Post on 13-Mar-2020
A new IBMfor a secure open cloud
Simone Bonetti, PhD LinuxONE/zSystems Technical Specialist, IBM Italy
@simonebonetti88
#redhatosd
1911 1924 1947 1956
Evolution in progress…
More than 100 years of
1888 1891 1972
#cognitive #AI #cloud #IoT #security
#redhatosd
#redhatosd
Five Emerging Technologies Will start to change the world Within Five Years The Top Emerging Technologies To Watch: 2017 To 2021
#IoT #AI #Cognitive #Cloud
Source: Forrester Research, Inc.
#redhatosd
#redhatosd
Internet of Things Digital/Physical Interaction In the near future devices, humans and corporations could be able to share information and value.
#redhatosd
Internet of Things Digital/Physical Interaction In the near future devices, humans and corporations could be able to share information and value.
AS - IS #B2B
#B2C
#redhatosd
Internet of Things Digital/Physical Interaction In the near future devices, humans and corporations could be able to share information and value.
AS - IS #B2B
#B2C
TO - BE
#Business2Individuals
#redhatosd
#Automated #Peer2Peer #Trustless
Internet of Things Digital/Physical Interaction In the near future devices, humans and corporations could be able to share information and value.
AS - IS #B2B
#B2C
TO - BE
#Business2Individuals
#redhatosd
Blockchain Technology A type of distributed register that takes a number of records and puts them in a block (rather like collating them on to a single sheet of paper). Each block is then ‘chained’ to the next block, using a cryptographic signature. This allows block chains tobe used like corroborated permissions.
a ledger, which can be shared and by anyone with the appropriate
DISTRIBUTED LEDGER TECHNOLOGY: BEYOND BLOCKCHAIN A report by the UK Government Chief Scientific Adviser
Hyperledger Project
#redhatosd
addressing important features for a cross-industry open standard for distributed ledgers.
Hyperledger ProjectHyperledger Project
100+ contributors
81 members
170% growth rate in 6 months
@Hyperledger hyperledger.org
#Business-Ready #Flexible #Extensible #Interoperable
Hyperledger Whitepaper
#redhatosd
Impossibile visualizzare l'immagine. La memoria del computer potrebbe essere insufficiente per aprire l'immagine oppure l'immagine potrebbe essere danneggiata. Riavviare il computer e aprire di nuovo il file. Se viene visualizzata di nuovo la x rossa, potrebbe essere necessario eliminare l'immagine e inserirla di nuovo.
1999 All IBM servers support Linux All IBM servers support Linux
100 million USD/Year 100 million USD/Year 10.000+ IBMers involved
500+ IBM’s patent donated 10.000+ IBMers involved
500+ IBM’s patent donated 500+ IBM software products on Linux
150+ open source project and communities
Hyperledger Project
Hyperledger
#redhatosd
Integrated connection to existing business processes
Elliptical Curve Digital Signatures
Global Security Compliance
#performance #security #availability
Consesus Algorithm
Shared Replicated Ledger
Cryptographic Protocols
Chaincode aka Smart Contracts
API Layer
App App 1 2
... App n
© 2016 IBM Corporation
Impossibile visualizzare l'immagine. La memoria del computer potrebbe essere insufficiente per aprire l'immagine oppure l'immagine potrebbe essere danneggiata. Riavviare il computer e aprire di nuovo il file. Se viene visualizzata di nuovo la x rossa, potrebbe essere necessario eliminare l'immagine e inserirla di nuovo.#redhatosd
IBM LinuxONEBringing Linux to new hights
Bringing Linux to new hights
© 2016 IBM Corporation
#redhatosd
LinuxONETM
Rockhopper LinuxONETM
Emperor
Linux your way. Without limits. Without risks.
Up to 20 IFLs 4.3 GHz
From 64 GB to 4 TB RAM Up to 40 LPARs
Up to 141 IFLs 5.0 GHz
From 64 GB to10 TB RAM Up to 85 LPARs
Impossibile visualizzare l'immagine. La memoria del computer potrebbe essere insufficiente per aprire l'immagine oppure l'immagine potrebbe essere danneggiata. Riavviare il computer e aprire di nuovo il file. Se viene visualizzata di nuovo la x rossa, potrebbe essere necessario eliminare l'immagine e inserirla di nuovo.
IBM LinuxONETM
Bringing Linux to new hights
© 2016 IBM Corporation
#redhatosd
High-Security Plan User
Other User
Public Internet Bluemix
Secure Service Container
Hyperledger
Impossibile visualizzare l'immagine. La
IBM LinuxONETM
IBM High Security Business Network distinctive value: Secure Service Container
The High Security Business Network is deployed as an appliance (operating systems, Docker, middleware, and software components) into an IBM Secure Service Container, which provides the base infrastructure for hosting blockchain core services and infrastructure with optimized security.
© 2016 IBM Corporation
#redhatosd
IBM LinuxONETM
IBM High Security Business Network distinctive value: Why Containers?
Containers Server HW
Host OS
Bin/Lib Bin/Lib
App App
Consesus Algorithm
Shared Replicated Ledger
Cryptographic Protocols
Chaincode aka Smart Contracts
API Layer
App App 1 2
... App n
Server HW
Host OS
Hypervisor
Guest Guest OS OS
Bin/Lib Bin/Lib
App App
Traditional
© 2016 IBM Corporation
#redhatosd
18
Secure Service Container ensures…
No system admin access, ever • Once the appliance image is built,
OS access (ssh) is not possible • Only Remote APIs available • Memory access disabled • Encrypted disk • Debug data (dumps) encrypted
How the Secure Service Container boot sequence works…
Boot sequence 1. Firmware bootloader is loaded in memory 2. Firmware loads the software bootloader from disk
1. Check integrity of software bootloader 2. Decrypt software bootloader
3. Software bootloader activate encrypted disks 1. Key stored in software bootloader (encrypted) 2. Encryption/decryption done on the flight when accessing
appliance code&data 4. Appliance designed to be managed by remote APIs only
1. REST APIs to configure Linux and apps 2. No ssh (allowed in dev mode)
High Security Business Network IBM LinuxONETM
IBM High Security Business Network distinctive value: Secure Service Container
© 2016 IBM Corporation
#redhatosd
IBM High Security Business Network distinctive value: Secure Service Container
Internet
SecurityLayer3
Internet
SecurityLayer2
Internet
SecurityLayer1
410GBOSA
PR/SM
8FICONPCHIDs1HiperSockets
2CryptoCards
Proxy
48GBMemory
Proxy
SecureServiceContainer
HipersocketsHigh-Security Plan User
Bluemix Linux Linux
48GBMemory
48GBRAM
...Peer0 Peer3
Chaincod
e0
Chaincod
e1
Chaincod
ej
Run multiple, separate independent Blockchain networks within the same
IBM LinuxONE box
II ^
IBM LinuxONETM
Cloud
+
Secure Service Container
Technology
+ LPAR isolation
+
Integrated Cryptography
SoftLayer
LoadBalancer
© 2016 IBM Corporation
#redhatosd
Systems
IBM Cloud Platform
#redhatosd
Collaborative Innovation
Systems
IBM
OPEN The focal point for Deployment and Use of Linux on the Mainframe
Hyperledger Project
OpenPOWER
Cloud Platform
#redhatosd
Cognitive Business
Collaborative Innovation
Systems
IBM
OPEN The focal point for Deployment and Use of Linux on the Mainframe
Hyperledger Project
OpenPOWER
Cloud Platform
#redhatosd
Cognitive Business
Collaborative Innovation (x) Input
Variables (i.e. your data)
Systems
IBM
OPEN The focal point for Deployment and Use of Linux on the Mainframe
Hyperledger Project
OpenPOWER
Cloud Platform
#redhatosd
Cognitive Business
Collaborative Innovation
f(x) Input
Variables (i.e. your data)
Prediction Function
Systems
IBM
OPEN The focal point for Deployment and Use of Linux on the Mainframe
Hyperledger Project
OpenPOWER
Cloud Platform
#redhatosd
Cognitive Business
Collaborative Innovation
y = f(x) Input Predictive
Outcome Variables (i.e. your data)
Prediction Function
Systems
IBM
OPEN The focal point for Deployment and Use of Linux on the Mainframe
Hyperledger Project
OpenPOWER
Cloud Platform
#redhatosd
The world is changing,
SO IS .
© 2016 IBM Corporation
#redhatosd 26
GrazieSimone Bonetti LinuxONE/
zSystems Technical Specialist, IBM Italy@simonebonetti88
#redhatosd