Midrange Insights

Analysis of News Events
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

If upper-level management hasn’t started getting on your case about e-business yet, get ready. Even if you are swamped with Y2K problems (and most AS/400 shops are thankfully way ahead of the curve when it comes to dealing with millennium bugs), the next couple of years of your life—whether you are a programmer maintaining RPG code, an IT manager guiding the programming activities of your IT shop, or a company CEO, president, or proprietor—will be focused almost solely on getting out there on the Web and doing business.

Your company may or may not sell directly to consumers, and it doesn’t, in fact, make one bit of difference to whom you sell your products. How you sell them is what will become most important. Internet technologies hold the promise of cutting the cost of performing transactions and making companies more efficient at what they already know how to do, and that, more than any amount of marketing and advertising by companies such as IBM, Sun Microsystems, or Microsoft, will be what drives the e-business boom.

The first wave of computing in the 1960s and 1970s brought computing into the back office for bookkeeping; the second wave of computing in the 1980s and 1990s saw the advent of manufacturing and distribution programs that integrated with these accounting systems to create what is called enterprise resource planning (ERP) applications. In the 2000s, these ERP systems will be extended with supply chain and customer resource management programs that link companies directly to their parts suppliers, resellers, and customers. There is no doubt in anyone’s mind that Internet technologies are the undisputed choice for connectivity between back office systems and end users. Upper management finally understands that. But what they probably don’t understand is how to get from where a company is today to where it needs to be a year or two from now to be an effective e-business. This month’s Midrange Insights examines a few of the issues that you’ll probably have to sell to the boardroom crowd to get down to e-business.

Return on Investment

The first thing all good managers want to know when they are making an investment, whether it is in application software, a physical plant, real estate, or a new business acquisition, is what they will get out of making that investment. Calculating return on investment (ROI) is one of those black arts that is best practiced for your own purposes

without looking too closely at the data. All it will do is cause arguments, as do price/performance benchmarks within the IT organization. Industry consultants spend lots of time calculating ROI for specific kinds of computer hard-ware and software projects, and it is these ROI figures, more than any other factor, that have persuaded companies of all sizes to make huge investments in ERP software over the past five years.

It comes as no surprise that business owners and managers saw dollar signs when ERP vendors promised them 100 percent, 200 percent, and sometimes even 300 percent ROI on their ERP applications over the course of three or four years. Even though the installation and customization costs of ERP software went into the millions, tens of millions, or (at the largest companies) hundreds of million of dollars, they could demonstrate that the improved efficiency that came from an integrated application suite was well worth the money. (Perhaps those high ROIs are a measure more of how bad existing legacy software was than of how good ERP suites are.) As business and IT managers look at extending their applications out to the Web, they are trying to calculate the ROI for these projects.

IBM, in pushing its e-business initiatives, is relying on ROI data from industry analysts The McKenna Group and META Group. McKenna has studied what benefits companies expect to get from their various e-business projects, while META has gone out and calculated an average customer ROI for those who have implemented these projects already. The result of these two companies’ work is presented in the table in Figure 1. As the table shows, companies publish “brochureware” describing the products and services they sell on a simple corporate Web site. These offerings are designed to cut marketing costs and generate a little supplemental revenue derived predominantly from the internationalization of the Web and the luck of the draw from Web surfers using search engines. Such simple Web projects have shown an average ROI of 21 percent over the course of a single year. They are not expensive, but they also don’t generate tons of money, hence the relatively low ROI.

The further that e-business applications weave themselves into existing noncomputerized business processes or legacy applications, the more costly they generally are, but the payoff is also a lot bigger. Companies that install groupware/workflow software, such as Lotus Domino, or that buy Web-enabled supply chain extensions to their ERP software or that set up Web-based customer self-service storefronts can expect between 40 and 50 percent ROI, according to META Group. The highest ROIs come from completely integrating back-end applications with the Web and extending them to business partners through extranets and to consumers through the Internet. META says the average ROI for this last category is about 68 percent.

The fact that the ROI numbers are lower for e-business than they have been for ERP projects is mostly an illusion, especially at AS/400 shops. Companies have been able to do business without sophisticated, off-the-shelf integrated ERP suites for years, often by integrating their own software modules with those from third parties or just writing the whole suite of applications themselves. In effect, AS/400 shops have been getting smaller incremental ROI gains every year that they have been using their machines and creating programs for them. AS/400 customers have been blessed with an easy-to-use system (the AS/400), database (OS/400), and programming language (RPG), which has meant they have not had to make the big ERP investments that some manufacturers and distributors on other platforms have. No matter what the ROI is, AS/400 shops are going to have to transform themselves into e-businesses by the mid-2000s if not earlier, because that is what their competitors are going to do.

Security Through Obscurity

IT managers are, as Figure 2 shows, still more concerned with security than any other aspect of creating e-business applications. In addition to being blessed with a machine that is arguably the easiest machine to program in the midrange, AS/400 shops are fortunate in

another respect when it comes to moving into e-business: high security. By the very nature of its file systems, OS/400 is more resistant to viruses than perhaps any other computer on the market. I say virus resistant because no computer is hackerproof. But the AS/400 has a serious edge when it comes to security because the operating system has been designed from the beginning to allow only end users with specific programmer authority to create and execute objects on the machine. No other operating system—not MVS, not Solaris (which is used on 80 percent of the Internet backbone), not Windows NT—has this feature. This requirement for programmer authority to execute programs makes it extremely unlikely that a virus could spread from AS/400 to AS/400, even if one could be created. To date, no AS/400-specific virus has ever been reported, and only one isolated hacker attempt on a Lotus Domino server running on the AS/400 is known.

This doesn’t mean that the AS/400 is hackerproof. AS/400 bit twiddlers I have spoken to have theorized that it would be possible to create a virus that enters the AS/400 system as a patch to the operating system’s storage management subsystems, much as a boot sector virus in a PC desktop or server running Windows. The virus would enter the system through either an application or a system software patch, and upon rebooting the machine (perhaps after the virus caused an intentional hardware crash), the virus would load itself into the storage management subsystems and do whatever damage it was designed to do.

No one said infecting an AS/400 would be easy, but it is possible, regardless of IBM’s assurances to the contrary. For instance, on AS/400s shipped prior to 1996, the system security level was set to the lowest level, Level 10, rather than the current way machines are shipped, with Level 30 (the second highest security level) turned on. Customers foolish enough to leave the default administrator security codes intact could be leaving themselves open to possible attack. Perhaps even more important than worrying about hackers coming in from the Internet through e-business applications is worrying about inside hacker jobs. Just as has always been the case with bank robberies and embezzling, hackers are generally working from the inside, not the outside.

Suffice it to say, the AS/400 security situation is better than that of UNIX or NT platforms, and that is an important fact to remind upper management of. Only a few UNIX implementations have the C2 level of security required by the U.S. Department of Defense; OS/400 does as well, as did NT 3.51, but shockingly, NT 4.0 does not. Nonetheless, OS/400’s superior security features should not dissuade AS/400 shops from going full- steam ahead on Internet firewalls, data encryption, and other security measures. These won’t make you impervious to troubles like theft-of-services attacks (in which hackers try to overwhelm your servers with garbage transactions and make it impossible for real users to get at your applications), but you will have done everything that is possible to protect your corporate assets.

One last thing to remind upper-level management about security and OS/400: There are millions of programmers who are intimately acquainted with DOS/Windows and UNIX and their respective security holes. There are only about a million OS/400-RPG programmers in the world, and most of them did not grow up watching War Games and idolizing the hacker culture. The fact that OS/400 is a strange environment to Windows or UNIX hackers is an additional benefit. This “security through obscurity” is perhaps diminished since IBM has added UNIX APIs to OS/400 and made Windows NT the preferred adjunct operating system on the AS/400’s Integrated Netfinity Server card, but every little bit helps. The longer you can baffle a hacker, the better the odds you will catch him or stop him in his tracks.

Outside Help

The best piece of advice for any company that is trying to create e-business applications is to get outside help. All the major computer vendors do, including IBM and Compaq. Just because you know your business doesn’t mean you know how to create an effective

presence for your business out there on the Internet. (This may be the case even for your corporate intranets, but that is debatable.)

When it comes to building e-business applications, more and more of the artistic, technical, and economic choices are being made by companies that IBM calls Web integrators. These companies are not traditional computer companies, such as IBM, Sun, Hewlett-Packard, or Compaq, nor are they service companies, such as IBM Global Services, EDS, Andersen Consulting, or any of the Big Four accountancies. The shakers and the movers in creating e-business Web sites are companies like USWeb/CKS, Agency.com, Razorfish, Blue Marble, Viant, and a few thousand other firms you’ve probably never heard of. IBM has set up a special Business Partner program called Web Integrators to educate and train these companies on IBM software technology such as MQSeries, Domino, and DB2 in the hopes that, as they try to sell their services into the IBM installed base, they will know how to use IBM software technology and will preferentially choose it over alternative UNIX and NT technologies, the current favorites among Web integrators.

Why does IBM care about what these Web integrators think about its platforms? A few years ago, these firms were on the cutting edge of Web development, pushing Web technologies to the edge of the envelope, merging them with artistic flair to develop some of the slickest sites on the Internet. In those days, Web integrators were building $75,000 corporate brochureware sites with a smattering of marketing and Java to make them interesting. These days, the biggest Web integrators are making hundreds of millions of dollars a year creating multimillion-dollar e-business sites for some of the world’s largest companies. But they need many more small and medium companies as customers if they ever hope to increase their revenues in ways that will satisfy their shareholders or to enable them to go public if they haven’t already. To do that, Web integrators are going to have to shift gears from low-volume, high-ticket jobs to high-volume, moderately priced e- business development jobs. That means Web integrators are looking for companies just like yours that are only now dipping their toes in the e-business waters.

Rather than re-create the wheels they have already made a dozen or a hundred times already, it would be smarter, easier, and, probably in the long run, cheaper to get in touch with Web integrators that are familiar with IBM technology and see if there is a way for them to work with you to build your Web presence and e-business applications. Every edge you can get out there on the Web will pay for itself in multiples. While IBM’s Web Integrator partner initiative is geared to help Web development companies learn and use IBM technologies, turn it around and use IBM to help you hook up with a Web integrator that knows the AS/400 and how to build e-business applications. You can contact the managers of this program at www.software.ibm.com/webintegrators

Drivers Behind E-business Initiatives

Reasons for Engaging in E-business; Return on Investment

Reduce Improve Reduce Generate Improve Cycle Customer Return on E-business Project Costs Revenue Productivity Time Quality Investment Web publishing X X 21% Collaboration X X X 40% E-commerce in supply chain X X X 44% Customer self-service X X X X 47% Full back-end integration X X X X X 68%

Sources: The McKenna Group, META Group

Figure 1: Here is a review of business value drivers and estimated return on investment for various e-business initiatives.


Security Access to legacy applications Java on the server Rapid application development Ability to do Web transactions

1 2 3 4 5

Figure 2: Companies creating e-business applications are more concerned about security than any other aspect of the process.