Running a Premium Microservices Cloud With IBM LinuxONE and Linux on Z
IBM LinuxONE and Linux on Z offer a differentiated infrastructure and open standards for running a premium microservices cloud.
By Dr. Fehmina Merchant05/01/2018
Many enterprises are using microservices architecture to build and run their cloud-native services on commodity servers. But businesses that need competitive differentiation—in terms of performance, reliability, scalability and security—should take advantage of the latest technology advancements and tools provided on IBM LinuxONE* and Linux* on IBM Z*.
The IBM LinuxONE and Linux on Z environments are designed to support massive capacity and performance for the most demanding cloud-native workloads with unprecedented levels of security. The IBM LinuxONE and Z environments can offer a differentiated infrastructure coupled with an open-standards-based platform for running a premium microservices cloud.
Both systems are designed from the ground up to support a high performing, reliable, scalable and secure microservices cloud (see Figure 1).
To deliver outstanding performance, every resource on the system—cores and processors, cache, memory, I/O—is optimized. A fully configured system can have up to 170 cores housed in industry-leading, fast 5.2 GHz 10-core processor chips, have state-of-the-art four-level cache and can have up to 32 TB of memory.
Dedicated cores are designed to support a huge number of concurrent I/O services, while delivering consistent subsecond end-user response times. Further, with superior workload management capabilities, IBM LinuxONE and Linux on Z environments can enable resources to be effectively used by tens of thousands of microservices, thereby achieving the highest possible utilization of the platform.
Recent studies at IBM have shown that the LinuxONE and Linux on Z environments can deliver up to 2.4x more throughput per core for cloud-native applications compared to running them on x86 commodity infrastructure1.
Both systems are built to operate with the highest levels of reliability and availability. At the hardware level, they ship with redundant cores, which guarantee continuous availability in the event of hardware failure.
Further, redundancy in the memory subsystem is built-in using the highly robust redundant array of independent memory technology that can provide protection from failures at dynamic RAM, dual inline memory module and memory channel level. IBM LinuxONE and Z memory subsystem sets the gold standard for being among the most resilient solutions in the industry.
Like the previous generations, the latest IBM LinuxONE and Z mainframes can be split into multiple LPARs. Within these partitions, microservices/containers can both be deployed directly on them or they can run inside a VM under z/VM or Kernal-based VM hypervisors. Resources can be either shared or dedicated to individual LPARs, with the flexibility to dynamically scale up by adding resources to partitions or scale out by adding more partitions on the system. Further, with the capacity on-demand feature, resources can be temporarily activated or deactivated for short periods of time to handle seasonal or periodic fluctuations in workloads in a very cost-effective fashion.
LPARs on IBM LinuxONE and Z are EAL 5+ certified and can allow for services to be run in highly secure isolation on a single box. For instance, as depicted in Figure 1, microservices environments can be hosted for multiple tenants on separate logical partitions on the same system without risks, thereby obviating the need for having separate physical systems as would be the case on other commodity infrastructure.
And for ultimate protection of data, high-performance encryption capability for data, both at rest and in flight, with integrated cryptographic capabilities is built in the hardware. Each processor on IBM LinuxONE and Z has the coprocessor Central Processor Assist for Cryptographic Functions (CPACF) that can perform symmetric cryptographic and hashing functions at more than 2x better throughput compared to commodity platforms2. Also, a FIPS 140-2 level 4 certified hardware security module is on board for key management and for providing cryptographic operations above and beyond CPACF.
LPARs can be defined as the new IBM Secure Service Container LPAR type to enable secure and fast deployment of packaged solutions such as Docker container-based microservices environment.
With the Secure Service Container capability, tamper protection is provided during the appliance installation and runtime, and the confidentiality of data and code is also ensured both in flight and at rest via automated encryption. The management access for the deployed solution is also secured by design and provided via REST APIs and web administrative tools.
Open Standards for Cloud-Native Applications
On top of a differentiated infrastructure, cloud-native applications can be deployed and managed on IBM LinuxONE and Linux on Z with open-standards-based container technologies such as Docker and Kubernetes. Open technologies can make it easier for businesses to adopt a microservices platform and integrate with their existing infrastructure with consistency.
IBM Cloud Private is a new offering optimized for IBM LinuxONE and Linux on Z that provides an integrated environment for deploying and managing a container-based microservices cloud. It includes the Docker and Kubernetes container platform, a management console and a core set of management services that are integrated out-of-the-box.
These management services include capabilities for persistent storage, monitoring, logging, and identity and access management. IBM Cloud Private also provides access to industry-leading enterprise solutions from IBM middleware, data and analytics portfolio such as IBM WebSphere* Application Server, IBM Db2*, IBM MQ and IBM Data Science Experience, along with other IBM and third-party services.
IBM LinuxONE and Linux on Z environments can offer a differentiated infrastructure coupled with an open-standards-based microservices platform that today’s enterprises demand and is unlike any other solution in the marketplace.
1. Performance results based on IBM internal tests running Apache jmeter remotely against AcmeAir microservice on WebSphere Liberty. Results may vary. x86 configuration: Apache jmeter 2.13 running on an x86 server with 18 Intel E5-2697 v4 core at 2.30GHz, 768GB memory, 400 GB local RAID-5 volume on 15k 12Gbps SAS drives, SLES12 SP2, Docker 1.12.6, Kubernetes 1.3.3, etcd 2.1.3, and Calico 1.1/Flannel 0.6.1-10/none virtual network. AcmeAir flight / booking service and AcmeAir customer / authentication service running on two separate, but identically configured x86 servers with 18 Intel E5-2699 v3 cores at 2.30GHz, 768GB memory, 400 GB local RAID-5 volume on 15k 12Gbps SAS drives, SLES12 SP2, Docker 1.12.6, Kubernetes 1.3.3, Nginx 1.11.4, WebSphere Liberty 22.214.171.124, MongoDB 3.5.6, and Calico 1.1/Flannel 0.6.1-10/none virtual network. LinuxONE Emperor II configuration: Apache jmeter 2.13 running on an LPAR with 18 dedicated cores, 768GB memory, 80 GB DASD storage, SLES12 SP2, Docker 1.12.6, Kubernetes 1.3.3, etcd 2.1.3, and Calico 1.1/Flannel 0.6.1-10/none virtual network. AcmeAir flight/booking service and AcmeAir customer/authentication service running on two separate, but identically configured LPARs with 18 dedicated cores, 768GB memory, 80 GB DASD storage, SLES12 SP2, Docker 1.12.6, Kubernetes 1.3.3, Nginx 1.11.4, WebSphere Liberty 126.96.36.199, MongoDB 3.5.6, and Calico 1.1/Flannel 0.6.1-10/none virtual network. 2. Performance results based on IBM internal tests. Tests performed on IBM z13 and z14 running RHEL with 8 IFLs with SMT; x86 running RHEL with 8 cores w/SMT, E5-2667 v4 at 3.20GHz.
Dr. Fehmina Merchant is a senior consulting engineer with the IBM Competitive Project Office.
Sponsored ContentAchieve Compliance Without Impacting Productivity
Post a Comment
Note: Comments are moderated and will not appear until approvedcomments powered by Disqus