This solution migrates Unisys Dorado mainframe systems to Azure with Astadia and Micro Focus products, without rewriting code, switching data models, or updating screens.
Architecture
Legacy architecture
This diagram shows the components that Unisys Sperry OS 1100/2200 mainframe systems typically contain:
Download a Visio file of this architecture.
Workflow
On-premises users interact with the mainframe (A):
- Admin users interact through a Universal Terminal System (UTS) terminal emulator.
- Web interface users interact via a web browser over TLS 1.3 port 443.
Mainframes use communication standards such as:
- Internet Protocol version 4 (IPv4)
- Internet Protocol version 6 (IPv6)
- Secure Sockets Layer (SSL)/TLS
- Telnet
- File Transfer Protocol (FTP)
- Sockets
In Azure, web browsers replace legacy terminal emulation. On-demand and online users can use these web browsers to access system resources.
Mainframe applications are in COBOL, Fortran, C, MASM, SSG, Pascal, UCOBOL, and ECL (B). In Azure, Micro Focus COBOL recompiles COBOL and other legacy application code to .NET. Micro Focus can also maintain and reprocess original base code whenever that code changes. This architecture doesn't require any changes in the original source code.
Mainframe batch and transaction loads run on application servers (C). For transactions, these servers use TIPs or High Volume TIPs (HVTIPs). In the new architecture:
- Server topologies handle batch and transaction workloads.
- An Azure load balancer routes traffic to the server sets.
- Site Recovery provides high availability (HA) and disaster recovery (DR) capabilities.
A dedicated server handles workload automation, scheduling, reporting, and system monitoring (D). These functions use the same platforms in Azure.
A printer subsystem manages on-premises printers.
Database management systems (E) follow the eXtended Architecture (XA) specification. Mainframes use relational database systems like RDMS and network-based database systems like DMS II and DMS. The new architecture migrates legacy database structures to SQL Database, which provides DR and HA capabilities.
Mainframe file structures include Common Internet File System (CIFS), flat files, and virtual tape. These file structures map easily to Azure data constructs within structured files or Blob Storage (F). Data Factory provides a modern PaaS data transformation service that fully integrates with this architecture pattern.
Azure architecture
This architecture demonstrates the solution, after it was migrated to Azure:
Download a Visio file of this architecture.
Workflow
Transport Layer Security (TLS) connections that use port 443 provide access to web-based applications:
- To minimize the need for retraining, you can avoid modifying the web application presentation layer during migration. But you can also update the presentation layer to align with UX requirements.
- Azure Bastion hosts help to maximize security. When you give administrators access to VMs, these hosts minimize the number of open ports.
- Azure ExpressRoute securely connects on-premises and Azure components.
The solution uses two sets of two Azure Virtual Machines (VMs):
- Within each set, one VM runs the web layer, and one runs the application emulation layer.
- One set of VMs is the primary, active set. The other set is the secondary, passive set.
- Azure Load Balancer distributes approaching traffic. When the active VM set fails, the standby set comes online. The load balancer then routes traffic to that newly activated set.
Astadia OpenTS simulates Unisys mainframe screens. This component runs presentation layer code in Internet Information Services (IIS) and uses ASP.NET. OpenTS can either run on its own VM or on the same VM as other Astadia emulation products.
OpenMCS is a program from Astadia that emulates these components:
- The Unisys Dorado Mainframe Transactional Interface Package (TIP).
- Other services that Unisys mainframe COBOL programs use.
Micro Focus COBOL runs COBOL programs on the Windows server. There's no need to rewrite COBOL code. Micro Focus COBOL can invoke Unisys mainframe facilities through the Astadia emulation components.
Astadia OpenDMS emulates the Unisys Dorado mainframe DMS database access technology. With this component, you can migrate tables and data into SQL Database from these systems:
- Relational-based relational database management systems (RDMSs).
- Network-based data management software (DMS) databases.
An Azure Files share is mounted on the Windows server VM. COBOL programs then have easy access to the Azure Files repository for file processing.
With either the Hyperscale or Business Critical service tier, SQL Database provides these capabilities:
- High input/output operations per second (IOPS).
- High uptime SLA.
Azure Private Link provides a private, direct connection from VMs to SQL Database through the Azure network backbone. An auto-failover group manages database replication.
Data Factory version 2 (V2) provides data movement pipelines that events can trigger. After data from external sources lands in Azure Blob Storage, these pipelines move that data into Azure Files storage. Emulated COBOL programs then process the files.
Azure Site Recovery provides disaster recovery capabilities. This service mirrors the VMs to a secondary Azure region. In the rare case of an Azure datacenter failure, the system then provides quick failover.
Components
This architecture uses the following components:
VMs are on-demand, scalable computing resources. An Azure VM provides the flexibility of virtualization but eliminates the maintenance demands of physical hardware.
Azure solid-state drive (SSD) managed disks are block-level storage volumes that Azure manages. VMs use these disks. Available types include:
- Ultra Disks
- Premium SSD Managed Disks
- Standard SSD Managed Disks
- Standard hard disk drives (HDD) Managed Disks
Premium SSDs or Ultra Disks work best with this architecture.
Azure Virtual Network is the fundamental building block for private networks in Azure. Through Virtual Network, Azure resources like VMs can securely communicate with each other, the internet, and on-premises networks. An Azure virtual network is like a traditional network operating in a datacenter. But an Azure virtual network also provides scalability, availability, isolation, and other benefits of Azure's infrastructure.
Virtual network interface cards provide a way for VMs to communicate with internet, Azure, and on-premises resources. You can add network interface cards to a VM to give Solaris child VMs their own dedicated network interface devices and IP addresses.
Azure Files is a service that's part of Azure Storage. Azure Files offers fully managed file shares in the cloud. Azure file shares are accessible via the industry standard Server Message Block (SMB) protocol. You can mount these file shares concurrently by cloud or on-premises deployments. Windows, Linux, and macOS clients can access these file shares.
Azure Blob Storage is a service that's part of Storage. Blob Storage provides optimized cloud object storage that manages massive amounts of unstructured data.
Azure SQL Database is a fully managed PaaS database engine. With AI-powered, automated features, SQL Database handles database management functions like upgrading, patching, backups, and monitoring. SQL Database offers 99.99 percent availability and runs on the latest stable version of the SQL Server database engine and patched operating system. Because SQL Database offers built-in PaaS capabilities, you can focus on domain-specific database administration and optimization activities that are critical for your business.
Azure Data Factory is a hybrid data integration service. You can use this fully managed, serverless solution to create, schedule, and orchestrate extract-transform-load (ETL) and extract-load-transform (ELT) workflows.
IIS is an extensible web server. Its modular architecture provides a flexible web hosting environment.
Azure Load Balancer distributes inbound traffic to back-end pool instances. Load Balancer directs traffic according to configured load-balancing rules and health probes. The back-end pool instances can be Azure VMs or instances in an Azure Virtual Machine Scale Set.
Azure ExpressRoute extends on-premises networks into the Microsoft cloud. By using a connectivity provider, ExpressRoute establishes private connections to cloud components like Azure services and Microsoft 365.
Azure Bastion provides secure and seamless Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to VMs. This service uses SSL without exposing public IP addresses.
Azure Private Link provides a private endpoint in a virtual network. You can use the private endpoint to connect to Azure PaaS services or to customer or partner services.
Azure network security groups filter traffic in an Azure virtual network. Security rules determine the type of traffic that can flow to and from Azure resources in the network.
Azure Site Recovery keeps applications and workloads running during outages. This service works by replicating VMs from a primary site to a secondary location.
An auto-failover group manages the replication and failover of databases to another region. With this feature, you can start failover manually. You can also set up a user-defined policy to delegate failover to Azure.
Scenario details
Unisys Dorado mainframe systems are full-featured operating environments. You can scale them up vertically to handle mission-critical workloads. But emulating or modernizing these systems into Azure can provide similar or better performance and SLA guarantees. Azure systems also offer added flexibility, reliability, and the benefit of future capabilities.
This architecture uses emulation technology from two Microsoft partners, Astadia and Micro Focus. The solution provides an accelerated way to move to Azure. There's no need for these steps:
- Rewriting application code.
- Redesigning data architecture or switching from a network-based to a relational-based model.
- Changing application screens.
Potential use cases
Many cases can benefit from the Astadia and Micro Focus pattern:
Businesses with Unisys Dorado mainframe systems that can't modify original source code, such as COBOL. Reasons include compliance factors, prohibitive costs, complexity, or other considerations.
Organizations looking for approaches to modernizing workloads that offer these capabilities:
A way to migrate application layer source code.
Modern platform as a service (PaaS) services, including:
- Azure SQL Database with its built-in high availability.
- Azure Data Factory with its automated and serverless file routing and transformation.
Considerations
The following considerations, based on the Microsoft Azure Well-Architected Framework, apply to this solution.
Availability
Availability sets for VMs ensure enough VMs are available to meet mission-critical batch process needs.
Load Balancer improves reliability by rerouting traffic to a spare VM set if the active set fails.
Various Azure components provide reliability across geographic regions through HA and DR:
- Site Recovery
- The Business Critical service tier of SQL Database
- Azure Storage redundancy
- Azure Files redundancy
Operational
Besides scalability and availability, these Azure PaaS components also provide updates to services:
- SQL Database
- Data Factory
- Azure Storage
- Azure Files
Consider using Azure Resource Manager templates (ARM templates) to automate deployment of Azure components such as Storage accounts, VMs, and Data Factory.
Consider using Azure Monitor to increase monitoring in these areas:
- Tracking the state of infrastructure.
- Monitoring external dependencies.
- App troubleshooting and telemetry through Application Insights.
- Network component management through Azure Network Watcher.
Performance efficiency
SQL Database, Storage accounts, and other Azure PaaS components provide high performance in these areas:
- Data reads and writes.
- Hot storage access.
- Long-term data storage.
The use of VMs in this architecture aligns with the framework's performance efficiency pillar, since you can optimize the VM configuration to boost performance.
Scalability
Various Azure PaaS components provide scalability:
- SQL Database
- Data Factory
- Azure Storage
- Azure Files
Security
Security provides assurances against deliberate attacks and the abuse of your valuable data and systems. For more information, see Overview of the security pillar.
All the components in this architecture work with Azure security components as needed. Examples include network security groups, virtual networks, and TLS encryption.
Cost optimization
Cost optimization is about looking at ways to reduce unnecessary expenses and improve operational efficiencies. For more information, see Overview of the cost optimization pillar.
To estimate the cost of implementing this solution, use the Azure pricing calculator.
VM pricing depends on your compute capacity. This solution helps you optimize VM costs in these ways:
- Turning off VMs that aren't in use.
- Scripting a schedule for known usage patterns.
For SQL Database:
- Use the Hyperscale or Business Critical service tier for high input/output operations per second (IOPS) and high uptime SLA.
- You pay for computing power and a SQL license. But if you have Azure Hybrid Benefit, you can use your on-premises SQL Server license.
With ExpressRoute, you pay a monthly port fee and outbound data transfer charges.
Azure Storage costs depend on data redundancy options and volume.
Azure Files pricing depends on many factors: data volume, data redundancy, transaction volume, and the number of file sync servers that you use.
For SSD managed disk pricing, see Managed disks pricing.
With Site Recovery, you pay for each protected instance.
For IIS software plan charges, see Internet Information Services pricing.
Other services are free with your Azure subscription, but you pay for usage and traffic:
- With Data Factory, your activity run volume determines the cost.
- For Virtual Network, IP addresses carry a nominal charge.
- Private Link costs depend on endpoints and data volume.
- Load Balancer rules and traffic incur charges.
- With Azure Bastion, the outbound data transfer volume determines the price.
Contact Astadia for pricing information on OpenTS, OpenMCS, and OpenDMS.
Contact Micro Focus for pricing on Micro Focus COBOL.
Contributors
This article is maintained by Microsoft. It was originally written by the following contributors.
Principal author:
- Philip Brooks | Senior Technical Program Manager
To see non-public LinkedIn profiles, sign in to LinkedIn.
Next steps
- Contact legacy2azure@microsoft.com for more information.
- See the Azure Friday tech talk with Astadia on mainframe modernization.
Related resources
Unisys ClearPath Forward OS 2200 enterprise server virtualization on Azure
Reference architectures: