Forward! by

Secure, Scalable, Cost-effective and Mission-critical fabric

Unisys

2© 2013 Unisys Corporation. All rights reserved. 2

the remaining 10-50% of your IT workloads

Does this describe

your IT Organization?

Concerns about “virtualizing”

cost effective way to move your RISC/UNIX mission critical workloads without concerns

“systems approach” to deploying a major application like SAPNeed a cost effective & less complex

Looking for a

Security & Performance

3© 2013 Unisys Corporation. All rights reserved. 3

Performance (44%) & Security (41%) are the biggest concerns*

Between 40 – 45% are reluctant to migrate mission critical applications*

You are not alone

* Based on a 2013 IDG study commissioned by Unisys

65% of Unix Systems will migrate to Linux by 2017 Source Gartner

70% of SAP Production Systems run on Physical Servers Source: Aberdeen Group

80% of Scale out ERP will migrate to Linux by 2017 Source Gartner

Forward!The Best of Physical & Virtual

s-Par® (Secure Partitioning) and Intel Xeon

High Speed Interconnect

Fabric Management Platform (FMP)

Certified Enterprise Windows and Linux

Data Foundation Hadoop

Military Grade Security

•Dedicated High Availability, Reliability and Security on Intel Xeon

•Fabric based Scalability, Low Latency and High Performance

•Simply Unified Management Single System Dashboard

•Open Operating Environments with Choice of Pre-configured Images

•Embedded Enhanced Security for Data Center

•Faster Access and Analysis of Big Data for Business Intelligence

Forward! by Unisys™ Core Building Blocks

5© 2013 Unisys Corporation. All rights reserved. 5

Forward! by Unisys

Introducing

An innovative new way to deploy mission critical workloads via secure dedicated HW partitions on Intel Xeon based platforms running Windows and Linux environments connected with an extensible high speed fabric interconnect integrated and delivered as a system with single pane of glass management

Forward!Built from our mainframe heritage of security & scalability

Without compromise…

Reservationsper Second

5,500Voice

Mailboxes

150MOf the

World’s Cargo

30%Max Flexibility

Max

Iso

lati

on

Unix Hard Partitioning

Software/Firmware

Partitioning

- IBM’s LPAR (AIX only)

- Sun’s LDOM (Solaris only)

Type 1 (Native VMM)

- ESX Server

- Xen

- Hyper-V

Type 2 (OS hosted)

- Linux KVM

- MS Virtual Server

- VMware Server

sPar ®

(Windows and Linux)

7© 2013 Unisys Corporation. All rights reserved. 7

Forward!

IO Specialty Partitions

Xeon Partitioning

Architectural evolution from Mainframe to X86Next generation to FABRIC & beyond

OS & DB SpecialtyPartitions

S-Par Xeon Partitioning

IO SpecialtyPartitions

S-Par Xeon Partitioning

2010Introduced a single platform distributed

OS architecture using s-Par® Xeon Platform Partitioning technology

ClearPath Mainframe Entry Performance/Capacity

Operating Systemand Database

Operating Systemand Database

ClearPath Mainframe High Performance/Capacity

2012Introduced a multi-platform distributed OS architecture,

multiple Xeon platforms connected using industry available high speed

point to point interconnect

Forward! Fabric

2013Introduce Unisys fabric computing, a multi-node infrastructure connected using a high

speed switched interconnect, that is partition-able for the purpose of supporting

heterogeneous Intel Xeon based applications, databases and operating

environments

High Speed and Secure Interconnect (switched)

S-Par Xeon Partitioning

Linux

Unisys Intel Platform

Customer selectable

configurations

S-Par Xeon Partitioning

W/L

Unisys Intel Platform

W/L

S-Par Xeon Partitioning

X-Large

Unisys Intel Platform

Mixed Partition

Sizes

S-Par Xeon Partitioning

Small

Unisys Intel Platform

Large

Linux Windows

Enterprise Windows and Linux Node

1 Platform

1 of ‘x’ Platforms

1 of 4 Platforms

Architectural evolution leading up to Forward! Fabric, delivering products along the journey

Enterprise Windows and Linux Node

Partition Size

Cores Memory NIC Ports

HBA Ports

X-Large 14 123 GB 12 6

Large 8 82 GB 8 4

Medium 4 41 GB 4 2

Small 2 20 GB 2 1

Physical Server+ Predictable Performance+ Dedicated resources to one

application+ Application Isolation+ S/W licensing ‘clarity’+ Simplified management and

monitoring- Typically Underutilized- 1 app / server = server

sprawl- Highest cost for HW/SW

maintenance/ Power/ Cooling

Hardware

OS

Application

One Server

Dedicated CPU, I/O, Memoryfor each partition

OS

App

OS OS

App App

s-Par s-Par s-Par

One Server

Secure Partitioning+ Predictable performance + Dedicated Resources

+ Processor+ Memory+ I/O & Storage

+ Partition isolation for security + Single pane of glass+ - Limited OS choices

- Windows 2012 / 2008 R2- Enteprise Linux

Virtualized Server+ Increase workload density=

fewer servers+ Dynamic capacity allocation

with shared resources+ Good for many ‘non critical’

workloads- Performance can varies by

workload, time of day etc. - S/W licensing ‘complexity’- Significant management- Typically Oversubscribed

Shared HardwareResources

Virtualization

OS

App

OS

App

OS

App

One Server

Forward!The Best of Physical & Virtual

9© 2013 Unisys Corporation. All rights reserved. 9

The Forward! Fabric Based Infrastructure

PLATFORM 1

Intel x86-64 (VT-x) Platform

Unisys Secure Partitioning

LL

PLATFORM 2

Intel x86-64 (VT-x) Platform

Unisys Secure Partitioning

W

PLATFORM 4….16

Intel x86-64 (VT-x) Platform

Unisys Secure Partitioning

W L

High Speed Interconnect

Partition Multiple Operation Environments Across Platforms, Geographies and the Cloud

L – LinuxW – Windows

PLATFORM 3

Intel x86-64 (VT-x) Platform

Unisys Secure Partitioning

W W W W

L

W

W L LW

InfiniBand 56GB Switch

Up to 16 nodes and 96 partitions per Fabric

L

Forward!Fabric Management

• Simple Management Interface

• Deploy Partitions in Minutes

• Manage Partition Health

• Secure Partition Connectivity in memory or across servers

• Definable Blue Prints to Replicate Environments

• Dedicate Resources to Partitions for Predictive Performance

Framework

UnifiedMonitoring

Provision & Configure

Identity and Access Mgmt

Alerts / EventsRemediation

Platform Management

Partition Management

Automation

Audit / Logging

SINGLE PANE OF GLASS

Diagnostics

Forward!How does

Impact a typical system configuration?

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

AP

Ps

erv

er

AP

Ps

erv

er

AP

Ps

erv

er

AP

Ps

erv

er

BD

se

rve

r

DB

se

rve

rSwitch

Challenge with Physical Infrastructure• Complex configurations• High cost of infrastructure• Higher licensing costs• Security Issues• High power, space, maintenance

and administrative costs

Average Physical Server Utilization – 5% - 15% Gartner

10 GB

From 18 Individual Physical Servers

Forward!The Forward! Advantage

Switch

Benefits of Forward!• Reduce servers by up to 75%• Deploy and resize in minutes• Reduced licensing & networking costs• Physical server isolation, predictability

and redundancy• Increased Security

• Secure Partitions• Point to Point Network

Communications• StealthTM cloaking

• Increased performance• In memory connections• 4-5X faster interconnect

• Reduced power, space, maintenance and administration

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

We

bse

rve

r

AP

Ps

erv

er

AP

Ps

erv

er

DB

se

rve

r

AP

Ps

erv

er

AP

Ps

erv

er

DB

se

rve

r

Consolidate to 4 Forward! Nodes

with 18 Secure Partitions

56 GB

Server Platform 1 Server Platform 2

Server Platform 4

Server Platform 3

Rates of consolidation will vary based on the system configuration and size

In memory connect In memory connect

Forward!The Capabilities

Reduced Complexity• Single Pane of Glass

Management for simple administration

• Flexible & Secure Mission Critical Partitioning

• Virtually Unlimited Scalability with in-memory & high interconnect • Secure partitions to protect

data & comply with regulations

• Protect data at rest & in motion

• Advanced security with integrated StealthTM

• Consolidate mission critical apps without compromise – up to 6:1

• Built in security to streamline protection saving up to 36%

• Leverage Cost Effective Intel Xeon Technology

Reduced Cost

Reduced Risk

Forward!The Use Case of

• Increase workload density with predictable performance

• Dedicated Resources– Processor, Memory,

I/O and Storage

• Partition isolation for security

• Single pane of glass = simplified management and monitoring

• Right sized for workloads

• Scale-up and scale-out storage for near-unlimited growth in performance and data capacity

• Dedicated, Storage Partition for each s-Par or COI

– Multi-protocol I/O ports, LUNs and/or Flexible Volumes isolated from all other s-Pars and COIs

• Each Storage Partition is right-sized and scalable

• Common management tools across all models in storage family

• Right-sized for capacity and performance

• Enterprise-proven Five 9s reliability

Secure partitioning – mixed workloads

OS

App

s-Par

OS

App

s-Par

OS

App

s-Par

One Server

Dedicated CPU, I/O, Memoryfor each partition

Storage Partition

Storage Partition

Storage Partition

Secure, Virtualized Scale-Out Storage

Multiple storage vendors supported

Fabric-based computing

Forward!The Use Case of

Accelerate UNIX to LINUX migrations

> 50% Faster

ServiceRequest

Design and Size

DC Planning

ProcureDetailedDesign

Deploy Test

DC Planning

Procure Deploy Test

ServiceAvailable

X X

Weeks or Months

ServiceAvailable

ServiceAvailable

Benefits• Agile service delivery • Higher productivity• Faster deployment• Predictable performance• Stealth and Communities of Interest

Traditional

With Forward! • Reference BoM • Validated design• Secure deployment • Performance test plan

DC Planning

Procure Deploy Test

Pre-provisioned Infrastructure Platform• Rapid deployment of applications• Shared pools meet most requirements

Forward!Migration Service

MigrationServices

Forward Stack

Oracle DB /IBM DB2

HP-UX /IBM AIX /

Oracle Solaris

HP n-Par / IBM L-Par Oracle VM for Sparc (Ldoms)

Ethernet Interconnect

Itanium / Power / Sparc

IBM WebSphere /Oracle WebLogic /

SAP NetWeaver

SAP Oracle(PeopleSoft/JDEdwards/Hyperion)

ERP/CRM/SCM/PLM/FMS/BI

Un

ix S

yste

m V

end

or

Su

pp

ort

an

d

Ser

vice

s Ban

kin

g/F

SS

Go

vern

men

t

Telc

o

Tran

spo

rtat

ion

System Integrator

Unix Stack

Oracle DBMS /IBM DB2 /

Microsoft SQL Server /MySQL /

Red Hat Linux /SuSe Linux /

Microsoft Windows

Unisys S-Par,High Speed Interconnect

SPoG System Management(opt. Stealth, Hadoop instance)

Intel Xeon VT-x / VT-d

IBM WebSphere /Oracle WebLogic /SAP NetWeaver /Red Hat Jboss /Microsoft .NET

SAP Oracle(PeopleSoft/JDEdwards/Hyperion)

ERP/CRM/SCM/FMS/PLM/BI

Un

isys

Su

pp

ort

an

d S

ervi

ces

Ban

kin

g/F

SS

Go

vern

men

t

Telc

o

Tran

spo

rtat

ion

System Integrator

Processor Architecture

System Software(Partitioning, Interconnect)

Operating System

Database System

Application Server

Application Vendor

Application Type

Industry Focus

Forward!The Use Case of

SAP Migration and consolidation

• Save 25 – 33% through server consolidation reducing servers and licensing1

• Reduce Servers by 75%2

• Up to 45% project timeline savings for SAP upgrade2

• SAPS performance improvement via high speed interconnect across multi-nodes

• Predictability of application performance for Unix like RAS with better Price/Performance3

• Ideal Architecture for HANA based applications modules

1 Oliver Wyman report: Growing Importance of Development and Test Solutions in SAP Environments 2 Oliver Wyman report: SAP Total Cost Comparison3 Oliver Wyman Study: Making Green IT a Reality

• TCO Application Environments– 39% lower TCO for Oracle

– 55% lower TCO for SAP

– 30% lower TCO for Exchange

– 44% lower TCO for file

– 35% lower TCO for archive

• Operational Efficiency– 50% less rack space

– 52% less power

– 51% lower heat

Forward!Reference SAP migration

Migrated SAP ERP applications from an IBM Power 770 mainframe running the Unix-based AIX operating system to a lower-cost Forward!

CEO M. Battistoni: “The Forward! platform showed Aspasiel a

cost-efficient way to benefit from the power of the Unisys secure partitioning technology on an industry-standard Intel platform while retaining the security and predictable performance we’ve come to

expect from our RISC-Unix- system”

“The Forward! platform helps set the stage for a future transition to the SAP

HANA environment so we can realize the benefits of big data for our business.”

http://www.unisys.com/unisys/news/detail.jsp?id=1120000970027910182

Security just isn’t good enough

Today’s

Perimeter

Stealth

It makes communication endpoints “dark” on a network

So users and assets are virtually invisible to

all unauthorized parties inside and outside the enterprise

Unisys Stealth solution for networks achieved EAL-4+ certification from the National Security Agency (NSA) as a secure solution for protecting data-in-motion across any network – public or private. This qualifies Unisys Stealth to protect U.S. Defense Department

data classified up to the ‘SECRET’ level.

Unisys Stealth is a Cryptographic Bit Splitting

Technology (CBST) Solution that can run in every endpoint

Unisys Stealth - Windows XP System IsolationSegregate Automation and Process Control

Problem: XP Security Patches terminated for A&PC Devices

Microsoft will terminate cost-effective support for Windows XP operating systems in April 2014, but these workstations may need to be deployed for years to come. Automation and Process Control devices pose a greater risk for compromise because of their specialty uses to monitor and/or control critical processes (e.g. power generation). Certain security requirements state that cyber security risks associated with process control systems can be significantly mitigated by segmenting or isolating A&PC systems on the network.

Business App Server

Stealth ProtectedAutomation and Process Control Workstations

BusinessWorkstations

Special ProcessingSystems

Solution:

• Deploy Unisys Stealth to segregate XP assets from the rest of the network

• Mitigate risk associated with network connectivity while not receiving security updates for legacy OS’s

• Employ network segregation to:

- Darken the segregated systems from would-be attackers so they are not discoverable via typical network scanning techniques

- Allow access to core IT Services

- Restrict access to Internet

• Increase security and eliminate XP maintenance expense

http://www.unisys.com/unisys/landingPages/index.jsp?id=1120000970027510165

22© 2013 Unisys Corporation. All rights reserved. 22

Forward! SummarizedProtecting Applications and Data

• Isolate applications through secure partitions segmenting the environments into smaller containers to limit vulnerability (Standard VM shares resources globally…a breach impacts all)

• Eliminate unauthorized external communications through out of band configurations

• Prevent VM aware viruses with low profile partitions and managed boot configurations

• Isolate traffic through out of band secure communications between partitions and nodes eliminating hijacking

• Define each platform, part or port through fabric management and partitioning group membership for secure trusted connections

• Strict switching fabric requiring direct addressing to secure traffic

• Center of Internet Security (CIS) benchmarks based standard configurations

• Automate hardening operating system best practices for consistent commissioning

• Simplified operating system administration to adjust and modify security settings

• Forward! management and monitoring are out of band and not available for hijacking from other LANs

• Clear text data exchange between Forward! services and application execution never exposing information to other LANs

• StealthTM Option to Cloak end points, data and servers

Secure Partitioning Software Driven Secure Networking

Hardened Operating Environments

Purpose BuiltLAN Security