The Expanding World of IBM Z
The mainframe is multi-faceted and complex but can be described more simply as a two-sided gold coin.
IBM Z as a 2-Sided Gold CoinThe mainframe is multi-faceted and complex but can be described more simply as a two-sided gold coin. On one side is the evolving world of z/OS. On the other side is the expanding world of Linux on IBM Z, and LinuxONE, where thousands of virtual servers can run on a single IBM Z system processor with four 19-inch frames. Both sides live on hardware that boasts five nines (99.99999%) availability, massive scalability and high performance. Both sides are enveloped by the gold standard in security.
The z/OS Side of the Coin
The z/OS side of the coin comes with numerous innovative advantages. For example, Db2® Distributed Database Architecture (DRDA), Db2, gateways to hybrid cloud, z/OS Container Extensions (zCX), new and existing Java applications, and other data transmission, encryption, and analytic scenarios can run on the zIIP specialty engine. A zIIP is a dedicated, specialty processor that works asynchronously with general processors on IBM Z. It is designed for selected databases, cloud and Java processing workloads. Work done on the zIIP engine does not contribute to the million service units (MSU) ratings or machine model designation and therefore does not impact software usage charges. This makes adding new applications to IBM Z cost-effective and transparent to the user, when compared with distributed systems and public cloud.
zCX makes it possible to run containerized applications packaged as Docker container images on IBM z/OS. Developers (Dev) and system administrators (Ops) can collaborate to develop, test, deploy and operate popular open-source packages, Linux applications, IBM software, and third-party software together with z/OS applications and data.
Gold in the Coin
IBM Z is full of industry leading security features like Safeguarded Copy and logical corruption protection (air gap), Data Privacy Passports and pervasive encryption. Safeguarded Copy creates an immutable, logical corruption protection solution against software failures, corruption caused by inadvertent user error, malicious intent and ransomware attacks. The backups are not directly accessible by a host. The data can only be used after a backup is recovered to a separate recovery volume.
The hypervisor, PR/SM, that manages the logical partitions (LPARS) on IBM Z is the gold standard in data separation and isolation, sporting a EAL5+ Common Criteria Enterprise Assurance Level certification. Meanwhile, the IBM Secure Service Container, a type of logical partition under PR/SM, provides base infrastructure for integration of OS, middleware and software components. It provides the key security capabilities for IBM Hyper Protect Services, both in the public cloud and on premise. In this environment, only authorized applications are permitted to boot. All data at-rest and in-flight are encrypted. Most importantly, there is no system admin access to memory or processor state and no direct OS level access. All communications are via encrypted RESTful APIs.
Data Privacy Passports is now available on IBM z15™ and IBM LinuxONE III. This new feature only supports SQL structured data sources accessed via JDBC. It allows encryption of data, and isolation of workloads while creating a highly secure Linux-optimized platform for data serving and open-enterprise computing. It lets you implement field level data protection to protect data throughout its lifecycle. The data protection policy is enforced from a central point of authority, the Passport Controller, which allows control over data, no matter where it goes. As a result, only authorized applications or users can obtain a view of the data, where that view can be enforced through policy. This creates data protection that spans hybrid and multi-party computing environments, including data stored in public cloud deployments. Data can be protected on or off platform even in a hybrid cloud or public cloud; to open the encrypted data it must pass through the Passport Controller.
Linux on Z Side of the Coin
Many corporations have discovered that the IBM Z platform is often the best location for a “data lake” running side-by-side with data analytics. The proximity of the data to the analytic engines results in the opportunity for fast decisions in real time. Linux on IBM Z has evolved into a landing place that can host thousands of virtual servers running Linux on IBM Z on one “processor.” Each processor can have between one and four 19-inch frames, running Red Hat® Openshift®, bringing together the core open-source components of Linux, containers and Kubernetes. Red Hat OpenShift is an open-source container application platform based on the Kubernetes container orchestrator for enterprise application development and deployment. It offers ways to manage and automate a large number of containers. Doing so frees up developers from the manual management of containers. It adds additional capabilities such as registry and developer tools and optimizes the software for enterprise use.
OpenShift supports multiple languages for ease of development, including Java, PHP, Python, Ruby, Perl and Node.js. Ansible® is also available to assist with configuration management and automation.
The 19-inch frame is great for colocation and standardized facilities management. This environment can grow to thousands of servers running millions of containers.
IBM further strengthens the environment by adding tools that simplify the exploitation of Red Hat Openshift called IBM Cloud Paks. IBM Cloud Pak® solutions tap into the power of IBM Watson® to apply AI to business problems to predict and shape future outcomes, automate complex processes, optimize employees’ time, implement intelligent workflows, accelerate digital transformation, and create more meaningful customer experiences.
Java, JSON, Python, Kubernetes, Github, Prometheus, Docker, Postgres, etc. are no strangers to Linux on IBM Z. So what applications are suitable for migration to Linux on IBM Z?
- Applications or middleware (database servers, application servers, etc.) that are supported by a software vendor on multiple platforms like Linux on Z
- Applications and their components that benefit from being close to data already on Linux on Z. A boost in performance results when applications are put on the same server as their data source.
- Applications with sustained high I/O rates
- Applications with lower sustained CPU peaks and average memory needs
- Application development or test environments for Linux on other platforms
- Applications that do not need to be recompiled. This includes interpretive languages like Java, JSON and Python.
Patrick Stanard is an IBM executive IT architect currently acting in the role of chief architect for a large financial company.
John Shuman is an IBM executive IT architect currently acting in the role of chief architect for a large financial company.
Sponsored ContentAchieve Compliance Without Impacting Productivity
Post a Comment
Note: Comments are moderated and will not appear until approvedcomments powered by Disqus