POWER9 Features and Preferred Pricing Models Ease Migration Pain
The POWER9 chip puts the focus directly on speed with raw processing muscle but also multiple tools that accelerate read/write operations.
Image by Martin Sati
By Kristin Lewotsky09/01/2018
Businesses today depend upon their computing platforms. This holds just as much for the retail giants with data centers supporting millions of online transactions per hour as it does for the auto parts chain that has one server per store. The system has to work, it has to be available, it has to be secure and it has to fit in clients’ multicloud architecture. Above all, it has to be cost-effective—even the best server won’t help unless the organization can afford it.
The IBM POWER9* family delivers on all counts. The chip puts the focus directly on speed with raw processing muscle but also multiple tools that accelerate read/write operations. Security begins at startup with secure boot, which ensures the system is running firmware and hypervisor from the proper authority (IBM). In addition, each box ships with the IBM PowerVM* Enterprise Edition hypervisor pre-installed. This enables live migration, which is becoming increasingly important in cloud environments.
To help clients access these benefits, IBM has targeted programs designed to smooth the upgrade from earlier-generation IBM Power Systems* servers, as well as x86 boxes. Free temporary access to live partition mobility simplifies migration and reduces licensing costs. The focus is on enabling enterprises to realize business value rapidly and with minimal disruption to operations. Because at the end of the day, the platform should serve the business, not vice versa.
The Power Systems platform supports key sectors of the economy, including retail, financial services, healthcare, banking and more. Clients for scale-out Power Systems servers typically fit into one of two categories.
The first type of client seeks high-performance solutions to address database-intensive workloads (e.g., an electronic securities-trading platform or a social networking site). These types of organizations can process thousands of transactions per second, including those that involve sensitive, personally identifiable information (PII). Although cost is important, factors like security, performance and scalability are the primary drivers in their choice of platform. So the POWER9 generation, together with its software stack, was designed to bring business value to these users.
The second type of client focuses on large-scale distributed-computing networks such as a chain of pharmacies that deploys one server for each store to support operations. With workloads comprising a few thousand transactions per day at each location, these applications aren’t particularly demanding. Clients may have an increasing interest in security but it doesn’t drive their choice of platform. Availability and resiliency drive their decision-making. The POWER9 platform was designed to bring business value to these users, too.
The POWER9 processor was designed from the silicon up to handle heavy processing loads. With massive multithreading, it can support significantly more VMs per core than x86 boxes. For organizations focused on performance, the POWER9 generation delivers vastly improved price-performance metrics compared to x86 servers. And given that software is licensed on a per-core basis, the architecture can result in substantial savings compared to commodity servers.
Organizations prioritizing availability and reliability also benefit from POWER9 performance. A single box can accommodate all of the workloads required at a given location. “For these clients, usability is important. If they’re running their workloads on an IBM i machine, it’s one person running it, maybe part-time,” says Simon Porstendorfer, senior offering manager of scale-out Power Systems servers. “Running the same workloads in an x86 environment would require three or four people within the IT department just to take care of the x86 servers.” That adds up to considerable savings.
Conducting business at the enterprise level requires connectivity, and connectivity entails risk. Online transaction processing almost inevitably involves sensitive PII. The POWER9 processor includes several features designed to enhance security and protect both customers and the corporate brand.
“We always look for ways to make the benefits of the new hardware available to clients as soon as possible and as simply as possible.”—Petra Bührer, offering manager, Power Systems software
Security begins at boot up. POWER9 servers incorporate a physical Trusted Platform Module (pTPM) to implement Secure Boot. Based on an international standard, this secure crypto processor checks for a digital signature on firmware components to ensure that only trusted firmware is being loaded into the server. pTPM controls access to sensitive system memory regions. If a validation fails—indicating a risk of tampering—the pTPM may stop the boot.
POWER9 servers also have a feature known as Trusted Boot. Remote Trusted Boot attestation of firmware images enables a remote system to determine the level of trust in the integrity of the platform. This is increasingly important in cloud environments where resources are shared.
This is a firmware-based feature that applies a cryptographic technique called hashing to monitor the authenticity of the firmware components. In hashing, the system performs a calculation based on the code that results in a value known as the hash. If the hash generated at boot up matches the value stored in the system, it confirms that the firmware is unchanged and has loaded properly. If the hash is different from the stored value, something has changed in the code and the system may be at risk.
Previous generations of Power Systems servers included a virtual Trusted Platform module supporting Trusted Boot. pTPM now anchors the chain of trusted boot in the hardware, which makes migration to POWER9 an easy choice for enterprises with applications that require the highest possible levels of security. Trusted and secure boot currently apply only to firmware, but work is underway to extend them to verify OS security as well.
Secure Boot and Trusted Boot apply to both on premises and cloud-based systems, which is a key benefit. Organizations have a significant amount of control over the security of assets they own within their data centers, whereas they have only limited oversight of the components in distributed cloud environments (e.g., partner-ing with service providers). Trusted Boot attestation can be applied to both types of environments, enabling enterprises to confirm that the computing platform they’re accessing remotely is secure.
POWER9 boxes boast additional security features such as the new GZIP compression capabilities on chip, which is much faster than doing it via software compression, which IBM provided previously. Another essential security feature is a hardware-based random number generator. The ability to generate random numbers is critical to creating cryptographic keys. Although software-based random-number generators were available before, they’re more vulnerable to modification by malicious code. A hardware-based random-number generator leveraging a new instruction is tamper proof. Including that functionality in the POWER9 processor adds another layer of security to this high-performance chip.
Upgrading to POWER9 technology offers one more security advantage: The equipment will remain under support agreements until the release of the N+2 generation and thus receive fixes and security patches. System administrators are often reluctant to disturb stable workloads, especially mission-critical ones. It can be tempting to maintain older boxes for just that reason. With the release of POWER9, only the POWER7*, POWER8* and POWER9 generations receive active support. Support for POWER7 will phase out in September 2019. In the event vulnerabilities are discovered, IBM will deploy patches for clients for the aforementioned hardware, but not for earlier generations. “So it pays off to upgrade and stay current, not only from a price-performance standpoint, but as well from a security standpoint," says Petra Bührer, offering manager, Power Systems software.
This raises another point of particular interest to the user base represented by the pharmacy chain: Older equipment is prone to breakdown and outages. “If you have a POWER5 or POWER6* system, which is no longer under support, it becomes difficult to maintain, and difficult to get parts,” Porstendorfer says. “These types of clients aren't upgrading because of performance but just to stay current technology-wise and security-wise, and to mitigate the risk of equipment failing because of age.”
In the modern computing environment, virtualization is almost a given. Dividing a server into a series of VMs provides a way to maximize utilization rates, more effectively deliver compute resources to internal customers, deliver high availability, and minimize energy usage and floor space. Previously, clients wishing for virtualization had to order PowerVM, the ultra-secure Power Systems hypervisor, as a separate item. In recognition of the near necessity of virtualization in today’s corporate computing environment, IBM now ships every POWER9 server with PowerVM Enterprise Edition preinstalled to make them cloud-ready.
To address system administrators’ reluctance to disturb stable workloads, IBM developed live partition mobility (LPM). Available with the PowerVM Enterprise Edition, LPM can move running workloads from one machine to another. This is useful for workload balancing failover. In the case of upgrades, LPM can also be applied to migration from a POWER7 or POWER8 server to a new POWER9 machine, like the scale-out servers. Workloads remain in operation the entire time so that the migration is invisible to end users.
“These types of clients aren't upgrading because of performance but just to stay current technology-wise and security-wise, and to mitigate the risk of equipment failing because of age.””—Simon Porstendorfer, senior offering manager of scale-out Power Systems servers
LPM is only available with the PowerVM Enterprise Edition. Clients may not have this version installed on older boxes that will be involved in their migration and they may discover this issue at an inconvenient time. To eliminate problems and simplify the upgrade, IBM offers clients an unlimited number of temporary PowerVM Enterprise Edition licenses for free when moving to POWER9, affording them access to LPM. This enables the system administrators to activate as many instances of LPM as they need in order to switch running workloads over to the new boxes. Clients should be aware that this applies only to the POWER7 and POWER8 generations. Earlier generations need to be upgraded before participating in this program.
Delivering Business Value
The program is just one example of IBM’s commitment to working with clients to maximize value and simplify migration. “We always look for ways to make the benefits of the new hardware available to clients as soon as possible and as simply as possible,” says Bührer. “Various programs are in place that clients can take advantage of when upgrading early, which are quite attractive.” As an example, before POWER9 servers were shipping, clients with immediate capacity needs could purchase POWER8 boxes at a discounted rate to get a price-performance metric equivalent to that delivered by POWER9 servers. Once the POWER9 hardware was available, those clients could make the swap at no additional cost.
Business needs vary depending upon the organization, the application and the use case. IBM took these factors into account when developing the POWER9 generation. Every element—from the chip itself to the software stack—has been designed to deliver immediate business value.
Kristin Lewotsky is a freelance technology writer based in Amherst, NH. More →