linux on system z - a strategic view - cmg · – enhanced security and ldap server/client –...

© 2008 IBM Corporation

IBM System z

IBM Systems

Linux on System z –A Strategic View

Jim ElliottConsulting Sales Specialist – System zSystems and Technology GroupIBM Canada Ltd.

IBM System z

2 CMG Canada 2009-04-14 IBM Systems

Topics

OverviewDeployment criteriaSecurity and auditBusiness continuityOn the web

IBM System z



IBM System z

IBM Systems

Overview

IBM System z


Take back control of your IT infrastructureA data center in a box – not a server farm

Central point of managementIncreased resource utilizationFewer intrusion points– Tighter security

Fewer points of failure– Greater availability

Potentially lower cost of operations– Less servers– Fewer software licenses– Fewer resources to manage– Less energy, cooling and space

IBM System z


The legendary IBM mainframe – IBM System z– Legendary dependability– Extremely security-rich, highly scalable– Designed for multiple diverse workloads executing concurrently– Proven high volume data acquisition and managementThe IBM mainframe virtualization capabilities – z/VM– Support for large real memory and 32 processors– Enhanced security and LDAP server/client– Enhanced memory management for Linux guests– Enhanced management functions for Linux Open standards operating system – Linux for System z– Reliable, stable, security-rich– Available from multiple distributors– Plentiful availability of skills administrators and developers– Large selection of applications middleware and tooling from IBM, ISVs and

Open Source

Linux on IBM System zLinux + Virtualization + System z = SYNERGY

IBM System z


LPAR

z/VM

A native mainframe operating environment– Exploits IBM System z hardware– Not a unique version of Linux Application sourcing strategy– The IBM commitment to z/OS, z/VSE and z/TPF is not affected by this

Linux strategy– Customers are offered additional opportunities to leverage their

investments through Linux– New doors are opening for customers

to bring Linux-centric workloads to the platform

What is Linux on System z?

z/OS

LPAR

z/OS

z/VM

IBM System z


What System z brings to Linux

The most reliable hardware platform available– Redundant processors and memory– Error detection and correction– Remote Support Facility (RSF)Centralized Linux systems are easier to manageDesigned to support mixed work loads– Allows consolidation while maintaining one server per application– Complete work load isolation– High speed inter-server connectivityScalability– System z10 EC scales to 64 application processors– System z10 BC scales to 10 application processors– System z9 EC scales to 54 application processors– System z9 BC scales to 7 application processors– Up to 11 (z10 EC), 8 (z9 EC) dedicated I/O processors – Hundreds of Linux virtual servers

IBM System z


What is different about Linux on System z?

Access to System z specific hardware– Crypto support – CPACF, Crypto2– Traditional and Open I/O subsystems

• Disk (ECKD or SCSI) and tape• SAN Volume Controller

– OSA-Express, OSA-Express2 and OSA-Express3 for very high speed communication between z/OS and Linux

– HiperSockets for ultra-high speed communication between z/OS and Linux on the same machine

z/VM aware– Enhanced performance– System management tools

IBM System z


Value of Linux on System z

Reduced Total Cost of Ownership (TCO)– Environmental savings – single footprint vs. hundreds of servers – Consolidation savings – less storage, less servers, less software

licenses, less server management/supportImproved service level – Systems management (single point of control)– Reliability, availability, security of System z – High performance integration with z/OS, z/VSE, z/TPFSpeed to market– Capacity-on-demand capability on System z– Dynamic allocation of on-line users, less than 10 seconds to add a

new Linux server image using z/VM and IBM DS8000

IBM System z


System z – The ultimate virtualization resource

Utilization often (usually?) exceeds 90%– Handles peak workload utilization of 100% without service level

degradation Massive consolidation platform– Up to 60 logical partitions, 100s to 1000s of virtual servers under z/VM– Virtualization is built-in, not added-on– HiperSockets for memory-speed communication– Most sophisticated and complete hypervisor function availableIntelligent and autonomic management of diverse workloads and system resources based on business policies and workload performance objectives

IBM System z


z/VM – Unlimited virtualization

z/VM provides a highly flexible test and production environment for enterprises deploying the latest e-business solutionsz/VM helps enterprises meet their growing demands for multi-system server solutions with a broad range of support for operating system environments Mature technology – VM/370 introduced in 1972 Software Hypervisor integrated in hardware– Sharing of CPU, memory and I/O resources– Virtual network – virtual switches/routers – Virtual I/O (mini-disks, virtual cache, …)– Virtual appliances (SNA/NCP, etc.)Easy management– Rapid install of new servers – Self-optimizing workload management

IBM System z


The value of z/VM for Linux

Enhanced performance, growth and scalability– Server consolidation enables horizontal growth– N-tier architecture on two tiers of hardware– Extensive support for sharing resources – Virtual networking– Effective isolation of Linux images, if requiredIncreased productivity– Development and testing– Production supportImproved operations– Backup and recovery– Command and control

LPAR

Linux onSystem z images

Server farms

z/VM

IBM System z


Additional engines dedicated to Linux workloads– Supports z/VM and Linux on System z– IFLs on “sub-uni” systems run at “full speed”

• z800, z890, z9 EC, z9 BC, z10 EC, z10 BCTraditional mainframe software charges unaffected– IBM mainframe software– Independent Software

Vendor productsLinux and z/VM charged only against the IFLs

Integrated Facility for Linux

z/OS z/VM V4

CMS

Linux

Linux

CMS

Linux

Linux

LPAR LPARLPAR LPAR

Linuxz/OS

z/VM

CMS

Linux

Linux

CMS

Linux

Linux

LPARLPAR LPAR

Linux

IFL EnginesCP0 CP1 CP2 zAAP zIIP CP3 LN0 LN1 LN2

System z

z/OSLPAR

IBM System z


Application serving with Linux on System z

z/VM z/OS

System z

The best LAN is one with no wires

Internal networkDemilitarized Zone (DMZ)Outside world

Public Key Infrastructure

User

Commerce Server

Caching Proxy Server

w/ H

TTP Load Balancing

Load Balancer with SSL

Acceleration

Shared File

System

Directory Server

Application Node

Collaboration Server

Web Application

Server

Firewall / LoadBalancer

Systems Management

Database Server

Domain Name Server

Web Application

Server

Internet

Firewall / LoadBalancer

Dom

ain Firewall

Protocol Firew

all


IBM System z

IBM Systems

Deployment criteria

IBM System z


Customers leveraging scale up and scale out technologies to simplify and integrate their on demand operating environmentAs one solution option:– Large SMP and Rack Optimized servers

integrated with Linux, Java and Grid technologies can enable this transformation

File/PrintServers

DNS Servers

DatabaseServers Transaction

Servers

Web Servers

ApplicationServers

Security &Directory Services

File/Print Servers

Scale OutRack Optimized

Scale UpLarge SMP

Application Servers

Collaboration Servers

TerminalServing

SSL Appliances

CorporateInfrastructure

Web Services

E-CommerceApplications

Deep ComputingClusters

JavaLinuxGrid

TransactionData

ReferenceData

Backup Data

SAN

UI Data

DNSServers

Web Servers

ApplicationServers

Security &Directory Servers

File/PrintServers

LAN Servers

DatabaseServers

Business Data

RoutersSwitches

CachingAppliances

SSLAppliances

FirewallServers

Today’s Environment,

Simplified

Infrastructure simplification

IBM System z


Virtualization

DNS Servers


Servers

Web Servers

ApplicationServers


File/Print Servers

Scale UpLarge SMP

Ideal blade implementations

Clustered workloadsDistributed computing applicationsInfrastructure applicationsSmall databaseProcessor and memory intensive workloadsCentralized storage solutions

File/PrintServers


Application Servers


Terminal Serving

SSL Appliances

Infrastructure

Web Services



IBM System z


DNS Servers


Servers

Web Servers

ApplicationServers


File/Print Servers

Scale UpLarge SMP

Virtualization

Ideal mainframe implementations

High performance transaction processingI/O intensive workloadsLarge database serving High resiliency and securityUnpredictable and highly variable workload spikesLow utilization infrastructure applicationsRapid provisioning and re-provisioning

File/PrintServers


Application Servers


Terminal Serving

SSL Appliances

Infrastructure

Web Services



IBM System z


Selecting an application

Performance on System z CPUs is comparable to CPUs on other platforms of similar speed– CPU speed is not the entire story – it’s in the architecture!– Architecture designed for multiple or consolidated workloads– System z has definite advantage with applications that have mixed CPU and

I/OSystem z and z/VM provide excellent virtualization capabilities– Look for applications that are on lower utilized servers– Development and Test are good

choices to startGood planning is essentialIBM can– Perform sizing estimates– Assist with planning and initial

installation needs

IBM System z


Where to deploy on System z – z/OS or Linux?

Degree of portability

z/OSLinux

Speed of deployment

z/OSLinux

Quality of Service

Application availabilityWorkload Management function and granularityFile sharing across a SysplexManageability and scaling characteristicsAvailability of skill

z/OSLinux

Other ConsiderationsTechnical Considerations

IBM System z


Data Intensity

“distributed”System z

Compute Intensity


Speed of deploymentInstances 2 - n


Quality of Service

Application availability– Certification of solution on

hardware/software platform

Workload ManagementManageability and scaling characteristics

– Especially DB2 and WebSphere on z/OS

– Proximity of data to application– The best network is an internal

network!


Other ConsiderationsTechnical Considerations

Where to deploy – System z or “distributed”

IBM System z


Linux on System z is mainstream

– Huge momentum and growth

– Abundant Linux skills

Linux on System z is enterprise class

– Enterprise standard quality of service

– Co-location of applications with z/OS delivers tremendous value

Broad set of solutions

– Almost 2,500 applications available

0% 10% 20% 30% 40% 50% 60% 70%

Other

Scientific / Technical

Workgroup System

eMail Server

Core Enterprise App

Network Server

Business Intelligence

eCommerce

Firewall Server

Development System

Data Serving

Web App Server

Web Server

1H 20082H 20071H 2007

IBM Survey of 700 Customers – 418 respondents“What applications have you deployed or are planning to deploy in the next year on System z?”

Linux on System z workloads

IBM System z


System z10 BC lowers acquisition costsWhy pay up to 50% more?

System z10 BC additional IFLLower cost than Dell and HP Intel

Oracle DB + WebSphere ND Workload3-Year Total Acquisition Cost (TCA)

VMware Virtualization

Dell Power Edge Quad

Core servers

IBM z/VM Virtualization

IBM z10 BC Enterprise Quad Core

1.00 X

1.53 X

HP Virtualization

HP Itanium Dual Core

serversAll performance information was determined in a controlled environment. Actual results may vary.

1.31 X

The pricing advantage of the latest technology: Consolidate x86 software

licenses at up to a 28 to 1 ratio8 HP Itanium Cores 8 Dell x86 Cores 1 z10 BC IFL

Software MaintSoftwareHardware MaintHardware

Plus the legendary System z advantage– Lower operational cost:

Complexity, Management, Labor, …– Legendary security for your critical data– Leading scalability for a changing world– Availability of service for a demanding

marketplace– Outstanding Service

IBM System z


Unify the infrastructure– IT optimization and server consolidation based on virtualization

technology and Linux– Linux can help to simplify systems management with today's

heterogeneous IT environmentLeverage the mainframe data serving strengths– Deploy in less time, accessing core data on z/OS– Reduced networking complexity and improved security network

“inside the box”A secure and flexible business environment– Linux open standards support for easier application integration– Unparalleled scale up / scale out capabilities– Virtual growth instead of physical expansion on x86 or RISC serversLeverage strengths across the infrastructure– Superior performance, simplified management, security-rich environment– High-performance security-rich processing with Crypto2 cryptographic co-

processors– Backup and restore processes

Linux on IBM System zTake back control of your IT infrastructure


IBM System z

IBM Systems

Security and Audit

IBM System z


z/VM Security Server – RACFHelping to address security and compliance* guidelines

z/VM system integrity – IBM’s long term commitment to protecting key z/VM system resources– Intended to prevent unauthorized application programs, subsystems,

and users from gaining access, circumventing, disabling, altering, or obtaining control of key z/VM system processes and resources unless allowed by the installation

Consistent, comprehensive logging – RACF performs centralized authentication, access control, and audit– Tivoli Compliance InSight Manager log continuity reporting helps

validate that logs have been collected – addressing a core compliance requirement

Tivoli zSecure Manager for RACF z/VM provides administrators with tools to help unleash the potential of your mainframe system

* It is the customer's responsibility to identify, interpret, and comply with laws or regulatory requirements that affect its business. IBM does not represent that its products or services will ensure that the customer is in compliance with the law.

IBM System z


Tivoli Directory Server for z/VM

Integrated in the base of z/VM V5.3 – provides sophisticated LDAP services for z/VM– Extended operation to support group access checking in addition to

user access checking– Improved compatibility for z/VMIntegrate with distributed Tivoli products for centralized authentication and user management

z/VM Users, groups, resources

z/VM and Linux® for System z Distributed systems

RACF Tivoli Directory

ServerTivoli Directory

Integrator

IBM System z


Anything that uses the

standard Red Hat or Novell PAM

PAM

LinuxPAMLinux

PAMLPAR

z/VM

HW CryptoSystem z

LinuxPAM

LinuxPAM

LinuxPAM

ITDS (LDAP)

BFS

or

PAM = pluggable authentication module

Centralized authentication and user management

Consistency of user ID and passwords management across the user domain– Centralized, ID and passwords in one place, in

RACF – No need for multiple servers each with its own

LDAP and authentication tableRACF reputation for security– Individual distributed authentication tables may be

target or hackingAuditability of the entire user domain

SMF audit

RACF

IBM System z


LPAR

z/VM

System z

Linux

Plug in

Linux

plug in

Linux

Plug in

ITDS (LDAP)

SMF audit

RACF

AuditD

AuditD AuditD

Linux

Plug in

Linux

Plug inAuditD AuditD

Common Client – auditD with plug-inIntegrated LDAP Server on z/VM®

LDAP backed by RACFThe Plug-in is specific to IBM Tivoli Directory Server (LDAP)– Available today via Open Source– Plug in has to be specific – audit records much

be translated into a form that ITDS / RACF can use

See Redbook® on Enterprise Multiplatform Auditing (SG24-7472)

Centralized audit


IBM System z

IBM Systems

Business Continuity –High Availability and Disaster Recovery

IBM System z


High Availability

HA is provided through a combination of z/VM, Linux on System z and middleware components– The solution you choose will depend on the degree of HA you want

and how fast the HA environment has to respond

z/VM LPAR 1

z/VM LPAR 2

Primary Load

Balancer

Backup Load

Balancer

HTTP Server

HTTP Server

WAS Server

WAS Server

WAS Dmgr

Oracle DB

Server

Oracle DB

Server

Router Shared Disk

Firewall

Firewall

Firewall

Firewall

IBM System z


High Availability with z/VM

z/VM does provide a highly available environment through functions such as VSWITCH plus the RAS characteristics of the System z architecture (spare resources)Today, there is limited clustering support in z/VM– Cross-System Extensions provides for shared spool, shared directory,

shared query and messaging – but requires additional licensed features/products to fully implement

– Future z/VM releases will provide for a “z/VM Hypervisor Cluster” in the base product

We recommend two z/VM production partitions with Linux and middleware HA resources split between those two partitions

IBM System z


High Availability with Linux on System z

Linux provides extensive HA supportLinux on System z with z/VM extends this support– Detailed information on this is available in the Redbook “Achieving

High Availability on Linux for System z with Linux-HA Release 2”SG24-7711-00

Linux-HA provides high availability for the Linux operating system, not for any applications running within itProducts such as Tivoli System Automation for Multiplatformsprovide high availability and automation for enterprise-wide applications and IT services and can reduce the effort to implement an HA environment

IBM System z


High Availability for Linux on System z middleware

Most enterprise middleware today provides high availability supportOracle DB provides mirroring support with Data Guard to full HA support through Oracle RAC– Oracle RAC in an Active/Active environment provides load balancing

and HA– Oracle RAC in an Active/Passive environment provides HAWebSphere servers provide load balancing and HA capabilitiesIBM whitepaper “High Availability Architectures For Linux on IBM System z” provides detailed information on how to setup this environment

IBM System z


Disaster Recovery

DR is simplified for Linux when running in a z/VM environment– Your DR site will be able to provide a z/VM environment– z/VM (and System z) masks the differences between configurations

which greatly reduces the effort to implement a DR solution– DR using System z and z/VM is much faster to switch to than

“distributed” environments


IBM System z

IBM Systems

On the web

IBM System z


z/VM and Linux on System zhttp://ibm.com/vm/linux/

IBM System z


Linux on System zhttp://ibm.com/systems/z/linux/

IBM System z


Redbooks for Linuxhttp://ibm.com/redbooks/linux

IBM System z


Linux at IBMhttp://ibm.com/linux/

IBM System z


IBM Middleware for Linuxhttp://ibm.com/software/linux/

IBM System z


IBM Software Available for Linuxhttp://ibm.com/linux/matrix/

IBM System z


IBM developerWorks for Linuxhttp://ibm.com/deverloperworks/linux/

121 Tutorials

IBM System z


Internet list server discussions

IBMVM discusses z/VM– To subscribe, send a note to [email protected]. In the body of

the note, write only the following line:• SUBSCRIBE IBMVM firstname lastname

– View and search the current list and archives:• http://listserv.uark.edu/archives/ibmvm.html

LINUX-390 discusses Linux on System z– To subscribe, send a note to [email protected]. In the body of

the note, write only the following line:• SUBSCRIBE LINUX-390 firstname lastname

– View and search the current list and archives:• http://www.marist.edu/htbin/wlvindex?linux-390

IBM System z


Additional web sites

z/VM resources for Linux on IBM System z– http://ibm.com/vm/linuxGeneral z/VM tuning tips– http://ibm.com/vm/perf/tips

Novell SUSE Linux Enterprise– http://novell.com/mainframe/– http://novell.com/linux/mainframe/Novell SLES Starter System for System z– http://novell.com/partners/ibm/mainframe/starterpack.html

Red Hat Enterprise Linux– http://redhat.com/rhel/server/mainframe/

IBM System z


Thank you

Jim Elliott– Consulting Sales Specialist – System z– Systems and Technology Group– IBM Canada Ltd.– [email protected]

http://ibm.com/systems/zhttp://ibm.com/vm/devpages/jelliott

IBM System z


Notices

© Copyright IBM Corporation 2000, 2009. All rights reserved.This document contains words and/or phrases that are trademarks or registered trademarks of the International Business Machines Corporation in the United States and/or other countries. For information on IBM trademarks go to http://www.ibm.com/legal/copytrade.shtml.The following are trademarks or registered trademarks of other companies.– Java and all Java-related trademarks and logos are trademarks of Sun Microsystems, Inc., in the United States and other

countries.– UNIX is a registered trademark of The Open Group in the United States and other countries.– Microsoft, Windows and Windows NT are registered trademarks of Microsoft Corporation.– Red Hat, the Red Hat "Shadow Man" logo, and all Red Hat-based trademarks and logos are trademarks or registered

trademarks of Red Hat, Inc., in the United States and other countries. – Linux is a trademark of Linus Torvalds in the United States, other countries, or both.– All other products may be trademarks or registered trademarks of their respective companies.Notes: – This publication was produced in Canada. IBM may not offer the products, services or features discussed in this

document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area.

– All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.

– Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.

– Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.

Permission is hereby granted to CMG to publish an exact copy of this paper in the CMG proceedings. IBM retains the title to the copyright in this paper as well as title to the copyright in all underlying works. IBM retains the right to make derivative works and to republish and distribute this paper to whomever it chooses in any way it chooses.

linux on system z - a strategic view - cmg · – enhanced security and ldap server/client –...

Documents