The State of Mainframe Continuous Delivery
Mainframe shops are far behind in a few key areas of Continuous Delivery. Dave Nicolette lays down the law in this article.
Join the DZone community and get the full member experience.Join For Free
continuous delivery is an approach to software delivery that seeks to break down the rigid series of phases through which software normally passes on the journey from a developer’s workstation to a production environment so that value can be delivered to stakeholders with as little delay as possible. wikipedia has a nice summary of continuous delivery that includes a sequence diagram showing a simplified continuous delivery process.
practical continuous delivery for the mainframe environment has long been considered especially challenging. when we need to support applications that cross platforms, from mobile devices to web browsers to mid-tier systems to back-end systems, the challenges become enormous.
here’s a simplified depiction of a generic continuous delivery process:
that picture will be familiar to developers who work on front-end stacks, as it has become relatively straightforward to set up a cd pipeline using (for instance) github, travis ci, and heroku (or similar services).
when the “stack” is extended to the heterogeneous technologies commonly found in mainframe shops, here’s where we are, generally speaking:
many mainframe shops have mature tooling in place to support the migration of software from one environment to the next in their pipeline, as suggested by the green circles containing checkmarks.
the yellow “warning” triangles show steps in the cd pipeline where mainframe shops seem to have limited support as of this year. notice that most of these steps are related to automated testing of one kind or another. on the whole, mainframe shops lack automated tests. almost all testing is performed manually.
the first step in the diagram (version control) is shown with a yellow triangle. most mainframe shops use version control for mainframe-resident code only. a separate version control system is used for all “distributed” code. the use of multiple version control systems adds a degree of complexity to the cd pipeline.
in addition, mainframe shops tend to use version control products that were originally designed to take snapshots of clean production releases, to be used for rollback after problematic installs. these products may or may not be well-suited to very short feedback cycles, such as the red-green-refactor cycle of test-driven development.
mainframe shops are far behind in a few key areas of cd. they typically do not create, provision, and launch test environments and production environments on the fly, as part of an automated cd process. instead, they create and configure static environments and then migrate code through those environments. they don’t switch traffic from old to new targets because there is only one set of production targets.
the environments are configured manually, and the configurations are tweaked as needed to support new releases of applications. test environments are rarely configured identically to production environments, and some shops have too few test environments for all development teams to share, causing still more delay in the delivery of value.
database schema are typically managed in the same way as execution environments. they are created and modified manually and tweaked individually. test databases are often defined differently than production ones, particularly with respect to things like triggers and referential integrity settings.
test data management for all levels of automated tests is another problematic area. many shops take snapshots of production data and scrub it for testing. this approach makes it difficult, if not impossible, to guarantee that a given test case will be identical every time it runs. the work of copying and scrubbing data is often handled by a dedicated test data management group or team, leading to cross-team dependencies, bottlenecks, and delays.
finally, most mainframe shops have no automated production system monitoring in place. they deal with production issues reactively, after a human notices something is not working and reports it to a help desk, or after a system crashes or hangs. should they need to roll back a deployment, the effort becomes an “all hands on deck” emergency that temporarily halts other value-add work in progress.
in reading published material on the subject of agile development, continuous deployment, and devops for mainframe environments, i find two general types of information:
- fluffy articles that summarize the concepts and admonish mainframe managers and operations to consider the importance of shortening lead times and tightening feedback loops in the delivery pipeline. none of these describes any working implementation currently in place anywhere.
- articles crafted around specific commercial software products that support some subset of a continuous delivery pipeline for mainframe systems. none of these describes any working implementation currently in place anywhere.
as a starting point for learning about the challenges of continuous delivery in a mainframe environment, these types of articles are fine. there are a few shortcomings when it comes down to brass tacks.
fluffy introductory articles
the limitations in the first type of article are easy to see. it’s important to understand the general concepts and the platform-specific issues at a high level, but after that, you really need something more concrete.
sometimes these very general articles remind me of the “how to do it” sketch from monty python.
alan: here’s jackie to tell you how to rid the world of all known diseases.
jackie: well, first of all, become a doctor and discover a marvelous cure for something, and then, when the medical world really starts to take notice of you, you can jolly well tell them what to do and make sure they get everything right so there’ll never be diseases anymore.
alan: thanks jackie, that was great. […] now, how to play the flute. [picks up a flute.] well, you blow in one end and move your fingers up and down the outside.
all well and good, except that you can’t really take that advice forward. there just isn’t enough information. for instance, it makes a difference which end of the flute you blow in. furthermore, it’s necessary to move your fingers up and down the outside in a specific way. these facts aren’t clear from the presentation. the details only get more and more technical from there.
articles promoting commercial products
the second type of article provides information about concrete solutions. companies have used these commercial solutions to make some progress toward continuous delivery. in some cases, the difference between the status quo ante and the degree of automation they’ve been able to achieve is quite dramatic.
here are a few representative examples.
you may know the name micro focus due to their excellent cobol compiler. micro focus has picked up serena, a software company with several useful mainframe products, to bolster their ability to support mainframe customers.
it’s possible to combine some of these products to construct a practical continuous delivery pipeline for the mainframe platform:
- serena changeman zmf (with the optional enterprise release extension)
- serena release control
- serena deployment automation tool
- micro focus enterprise developer
compuware offers a solution that, like micro focus’ solution, comprises a combination of different products to fill different gaps in mainframe continuous delivery:
- compuware ispw
- compuware topaz workbench
- xebialabs xl release
ibm, the source of all things mainframe, can get you part of the way to a continuous delivery pipeline, as well. the “ibm continuous integration solution for system z” comprises several ibm products:
- rational team concert
- rational quality manager
- rational test workbench
- rational integration tester (formerly greenhat)
- rational development and test environment (often called rd&t)
- ibm urbancode deploy
any of those offerings will get you more than half the pieces of a continuous delivery pipeline; different pieces in each case, but definitely more than half.
the software companies that focus on the mainframe platform are sincere about providing useful products and services to their customers. even so, articles about products are sales pitches by definition, and a sales pitch naturally emphasizes the positives and glosses over any inconvenient details.
issues with mainframe-hosted solutions
there are a few issues with solutions that run entirely, or almost entirely, on the mainframe.
tight coupling of cd tooling with a single target platform
ideally, a cross-platform cd pipeline ought to be managed independently of any of the production target platforms, build environments, or test environments. only those components that absolutely must run directly on a target platform should be present on that platform.
for example, to deploy to a unix or linux platform, it’s almost always possible to copy files to target directories. it’s rarely necessary to run an installer. similarly, it’s a generally-accepted good practice to avoid running installers on any production microsoft windows instances. when windows is used on production servers, it’s usually stripped of most of the software that comes bundled with it by default.
you don’t want to provide a means for the wrong people to install or build code on servers. at a minimum, code is built in a controlled environment and vetted before being promoted to any target production environment. even better, the code and the environment that hosts it are both created as part of the build process; there’s no target environment waiting for things to be installed on it.
this means the cd tooling (or at least the orchestration piece) runs on its own platform, separate from any of the development, test, staging, production, or other platforms in the environment. it orchestrates other tools that may have to run on specific platforms, but the process governing software itself doesn’t live on any platform that is also a deployment target.
an advantage is that the build and deploy process, as well as live production resiliency support, can build, configure, and launch any type of environment as a virtual machine without any need for a target instance to be pre-configured with parts of the cd pipeline installed. for mainframe environments, this approach is not as simple but it can extend to launching cics regions and configuring lpars and zos-hosted linux vms on the fly.
a further advantage of keeping the cd tooling separate from all production systems is that it’s possible to swap out any component or platform in the environment without breaking the cd pipeline. with the commercial solutions available, the cd tooling lives on one of the target deployment platforms (namely, the mainframe). should the day come to phase out the mainframe, it would be necessary to replace the entire cd pipeline, a core piece of technical infrastructure. the enterprise may wish to keep that flexibility in reserve.
it isn’t always possible to deploy by copying binaries and configuration files to a target system. there may be various reasons for this. in the case of the mainframe, the main reason is that no off-platform compilers and linkers can prepare executable binaries you can just “drop in” and run.
mainframe compatibility options in products like micro focus cobol and gnu cobol don’t produce zos-ready load modules; they provide source-level compatibility, so you can transfer the source code back and forth without any modifications. a build of the mainframe components of an application has to run on-platform, so at some point in the build-and-deploy sequence, the source code has to be copied to the mainframe to be compiled.
this means build tools like compilers and linkers must be installed on production mainframes. that isn’t a problem, as mainframe systems are designed to keep build tools separate from production areas. but the fact builds must run on-platform doesn’t mean the cd pipeline orchestration tooling itself has to run on-platform (except, maybe, for an agent that interacts with the orchestrator). for historical and cultural reasons, this concept can be difficult for mainframe specialists to accept.
multiple version control systems
when you use a mainframe-based source code manager (serena changeman, ca-endevor, etc.) for mainframe-hosted code, and some other version control system (git, subversion, etc.) for all the “distributed” source code, you have the problem of dual version control systems. moving all the “distributed” code to the mainframe just for the purpose of version control surely makes no sense.
when your applications cut through multiple architectural layers, spanning mobile devices, web apps, windows, linux and unix, and zos, having dual version control systems significantly increases the likelihood of version conflicts and incompatible components being packaged together. rollbacks of partially-completed deployments can be problematic, as well.
it’s preferable for all source code to be managed in the same version control system and for that system to be independent of any of the target platforms in the environment. one of the key challenges in this approach is cultural, and not technical. mainframe specialists are accustomed to having everything centralized on-platform. the idea of keeping source code off-platform may seem rather odd to them.
however, there’s no reason why source code has to live on the same platform where executables will ultimately run, and there are plenty of advantages to keeping it separate. advantages include:
- ability to use off-platform development tools that offer much quicker turnaround of builds and unit tests than any on-platform configuration.
- ability to keep development and test relational databases absolutely synchronized with production schema by building from the same ddl on the fly (assuming db2 on all platforms).
- ability to keep application configuration files absolutely synchronized across all environments, as all environments use the same copy of configuration files checked out from the same version control system.
- other advantages along the same general lines.
if you assume that source code management systems are strictly for programming language source code, the above list may strike you as surprising. actually, any and all types of “source” (in a general sense) ought to be versioned and managed together. this includes, for all target platforms that host components of a cross-platform application:
- source code
- application configuration files
- system-related configuration settings (i.e., batch job scheduler settings, preconfigured cics csd files, etc.)
- database schema definitions (i.e., ddl for relational dbs)
- automated checks/tests at all levels of abstraction
- documentation (for all audiences)
- scripts for configuring/provisioning servers
- jcl for creating application files (vsam, etc.)
- jcl for starting mainframe subsystems (i.e., cics)
- scripts and/or jcl for application administration (backup, restore, etc.)
- scripts and/or jcl for running the application
- anything else related to a version of the application
all of these items can be managed using any version control system hosted on any platform, regardless of what sort of target system they may be copied to or compiled for.
limited support for continuous integration
in typical agile-style software development work, developers depend on short feedback cycles to help them minimize the need for formality to keep the work moving forward as well as to help ensure high quality and good alignment with stakeholder needs.
mainframe-based development tools tend to induce delay into the developers’ feedback cycle. it’s more difficult to identify and manage dependencies, more time-consuming to build the application, and often more labor-intensive to prepare test data than in the “distributed” world of java, ruby, python, and c#. for historical reasons, this isn’t necessarily obvious to mainframe specialists, as they haven’t seen that sort of workflow before.
in traditional mainframe environments, it’s common for developers to keep code checked out for weeks at a time and to attempt a build only when they are nearly ready to hand off the work to a separate qa group for testing. they are also accustomed to “merge hell.” many mainframe developers simply assume “merge hell” is part of the job; the nature of the beast, if you will. given that frame of reference, tooling that enables developers to integrate changes and run a build once a day seems almost magically powerful.
mainframe-based ci and cd tools do enable developers to build at least once per day. however, that’s actually too slow to get the full benefit of short feedback cycles. it’s preferable to be able to turn around a single red-green-refactor tdd cycle in five or ten minutes, if not less, with your changes integrated into the code base every time. that level of turnaround is all but unthinkable to many mainframe specialists.
mainframe-based version control systems weren’t designed with that sort of workflow in mind. they were spawned in an era when version control was used to take a snapshot of a clean production release, in case there was a need to roll back to a known working version of an application in future. these tools weren’t originally designed for incremental, nearly continuous integration of very small code changes. despite recent improvements that have inched the products closer to that goal, it’s necessary to manage version control off-platform in order to achieve the feedback cycle times and continuous integration contemporary developers want.
limited support for automated unit testing
contemporary development methods generally emphasize test automation at multiple levels of abstraction, and frequent small-scale testing throughout development. some methods call for executable test cases to be written before writing the production code that makes the tests pass.
these approaches to development require tooling that enables very small subsets of the code to be tested (as small as a single path through a single method in a java class), and for selected subsets of test cases to be executed on demand, as well as automatically as part of the continuous integration flow.
mainframe-based tooling to support fine-grained automated checks and tests is very limited. the best example is ibm’s zunit testing framework, supporting cobol and pl/i development as part of the rational suite. however, even this product can’t support unit test cases at a fine level of granularity. the smallest “unit” of code it supports is an entire load module.
some tools are beginning to appear that improve on this, such as the open source cobol-unit-test project for cobol, and t-rexx for test-driving rexx scripts, but no such tool is very mature at this time. the cobol-unit-test project can support fine-grained unit testing and test-driving of cobol code off-platform using a compiler like micro focus or gnu cobol, on a developer’s windows, osx, or linux machine or in a shared development environment. no mainframe-based tools can support this.
dependencies outside the developer’s control
a constant headache in mainframe development is the fact it’s difficult to execute a program without access to files, databases, and subroutine libraries the developer doesn’t control. even the simplest, smallest-scale automated test depends on the availability and proper configuration of a test environment, and these are typically managed by a different group than the development teams.
every developer doesn’t necessarily have their own dedicated test files, databases, cics regions, or lpars. in many organizations, developers don’t even have the administrative privileges necessary to start up a cics region for development or testing, or to modify cics tables in a development region to support their own needs; a big step backward as compared with the 1980s. developers have to take turns, sometimes waiting days or weeks to gain access to a needed resource.
mainframe-based and server-based cd tooling addresses this issue in a hit-or-miss fashion, but none provides robust stubbing and mocking support for languages like cobol and pl/i.
some suites of tools include service virtualization products that can mitigate some of the dependencies. service virtualization products other than those listed above may be used in conjunction, as well (i.e., parasoft, hp).
the ability to run automated checks for cics applications at a finer granularity than the full application is very limited short of adding test-aware code to the cics environment. ibm’s rational suite probably does the best job of emulating cics resources off-platform, but at the cost of requiring multiple servers to be configured. these solutions provide only a partial answer to the problem.
disconnected and remote development are difficult
one factor that slows developers down is the necessity to connect to various external systems. even with development tools that run on microsoft windows, osx, or linux, it’s necessary for developers to connect to a live mainframe system to do much of anything.
to address these issues, ibm’s rational suite enables developers to work on a windows workstation. this provides a much richer development environment than the traditional mainframe-based development tools. but developers can’t work entirely isolated from the network. they need an rd&t server and, possibly, a green hat server to give them vsam and cics emulation and service virtualization for integration and functional testing.
each of these connections is a potential failure point. one or more servers may be unavailable at a given time. furthermore, the virtual services or emulated facilities may be configured inappropriately for a developer’s needs.
keep in mind the very short feedback cycles that characterize contemporary development methods. developers typically spend as much as 90% of their time at the “unit” level; writing and executing unit checks and building or modifying production code incrementally, to make those checks pass. they spend proportionally less time writing and executing checks at the integration, functional, behavioral, and system levels.
therefore, an environment that enables developers to work without a connection to the mainframe or to mainframe emulation servers can enable them to work in very quick cycles most of the time.
in addition, the level of granularity provided by zunit isn’t sufficient to support very short cycles such as ruby, python, c#, or java developers can experience with their usual tool stacks.
in practical terms, to get to the same workflow for cobol means doing most of the unit-level development on an isolated windows, osx, or linux instance with an independent cobol compiler such as micro focus or gnu cobol, and a unit testing tool that can isolate individual cobol paragraphs. anything short of that offers only a partial path toward continuous delivery.
observations from the field
possibly the most basic element in a continuous delivery pipeline is a version control system for source code, configuration files, scripts, documentation, and whatever else goes into the definition of a working application. many mainframe shops use a mainframe-based version control system such as ca-endevor or serena changeman. many others have no version control system in place.
the idea of separating source repositories from execution target platforms has not penetrated. in principle there is no barrier to keeping source code and configuration files (and similar artifacts) off-platform so that development and unit-level testing can be done without the need to connect to the mainframe or to additional servers. yet, it seems most mainframe specialists either don’t think of doing this, or don’t see value in doing it.
automated testing (checking)
most mainframe shops have little to no automated testing (or checking or validation, as you prefer). manual methods are prevalent, and often testing is the purview of a separate group from software development. almost as if they were trying to maximize delay and miscommunication, some shops use offshore testing teams located as many timezones away as the shape of the earth allows.
so, what’s all this about “levels” of automated testing? here’s a depiction of the so-called test automation pyramid. you can find many variations of this diagram online, some simpler and some more complicated than this one.
this is all pretty normal for applications written in java, c#, python, ruby, c/c++ and other such languages. it’s very unusual to find these different levels of test automation in a mainframe shop. yet, it’s feasible to support several of these levels without much additional effort:
automation is quite feasible and relatively simple for higher-level functional checking and verifying system qualities (a.k.a. “non-functional” requirements). the ibm rational suite includes service virtualization (and so do other vendors), making it practical to craft properly-isolated automated checks at the functional and integration levels. even so, relatively few mainframe shops have
at the “unit” level, the situation is reversed. the spirit is willing but the tooling is lacking. ibm offers zunit, which can support test automation for individual load modules. to get down to a suitable level of granularity for unit testing and tdd, there are no well-supported, commercial tools. to be clear: a unit test case exercises a single path through a single cobol paragraph or pl/i block. the “unit” in zunit is the load module; i would call that a component test rather than a unit test. there's a few open-source unit testing solutions to support cobol, but nothing for pl/i, and this is where developers spend 90% of their time. it is an area that would benefit from further tool development.
test data management
when you see a presentation about continuous delivery at a conference, the speaker will display illustrations of their planned transition to full automation. no one (that i know of) has fully implemented cd in a mainframe environment. the presentations typically show test data management as just one more box among many in a diagram, the same size as all the other boxes. the speaker says they haven’t gotten to that point in their program just yet, but they’ll address test data management sometime in the next few months. they sound happy and confident. this tells me that they’re speeding toward a brick wall and they aren’t aware of it.
test data management may be the single largest challenge in implementing a cd pipeline for a heterogeneous environment that includes mainframe systems. people often underestimate it. they may visualize something akin to an activerecord migration for a ruby application. how hard could that be?
mainframe applications typically use more than one access method. mainframe access methods are roughly equivalent to filesystems on other platforms. it’s common for a mainframe application to manipulate files using vsam ksds, vsam esds, and qsam access methods, and possibly others. to support automated test data management for these would be approximately as difficult as manipulating ntfs, ext4, and hfs+ filesystems from a single shell script on a single platform. that’s certainly do-able, but it’s only the beginning of the complexity of mainframe data access.
a mature mainframe application that began life 25 years ago or more will access multiple databases, starting with the one that was new technology at the time the application was originally written, and progressing through the history of database management systems since that time. they are not all sql-enabled, and those that are sql-enabled generally use their own dialect of sql.
in addition, mainframe applications often comprise a combination of home-grown code, third-party software products (including data warehouse products, business rules engines, and etl products — products that have their own data stores), and externally-hosted third-party services. development teams (and the test data management scripts they write) may not have direct access to all the data stores that have to be populated to support automated tests. there may be no suitable api for externally hosted services. the company’s own security department may not allow popular testing services like sauce labs to access applications running on internal test environments, and may not allow test data to go outside the perimeter because sensitive information could be gleaned from the structure of the test data, even if it didn’t contain actual production values .
creating environments on the fly
virtualization and cloud services are making it more and more practical to spin up virtual machines on demand. people use these services for everything from small teams maintaining open source projects to resilient solution architectures supporting large-scale production operations. a current buzzword making the rounds is hyperconvergence, which groups a lot of these ideas and capabilities together.
however, there are no cloud services for mainframes. the alternative is to handle the on-demand creation of environments in-house. contemporary models of mainframe hardware are capable of spinning up environments on demand. it’s not the way things are usually done, but that’s a question of culture and history and is not a technical barrier to cd.
ibm’s z/vm can manage multiple operating systems on a single system z machine, including z/os. with pr/sm (processor resource/system manager) installed, z/os logical partitions (lpars) are supported. typically, mainframe shops define a fixed set of lpars and allocate development, test, and production workloads across them. the main reason it’s done that way is that creating an lpar is a multi-step, complicated process. people prefer not to have to do it frequently. (all the more reason to automate it if you ask me.)
a second reason, in some cases, is that the organization hasn’t updated its operating procedures since the 1980s. they have a machine that is significantly more powerful than older mainframes and they continue to operate it as if it were severely underpowered. i might observe this happens because year after year people say “the mainframe is dying, we’ll replace it by this time next year,” so they figure it isn’t worth an investment greater than the minimum necessary to keep the lights on.
yet, the mainframe didn’t die. it evolved.
production system monitoring
a number of third-party tools (that is, non-ibm tools) can monitor production environments on mainframe systems. most shops don’t use them, but they are available. a relatively easy step in the direction of cd is to install appropriate system monitoring tools.
generally, such tools are meant for performance monitoring. they help people tune their mainframe systems. they aren’t really meant to support dynamic reconfiguration of applications on the fly.
ideally, we want these tools to be able to do more than just notify someone when they detect a problematic condition. the same sort of resiliency as reactive architectures provide would be most welcome for mainframe systems, as well. this may be a future development.
a glimpse into the future?
i saw a very interesting demo machine a couple of years ago. an ibmer brought it to a demo of the rational suite for a client. it was an apple macbook pro with a full-blown instance of zos installed. it was a single-user mainframe on a laptop. it was not, and still is not, a generally-available commercial product.
that sort of thing will only become more practical and less costly as technology continues to advance. one can imagine a shop in which each developer has their own personal zos system. maybe they’ll be able to run zos instances as vms under virtualbox or vmware. imagine the flexibility and smoothness of the early stages in a development workflow! quite a far cry from two thousand developers having to take turns sharing a single, statically-defined test environment for all in-flight projects.
the pieces of the mainframe cd puzzle are falling into place by ones and twos.
original article by dave nicolette.
Published at DZone with permission of Dave Nicolette. See the original article here.
Opinions expressed by DZone contributors are their own.