A new IBMfor a secure open cloud

Simone Bonetti, PhD LinuxONE/zSystems Technical Specialist, IBM Italy

@simonebonetti88

#redhatosd

1911 1924 1947 1956

Evolution in progress…

More than 100 years of

1888 1891 1972

#cognitive #AI #cloud #IoT #security

#redhatosd

#redhatosd

Five Emerging Technologies Will start to change the world Within Five Years The Top Emerging Technologies To Watch: 2017 To 2021

#IoT #AI #Cognitive #Cloud

Source: Forrester Research, Inc.

#redhatosd

#redhatosd

Internet of Things Digital/Physical Interaction In the near future devices, humans and corporations could be able to share information and value.

#redhatosd

Internet of Things Digital/Physical Interaction In the near future devices, humans and corporations could be able to share information and value.

AS - IS #B2B

#B2C

#redhatosd

Internet of Things Digital/Physical Interaction In the near future devices, humans and corporations could be able to share information and value.

AS - IS #B2B

#B2C

TO - BE

#Business2Individuals

#redhatosd

#Automated #Peer2Peer #Trustless

Internet of Things Digital/Physical Interaction In the near future devices, humans and corporations could be able to share information and value.

AS - IS #B2B

#B2C

TO - BE

#Business2Individuals

#redhatosd

Blockchain Technology A type of distributed register that takes a number of records and puts them in a block (rather like collating them on to a single sheet of paper). Each block is then ‘chained’ to the next block, using a cryptographic signature. This allows block chains tobe used like corroborated permissions.

a ledger, which can be shared and by anyone with the appropriate

DISTRIBUTED LEDGER TECHNOLOGY: BEYOND BLOCKCHAIN A report by the UK Government Chief Scientific Adviser

Hyperledger Project

#redhatosd

addressing important features for a cross-industry open standard for distributed ledgers.

Hyperledger ProjectHyperledger Project

100+ contributors

81 members

170% growth rate in 6 months

@Hyperledger hyperledger.org

#Business-Ready #Flexible #Extensible #Interoperable

Hyperledger Whitepaper

#redhatosd

Impossibile visualizzare l'immagine. La memoria del computer potrebbe essere insufficiente per aprire l'immagine oppure l'immagine potrebbe essere danneggiata. Riavviare il computer e aprire di nuovo il file. Se viene visualizzata di nuovo la x rossa, potrebbe essere necessario eliminare l'immagine e inserirla di nuovo.

1999 All IBM servers support Linux All IBM servers support Linux

100 million USD/Year 100 million USD/Year 10.000+ IBMers involved

500+ IBM’s patent donated 10.000+ IBMers involved

500+ IBM’s patent donated 500+ IBM software products on Linux

150+ open source project and communities

Hyperledger Project

Hyperledger

#redhatosd

Integrated connection to existing business processes

Elliptical Curve Digital Signatures

Global Security Compliance

#performance #security #availability

Consesus Algorithm

Shared Replicated Ledger

Cryptographic Protocols

Chaincode aka Smart Contracts

API Layer

App App 1 2

... App n

© 2016 IBM Corporation

Impossibile visualizzare l'immagine. La memoria del computer potrebbe essere insufficiente per aprire l'immagine oppure l'immagine potrebbe essere danneggiata. Riavviare il computer e aprire di nuovo il file. Se viene visualizzata di nuovo la x rossa, potrebbe essere necessario eliminare l'immagine e inserirla di nuovo.#redhatosd

IBM LinuxONEBringing Linux to new hights

Bringing Linux to new hights

© 2016 IBM Corporation

#redhatosd

LinuxONETM

Rockhopper LinuxONETM

Emperor

Linux your way. Without limits. Without risks.

Up to 20 IFLs 4.3 GHz

From 64 GB to 4 TB RAM Up to 40 LPARs

Up to 141 IFLs 5.0 GHz

From 64 GB to10 TB RAM Up to 85 LPARs

Impossibile visualizzare l'immagine. La memoria del computer potrebbe essere insufficiente per aprire l'immagine oppure l'immagine potrebbe essere danneggiata. Riavviare il computer e aprire di nuovo il file. Se viene visualizzata di nuovo la x rossa, potrebbe essere necessario eliminare l'immagine e inserirla di nuovo.

IBM LinuxONETM

Bringing Linux to new hights

© 2016 IBM Corporation

#redhatosd

High-Security Plan User

Other User

Public Internet Bluemix

Secure Service Container

Hyperledger

Impossibile visualizzare l'immagine. La

IBM LinuxONETM

IBM High Security Business Network distinctive value: Secure Service Container

The High Security Business Network is deployed as an appliance (operating systems, Docker, middleware, and software components) into an IBM Secure Service Container, which provides the base infrastructure for hosting blockchain core services and infrastructure with optimized security.

© 2016 IBM Corporation

#redhatosd

IBM LinuxONETM

IBM High Security Business Network distinctive value: Why Containers?

Containers Server HW

Host OS

Bin/Lib Bin/Lib

App App

Consesus Algorithm

Shared Replicated Ledger

Cryptographic Protocols

Chaincode aka Smart Contracts

API Layer

App App 1 2

... App n

Server HW

Host OS

Hypervisor

Guest Guest OS OS

Bin/Lib Bin/Lib

App App

Traditional

© 2016 IBM Corporation

#redhatosd

18

Secure Service Container ensures…

No system admin access, ever • Once the appliance image is built,

OS access (ssh) is not possible • Only Remote APIs available • Memory access disabled •  Encrypted disk • Debug data (dumps) encrypted

How the Secure Service Container boot sequence works…

Boot sequence 1.  Firmware bootloader is loaded in memory 2.  Firmware loads the software bootloader from disk

1.  Check integrity of software bootloader 2.  Decrypt software bootloader

3.  Software bootloader activate encrypted disks 1.  Key stored in software bootloader (encrypted) 2.  Encryption/decryption done on the flight when accessing

appliance code&data 4.  Appliance designed to be managed by remote APIs only

1.  REST APIs to configure Linux and apps 2.  No ssh (allowed in dev mode)

High Security Business Network IBM LinuxONETM

IBM High Security Business Network distinctive value: Secure Service Container

© 2016 IBM Corporation

#redhatosd

IBM High Security Business Network distinctive value: Secure Service Container

Internet

SecurityLayer3

Internet

SecurityLayer2

Internet

SecurityLayer1

410GBOSA

PR/SM

8FICONPCHIDs1HiperSockets

2CryptoCards

Proxy

48GBMemory

Proxy

SecureServiceContainer

HipersocketsHigh-Security Plan User

Bluemix Linux Linux

48GBMemory

48GBRAM

...Peer0 Peer3

Chaincod

e0

Chaincod

e1

Chaincod

ej

Run multiple, separate independent Blockchain networks within the same

IBM LinuxONE box

II ^

IBM LinuxONETM

Cloud

+

Secure Service Container

Technology

+ LPAR isolation

+

Integrated Cryptography

SoftLayer

LoadBalancer

© 2016 IBM Corporation

#redhatosd

Systems

IBM Cloud Platform

#redhatosd

Collaborative Innovation

Systems

IBM

OPEN The focal point for Deployment and Use of Linux on the Mainframe

Hyperledger Project

OpenPOWER

Cloud Platform

#redhatosd

Cognitive Business

Collaborative Innovation

Systems

IBM

OPEN The focal point for Deployment and Use of Linux on the Mainframe

Hyperledger Project

OpenPOWER

Cloud Platform

#redhatosd

Cognitive Business

Collaborative Innovation (x) Input

Variables (i.e. your data)

Systems

IBM

OPEN The focal point for Deployment and Use of Linux on the Mainframe

Hyperledger Project

OpenPOWER

Cloud Platform

#redhatosd

Cognitive Business

Collaborative Innovation

f(x) Input

Variables (i.e. your data)

Prediction Function

Systems

IBM

OPEN The focal point for Deployment and Use of Linux on the Mainframe

Hyperledger Project

OpenPOWER

Cloud Platform

#redhatosd

Cognitive Business

Collaborative Innovation

y = f(x) Input Predictive

Outcome Variables (i.e. your data)

Prediction Function

Systems

IBM

OPEN The focal point for Deployment and Use of Linux on the Mainframe

Hyperledger Project

OpenPOWER

Cloud Platform

#redhatosd

The world is changing,

SO IS .

© 2016 IBM Corporation

#redhatosd 26

GrazieSimone Bonetti LinuxONE/

zSystems Technical Specialist, IBM Italy@simonebonetti88

#redhatosd