Are you being served?

Just a few years ago, the idea of the AS/400 as a web server would have raised a few eyebrows. Not now.

Just a few years ago, the idea of the AS/400 as a web server would have raised a few eyebrows. Not now.

The AS/400 has a lot going for it: you probably already use it as a data store; it's easy to administer; and as computers go, it's very secure; it's scaleable; and you've already got a lot of expertise in-house.

In this article we're going to look at some of the steps you need to consider before making an AS/400 into a web server. First, however, we'd better define what we mean.

Basically, a web server is the server of a particular type of client-server relationship - a web server delivers files (known as pages, and usually formatted in HTML), to its clients (known as web browsers). Each server must have its own IP address, and will probably have its own domain name. It uses the HTTP protocol for communication between the server and the clients. The collection of files on the web server is generally known as the website; and you can, of course, have more than one web site on a single server.

But there are two additional points we should consider. The first is that any computer can be a web server with the addition of the correct software. However, not every computer makes a good web server. The software must be the right software, and the hardware must have the capacity to deliver the number of pages necessary to the number of clients being served.

The second point is that the one word we haven't mentioned yet is the 'internet'. That's because, strictly speaking, a server doesn't have to be part of the internet to be a web server. You could turn your existing Lan into an intranet by turning the AS/400 into a web server, and switching to web technology for launching applications and transferring files. This, however, would be rather isolationist, and is probably not an effective use of your systems. You will undoubtedly want to sell product or services from your web site, and you will probably want your own road warriors or home workers to be able to access the system from different remote sites. That means placing the server on the internet - and that means you need also to consider 'security'.

So we have three specific areas we need to consider: software, capacity, and security.


AS/400 users are almost embarrassed for choice! Back in 1997 IBM 'relaunched' the AS/400 as the AS/400e - an e-business machine with an integrated web server and a firewall. At the time, many commentators saw it more as a damage limitation exercise than a brave new world. The suggestion was that the increasing power of Intel processors, and the improving scaleability of NT, were beginning to be a serious threat to IBM's AS/400 user base - and the purpose of the new machine was to see off that threat. Many commentators at the time doubted that it would succeed. Well, as in so many debates of this type, everybody was right, and everybody was wrong.

IBM has successfully defended its AS/400 user base, and it was a brave new direction, but it hasn't seen off NT/2000, and Microsoft is still the threat. This tussle with Microsoft probably explains, rightly or wrongly, IBM's next moves. When faced with an enemy, you have four options. The first is to surrender, which IBM will not do. The other three are to beat it, to join it, or to ignore it. IBM has options for all three. The chronology suggests there may even be some merit in this suggestion.

Beat them with the HTTP Server

First IBM tried to beat the opposition with its own HTTP Server for OS/400e. This is by no means a poor product, and it has excellent functionality. But such is the momentum behind Microsoft that it hasn't stopped the bandwagon: BIG BLUE is still in danger from BIG REDmond. Since HTTP Server didn't beat MS, the next option is to join it.

Join them with Netfinity

Netfinity is IBM's server for the Intel platform. It is a fine product that has earned considerable praise. It exploits all the architectural expertise learned from years with AS/400 and RS/6000 design, and puts it into Intel boxes. And because they are Intel boxes, they can run Microsoft products. The result is that MS NT and 2000 both run on Netfinity; and therefore MS web servers also run on Netfinity.

But what has this to do with the AS/400? Well, Netfinity can now be included within the AS/400e. The Integrated Netfinity Server for AS/400e is a single plug-in card. Windows 2000 or NT servers can then be loaded and run as though on a standalone PC server. Up to three Windows servers can be run in a single AS/400e server 270, and up to 16 Windows servers in an AS/400e server 8XX. This allows you to keep Intel based servers separate, but manage them in a single system with consolidated storage of up to 1 TeraByte of disk per Windows server. In other words, you get the best of both worlds: the choice of Windows based web servers running within an AS/400 installation.

But I suspect IBM would still like to 'beat' Microsoft - after all, competition is what business is all about. There is an old maxim that if you ignore something for long enough, it will go away. So if only IBM could get the world to ignore Microsoft...

Sidestep them with Apache

There may be a way. Open source software in general, and Linux in particular. If the world were to adopt Linux, there would be little scope left for Microsoft. Well, the Apache Linux based web server is one of the most popular web servers on the internet, and is increasing its market share.

Does this explain why IBM has thrown its weight behind Linux? Does this explain why IBM has got into bed with the Apache Software Foundation? Does this explain why, just this summer, IBM announced a $200m Linux initiative in Europe, including major new Linux development centres?

If it does, it also explains why the AS/400 team has been working so hard with Apache. Apache will be the web server of choice on the AS/400e in the future.

So, in summary, and for whatever reasons, there is almost an embarrassment of riches in the choice of web server to run on AS/400e. And we didn't even mention Pase, which allows the AS/400e to run Unix.


Quite frankly, there can be no question of whether the AS/400e has the capacity to drive an effective web server. IBM has been beefing up its power for several years, and as IBM's AS/400 chief scientist Frank Soltis is reported as saying: 'Our top-end 840 is the biggest symmetric multiprocessor we believe that the world has ever built. It's bigger than any mainframe. It's bigger than any Unix box that we're aware of. It's about 2,200 mainframe Mips, which is a really big system. We can put out a 24-way AS/400, and blow away a 64-way Sun. We've also announced that we'll go to 32-way, and there's certainly a possibility we'll go even beyond that.'

The biggest problem in choosing an AS/400 model to drive your web server is not whether it can cope, but which model isn't overkill.


The third area we need to consider is security. The AS/400e is one of the most secure systems available, but the security achieved is only as good as its implementation. Its strengths, and weaknesses, are historical. It inherited its basic concepts from its predecessors, the System/38 and the System/36. It is object rather than file based. The advantage of this is that security can be finely grained. The disadvantage is in administering security for all the objects.

Well, in the early days, pre-PC, this could be achieved by using a menu system to control users' access. Since all the user had was a dumb terminal, this was generally adequate; the user had no means of bypassing the menu. But the rules changed as soon as the first PC was attached to an AS/400. And the advent of Windows 95 and IBM's Client Access for Windows/95 made it worse. It gave users point and click access to objects, the ability to transfer files, and drag and drop deletion; none of which could be stopped by a legacy menu security.

The upshot is that if you are developing a completely new web based system, you can and should use the facilities within the AS/400 system to implement full object based security. But this may not be realistic if you have a legacy system being converted to web technology. Here you will undoubtedly need help. One method is to use exit programs to provide security at the network exit points - but there are more than 50 network exit points representing more than 300 transaction types. You can either write your own exit programs, or delegate. Use a third party vendor who will produce and test them for you.

Read more on Operating systems software