Posts Tagged ‘EAL 5+’

Value and Power of LinuxOne Emperor II

February 4, 2018

There is much value n the mainframe but it doesn’t become clear until you do a full TCO analysis. When you talk to an IBMer about the cost of a mainframe the conversation immediately shifts to TCO, usually in the form of how many x86 systems you would have to deploy to handle a comparable workload with similar quality of service.  The LinuxONE Emperor II, introduced in September, can beat those comparisons.

LinuxONE Emperor II

Proponents of x86 boast about the low acquisition cost of x86 systems. They are right if you are only thinking about a low initial acquisition cost. But you also have to think about the cost of software for each low-cost core you purchase, and for many enterprise workloads you will need to acquire a lot of cores. This is where costs can mount quickly.

As a result, software will likely become the highest TCO item because many software products are priced per core.  Often the amount charged for cores is determined by the server’s maximum number of physical cores, regardless of whether they actually are activated. In addition, some architectures require more cores per workload. Ouch! An inexpensive device suddenly becomes a pricy machine when all those cores are tallied and priced.

Finally, x86 to IBM Z core ratios differ per workload, but x86 almost invariably requires more cores than a z-based workload; remember, any LinuxONE is a Z System. For example, the same WebSphere workload on x86 that requires 10 – 12 cores may require only one IFL on the Z. The lesson here: whether you’re talking about system software or middleware, you have to consider the impact of software on TCO.

The Emperor II delivers stunning specs. The machine can be packed with up to 170 cores, as much as 32 TB of memory, and 160 PCIe slots. And it is flexible; use this capacity, for instance, to add more system resources—cores or memory—to service an existing Linux instance or clone more Linux instances. Think of it as scale-out capabilities on steroids, taking you far beyond what you can achieve in the x86 world and do it with just a few keystrokes. As IBM puts it, you might:

  • Dynamically add cores, memory, I/O adapters, devices, and network cards without disruption.
  • Grow horizontally by adding Linux instances or grow vertically by adding resources (memory, cores, slots) to existing Linux guests.
  • Provision for peak utilization.
  • After the peak subsides automatically return unused resources to the resource pool for reallocation to another workload.

So, what does this mean to most enterprise Linux data centers? For example, IBM often cites a large insurance firm. The insurer needed fast and flexible provisioning for its database workloads. The company’s approach directed it to deploy more x86 servers to address growth. Unfortunately, the management of software for all those cores had become time consuming and costly. The company deployed 32 x86 servers with 768 cores running 384 competitor’s database licenses.

By leveraging elastic pricing on the Emperor II, for example, it only needed one machine running 63 IFLs serving 64 competitor’s database licenses.  It estimated savings of $15.6 million over 5 years just by eliminating charges for unused cores. (Full disclosure: these figures are provided by IBM; DancingDinosaur did not interview the insurer to verify this data.) Also, note there are many variables at play here around workloads and architecture, usage patterns, labor costs, and more. As IBM warns: Your results may vary.

And then there is security. Since the Emperor II is a Z it delivers all the security of the newest z14, although in a slightly different form. Specifically, it provides:

  • Ultimate workload isolation and pervasive encryption through Secure Service Containers
  • Encryption of data at rest without application change and with better performance than x86
  • Protection of data in flight over the network with full end-to-end network security
  • Use of Protected Keys to secure data without giving up performance
  • Industry-leading secure Java performance via TLS (2-3x faster than Intel)

BTW the Emperor II also anchors IBM’s Blockchain cloud service. That calls for security to the max. In the end. the Emperor II is unlike any x86 Linux system.

  • EAL 5+ isolation, best in class crypto key protection, and Secure Service Containers
  • 640 Power cores in its I/O channels (not included in the core count)
  • Leading I/O capacity and performance in the industry
  • IBM’s shared memory vertical scale architecture with a better architecture for stateful workloads like databases and systems of record
  • Hardware designed to give good response time even with 100% utilization, which simplifies the solution and reduces the extra costs x86 users assume are necessary because they’re used to keeping a utilization safety margin.

This goes far beyond TCO.  Just remember all the things the Emperor II brings: scalability, reliability, container-based security and flexibility, and more.

…and Go Pats!

DancingDinosaur is Alan Radding, a Boston-based veteran information technology analyst, writer, and ghost-writer. Please follow DancingDinosaur on Twitter, @mainframeblog. See more of his IT writing at technologywriter.com and here.

The Mainframe at the Heart of the Security Storm

December 18, 2014

A survey of Chief Information Security Officers (CISOs) released by IBM in early December found more than 80% of security leaders believe the challenge posed by external threats is on the rise, while 60% also agree their organizations are outgunned in the cyber war. Even mainframe shops—the zEC12 has received the highest security rating, EAL 5+ —should not get complacent. There are a lot of bad guys gunning for the data center. Just ask Sony.

 ciso study ibm 2014

At least top management is putting resources into security. Three quarters of the CISO respondents expect their security budgets to increase dramatically over the next 3-5 years. IBM is jumping in with a security paper geared specifically for mainframe shops titled Security Intelligence for Mainframe Environments.

So what are the threats keeping CISOs awake at night?  Based on the study sophisticated external threats were identified by 40% of security leaders as their top concerns. Expect the extra budget to be thrown at these threats, which will require the most organizational effort over the next three to five years, as much as regulations, new technologies, and internal threats combined, according to the IBM analysts.

Although a majority of the CISOs surveyed appear confident their mature, traditional technologies that focus on network intrusion prevention, advanced malware detection, and network vulnerability scanning will fend off outside threats, nearly half reported that deploying new security technology is the top focus area for their organization. Their top worries: data leakage, cloud security, and mobile/device security.

Some other interesting findings from the survey:

  • While concern over cloud security remains strong, still close to 90% of respondents have adopted cloud or are currently planning cloud initiatives. Of this group, most expect their cloud security budget to increase dramatically over the next three to five years.
  • Over 70% of security leaders said real-time security intelligence is increasingly important to their organization. Yet about half found areas such as data classification and discovery and security intelligence analytics have relatively low maturity and require improvement or transformation.
  • Not surprisingly, despite the growing mobile workforce, only 45% believe they have an effective mobile device management approach. According to the study, mobile and device security ranked at the bottom of the maturity list.

Although your data center provides a tempting target to attackers, it also can protect you with an effective counter-punch. That counter-punch is delivered through increasingly powerful and fast analytics, especially real-time analytics. The objective is to identify attacks as they are underway. Otherwise, you are left scrambling to close the proverbial barn door after the horses (data) have left.

This will entail systems that identify who did what and when, recognizing what’s normal behavior versus abnormal, and obtaining visibility into subtle connections between millions of data points. This requires a great deal of contextual data and the analytical means to make sense of it. And here is where you come in: your team needs to integrate mainframe data with distributed events to gain insights that apply to the entire enterprise.

In fact, IBM identifies a series of issues that put the mainframe squarely at the heart of the challenge and the solution:

  • Complexity: The mainframe is an integral component of multiple, often large and complex business services, making it difficult to identify and analyze threats.
  • Visibility: Mainframe processes, procedures and reports are often siloed, impeding cross-enterprise information sharing to combat threats. (But silos also help protect mainframe data—be selective in breaking down the silos.)
  • Compliance: Verification of compliance is frequently a manual task—with problem alerts all too often received only after a problem has occurred.
  • Cost: Mainframe management requires highly skilled administrators, who often are costly and in short supply.

You already have many of the solutions IBM recommends, like RACF, CA-Top Secret, and CA-ACF2. The mainframe security paper cited above covers the rest. Given what happened to Sony, it’s worth reading the paper closely.

Best wishes for the holidays. DancingDinosaur is Alan Radding. You can follow DancingDinosaur on Twitter, @mainframeblog. Check out more of my IT writing and analysis at Technologywriter.com and here.


%d bloggers like this: