Move mainframe files directly to Amazon S3 using Transfer Family
Created by Luis Gustavo Dantas (AWS)
Summary
As part of the modernization journey, you can face the challenge of transferring files between your on-premises servers and the Amazon Web Services (AWS) Cloud. Transferring data from mainframes can be a significant challenge because mainframes typically can’t access modern data stores like Amazon Simple Storage Service (Amazon S3), Amazon Elastic Block Store (Amazon EBS), or Amazon Elastic File System (Amazon EFS).
Many customers use intermediate staging resources, such as on-premises Linux, Unix, or Windows servers, to transfer files to the AWS Cloud. You can avoid this indirect method by using AWS Transfer Family with the Secure Shell (SSH) File Transfer Protocol (SFTP) to upload mainframe files directly to Amazon S3.
Prerequisites and limitations
Prerequisites
An active AWS account
A virtual private cloud (VPC) with a subnet that’s reachable by your legacy platform
A Transfer Family endpoint for your VPC
Mainframe Virtual Storage Access Method (VSAM) files converted to sequential, fixed-length files
(IBM documentation)
Limitations
SFTP transfers files in binary mode by default, which means that files are uploaded to Amazon S3 with EBCDIC encoding preserved. If your file doesn't contain binary or packed data, then you can use the sftp ascii subcommand
(IBM documentation) to convert your files to text during the transfer. You must unpack mainframe files
(AWS Prescriptive Guidance) that contain packed and binary content to use these files in your target environment. Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 TB. For more information about Amazon S3 capabilities, see Amazon S3 FAQs
.
Architecture
Source technology stack
Job control language (JCL)
z/OS Unix shell and ISPF
SFTP
VSAM and flat files
Target technology stack
Transfer Family
Amazon S3
Amazon Virtual Private Cloud (Amazon VPC)
Target architecture
The following diagram shows a reference architecture for using Transfer Family with SFTP to upload mainframe files directly to an S3 bucket.
The diagram shows the following workflow:
You use a JCL job to transfer your mainframe files from the legacy mainframe to the AWS Cloud through Direct Connect.
Direct Connect enables your network traffic to remain on the AWS global network and bypass the public internet. Direct Connect also enhances the network speed, starting at 50 Mbps and scaling up to 100 Gbps.
The VPC endpoint enables connections between your VPC resources and the supported services without using the public internet. Access to Transfer Family and Amazon S3 achieves high availability by taking place through the elastic network interfaces located in two private subnets and Availability Zones.
Transfer Family authenticates users and uses SFTP to receive your files from the legacy environment and move them to an S3 bucket.
Automation and scale
After the Transfer Family service is in place, you can transfer an unlimited number of files from the mainframe to Amazon S3 by using a JCL job as the SFTP client. You can also automate the file transfer by using a mainframe batch job scheduler to run the SFTP jobs when you’re ready to transfer the mainframe files.
Tools
Amazon Simple Storage Service (Amazon S3) is a cloud-based object storage service that helps you store, protect, and retrieve any amount of data.
Amazon Virtual Private Cloud (Amazon VPC) helps you launch AWS resources into a virtual network that you’ve defined. This virtual network resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
AWS Transfer Family enables you to securely scale your recurring business-to-business file transfers to Amazon S3 and Amazon EFS by using SFTP, FTPS, and FTP protocols.
Epics
Task | Description | Skills required |
---|---|---|
Create the S3 bucket. | Create an S3 bucket to host the files that you transfer from your legacy environment. | General AWS |
Create the IAM role and policy. | Transfer Family uses your AWS Identity and Access Management (IAM) role to grant access to the S3 bucket that you created earlier. Create an IAM role that includes the following IAM policy:
NoteYou must choose the Transfer use case when you create the IAM role. | General AWS |
Task | Description | Skills required |
---|---|---|
Create the SFTP server. |
NoteFor more information about how to set up an SFTP server, see Create an SFTP-enabled server (AWS Transfer Family User Guide). | General AWS |
Get the server address. |
| General AWS |
Create the SFTP client key pair. | Create an SSH key pair for either Microsoft Windows or macOS/Linux/UNIX. | General AWS, SSH |
Create the SFTP user. |
| General AWS |
Task | Description | Skills required |
---|---|---|
Send the SSH private key to the mainframe. | Use SFTP or SCP to send the SSH private key to the legacy environment. SFTP example:
SCP example:
Next, store the SSH key in the z/OS Unix file system under the user name that will later run the file transfer batch job (for example, NoteFor more information about z/OS Unix shell, see An introduction to the z/OS shells | Mainframe, z/OS Unix shell, FTP, SCP |
Create the JCL SFTP client. | Because mainframes don't have a native SFTP client, you must use the BPXBATCH utility to run the SFTP client from the z/OS Unix shell. In the ISPF editor, create the JCL SFTP client. For example:
NoteFor more information about how to run a command in the z/OS Unix shell, see The BPXBATCH utility | JCL, Mainframe, z/OS Unix shell |
Run the JCL SFTP client. |
NoteFor more information about how to check the activity of batch jobs, see z/OS SDSF User's Guide | Mainframe, JCL, ISPF |
Validate the file transfer. |
| General AWS |
Automate the JCL SFTP client. | Use job scheduler to automatically trigger the JCL SFTP client. NoteYou can use mainframe job schedulers, such as BMC Control-M | Job scheduler |