Sunsetting the AS/400?

[Guest.Visitor]

A number of you have commented on a previous message about how your shops are using the AS/400, and if these shops seem to be moving toward or away from platform. Here's some interesting information that may explain why the AS/400 is having such a hard time in the market place. 1. Tom Jarosh reports to the head of IBM Servers Group. 2. All IBM Servers are marketed through a single arm of IBM. 3. The marketing arm of IBM regularily researches the market opportunity for all servers looking for a percentage of new opportunities of undecided customers. If that percentage is over 10% (theoretical) IBM marketing figures this is a good opportunity. If the percentage is below 10%, the opportunity is ignored. 4. The marketspace for new servers is expanding rapidly as servers become less expensive. This means that as the total number of potential units expands across the entire server marketspace, the existing share of AS/400 marketing mindspace is decreasing. 5. This means that, in terms of total market potential for the AS/400 -- using IBM marketing devices -- the actual opportunities to affect new customers has diminished below the theoretical 10% of the base. 6. Therefore, IBM marketing says "Not much opportunity for AS/400s" and puts its marketing money elsewhere. The result is pretty devastating to organizations like Rochester. No new marketing money means no new sales. No new sales means fewer development dollars. Fewer development dollars means fewer enhancements. This is exactly the sales/development cycle that emasculated the AS/400 in the early 1990s. In this kind of marketing scheme, the value of the AS/400 -- its technological value -- doesn't come into play. If you were a sales person, would you rather push the best technology, or look for the easiest sale? You see this scenario repeated when the servers are nominated to custoemrs based upon a customer's need for ERP or BI applications: IBM will lead first with what it believes the customer will want. If the customer has never heard of an AS/400, IBM will not actively encourage the customer (or the BP) to look in that direction. Only if the customer already has an AS/400 will IBM direct BPs to add new application suites to that platform. The fact that NT and Unix and Linux are such hot platforms is a self-fulfilling prophesy. You won't get developers to invest in creating killer aps on the AS/400 today given the manner by which IBM measures marketing success. Java held up the promise that, finally, we'd have a cross-platform language where it didn't matter which server you owned. Rochester held the belief that -- once the language wars were finally over -- the value of the AS/400 as a server would finally be perceived and customers would flock to the stability of the AS/400 and the OS/400 operating system. What a great idea, right? Finally everybody would be able to see what we all knew: the AS/400 is a winner! Alas, this does not seem to be happening. As the cost of servers continues to drop, the traditionals values of the AS/400 seem to be less important to companies. As a result, IBM Rochester gets caught in a squeeze and -- instead of lowering prices -- finds it has to increase the cost of the AS/400. Why? The only way for the AS/400 to survive the "diminishing returns" marketing schemes coming out of corporate IBM is to change the rules of the game. Instead of fighting for market share within IBM, the AS/400 has got to be shown that its revenue share is greater -- on a per unit basis -- than NetFinity or RS/6000. In other words, within IBM the AS/400 has got to show that one unit of AS/400 is worth two units of NetFinity, or one and one half units of RS/6000. Ergo, it's got to generate more bucks for IBM than the other servers. Unfortunately, this leaves us -- the customers -- back with a high-priced AS/400. This is the most bizarre and absurd scenario that you or I can imagine: a company wants to sell you a product, says it wants to sell you what you want and need, shows you two or three different products, but won't show you the one that does the best job of all. Then it turns around to the engineers and says "Hey! Guess nobody likes your product very much." It's like a doctor holding back sulfa drugs to a patient because all the patient knows is antibiotics. Although I understand IBM's internal dilemma, I can't really excuse IBM for not addressing the issue on a technological basis. Gerstner's mantra "sell what the customer wants" has done wonders for transforming IBM into a customer driven company, but it shouldn't back away from its technological achievements. The AS/400 is one of those. OS/400 is a great OS. I think the only just way for the AS/400 to sink or swim in the market place is to make OS/400 an Open Source operating system: since IBM doesn't know what to do with it, why not turn it over to the people who really do. What do you think? D.H. Andrews Group is gathering together research about the direction that AS/400 customers are headed. There's a questionnaire that any company can fill out at http://dhagroup.com (until Feb 28th, 2000) We're trying to figure out where AS/400 customers are considering at their sites, where they want to be in three years, and where they may be forced to go. If you found this message at all interesting, I suggest you weigh in on the debate, and fill out the questionnaire as well.

[J.Pluta]

Ow! Pretty gloomy outlook, Tom! And while there's a certain ring of truth to it, I want to point something out: the AS/400 survived the "emasculation of the early 1990's". Why? Because, despite IBM's incredibly shortsighted marketing scheme, there is a significant core of people - both in software development and in IS management - that reject the hype and understand the business reasons behind buying an IBM midrange: low total cost of ownership, high security, high reliability. As networks become more the integral backbone for businesses, these issues will come to the fore again. But we still have to keep the AS/400 rolling along until management understands these things. The question is: how? "I think the only just way for the AS/400 to sink or swim in the market place is to make OS/400 an Open Source operating system: since IBM doesn't know what to do with it, why not turn it over to the people who really do." That's certainly an option, but to be honest I don't think it's a very viable way to develop a secure server, and I have a feeling security will raise it's head again very, very soon. In fact, a significant number of companies I've talked to recently are asking specifically about the security implications of putting their AS/400's on a network that's attached to the Internet. Unix and NT are NOT for prime time. Why? Because they can be hacked by just about anybody who's worked on them for a little while. If you have a web server, I can immediately find out the OS type and version (I won't say how here, but believe me it's common knowledge). If that's on my list of known "hackable" OS's (and most are hackable, believe me), I'm in in about 30 seconds. Done deal. Heck, all I need is your domain name, which I get from your email address. From that, I can get all the information I need from your DNS, and probably walk right into your system. If you don't have a damned good security guy locking down your TCP/IP connection (which means using 10-dot addresses and a solid firewall), your machine is wide open. UNLESS you're an AS/400. At which point, I try to do a quick port scan. If you haven't done something really silly (like give your AS/400 a real-world IP address and leave your FTP port open), then I cross you off my list and go on to my next victim. Why? Because the AS/400 has no security holes. The code isn't available to hackers. There's no list of "OS/400 hacks" on IRC (and there are such things for every other OS, believe me). I can't get in with a malformed packet. You lose this with open sourcing OS/400. So, short of open sourcing, what do we do? "You won't get developers to invest in creating killer aps on the AS/400 today given the manner by which IBM measures marketing success." Now, that observation is entirely dependent on us, the people who read and contribute to this forum and forums like this. We are the ones who are ultimately responsible for the life or death of the AS/400. And while I disagree in open sourcing OS/400, I highly agree in open sourcing the application software. Heck, I just released version 2.0 of my server/client software, which is over 10,000 lines of Java code (and a few lines of RPG as well), to the public domain. Other folks have been doing the same. Why? Because we want the AS/400 to succeed. I personally do NOT want to see information systems further degrade. We've seen the erosion of software quality coupled with the change of direction from sane, common-sense development to "the newest toy wins". I know very well that ten years ago, my clients would NOT have accepted that the first answer from the IS help desk is "reboot your machine", yet we have allowed that to happen. Some of us simply wanted to work our 40 hours and go home, thinking that the IS teat would continue to give milk until we retired. Some of us didn't want to accept the new technologies, and so let them evolve past our understanding. Some of us (myself included) thought we had put in our time and didn't deserve to have to fight the battles anymore. And some of us thought that management would suddenly realize what a wonderful thing the AS/400 was, despite the fact that nearly all the marketing money, inside and outside of IBM, was against it. Some of us believe in the tooth fairy, unfortunately. So we're going to have to mount a concerted effort to make the AS/400 attractive to management. It's going to have to be sleek and sexy and seductive, but it's also going to have to be secure and robust. WE are the ones who have to do this, by working together, probably on our own time, with our own resources and our own native talent. It's going to take sweat equity, and sacrifice, and vision to make this work. Because corporate America is currently in the vice-grip of 90-day planning and stock price strategy, it's up to us to make the future a viable reality to these people. But you know something? We can do it! We, the programmers of the AS/400, have developed some of the most wonderful business software ever written. Even with it's decrepit old green screen interface, the AS/400 runs the irreplaceable business applications that power more manufacturing companies, more distribution sites, more pharmaceutical companies, more banks, more insurance companies, more you name it than just about any other single solution. I mean, c'mon, how many of Microsoft's critical systems are on AS/400's? You want pretty graphics? Get Solaris. You want pretty reports? Get SQL. But if you want to do business, GET A 400!!!! So it's up to us, right now, to decide whether we want the AS/400 (or its descendants) to sink or swim. Think of it as a call to arms. Unless we want to spend our time trying to figure out why the Notes server is down again, or how to get our Visual Basic program running on the latest "compatible" release of Windows, we have to learn these new technologies. We're going to have to share our knowledge with forums like this and teach and learn from one another. And doing so, we CAN turn the formidable power of our collective abilities to making the AS/400 not only an integral player, but the PREMIERE player in the new IS landscape. And THAT, folks, is what happens when I get a little fired up... maybe I should think about decaf... src="//www.zappie.net/java/_derived/index.htm_cmp_zero110_vbtn_p.gif" width="140" height="60" border="0" alt="Java400.net - Java/400 Freeware" align="middle"> Java400.Net - where the AS/400 speaks Java with an RPG accent Home of PBD2.0, the color=red>FREE Java/400 Client/Server Toolkit

[David Abramowitz]

Except for the underlying causes, you said it all. Where is the demand coming from? Why would demand ever include an OS from Redmond that is unstable at best, or a 30 year old OS, that has no internal capabilities? Perhaps the answer is education. Very few newbies know the AS/400. Newbies are hired by large auditing firms, so SR. guys go play golf. The newbies have the ear of the CEO, and since they don't know, or understand the AS/400, or care to, they speak what they know: Oh, you have to go client server in order to be competitive!supposed to listen to the auditors. Conversely, if the newbies had received an education which included the advantages of the AS/400, this scenario never takes place. There are about 100 variations on this theme, but the net result is the same: A drop in demand for the AS/400. Dave

[Guest.Visitor]

Joe, get fired up anytime. I'd like to see more AS/400 users with your attitude. Talk about attracting talent--give me that kind of attitude and I'll give you my talent and hard work. I do have a question, however, about your thought, "Unix and NT are NOT for prime time. Why? Because they can be hacked..." Okay, maybe NT and Unix can be hacked, but how many of them are being hacked? Isn't the truth that these systems are being used for prime time. Aren't many of them using firewalls and aren't these firewalls good enough, even without 10-dot addresses; or, is it that businesses have just been lucky, so far?

[Guest.Visitor]

Hello Thomas, Just one thing : this survey you referred to can only be submitted after you have selected a home-state in the U.S.A. This means that people from outside the U.S.A. cannot participate ! Just thought I should mention it as I just went through the whole form and was unable to submit it... Kind regards, Rob.

[Guest.Visitor]

That comment has been made. It is being modified. Thanks.

[Guest.Visitor]

Richard Shaler wrote: Okay, maybe NT and Unix can be hacked, but how many of them are being hacked? Isn't the truth that these systems are being used for prime time. Aren't many of them using firewalls and aren't these firewalls good enough, even without 10-dot addresses; or, is it that businesses have just been lucky, so far? There was a story on the news this week about the guy who hacked into CDNow (I think) and stole all their credit card information and then later released it on the net. Something like 300,000 credit card user's information was suddenly public domain. I remember thinking when I heard that, "That never would have happened if they'd been on an AS/400."

[J.Pluta]

"give me that kind of attitude and I'll give you my talent and hard work." I appreciate that, Richard. Keep watching this space... you never know when I'll need help . "Okay, maybe NT and Unix can be hacked, but how many of them are being hacked? Isn't the truth that these systems are being used for prime time. Aren't many of them using firewalls and aren't these firewalls good enough, even without 10-dot addresses; or, is it that businesses have just been lucky, so far?" Firewalls are a definite plus to security. Remember, though, that a large part of security has to do with internal threats as well as external threats. In these days of portable computing, it's almost trivial to walk into a large corporation, look for a jack, and be on their network. Bring a palm pilot with the appropriate hack software, and you can upload a backdoor in no time (it can bang away at the server, and they'll have NO IDEA where the intrusion is coming from - "it's somewhere in the west ring"). Not only that, but you can get behind a firewall. I've seen it happen. A firewall is just another computer, and if you hack it, it will respond. Many routers have external ports, and many companies actually have these ports hooked up to modems! Can't do any of that to a locked down AS/400. If properly configured, the worst an intruder can do is shut down network access by disabling the user profiles. Even that is annoying, but far better than other scenarios. Also, people have been lucky. At this point, the hackers aren't interested in most companies. But that's changing. As the most obvious places (the White House, the FBI, NASA, etc.) get harder to crack, you'll see a tiering of hackers. The best and brightest will continue to try new techniques to get into the big sites, while the ... um ... less gifted, shall we say, among them will look for easier fish to fry. Heck, somebody hacked the website for our city here, just a sleepy little bedroom community. Why? Because it was there. As soon as Mom and Pop get on the Internet, it's going to be like a flame for the moths. The same crowd that in a different group might egg Old Man McGuthrie's house, might instead wipe out the website of JoAnn's Drugstore because she wouldn't sell them cigarettes. Now I'm starting to sound like William Gibson, positing a generation of cyberpunks out there causing Clockwork Orange damage in cyberspace, but it could happen. And the more leaky Unix and NT machines out there, the more likely it is to happen. Gz, I guess Tom's doom and gloom did get to me after all . src="//www.zappie.net/java/_derived/index.htm_cmp_zero110_vbtn_p.gif" width="140" height="60" border="0" alt="Java400.net - Java/400 Freeware" align="middle"> Java400.Net - where the AS/400 speaks Java with an RPG accent Home of PBD2.0, the color=red>FREE Java/400 Client/Server Toolkit

[David Abramowitz]

Richard Shaler wrote: Okay, maybe NT and Unix can be hacked, but how many of them are being hacked? Isn't the truth that these systems are being used for prime time. Aren't many of them using firewalls and aren't these firewalls good enough, even without 10-dot addresses; or, is it that businesses have just been lucky, so far? Yes, this is true, and businesses are using NT & Unix without firewalls. The very real question here, is what are these shops accomplishing with NT & Unix that could not be accomplished easier, better, cheaper, faster, with an AS/400? Dave

[Guest.Visitor]

Whoa. Great comments and analysis from all! I went from depths (after Thomas's essay) to elation (after Joe's) and then back and forth. And I agree with everyone (or I wouldn't be swinging back and forth). I think that right now there is a generation of hot young I.S. directors getting a whole generation of companies into hot water. And, if our economy is lucky, CEO and CIO's will eventually figure out they need a more stable platform, for all the reasons cited in this topic. How soon before they'll decide they've lived with their mistakes long enough and are willing to make new investments to rectify them? Anyone with a better sense of the macro economy have any insights? And, can we of the AS/400 world be ready for them when they start looking around for some stability in a very risky new world? I agree with you, Joe, so much! We have to write the next generation of applications and then be ready to step forward with them and make them known. When everyone's tired of trying to sort out the mess they're likely to find themselves in, can we have something "different" and distinctly better (plus tried and true) to offer? Can we have enough new young AS/400 professionals trained and coming up the ranks to fill demand for maintenance and support of these new installations, and to fill the ranks of senior people as they move on or out? Sounds like a movement. It just rankles some deep sense of "quality" in me that such a very harmonious and dependable machine as our beloved AS/400 is getting ignored (squeaky wheel syndrome?). I don't want to work on a lesser machine, especially when this one can keep me moving into the future with new, state of the art technology (with an all-important edge of practicality) while at the same time letting me forget about my "legacy" applications while they run quietly and dependably, year after year, upgrade after upgrade. I'm not wasting any of our I.S. staff time being sure we're protected from all the latest new rash of viruses, or worrying about hackers getting to our essential production data. But it's a big concern for the network.