Announcing Microsoft Host Integration Server 2028: Modern connectivity for IBM Mainframes Midranges
Many organizations continue to rely on IBM mainframe and midrange platforms for high-value, mission-critical workloads. At the same time, application modernization, security requirements, and hybrid cloud operating models are driving the need for reliable, supported connectivity between host systems and modern Windows, Linux, and Azure-based applications. Microsoft Host Integration Server 2028 (HIS 2028) is the next release of Host Integration Server and the successor to Host Integration Server 2020. It helps enterprise IT teams and developers integrate existing IBM host systems, programs, messages, and data with modern Windows, Linux, and Azure applications—while improving security posture, developer productivity, and platform alignment for the years ahead. HIS has long provided essential capabilities across network, data, application, message, and security integration—supporting technologies such as SNA connectivity, 3270/5250 sessions, Transaction Integrator (TI) for CICS/IMS, DB2 connectivity, and IBM MQ integration. With HIS 2028, we continue this mission with targeted modernization investments and deliberate product cleanup to reduce legacy dependencies. Read on for what’s new in HIS 2028, what’s being deprecated, and how to start planning your upgrade from HIS 2020. What’s new in Host Integration Server 2028 HIS 2028 focuses on three themes: (1) platform modernization to align with current Microsoft engineering systems and developer workflows, (2) new and extended connectivity surfaces—especially via modern APIs, and (3) product cleanup to remove older dependencies and unsupported technologies. The table at the end of this document summarizes the planned feature areas and cleanup items. Platform modernization: Upgrade to .NET 10 and update the SDK to align with modern .NET development practices. This allows HIS 2028 to be the first version ever of HIS working on Linux. This is only for non-SNA features. Integration with Foundry: Foundry integration to allow customers create agents that leverage their Mainframe and Midranges data. Modern API surfaces: Add REST APIs for key integration areas, including the DB2 managed provider, and Transaction Integrator workloads (CICS/IMS). Identity and hybrid management: Add Microsoft Entra ID support and Azure Arc enablement for the HIS Gateway to improve security and manageability in hybrid environments. Developer experience: Migrate the designer experience to Visual Studio Code to better fit modern developer workflows. Expanded host platform alignment: Add support for newer versions of IBM middleware and platforms, including DB2, MQ, IMS, and CICS. New provider capabilities: Introduce an IMS DB managed provider and NuGet packages for Linux scenarios where applicable. Product cleanup and deprecations Remove support for Visual Studio 2017 and Visual Studio 2019 as supported designers and tooling move forward. Remove 32-bit support to simplify engineering, testing, and security posture. Remove ODBC provider and remove DB2 Entity Provider where newer provider options are preferred. Remove WMI and WCF support to reduce reliance on legacy Windows components. Remove unsupported protocols from the SNA Gateway (including older UI paths) to streamline the product. Remove BizTalk adapter support to be aligned with the BizTalk Server end of life. Remove WCF Channel used by the BizTalk Adapters Remove DrdaClient as MsDb2Client and MsIfmxClient have functionality specifically tailored to the target databases Remove ESSO to reduce reliance on legacy Windows components. Security, identity, and hybrid management HIS 2028 modernizes how host connectivity is secured and operated in hybrid environments. With Microsoft Entra ID support and Azure Arc enablement, organizations can reduce credential sprawl, improve auditability, and adopt consistent governance and monitoring patterns across on-premises and cloud-connected environments. These investments are designed to complement existing enterprise identity and operational controls, helping teams manage host connectivity components as part of their broader infrastructure and security programs. Sign up for the preview today We’re currently onboarding customers and partners to Host Integration Server 2028 preview, in advance of general availability in the coming year: https://aka.ms/hiseapsignup
Announcing the open Public Preview of the Premium v2 tier of Azure API Management
Today, we are excited to announce the public preview of Azure API Management Premium v2 tier. Superior capacity, highest entity limits, unlimited included calls, and the most comprehensive set of features set the Premium apart from other API Management tiers. Customers rely on the Premium tier for running enterprise-wide API programs at scale, with high availability, and performance. The Premium v2 tier has a new architecture that eliminates management traffic from the customer VNet, making private networking much more secure and easier to setup. During the creation of a Premium v2 instance, you can choose between VNet injection or VNet integration (introduced in the Standard v2 tier) options. New and improved VNet injection Using VNet injection in Premium v2 no longer requires any network security groups rules, route tables, or service endpoints. Customers can secure their API workloads without impacting API Management dependencies, while Microsoft can secure the infrastructure without interfering with customer API workloads. In short, the new VNet injection implementation enables both parties to manage network security and configuration setting independently and without affecting each other. You can now configure your APIs with complete networking flexibility: force tunnel all outbound traffic on-premises, send all outbound traffic through an NVA, or add a WAF device to monitor all inbound traffic to your API Management Premium v2—all without constraints. Region availability The public preview of the Premium v2 tier is available only in 6 public regions (Australia East, East US2, Germany West Central, Korea Central, Norway East and UK South) and requires creating a new service instance. For pricing information and regional availability, please visit the API Management pricing page. Learn more API Management v2 tiers documentation API Management v2 tiers FAQ API Management overview documentationGA: Inbound private endpoint for Standard v2 tier of Azure API Management
Standard v2 was announced in general availability on April 1st, 2024. Customers can now configure an inbound private endpoint for their API Management Standard v2 instance to allow clients in your private network to securely access the API Management gateway over Azure Private Link. The private endpoint uses an IP address from an Azure virtual network in which it's hosted. Network traffic between a client on your private network and API Management traverses over the virtual network and a Private Link on the Microsoft backbone network, eliminating exposure from the public internet. Further, you can configure custom DNS settings or an Azure DNS private zone to map the API Management hostname to the endpoint's private IP address. Inbound private endpoint With a private endpoint and Private Link, you can: Create multiple Private Link connections to an API Management instance. Use the private endpoint to send inbound traffic on a secure connection. Use policy to distinguish traffic that comes from the private endpoint. Limit incoming traffic only to private endpoints, preventing data exfiltration. Combine with outbound virtual network integration to provide end-to-end network isolation of your API Management clients and backend services. Today, only the API Management instance’s Gateway endpoint supports inbound private link connections. In addition, each API management instance can support at most 100 private link connections. Typical scenarios You can use an inbound private endpoint to enable private-only access directly to the API Management gateway to limit exposure of sensitive data or backends. Some of the common supported scenarios include: Pass client requests through a firewall and configure rules to route requests privately to the API Management gateway. Configure Azure Front Door (or Azure Front Door with Azure Application Gateway) to receive external traffic and then route traffic privately to the API Management gateway. For example, see Connect Azure Front Door Premium to an Azure API Management with Private Link. Learn more API Management v2 tiers FAQ API Management v2 tiers documentation API Management overview documentationWe want to hear from you: A short survey to learn from your CICS and IMS integration needs
We are looking to learn about your scenarios on using Logic Apps to integrate with CICS and IMS systems on IBM Mainframes to better define how Microsoft can address these requirements within the Azure Integration Services platform.
