the product does and how to configure it to do the things he claims it can do.”
Making the decision to go with iSam Blue’s software was just the beginning for Curbstone. That’s because, while the company generally knew what it wanted to ensure high availability for its credit card transaction processing portal for C3, it had yet to hammer out exactly how to get there. It turned out that Seal, who also developed the first version of iTera’s Echo2 HA software, had the patience to work with Curbstone on these matters.
“I would say he was an equal member at a round table discussion when we were determining our strategy and what we’re going to do,” Nichols says. “His availability was wide open. He worked with us late at night and early in the morning. He truly was an asset.”
One of the challenges in the iSB-HA implementation is that Curbstone was trying to implement HA on a live production system, which meant waking up as early as 4 a.m. to work on the system when it could be taken offline. The company has since implemented a testing sandbox, but when the iSB-HA implementation was occurring, in 2017, it hadn’t yet.
“We had to be careful when we did certain things and when we actually accessed the system for testing,” Nichols says. “He was very understanding of the circumstances.”
Curbstone’s HA architectural goals also changed. While its homegrown system had been set up in a one-to-many manner, the company settled on implementing iSB-HA in a straight one-to-one manner, with one IBM i server playing the production role and the other IBM i server being the backup.
“Our strategy has evolved over the years and it was still in the process of evolving when we engaged Robert the first time,” Nichols says. “But once we got it set up and got going and took our hands off it, it’s pretty much running on its own. We’ll pop in and check it’s UI once a day or so to make sure everything is green and happy. But other than that, it has officially freed up a resource for us.”
Today, the C3 portal runs on a pair of replicated IBM i servers that Curbstone manages, although they sit in third-party data centers. Every month, the company performs a role-swap using the iSB-HA software and switches the direction of processing. It has yet to use iSB-HA’s failover capability to avoid an outage, but the company is confident that it could, should it ever face that requirement.
In addition to eliminating the need for the RPG programmer to babysit the software, iSB-HA has also freed up processing cycles on the IBM i servers where it runs. “The efficiency of his software is pretty damn impressive,” Chandler says. “Our CPU usage was barely visibility effected when we implemented.”
But in the end, Chandler attributes the success of the iSB-HA implementation to Seal’s experience working with HA software, and his product in particular.
“I think it’s probably fair to say he was very much within his scope of understanding across the board, no matter what we were doing or talking about or considering,” he says. “It wasn’t a matter of, hey let me get back to the developers, or let me get back to these people or those people in some other country. The resources were right there and he pretty much had the answers at the tip of this fingers.”