Enterprise Scalable,Repetable Modernization Mainframe Practices

Anand Nerurkar
Feb 22
8 min read

🔷 1️⃣ Reference Architectures

What It Means

Pre-defined, reusable architecture blueprints for:

API façade over mainframe
Event-driven modernization
Strangler pattern extraction
Batch modernization
Hybrid cloud deployment

Instead of designing from scratch each time.

Example in Mainframe Modernization

You define a standard blueprint like:

Digital Channel

↓

API Gateway

↓

Domain Microservice

↓

Adapter Framework

↓

CICS / DB2

↓

Outbox

↓

Kafka

Every project follows this pattern.

I establish enterprise reference architectures for API enablement, event streaming, and domain extraction so that modernization becomes repeatable and governed, not ad hoc.

🔷 2️⃣ Canonical Data Model Governance

What It Means

Instead of each system defining its own data model, you define:

One enterprise-level canonical schema.

Example:

Customer
Account
Transaction
Party
Ledger

Why It Matters

Without canonical model:

Microservices talk different schemas
Data mapping chaos
Integration sprawl

With governance:

Versioning control
Schema registry
Backward compatibility rules

I introduce canonical data model governance to prevent integration sprawl and ensure consistent domain semantics across microservices and mainframe integrations.

🔷 3️⃣ Adapter Framework Standardization

Instead of:

Each team writing custom CICS connector code.

You Create:

Reusable adapter framework that handles:

CTG/MQ connectivity
Copybook marshalling
Error mapping
Logging
Security propagation
Retry logic

So teams only configure:

Transaction ID
Copybook mapping

It:

Reduces development effort
Standardizes security
Improves observability
Reduces production risk

I standardize the anti-corruption adapter framework so that teams focus on business logic rather than low-level CICS connectivity and transformation code.

🔷 4️⃣ Outbox + CDC Standard Pattern

This shows event-driven maturity.

Outbox Pattern

Write transaction + event in same transaction
Background job publishes to Kafka
Guarantees no event loss

CDC (Change Data Capture)

Capture DB2 log changes
Publish to Kafka
Used for analytics, reconciliation

Why Standardize It?

Because without it:

Teams publish events unreliably
Data drift happens
Inconsistent architecture

I define a standard event publication strategy using transactional outbox and CDC to ensure consistency, reliability, and audit compliance.

🔷 5️⃣ Migration Factory Model

What It Means

I created a repeatable modernization assembly line:

Step 1 – Code assessment

Step 2 – Domain mapping

Step 3 – Extraction planning

Step 4 – Microservice build

Step 5 – Parallel run

Step 6 – Decommission

Instead of random projects.

Includes:

Tooling
Templates
Automation scripts
Playbooks
KPI tracking

A factory model means:

Predictable cost
Predictable timeline
Scalable delivery

I establish a migration factory approach to industrialize modernization rather than treat each transformation as a one-off initiative.

That sounds strategic.

🔷 6️⃣ Risk Governance Framework

Modernization fails mostly due to unmanaged risk.

You bring:

Architecture Review Board (ARB)
Regulatory alignment checkpoints
MIPS impact analysis
Parallel-run validation framework
Release gating standards
Rollback strategy

Example

Before extracting a domain:

Run regression test suite
Compare DB2 reconciliation reports
Approve via ARB
Deploy in canary mode

I embed risk governance across business, technology, security, and regulatory dimensions to ensure modernization does not compromise operational stability.

🎯“What modernization practices do you bring?”

I bring a structured modernization playbook — reference architectures, canonical data governance, standardized adapter frameworks, event reliability patterns, a migration factory execution model, and embedded risk governance. This allows us to modernize mainframe ecosystems safely, incrementally, and measurably.

🏦 1️⃣ Step-by-Step Mainframe Modernization Roadmap

🔷 Phase 0 – Discovery & Baseline

Inventory COBOL programs (CRUD, batch, MQ)
Identify DB2 tables & VSAM files
Capture MIPS consumption baseline
Identify high-cost, high-change domains
Map business capability → code mapping
Define regulatory & SLA constraints

👉 Output: Modernization heatmap + cost baseline

🔷 Phase 1 – Encapsulation (Stabilize Core)

Goal: Do NOT break core banking.

Digital Channels    ↓API Gateway    ↓Domain Façade Services    ↓Adapter (Anti-Corruption Layer)    ↓CICS / DB2

Expose CICS via CTG/MQ/z/OS Connect
Standardize canonical models
Introduce API governance
Introduce event streaming (adapter-level)

👉 No COBOL rewrite yet.

🔷 Phase 2 – Event Enablement

Implement transactional outbox
Publish domain events to Kafka
Enable downstream microservices
Offload analytics reads

👉 Reduce DB2 read pressure.

🔷 Phase 3 – Strangler Pattern (Domain-by-Domain Extraction)

Identify low-risk CRUD domain
Build microservice with its own DB
Route % traffic gradually
Decommission specific COBOL modules

👉 Reduce MIPS gradually.

🔷 Phase 4 – Data Decoupling

Separate operational vs analytical workloads
Migrate selected tables to cloud DB
Archive legacy data

🔷 Phase 5 – Batch Modernization

Replace JCL jobs with:
- Spring Batch
- Spark
- Cloud scheduler

🔷 Phase 6 – Decommission & Optimization

Retire specific CICS programs
Reduce MIPS licensing
Optimize DB2 storage

🟢 Example CRUD Use Case – Update Customer Email

Legacy Flow

Mobile App   ↓CICS Transaction CUSTUPD   ↓COBOL   ↓DB2 CUST_MASTER

COBOL logic:

Validate customer
Check KYC status
Update DB2
Write audit
Commit

🟢 Modernized Flow

Mobile App   ↓API Gateway   ↓Customer Microservice   ↓Adapter   ↓CICS (Phase 1)

Later (Phase 3 Extraction):

Mobile App   ↓Customer Microservice   ↓Cloud DB   ↓Kafka Event

Traffic gradually moves away from CICS.

🏗 Target Architecture (Enterprise Grade)

API Gateway     ↓Customer Microservice     ↓Outbox Pattern     ↓Kafka     ↓Fraud / Analytics / Notifications

Mainframe remains:

Ledger
Core settlement

Customer CRUD moved out.

⚠️ Top 20 Risks + Mitigation Plan

🔴 Business Risks

1. Regulatory non-compliance

Mitigation: Compliance embedded in design reviews, audit trace preserved.

2. SLA breach during migration

Mitigation: Canary routing + parallel run.

3. Business logic drift

Mitigation: Golden test cases + replay testing.

🟠 Technology Risks

4. Transaction inconsistency

Mitigation: Outbox pattern + idempotency.

5. Data synchronization errors

Mitigation: CDC validation + reconciliation jobs.

6. Performance degradation

Mitigation: Load testing + MIPS impact simulation.

7. Increased latency

Mitigation: Co-location strategy + caching.

🟡 Application Risks

8. Tight coupling reintroduced

Mitigation: Strict domain boundaries.

9. Incomplete strangler extraction

Mitigation: Domain contract definition.

10. Error handling mismatch

Mitigation: Standardized error taxonomy.

🟢 Data Risks

11. Data duplication inconsistency

Mitigation: Master data governance.

12. Orphan records

Mitigation: Referential reconciliation jobs.

13. Data corruption

Mitigation: Checksums + audit logs.

🔵 Process Risks

14. Change management resistance

Mitigation: Business alignment workshops.

15. Release coordination failure

Mitigation: Program-level governance board.

🟣 People Risks

16. COBOL skill gap

Mitigation: Pair programming + documentation.

17. Microservices immaturity

Mitigation: Enablement workshops + CoE.

🛡 Security Risks

18. Data exposure via APIs

Mitigation: API security gateway + OAuth2.

19. Privilege escalation

Mitigation: Zero-trust architecture + IAM policies.

🏛 Governance Risks

20. Architectural sprawl

Mitigation: Enterprise Architecture Review Board + reference patterns.

🔷 What Actually Happens During a Mainframe CRUD Transaction?

When you call a CICS transaction like:

CUSTCRT  (Create Customer)
CUSTGET  (Read Customer)
CUSTUPD  (Update Customer)
CUSTDEL  (Delete Customer)

What happens inside COBOL depends on how the system was built.

🔷 Case 1: COBOL + DB2 (Most Common in Tier-1 Banks)

Inside the COBOL program:

EXEC SQL   INSERT INTO CUST_MASTER   VALUES (:WS-CUST-ID, :WS-NAME, :WS-DOB)END-EXEC.

Yes — in this case:

👉 CRUD = DB2 operations👉 CICS manages transaction👉 DB2 stores data

🔷 Case 2: COBOL + VSAM (Older Systems)

Instead of DB2, some legacy systems use VSAM files.

Example:

READ CUST-FILE KEY IS WS-CUST-ID.

Here:

No DB2
File-based storage
Record-level access

Still CRUD — but not DB2.

🔷 Case 3: Hybrid (Common Reality)

In real banking systems:

Customer master → DB2
Ledger → DB2
Historical archives → VSAM
Batch processing → Flat files
MQ for async events

So CRUD may touch:

DB2
VSAM
Both
Or even call another internal program

🔷 Important: CICS ≠ DB2

CICS manages:

Transaction boundary
Commit/rollback
Concurrency control

DB2 just stores data.

Flow:

Adapter → CICS → COBOL → DB2

CICS ensures:

If INSERT fails → rollback
If UPDATE fails → rollback
If program ABEND → rollback

🔷 Example Full CREATE Flow

Let’s say you create a customer.

Step 1 – Adapter calls CICS CUSTCRT

Step 2 – COBOL executes:

EXEC SQL INSERT INTO CUST_MASTER ...EXEC SQL INSERT INTO AUDIT_LOG ...EXEC CICS SYNCPOINT

Notice:

It may update multiple tables
It may write audit logs
It may call another program
It may write MQ message

So CRUD is rarely just “insert one row”.

It is usually:👉 Business transaction👉 Multi-table👉 ACID controlled

🔷 “Does each mainframe CRUD command just insert into DB2?”

In most modern mainframe banking systems, CRUD transactions update DB2 tables. However, depending on legacy design, they may also interact with VSAM files, write audit logs, invoke other programs, or publish MQ messages. CICS manages the transaction boundary, while DB2 is just the persistence layer.

🔷 One More Important Insight (Architect Level)

When we modernize:

We usually:

Keep DB2
Keep COBOL logic
Encapsulate CICS
Avoid direct DB2 bypass for writes

Because bypassing CICS means:

Skipping validation logic
Breaking transaction integrity
Risking ledger corruption

That’s why adapter → CICS is safer.

what is different way to callCICS transactionapart from CTG

=======

🔷 1️⃣ CICS Transaction Gateway (CTG)

Classic distributed call (Java → CICS)

Best for:

Synchronous request/response
Existing Java integration
Low-latency OLTP

You already understand this one.

🔷 2️⃣ IBM MQ (Message-Based Invocation)

Instead of direct call, you send a message to a queue.

Adapter → MQ Request Queue → CICS Listener → COBOL → MQ Reply Queue → Adapter

How it works

Adapter puts message on MQ
CICS program triggered by MQ listener
COBOL processes request
Response sent back to reply queue

Pros

Decoupled
More resilient
Good for high volume

Cons

Slightly higher latency
More moving parts

👉 Many large banks prefer MQ for stability.

🔷 3️⃣ z/OS Connect (REST Enablement)

This is modern and very powerful.

Adapter / Channel       ↓z/OS Connect       ↓CICS

z/OS Connect:

Wraps CICS as REST APIs
Automatically handles JSON ↔ COBOL mapping
Generates OpenAPI specs

Pros

No custom adapter needed
REST-native
Cleaner governance

Cons

Requires mainframe team buy-in
Still some mainframe config work

👉 This is popular in progressive modernization programs.

🔷 4️⃣ Direct DB2 Access (Bypass CICS)

Adapter → JDBC → DB2 (z/OS)

When used

Read-heavy queries
Reporting
Non-transactional use cases

Dangerous if:

You bypass business validation logic in COBOL
You break ACID behavior

In core banking, we avoid bypassing CICS for write operations.

🔷 5️⃣ CICS Web Services (SOAP)

Older but still used:

Adapter → SOAP → CICS Web Service → COBOL

CICS can expose:

SOAP endpoints
WSDL-based services

Mostly legacy pattern now.

🔷 6️⃣ Event-Based via CDC (Indirect)

Instead of calling CICS:

DB2 Log → CDC Tool → Kafka → Microservices

Used for:

Data replication
Analytics
Event-driven architecture

Not used for CRUD transactional calls.

🔷 7️⃣ Direct Internal CICS LINK (Inside Mainframe)

Used when:

Another COBOL program invokes transaction internally
No distributed call

This is internal-only.

🔷 Enterprise Comparison Table

Method	Sync/Async	Modify Mainframe?	Risk Level	Modern Fit
CTG	Sync	No	Medium	Good
MQ	Async/Sync	Minimal	Low	Very Good
z/OS Connect	Sync	Config only	Low	Excellent
DB2 Direct	Sync	No	High Risk	Limited
SOAP	Sync	Yes	Medium	Legacy
CDC	Async	No	Low	Analytics

🔷 What Tier-1 Banks Prefer Today?

In conservative institutions like BNY Mellon:

Phase 1:

CTG or MQ

Phase 2:

z/OS Connect REST enablement

Phase 3:

Event streaming via CDC
Gradual strangler replacement

🎯

“Apart from CTG, how else can you call CICS?”

We can use IBM MQ for message-driven invocation, z/OS Connect to expose CICS as REST services, CICS web services via SOAP, or in limited read scenarios direct DB2 access.In modern banking programs, z/OS Connect combined with event streaming is increasingly preferred for clean API enablement without modifying COBOL logic.

🔷 What is CTG?

CTG = CICS Transaction Gateway

It is a middleware bridge that allows distributed applications (Java/.NET) to call CICS programs remotely.

Think of it as:

👉 A secure tunnel between your Java microservice and CICS.

🔷 Visual Flow

Spring Boot Service        ↓CICS Transaction Gateway (CTG)        ↓CICS Region (Mainframe)        ↓COBOL Program

🔷 Why Do We Need CTG?

Mainframe speaks:

EBCDIC
COBOL copybooks
COMMAREA structures

Your microservice speaks:

JSON
UTF-8
REST

CTG handles:

Network connection
LU6.2/IPIC protocol
Session pooling
Security context
Transaction boundary

🔷 Real Technical Example (High-Level)

Java calling CICS using CTG

import com.ibm.ctg.client.ECIRequest;import com.ibm.ctg.client.JavaGateway;public class CicsClient {    public byte[] invoke(String program, byte[] payload) throws Exception {        JavaGateway gateway = new JavaGateway("ctg-host", 2006);        ECIRequest request = new ECIRequest(                ECIRequest.ECI_SYNC,                "CICSREG",      // CICS region                program,        // COBOL program                null,                payload.length,                payload        );        int rc = gateway.flow(request);        if (rc != ECIRequest.ECI_NO_ERROR) {            throw new RuntimeException("CICS Error");        }        return request.Commarea;    }}

👉 This is what people mean when they say:

“We invoked CICS via CTG.”

🔷 What Happens Internally?

Adapter converts JSON → COBOL copybook
Adapter creates byte array payload
CTG sends request to CICS region
CICS runs COBOL program
COBOL updates DB2
Response COMMAREA returned
Adapter maps back to JSON

🔷 Alternative to CTG

In real enterprise modernization, we might use:

IBM MQ request/response
z/OS Connect (REST wrapper around CICS)
Direct DB2 access (less preferred for business logic)
CDC (for event publishing)

CTG is common in large banks.

🔷

“How did you connect to CICS?”

We used CICS Transaction Gateway (CTG) from our adapter layer.The adapter marshalled canonical models into COBOL copybook structures and invoked CICS transaction IDs synchronously.CTG handled connectivity, session management, and transactional consistency.

🔷 Very Important Clarification

CTG is NOT an API gateway.

It is:

A protocol bridge to CICS.
Used only between adapter and mainframe.

Your API Gateway is still outside in digital layer.