Back up and archive mainframe data to Amazon S3 using BMC AMI Cloud Data
Santosh Kumar Singh, Gilberto Biondo, and Maggie Li, Amazon Web Services
Mikhael Liberman, Model9 Mainframe Software
Summary
This pattern demonstrates how to back up and archive mainframe data directly to Amazon Simple Storage Service (Amazon S3), and then recall and restore that data to the mainframe by using BMC AMI Cloud Data (previously known as Model9 Manager). If you are looking for a way to modernize your backup and archive solution as part of a mainframe modernization project or to meet compliance requirements, this pattern can help meet those goals.
Typically, organizations that run core business applications on mainframes use a virtual tape library (VTL) to back up data stores such as files and logs. This method can be expensive because it consumes billable MIPS, and the data stored on tapes outside the mainframe is inaccessible. To avoid these issues, you can use BMC AMI Cloud Data to quickly and cost-effectively transfer operational and historical mainframe data directly to Amazon S3. You can use BMC AMI Cloud Data to back up and archive data over TCP/IP to AWS while taking advantage of IBM z Integrated Information Processor (zIIP) engines to reduce cost, parallelism, and transfer times.
Prerequisites and limitations
Prerequisites
- An active AWS account 
- BMC AMI Cloud Data with a valid license key 
- TCP/IP connectivity between the mainframe and AWS 
- An AWS Identity and Access Management (IAM) role for read/write access to an S3 bucket 
- Mainframe security product (RACF) access in place to run BMC AMI Cloud processes 
- A BMC AMI Cloud z/OS agent (Java version 8 64-bit SR5 FP16 or later) that has available network ports, firewall rules permitting access to S3 buckets, and a dedicated z/FS file system 
- Requirements - met for the BMC AMI Cloud management server 
Limitations
- BMC AMI Cloud Data stores its operational data in a PostgreSQL database that runs as a Docker container on the same Amazon Elastic Compute Cloud (Amazon EC2) instance as the management server. Amazon Relational Database Service (Amazon RDS) is not currently supported as a backend for BMC AMI Cloud Data. For more information about the latest product updates, see What's New? - in the BMC documentation. 
- This pattern backs up and archives z/OS mainframe data only. BMC AMI Cloud Data backs up and archives only mainframe files. 
- This pattern doesn’t convert data into standard open formats such as JSON or CSV. Use an additional transformation service such as BMC AMI Cloud Analytics - (previously known as Model9 Gravity) to convert the data into standard open formats. Cloud-native applications and data analytics tools can access the data after it's is written to the cloud. 
Product versions
- BMC AMI Cloud Data version 2.x 
Architecture
Source technology stack
- Mainframe running z/OS 
- Mainframe files such as datasets and z/OS UNIX System Services (USS) files 
- Mainframe disk, such as a direct-access storage device (DASD) 
- Mainframe tape (virtual or physical tape library) 
Target technology stack
- Amazon S3 
- Amazon EC2 instance in a virtual private cloud (VPC) 
- AWS Direct Connect 
- Amazon Elastic File System (Amazon EFS) 
Target architecture
The following diagram shows a reference architecture where BMC AMI Cloud Data software agents on a mainframe drive the legacy data backup and archive processes that store the data in Amazon S3.

The diagram shows the following workflow:
- BMC AMI Cloud Data software agents run on mainframe logical partitions (LPARs). The software agents read and write mainframe data from DASD or tape directly to Amazon S3 over TCP/IP. 
- AWS Direct Connect sets up a physical, isolated connection between the on-premises network and AWS. For enhanced security, run a site-to-site VPN on top of AWS Direct Connect to encrypt data in transit. 
- The S3 bucket stores mainframe files as object storage data, and BMC AMI Cloud Data agents directly communicate with the S3 buckets. Certificates are used for HTTPS encryption of all communications between the agent and Amazon S3. Amazon S3 data encryption is used to encrypt and protect the data at rest. 
- BMC AMI Cloud Data management servers run as Docker containers on EC2 instances. The instances communicate with agents running on mainframe LPARs and S3 buckets. 
- Amazon EFS is mounted on both active and passive EC2 instances to share the Network File System (NFS) storage. This is to make sure that metadata related to a policy created on the management server isn't lost in the event of a failover. In the event of a failover by the active server, the passive server can be accessed without any data loss. If the passive server fails, the active server can be accessed without any data loss. 
Tools
AWS services
- Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the AWS Cloud. You can launch as many virtual servers as you need and quickly scale them up or down. 
- Amazon Elastic File System (Amazon EFS) helps you create and configure shared file systems in the AWS Cloud. 
- Amazon Simple Storage Service (Amazon S3) is a cloud-based object storage service that helps you store, protect, and retrieve nearly any amount of data. 
- Amazon Virtual Private Cloud (Amazon VPC) helps you launch AWS resources into a virtual network that you’ve defined. This virtual network resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS. 
- AWS Direct Connect links your internal network to a AWS Direct Connect location over a standard Ethernet fiber-optic cable. With this connection, you can create virtual interfaces directly to public AWS services while bypassing internet service providers in your network path. 
- AWS Identity and Access Management (IAM) helps you securely manage access to your AWS resources by controlling who is authenticated and authorized to use them. 
BMC tools
- BMC AMI Cloud management server - is a GUI application that runs as a Docker container on an Amazon Linux Amazon Machine Image (AMI) for Amazon EC2. The management server provides the functionality to manage BMC AMI Cloud activities such as reporting, creating and managing policies, running archives, and performing backups, recalls, and restores. 
- BMC AMI Cloud agent - runs on an on-premises mainframe LPAR that reads and writes files directly to object storage by using TCP/IP. A started task runs on a mainframe LPAR and is responsible for reading and writing backup and archive data to and from Amazon S3. 
- BMC AMI Cloud Mainframe Command Line Interface (M9CLI) - provides you with a set of commands to perform BMC AMI Cloud actions directly from TSO/E or in batch operations, without the dependency on the management server. 
Epics
| Task | Description | Skills required | 
|---|---|---|
| Create an S3 bucket. | Create an S3 bucket to store the files and volumes that you want to back up and archive from your mainframe environment. | General AWS | 
| Create an IAM policy. | All BMC AMI Cloud management servers and agents require access to the S3 bucket that you created in the previous step. To grant the required access, create the following IAM policy: 
 | General AWS | 
| Task | Description | Skills required | 
|---|---|---|
| Get a BMC AMI Cloud software license. | To get a software license key, contact the BMC AMI Cloud team | Build lead | 
| Download the BMC AMI Cloud software and license key. | Obtain the installation files and license key by following the instructions in the BMC documentation | Mainframe infrastructure administrator | 
| Task | Description | Skills required | 
|---|---|---|
| Install the BMC AMI Cloud software agent. | 
 | Mainframe infrastructure administrator | 
| Task | Description | Skills required | 
|---|---|---|
| Create Amazon EC2 Linux 2 instances. | Launch two Amazon EC2 Linux 2 instances in different Availability Zones by following the instructions from Step 1: Launch an instance in the Amazon EC2 documentation. The instance must meet the following recommended hardware and software requirements: 
 For more information, see the BMC documentation | Cloud architect, Cloud administrator | 
| Create an Amazon EFS file system. | Create an Amazon EFS file system by following the instructions from Step 1: Create your Amazon EFS file system in the Amazon EFS documentation. When creating the file system, do the following: 
 | Cloud administrator, Cloud architect | 
| Install Docker and configure the management server. | Connect to your EC2 instances: Connect to your EC2 instances by following the instructions from Connect to your Linux instance in the Amazon EC2 documentation. Configure your EC2 instances: For each EC2 instance, do the following: 
 | Cloud architect, Cloud administrator | 
| Install the management server software. | 
 NoteTo troubleshoot issues, go to the logs stored in the  | Cloud architect, Cloud administrator | 
| Task | Description | Skills required | 
|---|---|---|
| Add a new agent. | Before you add a new agent, confirm the following: 
 You must create an agent on the management server before you define any backup and archive policies. To create the agent, do the following: 
 After the agent is created, you'll see the connected status against the object storage and mainframe agent in a new window that appears in the table. | Mainframe storage administrator or developer | 
| Create a backup or archive policy. | 
 | Mainframe storage administrator or developer | 
| Task | Description | Skills required | 
|---|---|---|
| Run the backup or archive policy. | Run the data backup or archive policy that you created earlier from the management server either manually or automatically (based on a schedule). To run the policy manually: 
 | Mainframe storage administrator or developer | 
| Restore the backup or archive policy. | 
 | Mainframe storage administrator or developer | 
| Task | Description | Skills required | 
|---|---|---|
| Run the backup or archive policy by using M9CLI. | Use the M9CLI to perform backup and restore processes from TSO/E, REXX, or through JCLs without setting up rules on the BMC AMI Cloud management server. Using TSO/E: If you use TSO/E, make sure that  NoteFor more information about M9CLI commands, see CLI reference  Using JCLs: To run the backup and archive policy by using JCLs, run the  Using batch operations: The following example shows you how to archive a dataset by running the  
 | Mainframe storage administrator or developer | 
| Run the backup or archive policy in JCL batch. | BMC AMI Cloud provides a sample JCL routine called M9SAPIJ. You can customize M9SAPIJ to run a specific policy created on the management server with a JCL. This job can also be part of a batch scheduler for running backup and restore processes automatically. The batch job expects the following mandatory values: 
 NoteYou can also change other values by following the instructions on the sample job. | Mainframe storage administrator or developer | 
Related resources
- Mainframe Modernization with AWS - (AWS documentation) 
- How Cloud Backup for Mainframes Cuts Costs with Model9 and AWS - (AWS Partner Network Blog) 
- How to Enable Mainframe Data Analytics on AWS Using Model9 - (AWS Partner Network Blog) 
- AWS Direct Connect Resiliency Recommendations - (AWS documentation) 
- BMC AMI Cloud documentation - (BMC website)