IBM Systems Magazine, Mainframe - May/June 2018 - 22
"Clients using Linux next to their
traditional workloads are the fastest
growing mainframe segment."
-Barry Baker, vice president, IBM Z Software
workloads on x86 are often
split across multiple systems,
which can introduce latency in
application response time. It can
also make applications more
complex to deploy and manage.
Running Linux workloads next
to the data increases efficiency,
which is important for those
organizations that keep corporate
data on IBM Z. "When Linux is
colocated on the system, clients
have memory speed access to the
most current data," Jollans says.
That access provides performance
and consistency benefits.
Mainframe Security Is
Critical for Linux
In addition, clients who need high
security choose the mainframe.
Banking is one industry that
relies on these attributes. "The
mainframe provides key banking
applications with access to the
databases and systems of record
data," Baker says. Banks also
need strong security to meet
government regulations. "The
levels of isolation and security on
IBM Z are unmatched by any other
system on the market," he notes.
Clients gain performance
and efficiency in operation by
colocating Linux with traditional
workloads on the mainframe. Benefits include the
capability to use interconnects rather than relying
on network operations. The IBM Z platform can be
managed effectively and efficiently by use of unique
arrangements for administration, security, backup
and disaster recovery.
For instance, a mobile banking app developed
on Linux needs to access the core banking system.
"Clients will see material benefits from colocating that
workload in the same security envelope," says Baker.
Security is critical for computer resources shared
between multiple tenants. Container technology
provides clients with the ability to keep data and
workloads separate. The IBM Z platform can handle
thousands of containers on a single system. Further,
over 1,000 Linux guests are supported on a single
IBM Z system, according to Baker. For those clients
using Docker containers, the IBM Z platform can
handle even more containers on a single system
eliminating network latency.
Distributed systems also can handle containers.
However, the use of many containers on a scale-out
x86 system can reduce system speed because these
systems need to be split across multiple servers. This
increases the likelihood of introducing latency due to
Machine Learning, Blockchain
and Cloud Support
The IBM Z and LinuxONE servers support today's
modern workloads, such as machine learning,
blockchain and cloud. Machine-learning software
is available on IBM Z both for z/OS and for Linux
on Z, giving the workload quick access to data. In
developing the solutions, the IBM Z team worked
Linux on Z: ibm.co/2pqQI3C
IBM LinuxONE website: ibm.com/linuxone
IBM LinuxONE TCO calculator:
22 // MAY/JUNE 2018 ibmsystemsmag.com
with IBM Analytics and gleaned
pointers from IBM's data science
experience. Clients benefit from
that shared experience.
Besides using the IBM Z
server for on-premises cloud
deployments, IBM offers the IBM
Blockchain Platform on the IBM
Cloud. The blockchain offering is
built on and runs on LinuxONE.
To protect the security of the
blockchain IBM uses Secure
Service Containers (SSC), which
is a secure envelope that's 100
percent encrypted. SSC can only
be accessed using white-listed
management APIs, which helps
prevent insider intrusions. SSC "is
a unique approach" that no other
platform is using, Baker says.
By enabling each tenant to
have its own SSC, this solution
also serves the cloud service
provider market. "It's like having
a physical air gap between the
tenants' systems," Jollans says.
Pervasive encryption, another
security innovation, provides
a combination of hardware,
firmware and software. IBM has
been working with Canonical, Red
Hat and SUSE to include software
support for this feature in their
Linux distributions for IBM Z and
LinuxONE. Pervasive encryption
applies to all data, eliminating
the need for data center staff to
decide what to encrypt. Manual
decisions on which data to encrypt
can lead to errors and often result
in huge management costs. It's
now possible to encrypt everything
without impact on service level
agreements (SLAs), notes Jollans.
To achieve encryption at scale,
IBM starts with its chip design.