ibm linuxone the largest scalable linux server - schd.ws - ibm linuxone - the... · from moby to...

© 2017 IBM Corp.

Open Source Summit Europe Prague

October, 24th 2017

IBM LinuxONE

the largest scalable Linux Server

The Modernization possibilities on the Most Scalable Compute Platform for Secure Data Driven Workloads

Jens Voelker, [email protected] , Program Manager Linux Ecosystem Business Development & StrategyJohn Smith, [email protected] , Offering Manager IBM Z Ecosystem & strategy team

© 2017 IBM Corp.

Linux on LinuxONE – What is that?

The Hardware: Emperor II & Rockhopper

Platform Openness

From Moby to Docker EE

AgendaIBM LinuxONE6

6the largest scalable Linux Server

Unmatched Security: IBM Secure Service Containers

Scalable Data Serving

Open Mainframe Project

Linux Heritage & Strategy

© 2017 IBM Corp.



Platform Openness

AgendaIBM LinuxONE6







© 2017 IBM Corp.

How everything began with Linux on LinuxONE

Do one brave thing today ….. then run like hell!

© 2017 IBM Corp.

• Spectrum Scale™ (GPFS™)• Oracle 12c

1999: Linux on S/390®

2009: � z/VM v6� Enterprise Linux Server

2000:Integrated Facility

for Linux (IFL)

2007: IBM Big Green

Consolidation 3900 to 30

2001: HiperSockets™

� RHEL 7.3� SLES12 SP2� Ubuntu 16.04

2006: 1000 Appl., 300 ISVs2000:

DB2®,

WebSphere®

1999: IBM Linux Tech

Center

2001: Red Hat Linux

First release2000:

SUSE Linux

2002: major ISVs:

SAP, Oracle 9i

2014: � IBM Wave� OpenStack

2015: � KVM for IBM z� IBM Wave upd.� IBM zAware for Linux� IBM LinuxONE™

� RHEL 7.2� SLES 12 SP1--------------------------− SMT− SIMD in kernel− 10 Gb PCI / RoCE

Crypto enhance.

• Blockchain• Open source ecosystem ext.

2017: � IBM z14

� z/VM Subcapacity� IBM Wave 1.2 SP6

• Docker Enterprise Edition

• DBaaS reference architecture

• Spectrum Scale 4.2.3.1

� KVM support in SUSE and Ubuntu

� RHEL � SLES

� Ubuntu 17.04

• DB2 BLU• GDPS® Virtual Appliance • Financial Transaction Mgr • Open source ecosystem

2016: � KVM 1.1.2� z/VM 6.4

2013: >3000 Applications

Linux on the IBM Z Platform A 17-year Journey of Innovation and Technology

© 2017 IBM Corp.

What is Linux on IBM® LinuxONE® (IBM Z®)

Supported Virtualization

IBM z/VM® + IBM Wave for z/VM

KVM – incl. in distributions from SUSE and Canonical

Logical Partitions (LPAR)

standard mode: PR/SM™

DPM mode: IBM Dynamic Partition Manager

Linux is Linux is Linux .

Pure Linux®, no emulation

runs natively on IBM Z hardware or virtualized under z/VM or KVM

Not a unique version of Linux

Same Look & Feel

Supported Enterprise Linux distributions

Community Versions

2000 2017

See ‘z Systems Virtual Servers’

See ‘Tested Platforms’

0.3 % platform specific code in GCC

0.5 % of platform specific code in Glibc

< 2 % platform specific code e.g. device drivers in Linux Kernel

Linux on LinuxONE Platform

© 2017 IBM Corp.



Platform Openness

AgendaIBM LinuxONE6







© 2017 IBM Corp.

Linux on IBM LinuxONE™ Emperor II Basics

Nested virtualization Hardware optimized for two hypervisor levels

Extreme utilization Through balanced system design

HiperSockets™ Efficient and secure internal network for all workload communication

Virtualization

Management

z/VM + IBM Wave and/or KVM with standard manageability interfaces - efficiency at scale with easy administration, provisioning and automation

Linux VMs Up to thousands Linux VMs running standard Linux distributions

Protected Key

encryption

Fast in-system encryption without exposing private keys to the Operating Systems

Physicalresources

VirtualizedResources in

2nd level VMs

HiperSockets

communication

Memory - up to 32 TB

IFLs

I/O and Network

2nd levelhypervisor

LinuxGuests

LinuxGuests

Linux

LPAR LPAR LPAR LPAR LPAR LPAR

IFLs

Linux Linux Linux

© 2017 IBM Corp.

Up to4 TB

8X more memory

Up to20

Configurable cores at 4.3GHz

I/ODedicated I/O,RAS and other coprocessors

Up to40

ConfigurableLPARs

LargerCache

More workloads per server

Crypto Express5S

Performance and function

SMT,SIMD

Enhanced performance

Emperor II

Up to32 TB

>3X more available memory

Up to170

Configurable cores at 5.2GHz

I/ODedicated I/O,RAS and other coprocessors

Up to85

ConfigurableLPARs

LargerCache

More workloads per server

Crypto Express6S

Performance and function

SMT,SIMD

Enhanced performance

IBM GDPS solutionsContinuous availability & Disaster recovery

IBM Spectrum ScaleClustered file system

IBM zAware functionalityIBM Z Advanced Workload. Analysis

Reporter

IBM z/VM + IBM WaveVirtualization with efficiency at scale +

Intuitive virtualization management

KVM on IBM ZOpen source virtualization

Logical Partitions / Dynamic Partition Mgr

technology & capacity

Emperor & rockhopper

Unmatched server technology & capacity

Rockhopper

Linux on IBM LinuxONE™ Emperor II & Rockhopper

© 2017 IBM Corp.

LinuxONE has multi-dimensional growth and scalability options

Dynamic Changes

Capabilities

z/VM

LPAR

Linux Guest

Add CPU Yes Yes

Increase weight / share Yes Yes

Add memory Yes Yes

Add I/O adapter Yes Yes

Remove CPU Yes Yes

Decrease weight / share Yes Yes

Remove memory No Yes

Remove I/O adapter Yes Yes

Multi-dimensional growth and scalability options• Dynamically add cores (1 to 170), memory (up to 32 TB), I/O adapters (up to 160 PCIe slots), devices and network

cards

• Resources may be shared or dedicated

• Grow horizontally (add Linux guests), vertically (add to existing Linux guests) and diagonal (Mix and Match – Find your scale sweet spot)

• Grow and scale without disruption to running environment

• Provision for peak utilization, unused resources automatically reallocated after peak

Flexible Resource/Workload Management and High configuration flexibility• Advanced workload management enables maximum

utilization of the system resources• Goal-oriented approach for performance mgmt of a hypervisor• Ability to basically do a forklift upgrade to new z Systems server

Efficiencies of Consolidation• Less operational effort based on centralized management, using the same arrangements for

administration, security, backup and disaster recovery• Less efforts for less IT equipment

Add more resourcesto an existing Linux guest...

© 2017 IBM Corp.

Workload Management – LinuxONE Utilization

LinuxONE Workload Management

� Priority Workload

− No throughput reduction

− No response time increase

� Low Priority Workload

− Soaks up remaining processor minutes

� 1.9% unused processor minutes

Leading x86 Hypervisor

� Priority Workload− 31% throughput reduction− 45% response time increase

� Low Priority Workload− Soaks up more CPU minutes

� 21.9% unused CPU minutes

Too much resource given to Low Priority workload

High Priority workload gets less resource than needed

CPO study

© 2017 IBM Corp.



Platform Openness

AgendaIBM LinuxONE6







© 2017 IBM Corp.

Who is using Linux on IBM LinuxONE and IBM Z today

Used in over 60 countries across 22 industries around the globe

Most used in:

Banking and Financial Markets

Government

Insurance

Computer Services

Retail and Healthcare

Transportation and Telecommunication

based on Capacity

• 90 of the top 100 IBM Z clients are running Linux on IBM z (based

on total installed MIPS in 2Q2017)

• 49% of IBM Z clients have IFLs installed

� Very large installations with up to hundreds of cores/IFLs in USA, Japan, Brazil, Germany, UK and South Africa

� Small installations with 2 IFLs in all countries and on all IBM Z models

� Most clients run Linux co-located with z/OS®, z/VSE® and/or z/TPF on an IBM Z server

2000 In the market since 2000, well accepted and growing 2017

Installed Capacity Over Time

YE04 YE05 YE06 YE07 YE08 YE09 YE10 YE11 YE12 YE13 YE14 YE16YE15

Inst

all

ed

IF

L C

ap

aci

ty

2Q17

© 2017 IBM Corp.

LinuxONE has a continuous focus on IBM Z characteristics the Business benefits from

Consolidation Capabilities: • Server, Network, Storage, Staff, Skills, Utilities, Environmental, Applications Hosting

of different workloads at the same time

Business Resiliency Capabilities:• High Availability, • Disaster Recovery, xDR, Serviceability,

Reliability • Storage failover (HyperSwap™),

Data replication (Metro / Global Mirror)

Security Capabilities:• Privacy, • Regulatory requirements, • Identity management, • Common Criteria Certification, • Image Isolation,• Cryptographic Acceleration,• Centralized Authentication,• Physically secure communications

with HiperSockets™ and Guest LANs

Operational Simplification

Capabilities:• Virtualization, • Single Point of Control, • Single System Image,, • Resource Sharing

Flexibility / On demand Capabilities:• Mixed Workloads: Scale-up & scale-out, • Rapid server (de)commissioning, • Idle Servers don’t consume resources

Proximity to data:• Increased transaction throughput, HiperSockets• Shared data access• Integrated storage management

© 2017 IBM Corp.

LinuxONE Strategy & Roadmap

* Roadmap item

Scalable

Data Serving

• Leverage diagonal scale

up/out for data serving

• Provide central source of

truth

• Enable shift to Open

Source

– MongoDB® / MEAN

stack, other NoSQL …

– Postgres, MySQL,…

• Enable MS SQL® Windows

workloads for mission

critical Enterprises *

• Data consolidation makes

biz apps run better &

eliminates x86 DB sprawl

– Oracle®,DB2 ®,…

• Surround Data

– WebSphere, MQ, IBM

Integration Bus

Secure

Data Serving

• Most secure platform

in the world … where

data has extreme

performance & scale

• Pervasive Encryption

• No system admin

access to data ever via

encapsulated apps

with Secure Service

container

Deep Insight with

Data

• Bringing analytics

closer to the data for

better security/

resiliency, reduced

latency,

simplification

– Spark

– Cognos®

– SPSS®, SAS®, *

• Capture shift to

Cognitive (Data + AI)

– Watson

Machine

Learning

– Spark MLLib

– Tensor Flow

Enterprise DevOps

• Cloud Native

Development with sCaaS

or IBM Private Cloud

– Partnership with

Docker, IBM Cloud for

workloads leveraging

Containers with

Management-

Orchestration,

Microservices

• Engage in an API

economy

– API connect

– BlueMix

– Softlayer, AWS, Azure,

… connectivity

• Leverage Linux Distro

“Stacks” for KVM, IaaS -

PaaS

__ as-a-Service

• Blockchain as a

Service with Hyper

Ledger & SSC

• DB as a Service*:

Hosted or On Prem

• Secure Container as

a Service *

• Analytics-Cognitive

as a service *

Industry Solutions

• Build best-of-breed industry solutions with IBM , Open Source and ISV software.

• Partner with Key ISV– Banking– Insurance– Healthcare– Government– Cross-Industry e.g.

Security, Databases,6

© 2017 IBM Corp.

• Operational IT efficiency

• Business continuity with all-encompassingdisaster recovery solution

• Green IT through low power consumption

• Cost saving opportunities

• Operations for service predictability, based on high levels of Quality of Service

• Integration of data and applications, also with existing z/OS® or z/VSE® solutions on IBM Z

Streamlined IT for competitive advantageIT infrastructure cost

reductions and avoidances

� 63% less for facilities

� 60% less on licenses

� 60% less for power

� 57% less on server costs

� 30% less for security

� 30% less for maintenance

� 8% less for network hardware

Source: Recent Analyst Paper,

study with 10 organizations

Key Linux points for IBM LinuxONE

17

© 2017 IBM Corp.



Platform Openness

AgendaIBM LinuxONE6







© 2017 IBM Corp.

Linux your Way - Greater flexibility and choice

Distributions Hypervisors Languages Management Database AnalyticsRuntimes

DB2

Cloud Manager

vRealize

Other

Choose the distribution, runtime, hypervisor, database and analytics – it’s the Linux you know and love with the openness, flexi-bility and agility you need for you business.

Community Versions

IBM Wave for z/VM

© 2017 IBM Corp.

Development Process

Waterfall

DevOps

N-Tier

Application Architecture

Monolithic

Microservices

Virtual

Machines

Deployment Packaging

Physical Servers

Containers

Hosted

Application Infrastructure

Datacenter

Cloud

The digital Era transforms IT

© 2017 IBM Corp.



Platform Openness

AgendaIBM LinuxONE6







© 2017 IBM Corp.

From Moby and Docker CE on LinuxONE...

Moby/Docker and base ecosystem available

• Same code, same functionality

• LinuxONE is part of Docker‘s „Continuous Integration pipeline“

• Delivered as part of Docker’s (CE, EE) and Linux distribution deliverables (SLES, Ubuntu)

Docker today enables mixed architecture development and deployment

24

© 2017 IBM Corp.

... To Docker Enterprise Edition on LinuxONE

Same code, same functionality

25

© 2017 IBM Corp.

Microservice Challenges: Latency

26

user

request

edge

service

A

D

B

C

B‘

E

F

Internal flow between microservices

Network latencies add up in meshes of microservices

LinuxONE: large complex with in-box networks reduces latencies

© 2017 IBM Corp.

Microservice Challenges: Scaling

27

� Replication of components is mostly simple

� Splitting applications into microservices can be hard

� Data partitioning is often hard

� Scaling stateful services can be complex– e.g. transactional context across

microservices

starting point

massive scale

The Scale Cube(From Abbott & Fisher: „The Art of Scalability“)

horizontal scale-out

(cloning)

fun

ctio

na

l d

eco

mp

osi

tio

n

(mic

rose

rvic

es)

z Systems: sometimes bigger is better

z Systems can scale anywhere from horizontally to vertically

– scale-up can simplify solutions

© 2017 IBM Corp.

Containers on LinuxONE

Combine (second level) virtualization with containers

• perfect tenant isolation with low overhead while

• providing container agility and efficiency

Co-location to traditional applications (e.g. via

HiperSockets)

Container performance inherits platform

performance characteristics

• allows both scale-up and scale-out in a box

Economics through density, utilization, microservice co-location, scaling capabilities

28

Structure solutions along solution requirements, not environment-imposed restrictions

• Runs 4K active Docker containers on ave 2.0x better

than comparable Haswell-based system!

• Host over 10K Docker containers with mixed (heavy

& light) workloads

Better Container Density = More WL Throughput

© 2017 IBM Corp.

Docker Enterprise Edition Tiers

Basic: engine

Standard: plus UCP and DTR

Advanced: plus Docker Security Scanning

29

Phase 1: engine running on IBM Z, DTR/UCP on x86• standalone on Z as Docker EE Basic

• worker nodes on Z in Docker EE Standard and Docker EEAdvanced

Phase 2: all tiers running on IBM Z

Ordered directly via IBM and Serviced through IBM Elite Support

© 2017 IBM Corp.

IBM-Docker Partnership

IBM z Systems & Docker Inc. entered partnership to advance Docker Enterprise Edition as a supported enterprise product on IBM LinuxONE and Linux on z platforms

Mutual clients will order directly from IBM with electronic fulfillment by Docker

Supported by IBM and Docker, and along with x86, allows one stop Docker support

Available on all distros: RHEL 7, SLES 12, Ubuntu 16.04

Docker brings best of breed secure* container management & orchestration to the platform as clients increasingly turn to containers for devops and deployment of applications / new workloads.

press release & blog

*Security function & features not available in community or other community packages

© 2017 IBM Corp.



Platform Openness


AgendaIBM LinuxONE6






© 2017 IBM Corp.

A paradigm shift:From selective encryption to pervasive encryption

The practice of pervasive encryption can also:

• Decouple encryption from classification

• Reduce risk associated with undiscovered or misclassified sensitive data

• Make it more difficult for attackers to identify sensitive data

• Help protect all of an organization’s digital assets

• Significantly reduce the cost of compliance

Encrypting only the data required to achieve compliance should be viewed as a minimum threshold, not a best practice 6

But its hard

• My apps need to

know about this

• Impacts performance

especially at scale

© 2017 IBM Corp.

Requirements for a secure Operation

Running an applications inherits risks:

• Manipulation of the Operating System

• Theft or manipulation of data

• Unauthorized access

• Port vulnerabilities

An encapsulated environment reduces such and other risks significantly

© 2017 IBM Corp.

SSC:

• Internal closed partition for running appliances, managed through firmware

no need for Linux infrastructure or skills

• Tamper proof environment with chain of trust for executed content

• Access to shell, memory, disk contents, or dumps prevented by trusted firmware code

Confidentiality of code and data in appliance, even against highest privilege admins

Secure System Container (SSC)

Being compromised by a rogue administrator/privileged insider

is perceived as one of the biggest risks to companies

© 2017 IBM Corp.

SSC:

• Internal closed partition

no need for Linux infrastructure or skills

• Tamper proof environment

• Access to SSC is prevented

Confidentiality of code and data

Outlook: SSC with Container-As-A-Service (CaaS)

Vision: Client brings workload

Platform takes care of infrastructure

CaaS:

• Add container execution platform:

• Docker, Kubernetes environments

• Integrates with standard management

• e.g. Open Source tooling, Docker EE, ICP

• Confidentiality from infrastructure admin

• Note: still in early phase.

IBM looking for beta sponsor users

© 2017 IBM Corp.

The Base Infrastructure to Host and Build Software Appliances

• Easy Installation: Provides simplified mechanism for fast deployment and mgmt. of appliance-based solutions• O/S, Application, Services packaged as single solution

• Highly consumable: Manage the appliance through Remote, RESTful, API’s and web

interfaces

• Secure Runtime: Provides tamper protection during appliance installation and

runtime

• Data Privacy: Ensures confidentiality of data and code running within the Appliance

– both in-flight and at rest

• A Software Distribution: Enables Appliances to be

• delivered via software distribution channels vs

• hardware – including maintenance

Services

Applications

Operating System

Secure System Container

© 2017 IBM Corp.

No system admin access

• Once the appliance image is built, OS access (ssh)is not possible• Only Remote APIs available

• Memory access disabled• Encrypted disk• Debug data (dumps) encrypted

Strong isolation between container instances

• Based on LinuxONE EAL5+ protection profile• Requires dedicated HW

Secure System Container Protection

Container Software

Runtime Environment

Secure Execution Context

Appliance

Content

(i.e. Blockchain)

Mainframe & LinuxONE platform

SSC

EAL5+

X

© 2017 IBM Corp.

PostgreSQL 9.6.1 Performance on Emperor II

up to 2x more throughput per core vs x86 Broadwell

1.6x1.8x

2.0x

1.9x

1.8x

1.8x

1.9x

1.5x

up to 45% more throughput usingFICON Express16S+ vs FICON

Express16S on z13

© 2017 IBM Corp.

MongoDB 3.4.1 Performance on Emperor II

up to 2.6x more throughput per core vs x86 Broadwell

2.4x

2.6x

2.5x

2.0x

1.7x

1.6x

Scale-up single MongoDB instance to 17 TB in

single system without sharding with 2.4x more

throughput / 2.3x lower latency leveraging

additional memory vs z13

2.4x

2.4x

0.44x

0.42x

© 2017 IBM Corp.

Open Mainframe Project - A Child Company of the Linux Foundation

Financ

e

Operating System Cloud Networking

IoT Web

Technologies

Big Data

Middlewar

eAutomotiv

e

MobileSecurity

Jens Voelker

45

© 2017 IBM Corp.

Open Source and Mainframe in 2015 and before

Open source on

the mainframe

lacks a neutral

home for growth

Disconnected, independent

efforts; no shared

“hub” of innovation

Community events are

industry specific, also

not vendor agnostic

No place for students

and academic

institutions to engage

Enterprise level

engagement with

upstream projects limited

© 2017 IBM Corp.

Open Mainframe Project – Participation Levels

Participation

Level *Annual Fee

Board

Seat

TSC

Seat

Marketing

CommitteeNotes

Platinum Flat fee: $100,000 Yes Yes Yes Initial 2-year participant commitment

Platinum End-User

Flat fee: $10,000 Yes Yes Yes Initial 2-year participant commitment

Silver$2,000 – $15,000 depending on size**

1 per 10

No Yes

Academic Free1 per

10Yes

Restricted to academic institutions; expected to provide environment access for the community

Associate Free No Yes Non-profits, open source projects

Individual Free No No No

* Anyone (including individuals, students and developers in open source project communities) may participate in the technical community work without becoming a member of the LF or Open Mainframe Project

• The Open Mainframe Project is setup as a Collaborative Project under The Linux Foundation legal entity. All participants will have to be members of The Linux Foundation to participate. Please visit http://www.linuxfoundation.org/about/join/corporate to learn more about Linux Foundation membership.

** Silver Annual Fee Scale

• 3,000 employees = $15K

• 1,000 < 3,000 employees = $10K

• 500 < 1,000 employees = $5K

• < 500 employees = $2K

© 2017 IBM Corp.

Find out more the Project at www.openmainframeproject.org

Fill in the online form for more info: https://www.openmainframeproject.org/about/join

Alternatively contact John Mertic at the Linux Foundation: [email protected]

How to Join the Open Mainframe Project

© 2017 IBM Corp.

ISVs ClientsStudents

& Developers

� Available for ISV

through PartnerWorld

� Hosted by IBM in

Dallas, Boeblingen and

Beijing

� Port, test, benchmark

key applications

� Free access to

Developers Students,

and Entrepreneurs

� Hosted by Partnership

Universities: Syracuse,

Marist and others

� Get a LinuxONE virtual

machine in minutes

� Remote access

environment free of

charge for limited

time

� Client Sandbox for

Proof of Concept

work to verify and

test new apps and try

new technologies

Open Access

COMMUNITY

CLOUD

IBM LinuxONE Community Cloudwww.ibm.com/linuxone/try

© 2017 IBM Corp.

A Message Brought To You By Our Lawyers

* Other product and service names might be trademarks of IBM or other companies.

Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.

IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.

Windows Server and the Windows logo are trademarks of the Microsoft group of countries.

ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office.

UNIX is a registered trademark of The Open Group in the United States and other countries.

Java and all Java based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.

Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom.

Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and other countries.

Trademarks of International Business Machines Corporation in the United States, other countries, or both can be found on the World Wide Web at http://www.ibm.com/legal/copytrade.shtml.

The following are trademarks or registered trademarks of other companies.

© IBM Corporation 2015. All Rights Reserved.

• The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information

contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy,

which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other

materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering

the terms and conditions of the applicable license agreement governing the use of IBM software.

• References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or

capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment

to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken

by you will result in any specific sales, revenue growth or other results.

© 2017 IBM Corp.

Docker Products on Linux on IBM LinuxONE at a Glance

Community EditionEnterprise Edition

Basic

Enterprise Edition

Advanced (June Version)

Enterprise Edition

Advanced

Container engine and built in orchestration, networking, security

x xx x

Docker CertifiedInfrastructure, Plugins and ISV Containers

xx

x

Docker Data Center x x

Image security scanning x

Support*Supported by RogueWave

IBM Elite Support IBM Elite Support IBM Elite Support

eGAAvailable from

docker.comJuly 19, 2017 July 19, 2017 future

Managing z nodes from x86, free

upgrade to EE Advanced in Sept.Managing z nodes either from

z or x86

© 2017 IBM Corp. © 2017 IBM Corporation 55

IBM LinuxONE : Designed for Pervasive Encryption

• New approach to encryption in-flight and at-rest data with IBMLinuxONE

• All data in and out is encrypted

• Data at rest is encrypted

• Completely isolate data within secure LPARs

• Easy & automated

• How do we make pervasive encryption possible and free of compute without a noticeable impact to performance

• Leverage on processor cryptographic acceleration

• Master keys are protected in a hardware cryptographic card

• Industry exclusive protected key encryption ensures encryption keys are never exposed to the OS, hypervisor or application in the clear

ibm linuxone the largest scalable linux server - schd.ws - ibm linuxone - the... · from moby to...

Documents