© 2008 IBM Corporation
IBM System z
IBM Systems
Linux on System z –A Strategic View
Jim ElliottConsulting Sales Specialist – System zSystems and Technology GroupIBM Canada Ltd.
IBM System z
2 CMG Canada 2009-04-14 IBM Systems
Topics
OverviewDeployment criteriaSecurity and auditBusiness continuityOn the web
IBM System z
5 CMG Canada 2009-04-14 IBM Systems
Take back control of your IT infrastructureA data center in a box – not a server farm
Central point of managementIncreased resource utilizationFewer intrusion points– Tighter security
Fewer points of failure– Greater availability
Potentially lower cost of operations– Less servers– Fewer software licenses– Fewer resources to manage– Less energy, cooling and space
IBM System z
6 CMG Canada 2009-04-14 IBM Systems
The legendary IBM mainframe – IBM System z– Legendary dependability– Extremely security-rich, highly scalable– Designed for multiple diverse workloads executing concurrently– Proven high volume data acquisition and managementThe IBM mainframe virtualization capabilities – z/VM– Support for large real memory and 32 processors– Enhanced security and LDAP server/client– Enhanced memory management for Linux guests– Enhanced management functions for Linux Open standards operating system – Linux for System z– Reliable, stable, security-rich– Available from multiple distributors– Plentiful availability of skills administrators and developers– Large selection of applications middleware and tooling from IBM, ISVs and
Open Source
Linux on IBM System zLinux + Virtualization + System z = SYNERGY
IBM System z
7 CMG Canada 2009-04-14 IBM Systems
LPAR
z/VM
A native mainframe operating environment– Exploits IBM System z hardware– Not a unique version of Linux Application sourcing strategy– The IBM commitment to z/OS, z/VSE and z/TPF is not affected by this
Linux strategy– Customers are offered additional opportunities to leverage their
investments through Linux– New doors are opening for customers
to bring Linux-centric workloads to the platform
What is Linux on System z?
z/OS
LPAR
z/OS
z/VM
IBM System z
8 CMG Canada 2009-04-14 IBM Systems
What System z brings to Linux
The most reliable hardware platform available– Redundant processors and memory– Error detection and correction– Remote Support Facility (RSF)Centralized Linux systems are easier to manageDesigned to support mixed work loads– Allows consolidation while maintaining one server per application– Complete work load isolation– High speed inter-server connectivityScalability– System z10 EC scales to 64 application processors– System z10 BC scales to 10 application processors– System z9 EC scales to 54 application processors– System z9 BC scales to 7 application processors– Up to 11 (z10 EC), 8 (z9 EC) dedicated I/O processors – Hundreds of Linux virtual servers
IBM System z
9 CMG Canada 2009-04-14 IBM Systems
What is different about Linux on System z?
Access to System z specific hardware– Crypto support – CPACF, Crypto2– Traditional and Open I/O subsystems
• Disk (ECKD or SCSI) and tape• SAN Volume Controller
– OSA-Express, OSA-Express2 and OSA-Express3 for very high speed communication between z/OS and Linux
– HiperSockets for ultra-high speed communication between z/OS and Linux on the same machine
z/VM aware– Enhanced performance– System management tools
IBM System z
10 CMG Canada 2009-04-14 IBM Systems
Value of Linux on System z
Reduced Total Cost of Ownership (TCO)– Environmental savings – single footprint vs. hundreds of servers – Consolidation savings – less storage, less servers, less software
licenses, less server management/supportImproved service level – Systems management (single point of control)– Reliability, availability, security of System z – High performance integration with z/OS, z/VSE, z/TPFSpeed to market– Capacity-on-demand capability on System z– Dynamic allocation of on-line users, less than 10 seconds to add a
new Linux server image using z/VM and IBM DS8000
IBM System z
11 CMG Canada 2009-04-14 IBM Systems
System z – The ultimate virtualization resource
Utilization often (usually?) exceeds 90%– Handles peak workload utilization of 100% without service level
degradation Massive consolidation platform– Up to 60 logical partitions, 100s to 1000s of virtual servers under z/VM– Virtualization is built-in, not added-on– HiperSockets for memory-speed communication– Most sophisticated and complete hypervisor function availableIntelligent and autonomic management of diverse workloads and system resources based on business policies and workload performance objectives
IBM System z
12 CMG Canada 2009-04-14 IBM Systems
z/VM – Unlimited virtualization
z/VM provides a highly flexible test and production environment for enterprises deploying the latest e-business solutionsz/VM helps enterprises meet their growing demands for multi-system server solutions with a broad range of support for operating system environments Mature technology – VM/370 introduced in 1972 Software Hypervisor integrated in hardware– Sharing of CPU, memory and I/O resources– Virtual network – virtual switches/routers – Virtual I/O (mini-disks, virtual cache, …)– Virtual appliances (SNA/NCP, etc.)Easy management– Rapid install of new servers – Self-optimizing workload management
IBM System z
13 CMG Canada 2009-04-14 IBM Systems
The value of z/VM for Linux
Enhanced performance, growth and scalability– Server consolidation enables horizontal growth– N-tier architecture on two tiers of hardware– Extensive support for sharing resources – Virtual networking– Effective isolation of Linux images, if requiredIncreased productivity– Development and testing– Production supportImproved operations– Backup and recovery– Command and control
LPAR
Linux onSystem z images
Server farms
z/VM
IBM System z
14 CMG Canada 2009-04-14 IBM Systems
Additional engines dedicated to Linux workloads– Supports z/VM and Linux on System z– IFLs on “sub-uni” systems run at “full speed”
• z800, z890, z9 EC, z9 BC, z10 EC, z10 BCTraditional mainframe software charges unaffected– IBM mainframe software– Independent Software
Vendor productsLinux and z/VM charged only against the IFLs
Integrated Facility for Linux
z/OS z/VM V4
CMS
Linux
Linux
CMS
Linux
Linux
LPAR LPARLPAR LPAR
Linuxz/OS
z/VM
CMS
Linux
Linux
CMS
Linux
Linux
LPARLPAR LPAR
Linux
IFL EnginesCP0 CP1 CP2 zAAP zIIP CP3 LN0 LN1 LN2
System z
z/OSLPAR
IBM System z
15 CMG Canada 2009-04-14 IBM Systems
Application serving with Linux on System z
z/VM z/OS
System z
The best LAN is one with no wires
Internal networkDemilitarized Zone (DMZ)Outside world
Public Key Infrastructure
User
Commerce Server
Caching Proxy Server
w/ H
TTP Load Balancing
Load Balancer with SSL
Acceleration
Shared File
System
Directory Server
Application Node
Collaboration Server
Web Application
Server
Firewall / LoadBalancer
Systems Management
Database Server
Domain Name Server
Web Application
Server
Internet
Firewall / LoadBalancer
Dom
ain Firewall
Protocol Firew
all
IBM System z
17 CMG Canada 2009-04-14 IBM Systems
Customers leveraging scale up and scale out technologies to simplify and integrate their on demand operating environmentAs one solution option:– Large SMP and Rack Optimized servers
integrated with Linux, Java and Grid technologies can enable this transformation
File/PrintServers
DNS Servers
DatabaseServers Transaction
Servers
Web Servers
ApplicationServers
Security &Directory Services
File/Print Servers
Scale OutRack Optimized
Scale UpLarge SMP
Application Servers
Collaboration Servers
TerminalServing
SSL Appliances
CorporateInfrastructure
Web Services
E-CommerceApplications
Deep ComputingClusters
JavaLinuxGrid
TransactionData
ReferenceData
Backup Data
SAN
UI Data
DNSServers
Web Servers
ApplicationServers
Security &Directory Servers
File/PrintServers
LAN Servers
DatabaseServers
Business Data
RoutersSwitches
CachingAppliances
SSLAppliances
FirewallServers
Today’s Environment,
Simplified
Infrastructure simplification
IBM System z
18 CMG Canada 2009-04-14 IBM Systems
Virtualization
DNS Servers
DatabaseServers Transaction
Servers
Web Servers
ApplicationServers
Security &Directory Services
File/Print Servers
Scale UpLarge SMP
Ideal blade implementations
Clustered workloadsDistributed computing applicationsInfrastructure applicationsSmall databaseProcessor and memory intensive workloadsCentralized storage solutions
File/PrintServers
Scale OutRack Optimized
Application Servers
Collaboration Servers
Terminal Serving
SSL Appliances
Infrastructure
Web Services
E-CommerceApplications
Deep ComputingClusters
IBM System z
19 CMG Canada 2009-04-14 IBM Systems
DNS Servers
DatabaseServers Transaction
Servers
Web Servers
ApplicationServers
Security &Directory Services
File/Print Servers
Scale UpLarge SMP
Virtualization
Ideal mainframe implementations
High performance transaction processingI/O intensive workloadsLarge database serving High resiliency and securityUnpredictable and highly variable workload spikesLow utilization infrastructure applicationsRapid provisioning and re-provisioning
File/PrintServers
Scale OutRack Optimized
Application Servers
Collaboration Servers
Terminal Serving
SSL Appliances
Infrastructure
Web Services
E-CommerceApplications
Deep ComputingClusters
IBM System z
20 CMG Canada 2009-04-14 IBM Systems
Selecting an application
Performance on System z CPUs is comparable to CPUs on other platforms of similar speed– CPU speed is not the entire story – it’s in the architecture!– Architecture designed for multiple or consolidated workloads– System z has definite advantage with applications that have mixed CPU and
I/OSystem z and z/VM provide excellent virtualization capabilities– Look for applications that are on lower utilized servers– Development and Test are good
choices to startGood planning is essentialIBM can– Perform sizing estimates– Assist with planning and initial
installation needs
IBM System z
21 CMG Canada 2009-04-14 IBM Systems
Where to deploy on System z – z/OS or Linux?
Degree of portability
z/OSLinux
Speed of deployment
z/OSLinux
Quality of Service
Application availabilityWorkload Management function and granularityFile sharing across a SysplexManageability and scaling characteristicsAvailability of skill
z/OSLinux
Other ConsiderationsTechnical Considerations
IBM System z
22 CMG Canada 2009-04-14 IBM Systems
Data Intensity
“distributed”System z
Compute Intensity
“distributed”System z
Speed of deploymentInstances 2 - n
“distributed”System z
Quality of Service
Application availability– Certification of solution on
hardware/software platform
Workload ManagementManageability and scaling characteristics
– Especially DB2 and WebSphere on z/OS
– Proximity of data to application– The best network is an internal
network!
“distributed”System z
Other ConsiderationsTechnical Considerations
Where to deploy – System z or “distributed”
IBM System z
23 CMG Canada 2009-04-14 IBM Systems
Linux on System z is mainstream
– Huge momentum and growth
– Abundant Linux skills
Linux on System z is enterprise class
– Enterprise standard quality of service
– Co-location of applications with z/OS delivers tremendous value
Broad set of solutions
– Almost 2,500 applications available
0% 10% 20% 30% 40% 50% 60% 70%
Other
Scientific / Technical
Workgroup System
eMail Server
Core Enterprise App
Network Server
Business Intelligence
eCommerce
Firewall Server
Development System
Data Serving
Web App Server
Web Server
1H 20082H 20071H 2007
IBM Survey of 700 Customers – 418 respondents“What applications have you deployed or are planning to deploy in the next year on System z?”
Linux on System z workloads
IBM System z
24 CMG Canada 2009-04-14 IBM Systems
System z10 BC lowers acquisition costsWhy pay up to 50% more?
System z10 BC additional IFLLower cost than Dell and HP Intel
Oracle DB + WebSphere ND Workload3-Year Total Acquisition Cost (TCA)
VMware Virtualization
Dell Power Edge Quad
Core servers
IBM z/VM Virtualization
IBM z10 BC Enterprise Quad Core
1.00 X
1.53 X
HP Virtualization
HP Itanium Dual Core
serversAll performance information was determined in a controlled environment. Actual results may vary.
1.31 X
The pricing advantage of the latest technology: Consolidate x86 software
licenses at up to a 28 to 1 ratio8 HP Itanium Cores 8 Dell x86 Cores 1 z10 BC IFL
Software MaintSoftwareHardware MaintHardware
Plus the legendary System z advantage– Lower operational cost:
Complexity, Management, Labor, …– Legendary security for your critical data– Leading scalability for a changing world– Availability of service for a demanding
marketplace– Outstanding Service
IBM System z
25 CMG Canada 2009-04-14 IBM Systems
Unify the infrastructure– IT optimization and server consolidation based on virtualization
technology and Linux– Linux can help to simplify systems management with today's
heterogeneous IT environmentLeverage the mainframe data serving strengths– Deploy in less time, accessing core data on z/OS– Reduced networking complexity and improved security network
“inside the box”A secure and flexible business environment– Linux open standards support for easier application integration– Unparalleled scale up / scale out capabilities– Virtual growth instead of physical expansion on x86 or RISC serversLeverage strengths across the infrastructure– Superior performance, simplified management, security-rich environment– High-performance security-rich processing with Crypto2 cryptographic co-
processors– Backup and restore processes
Linux on IBM System zTake back control of your IT infrastructure
IBM System z
27 CMG Canada 2009-04-14 IBM Systems
z/VM Security Server – RACFHelping to address security and compliance* guidelines
z/VM system integrity – IBM’s long term commitment to protecting key z/VM system resources– Intended to prevent unauthorized application programs, subsystems,
and users from gaining access, circumventing, disabling, altering, or obtaining control of key z/VM system processes and resources unless allowed by the installation
Consistent, comprehensive logging – RACF performs centralized authentication, access control, and audit– Tivoli Compliance InSight Manager log continuity reporting helps
validate that logs have been collected – addressing a core compliance requirement
Tivoli zSecure Manager for RACF z/VM provides administrators with tools to help unleash the potential of your mainframe system
* It is the customer's responsibility to identify, interpret, and comply with laws or regulatory requirements that affect its business. IBM does not represent that its products or services will ensure that the customer is in compliance with the law.
IBM System z
28 CMG Canada 2009-04-14 IBM Systems
Tivoli Directory Server for z/VM
Integrated in the base of z/VM V5.3 – provides sophisticated LDAP services for z/VM– Extended operation to support group access checking in addition to
user access checking– Improved compatibility for z/VMIntegrate with distributed Tivoli products for centralized authentication and user management
z/VM Users, groups, resources
z/VM and Linux® for System z Distributed systems
RACF Tivoli Directory
ServerTivoli Directory
Integrator
IBM System z
29 CMG Canada 2009-04-14 IBM Systems
Anything that uses the
standard Red Hat or Novell PAM
PAM
LinuxPAMLinux
PAMLPAR
z/VM
HW CryptoSystem z
LinuxPAM
LinuxPAM
LinuxPAM
ITDS (LDAP)
BFS
or
PAM = pluggable authentication module
Centralized authentication and user management
Consistency of user ID and passwords management across the user domain– Centralized, ID and passwords in one place, in
RACF – No need for multiple servers each with its own
LDAP and authentication tableRACF reputation for security– Individual distributed authentication tables may be
target or hackingAuditability of the entire user domain
SMF audit
RACF
IBM System z
30 CMG Canada 2009-04-14 IBM Systems
LPAR
z/VM
System z
Linux
Plug in
Linux
plug in
Linux
Plug in
ITDS (LDAP)
SMF audit
RACF
AuditD
AuditD AuditD
Linux
Plug in
Linux
Plug inAuditD AuditD
Common Client – auditD with plug-inIntegrated LDAP Server on z/VM®
LDAP backed by RACFThe Plug-in is specific to IBM Tivoli Directory Server (LDAP)– Available today via Open Source– Plug in has to be specific – audit records much
be translated into a form that ITDS / RACF can use
See Redbook® on Enterprise Multiplatform Auditing (SG24-7472)
Centralized audit
© 2008 IBM Corporation
IBM System z
IBM Systems
Business Continuity –High Availability and Disaster Recovery
IBM System z
32 CMG Canada 2009-04-14 IBM Systems
High Availability
HA is provided through a combination of z/VM, Linux on System z and middleware components– The solution you choose will depend on the degree of HA you want
and how fast the HA environment has to respond
z/VM LPAR 1
z/VM LPAR 2
Primary Load
Balancer
Backup Load
Balancer
HTTP Server
HTTP Server
WAS Server
WAS Server
WAS Dmgr
Oracle DB
Server
Oracle DB
Server
Router Shared Disk
Firewall
Firewall
Firewall
Firewall
IBM System z
33 CMG Canada 2009-04-14 IBM Systems
High Availability with z/VM
z/VM does provide a highly available environment through functions such as VSWITCH plus the RAS characteristics of the System z architecture (spare resources)Today, there is limited clustering support in z/VM– Cross-System Extensions provides for shared spool, shared directory,
shared query and messaging – but requires additional licensed features/products to fully implement
– Future z/VM releases will provide for a “z/VM Hypervisor Cluster” in the base product
We recommend two z/VM production partitions with Linux and middleware HA resources split between those two partitions
IBM System z
34 CMG Canada 2009-04-14 IBM Systems
High Availability with Linux on System z
Linux provides extensive HA supportLinux on System z with z/VM extends this support– Detailed information on this is available in the Redbook “Achieving
High Availability on Linux for System z with Linux-HA Release 2”SG24-7711-00
Linux-HA provides high availability for the Linux operating system, not for any applications running within itProducts such as Tivoli System Automation for Multiplatformsprovide high availability and automation for enterprise-wide applications and IT services and can reduce the effort to implement an HA environment
IBM System z
35 CMG Canada 2009-04-14 IBM Systems
High Availability for Linux on System z middleware
Most enterprise middleware today provides high availability supportOracle DB provides mirroring support with Data Guard to full HA support through Oracle RAC– Oracle RAC in an Active/Active environment provides load balancing
and HA– Oracle RAC in an Active/Passive environment provides HAWebSphere servers provide load balancing and HA capabilitiesIBM whitepaper “High Availability Architectures For Linux on IBM System z” provides detailed information on how to setup this environment
IBM System z
36 CMG Canada 2009-04-14 IBM Systems
Disaster Recovery
DR is simplified for Linux when running in a z/VM environment– Your DR site will be able to provide a z/VM environment– z/VM (and System z) masks the differences between configurations
which greatly reduces the effort to implement a DR solution– DR using System z and z/VM is much faster to switch to than
“distributed” environments
IBM System z
38 CMG Canada 2009-04-14 IBM Systems
z/VM and Linux on System zhttp://ibm.com/vm/linux/
IBM System z
42 CMG Canada 2009-04-14 IBM Systems
IBM Middleware for Linuxhttp://ibm.com/software/linux/
IBM System z
43 CMG Canada 2009-04-14 IBM Systems
IBM Software Available for Linuxhttp://ibm.com/linux/matrix/
IBM System z
44 CMG Canada 2009-04-14 IBM Systems
IBM developerWorks for Linuxhttp://ibm.com/deverloperworks/linux/
121 Tutorials
IBM System z
45 CMG Canada 2009-04-14 IBM Systems
Internet list server discussions
IBMVM discusses z/VM– To subscribe, send a note to [email protected]. In the body of
the note, write only the following line:• SUBSCRIBE IBMVM firstname lastname
– View and search the current list and archives:• http://listserv.uark.edu/archives/ibmvm.html
LINUX-390 discusses Linux on System z– To subscribe, send a note to [email protected]. In the body of
the note, write only the following line:• SUBSCRIBE LINUX-390 firstname lastname
– View and search the current list and archives:• http://www.marist.edu/htbin/wlvindex?linux-390
IBM System z
46 CMG Canada 2009-04-14 IBM Systems
Additional web sites
z/VM resources for Linux on IBM System z– http://ibm.com/vm/linuxGeneral z/VM tuning tips– http://ibm.com/vm/perf/tips
Novell SUSE Linux Enterprise– http://novell.com/mainframe/– http://novell.com/linux/mainframe/Novell SLES Starter System for System z– http://novell.com/partners/ibm/mainframe/starterpack.html
Red Hat Enterprise Linux– http://redhat.com/rhel/server/mainframe/
IBM System z
47 CMG Canada 2009-04-14 IBM Systems
Thank you
Jim Elliott– Consulting Sales Specialist – System z– Systems and Technology Group– IBM Canada Ltd.– [email protected]
http://ibm.com/systems/zhttp://ibm.com/vm/devpages/jelliott
IBM System z
48 CMG Canada 2009-04-14 IBM Systems
Notices
© Copyright IBM Corporation 2000, 2009. All rights reserved.This document contains words and/or phrases that are trademarks or registered trademarks of the International Business Machines Corporation in the United States and/or other countries. For information on IBM trademarks go to http://www.ibm.com/legal/copytrade.shtml.The following are trademarks or registered trademarks of other companies.– Java and all Java-related trademarks and logos are trademarks of Sun Microsystems, Inc., in the United States and other
countries.– UNIX is a registered trademark of The Open Group in the United States and other countries.– Microsoft, Windows and Windows NT are registered trademarks of Microsoft Corporation.– Red Hat, the Red Hat "Shadow Man" logo, and all Red Hat-based trademarks and logos are trademarks or registered
trademarks of Red Hat, Inc., in the United States and other countries. – Linux is a trademark of Linus Torvalds in the United States, other countries, or both.– All other products may be trademarks or registered trademarks of their respective companies.Notes: – This publication was produced in Canada. IBM may not offer the products, services or features discussed in this
document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area.
– All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
– Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
– Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.
Permission is hereby granted to CMG to publish an exact copy of this paper in the CMG proceedings. IBM retains the title to the copyright in this paper as well as title to the copyright in all underlying works. IBM retains the right to make derivative works and to republish and distribute this paper to whomever it chooses in any way it chooses.