Laying Tracks With Open Source
Union Pacific is building a new generation of intranet and customer apps based on Web technology, with open-source Apache Unix Web servers at the heart.
December 2, 2002
"We can take matters into our own hands," says Tom Lantry, the Web team leader and technical product manager for the Apache program at Union Pacific Railroad, an operating company that's part of the $11.9 billion Union Pacific Corp. in Omaha, Neb.
The Apache servers are the front end for most of Union Pacific's major customer applications, including car tracking, car ordering and billing. These applications and the company's intranet run on BEA Systems' WebLogic servers, and Union Pacific is integrating its existing Microsoft Windows NT Server and mainframe applications with the Web servers and gradually converting its mainframe applications to browser applications.
While Union Pacific's switch to open Web technology has indeed liberated its developers, it's frustrated them at times, too. A custom module written to solve one problem can sometimes trigger another: When developers testing the Web applications in a lab tried to access applications on the intranet--including one that traces new Union Pacific vehicles, which required user authentication--they got "page cannot be found" errors instead of the application. That's because the proxy servers written earlier by the IT team to support the two versions of WebLogic on Union Pacific's servers were automatically changing their user IDs and IP addresses to server IP addresses.
"So when the request for the application went back to WebLogic, it couldn't authenticate to it," Lantry says. The application servers didn't recognize the altered IP address, user and host names, so you couldn't access the applications.
Union Pacific had to write a custom Apache module that makes sure the correct user, host and IP address information shows up instead. "You have to know how to code for Apache," says Lantry, who wrote the module. "It's pretty involved."Union Pacific's Web strategy originated at the top, from CIO L. Merill Bryan. Corporate executives had been impressed by an experimental application run by Union Pacific's nationwide customer-service center that let customers trace the location and schedule of railcars delivering freight. The application, which was running on a single Windows NT server with O'Reilly WebSite, connects to the company's mainframe to trace the cars' locations.
Last year, the company began building out the Apache and WebLogic environment. Aside from the advantages of Apache's open-source roots, Lantry says the company chose it over Microsoft's and iPlanet's Web servers because it was already popular and has a relatively clean security record. The company's Apache-based intranet server infrastructure is an integral component in the company's rail operations, considering that an overwhelming majority of its 48,000 employees work in the field; about 6,000 of them work in the company's Omaha and St. Louis sites.
Almost Famous
The downside of Apache is that not many off-the-shelf Web applications are written for freeware. Union Pacific runs a few applications that don't use Apache and require Microsoft's Internet Information Server. The applications include FileNet Corp.'s Panagon and Siebel Systems' customer relationship management packages, so Union Pacific runs an IIS-based Web-server cluster for those applications. "That complicates things because you'll never get to one environment," Lantry says. "There always will be products written specifically for Microsoft."
The same holds true for the back-end WebLogic application servers. "No single tool does everything. Every application isn't going to run on WebLogic," Lantry says. "There won't be a single Web architecture."Migrating the legacy systems to the Web infrastructure hasn't been easy because of the sheer volume of files and applications affected. For example, Union Pacific still needs to move a Novell NetWare file system to the Web that supports a tool for applying for employment, as well as a related database. "We need to have a home for them in the new environment," Lantry says.
Meanwhile, the proxies Union Pacific developers wrote for Apache complicate the management picture. These homegrown bits of code mean additional configuration files and Apache "instances" that require monitoring--most of which today is handled by Union Pacific's systems-management tools. The company may get some relief early next year, Lantry says, when it installs Covalent Technologies' Enterprise Ready Server (ERS) software for managing Apache. Union Pacific hopes to use ERS to better manage the Web-server infrastructure and to simplify management of moves, adds and changes on the Apache servers.
Still, Lantry says the company won't simplify all the custom coding it took to integrate the Web servers with legacy servers. "I don't see how we can get rid of these custom modules we've had to develop," he says. Covalent will, however, help Union Pacific recompile the modules to run with ERS, he says, so ERS can manage them.
Also in store is the installation of a content-management package, Interwoven's Enterprise Content Management, which the company will test before year's end. That should help Union Pacific keep up with all the extra customer information being generated by increased Web traffic.
"There is so much business done on the Web now," Lantry says. "Every time you turn around, new projects are coming in. It can be hard to find the time and people to do all the work."Tell Us About Your Network and we may profile it in a future issue. Send e-mail to [email protected] or call (516)562-5914.
It's easy to get corporate buy-in for an IT project when the mandate for the project comes from the top. There was no mistaking Union Pacific Railroad's corporate commitment when CIO
L. Merill Bryan gave word two years ago that the company would build a new Web architecture.
The initiative took off like a speeding train, until last year when it was time to begin installing and implementing some of the new elements. Not all the IT groups were on the same track when the implementation phase began. The Web group, for instance, had written some custom code that authenticated mainframe users coming in through the new Apache front-end Web servers. The security team, meanwhile, was working toward converting all Web applications, including the mainframe ones, to use the company's new Netegrity SiteMinder authentication tool.
The Web group initially resisted going with SiteMinder, instead favoring the Apache route. "There were parallel projects going," says Tom Lantry, the Web team leader and technical product manager for the Apache program at Union Pacific Railroad. "They wanted to integrate SiteMinder right off the bat, and we wanted to phase it in later."Putting aside their differences, the two IT groups teamed up to develop custom modules using both SiteMinder and Apache code. The modules integrated Union Pacific's mainframe apps with the company's security system. "We agreed on the way SiteMinder was configured and how the custom modules were architected," Lantry says.
The most nerve-racking moment was during the initial cutover of both the internal and customer applications. There were a couple of failures, Lantry says, when SiteMinder experienced problems authorizing access to the Oracle database after authenticating users to the mainframe. The process had worked smoothly in the lab but apparently didn't quite mimic real-world traffic. "There was a lot of pressure from departments such as marketing and customer service that deal with our customers," Lantry says. "They just wanted the site to work."
So the Web group had to write code that remedied the interface problems between SiteMinder and the Oracle database. "During all this, we had good support and backing from management," Lantry says. "They wanted this project to succeed."
Tom Lantry, 34, has spent his 11 years in IT with Union Pacific Railroad. He's responsible for the company's Apache architecture and handles the configuration, installation, support and integration of Web software. His team provides internal technical support and works with vendors on product issues and integration of third-party products.Education: B.S. in Electrical Engineering, University of Nebraska
Next Time, I'll: Have more knowledge up front. The second-generation Web architecture project would have gone more smoothly if we had more knowledge about Apache, SiteMinder, WebLogic and Interwoven. We learned while working on the project.
Biggest Mistake Made in Technology Circles: Many times, decisions are made at the marketing level. A slick salesperson gets hold of an executive with a big budget and makes the sale. The IT guys in the trenches are then tasked with making it work.
Best Advice He's Ever Gotten: Don't do it if it doesn't feel right. I learned that when a friend and I drove to the Ozarks to look at a used boat we wanted to buy. It wasn't exactly what we were expecting, but I was ready to hook it up and pull it home on the truck anyway after the sellers cleaned it up. Instead, I wisely took my friend's advice and went home without the boat.
Just for Fun: This may be nerdy, but I'm studying chess, which I guess goes along with my competitive nature (that's why the second-generation Web architecture project was right up my alley). I also like golf, waterskiing, softball and spending time with my kids.Wheels: Jeep Grand Cherokee--it's powerful, comfortable and always takes me where I want to go in the Nebraska winter weather.
Biggest Bet He's Ever Made: I've played "match the pot" poker where the pot gets up to a couple of hundred bucks. Last time I played I won $100, but I don't want to say more than that.
You May Also Like