SUSE Linux Enterprise Server for System zSUSE Update for CAVMEN 2016

Don VosburgSystems Engineer

dvosburg@suse.com

2

SUSE and IBM z Systems – 15 Years!

3

Open Mainframe Projecthttps://www.openmainframeproject.org/

Collaborative project operating within the Linux Foundation• focal point for deployment

and use of the Linux OS in a mainframe computing environment

• increase collaboration across the mainframe community

• developed shared tool sets and resources

• teaching and educating the mainframe Linux engineers and developers of tomorrow

SUSE is a Founding and Platinum Member of OMP

4

Increaseuptime

Improve operational efficiency

Accelerateinnovation

The advanced foundation for your success

A highly reliable, scalable and secure server operating system, built to power physical, virtual and

cloud-based mission-critical workloads.

SUSE Linux Enterprise

5

SUSE® Linux Enterprise Server 12

Life Cycle Model

General Support Extended Support

Year 1 Year 2 Year 3 Year 4 Year 5 Year 6 Year 7 Year 8 Year 9 Y 10 Y 11 Y 12 Y 13

GA LTSS

SP1 LTSS

SP2 LTSS

SP3 LTSS

… … … …SPn LTSS

13-year lifecycle‒ 10 years general support‒ 3 years extended support

Long Term Service Pack Support (LTSS)‒ Available for all versions, including GA‒ Up to 3 years extended support

Different Lifecycle forDesktop and Modules.Dates subject to change.

6

SUSE Linux Enterprise

Lifecycle & Codestreams

2011 2012 2013 2014 2015 2016

SLE10

SLE 11

SLE 12

SP4

SP2

GA

SP3

SP1 SP2

13-year lifecycle

For SLES 11 and SLES 12,10 years general support,+3 years Long Term Support

SUSE Linux Enterprise 12

Long Term Service Pack Support for every Service Pack

Tentative – Dates subject to change

SP4

EoL 31 Jul

SUSE Linux Enterprise 12Platform Recap

8

Grub 2 Boot Process

16432: Linux Bootloaders on System z (M.Kraft)https://share.confex.com/share/124/webprogram/Session16432.html

9

Improve Operational Efficiency

Systemd: System/Service Manager

• Init Replacement‒ Bring up system and start services

‒ Integrate system wide ulimit settings and Cgroups

‒ Activation via Socket and d-bus

‒ Command line “systemctl”

• Compatibility with SystemV init scripts‒ Provide infrastructure for existing ISV applications

‒ LSB compatibility

• SUSE specific usability enhancements‒ Keep insserv, chkconfig and /sbin/service

‒ Old style (calling “rc...”) redirected to systemctl

‒ LSB compatibility for targets like $network...

10

Improve Operational Efficiency

Network Management – Wicked

• Goal‒ Cope with increasingly complex configurations

‒ Data Center and End Users

• Benefit ‒ Network configuration as a service

‒ Smooth adoption & migration

‒ Technical Attributes

• Architecture-independent‒ Extensible

‒ Small footprint

‒ Event based

11

SUSE Linux Enterprise 12

Modules

• Components of SUSE Linux Enterprise‒ Flexible lifecycle (different from the base product)

‒ Delivered on-line

‒ Fully supported

• List of modules‒ Web and Scripting

‒ Legacy

‒ Toolchain

‒ Public Cloud

‒ Advanced Systems Mgmt

12

SUSE Linux Enterprise 12 SP1

Modules

Name Content Life cycle Agility %

Legacy Sendmail, old IMAP, old Java Until 09/2017 0

Web and Scripting

PHP, Python.Future: Node.js, Ruby on Rails

3 years; overlap:18 month

60

Toolchain GCC Yearly delivery 90

Advanced Systems Management

“Machinery”cfengine, puppet

Continuous Integration

90-100

Public Cloud Initialization code and tools Continuous Integration

100

Containers Docker, Tools, Images Continuous Integration

100

What's New withSUSE® Linux Enterprise Server

for System z 12Service Pack 1

14

SUSE® Linux Enterprise Server for System z 12 SP1• z exploitation‒ IBM KVM support

‒ z13, zEC12, zBC12, z/VM 6.3, zBX support

‒ z196 EC, z114 BC support

‒ zPDT 1.6 support

‒ http://www.ibm.com/systems/z/os/linux/resources/testedplatforms.html

• Innovations at a glance‒ Enable z13 exploitation by kernel and tool chain enhancements (SIMD, SMT)

‒ Refresh of crypto hardware and software support

‒ Networking and OFED support enhancements

‒ s390-tools and performance monitoring updated

‒ zEDC support (hardware accelerated data compression)

‒ Update to IBM Java 8

15

SUSE® Linux Enterprise Server for System z 12 SP1 s390x Specific Enhancements

• z13 exploitation‒ SMT and SIMD support for the kernel

‒ SIMD register file load / store support

‒ SLES Toolchain Modul update including gcc 5.1 (pending)

‒ LLVM optimizations (add SIMD instructions)

‒ Added (upstream) improvements for gcc 4.8 (system compiler)

‒ Enhanced perf tool to capture performance data from z13

• Networking‒ OSA-Express5s Support

‒ Auto port scan resiliency – lower zfcp port rescan impact

‒ Display Switch Port Mode (s390-tools, VEPA)

‒ Query OSA Address Table - gather / display OSA and TCP/IP configuration

16

SUSE® Linux Enterprise Server for System z 12 SP1 s390x Specific Enhancements

• Crypto‒ Crypto Express5S (CEX5S) support

‒ In-kernel crypto: DRBG (Deterministic Random Bit Generator) support

• Storage‒ Support for concurrent Flash MCL updates

‒ MD mirror solution: disk mirroring with real-time enhancement for System z (RAID10 ECKD / (later: zFCP))

• Misc‒ PCI infrastructure enablement and integration (OFED)

‒ zEDC (hardware accelerated compression / decompression)

17

SUSE® Linux Enterprise Server for System z 12 SP1 Generic Enhancements

• Package and repository management‒ Zypper can now display locked packages

‒ Repository xml-based rpm metadata with sha256 checksums

• Documentation‒ Open vSwitch documentation

‒ Extensive documentation for Modules

‒ Storage and partitioning best practices

‒ Tickless Idle Best Practices – how to look for programs waking up the system on a regular base

18

Support for KVM for IBM z Systems

• Kernel Based Virtual Machine‒ KVM (for Kernel-based Virtual Machine) is a virtualization

solution for Linux on x86, POWER and z/Architecture hardware.

‒ KVM for IBM z Systems is IBM's offering for z based on KVM, and will be supported by SUSE Linux Enterprise Server 12 SP1 and successors

‒ Lowers the entry barrier for non-mainframe, but Linux skilled users to explore hardware and virtualization options of the mainframe

‒ First: SUSE Linux Enterprise Server 12 SP1 and successors supported by SUSE to run on KVM for zhttp://www.ibm.com/systems/z/solutions/virtualization/kvm/

‒ https://www.suse.com/company/press/2015/suse-easing-linux-on-the-mainframe-with-kvm-for-ibm-z-systems-support.html

19

IBM z Systems familyIBM z13 IBM zEC12 IBM zBC12

z/OSz/OS

z/TPFz/TPF

z/VSEz/VSE

z/VMz/VM

Linux for z SystemsLinux for z Systems

KVM for IBM z SystemsKVM for IBM z Systems

20

IBM z Systems Virtualization Options

IBM z Systems now has three strategic virtualization platforms • IBM z/VM• IBM Processor

Resource/System Manager (PR/SM)

• KVM for IBM z Systems

Divide one physical server into up to 85 logical partitions (LPAR) running a mix of multiple z/OS, z/VM, Linux, KVM for IBM z, Transaction Processing Facility (TPF) and z/VSE instances isolated and secured in parallel. Share resources across LPARs or dedicated to a particular LPAR. Running a mix of multiple z/OS, z/VM, Linux, TPF, KVM for IBM z and z/VSE instances isolated and secured in parallel.

PR/SM

KVM for IBM z provides an open source choice for IBM z Systems virtualization for Linux workloads. Best for clients that are not familiar with z/VM and are Linux centric admins.

z/Proprietary Server Virtualization that is completely integrated into the full stack. Complete hardware awareness. Supported on all IBM z Systems servers. z/VM will continue to be enhanced to support Linux Workloads. z/VM

21

SUSE® Linux Enterprise Server for System z 12 SP1 s390x Specific Enhancements

• KVM enhancements‒ Creation of initrds to boot from virtio-block devices

‒ Long name support for Linux guests

‒ Documentation enhancement

‒ Query host performance metrics from within VM (vhostmd / vm-dump-metrics)

22

SUSE® Linux Enterprise Server for System z 12 SP1

23

SUSE® Linux Enterprise Server for System z 12 SP1

• Docker‒ Support for z with Docker Modul update Eo2015

‒ Runtime and infrastructure to create SLE Docker images

‒ YaST interface for Docker

24

• Benefits using Docker‒ Fast: performance = bare metal speed

‒ Flexible: put a system or application into a container

‒ Ship Docker images, not VMs: SUSE Linux Enterprise Server 11 SP4 and SUSE Linux Enterprise Server 12 SP1

• Better integration and management of Containers‒ Uses libvirt-lxc framework

‒ Same management layer as KVM and XEN

‒ Allows for integration with SUSE® Manager and SUSE OpenStack Cloud

‒ Unified tooling, independent of the “virtualization” mechanism

• SELinux and AppArmor support and LXC

• Filesystem copy-on-write (btrfs integration)

Docker Containers

25

openQA

• Automated test infrastructure

• Used by openSUSE® and SUSE® Linux Enterprise

• Ability to test various code paths / installation options

• Basic concepts: “jobs”, “needles” (png + json)

• Output: log files, pictures, video

https://en.opensuse.org/openSUSE:OpenQA

26

SUSE® Linux Enterprise 12 SP1

Systems Management Today

• Unattended migration reduces cost and downtime• SUSE Linux Enterprise 11 SP3 to SUSE Linux Enterprise 11 SP4

• SUSE Linux Enterprise 11 SP3 to SUSE Linux Enterprise 12

• SUSE Linux Enterprise 11 SP4 to SUSE Linux Enterprise 12

• SUSE Linux Enterprise 11 SP4 to SUSE Linux Enterprise 12 SP1

• SUSE Linux Enterprise 11 SP4 to SUSE Linux Enterprise 12 SP2

• SUSE Linux Enterprise 12 to SUSE Linux Enterprise 12 SP1

• SUSE Linux Enterprise 12 SP1 to SUSE Linux Enterprise 12 SP2

• Example: http://www.suse.com/documentation/sles11/book_sle_deployment/?page=/documentation/sles11/book_sle_deployment/data/cha_update_auto.html

• Note: migration from SUSE Linux Enterprise Server 11 requires system restart with SUSE Linux Enterprise Server 12

‒ Shutdown SUSE Linux Enterprise Server 11 based system

‒ Boot / IPL with SUSE Linux Enterprise Server 12 system

‒ Update SUSE Linux Enterprise Server 11 → 12 system on disk (pool + updates)

‒ Reboot to SUSE Linux Enterprise Server 12 system

27

SUSE® Linux Enterprise 12

Advanced Systems Management

28

Goal

– Cope with increasingly complex configurations

– Data Center and End Users

– Benefit

• Network configuration as a service

• Smooth adoption & migration

Technical Attributes

– Architecture-independent

– Extensible

– Small footprint

– Event based

Improve Operational Efficiency

Network Management – Wicked

TUT7562: Networking—It's a Wicked World http://www.susecon.com/doc/2014/sessions/TUT7562.pdf

29

Rollback to a good state with one click for faster recovery from planned or unplanned downtime

Support for service pack rollback

Support for kernel upgrade

Based on btrfs and Snapper, bootloader integration

Increase Uptime

Full System Rollback

30

Increase Uptime

Service Availability with Clustering

SUSE Linux Enterprise High Availability Extension– Meet Service Level Agreements

– Increase service availability for mission-critical systems and data

– Enable rolling software updates

– Quickly and easily install, configure and manage clustered Linux servers

– Transparent to Virtualization – nodes can be virtual, physical or mixed! Integrated with SUSE Linux Enterprise Server

Geo Clustering for SUSE Linux Enterprise High Availability Extension

– Business continuity, anywhere in the world

31

Local Cluster For Rolling Updates

SLESSLE HA

SLESSLE HA

SLESSLE HA

SLESSLE HA

Clients

32

• Service Failover

• Cluster File System

• Clustered Samba

• Virtualization Agnostic

• Support for x86, x86-64, IBM Power,IBM z Systems

• Network Load-Balancer

• Data Replication

• Node Recovery

• Unlimited Geo Clustering

FeaturesSUSE® Linux Enterprise High Availability

33

Geo Cluster – Setup

Site A Site B

(Arbitrator)

boothd

Node 1 Node 2 Node 7 Node 8

Site C

boothd boothd

34

Increaseuptime

Improve operational efficiency

Accelerateinnovation

The advanced foundation for your success

SUSE Linux Enterprise 12

SUSE Manager on System z

36

SUSE® Manager for System z

Security Patch Audithttps://www.suse.com/products/suse-manager/

37

Installing SUSE Manager on z Systems

• Delivered as virtual appliance running on EDEV

• Minimum hardware requirements:‒ 10 GB EDEV

‒ 5 GB Memory

‒ Additional disk space depending on repositories needed

‒ Network connection

38

Installing SUSE Manager on z Systems

• Installation process is:‒ Retrieve appliance image

‒ Start a SLES12 installation system

‒ Dump image to disk

‒ Create parameter file on 191 disk

‒ IPL disk

‒ Login to the appliance with ssh and finalize the configuration

• Detailed description found in documentation:

https://www.suse.com/documentation/suse_manager/book_susemanager_install/data/art_suma_install_zsystems.html

39

Adding systems to managePreparation / Running system

• Activation key‒ Access token

‒ Defines

‒ the system's role

‒ Software channels

‒ Packages

‒ Configuration channels

• Bootstrap‒ Activation key

‒ Upload software and hardware profile

‒ adapt configuration (opt.)

Thank you.

40

Consolidate. Reduce Complexity.Save On Costs and Efforts.

www.suse.com/products/systemzwww.suse.com/promo/zsystems/database-consolidation/

Corporate HeadquartersMaxfeldstrasse 590409 NurembergGermany

+49 911 740 53 0 (Worldwide)www.suse.com

Join us on:www.opensuse.org

41

42

Accelerate Innovation

Hardware 64-bit

• 64-bit hardware is the future‒ 64-bit kernels only

‒ Execution of 32-bit applications fully supportedvia 32-bit execution environment on top of 64-bit kernel

• Virtualization‒ KVM, Xen, z/VM, LPAR support (depends on architecture)

‒ 64-bit host; 64-bit and 32-bit guests

• Hybrid Computing‒ Platform specific workloads, GPUs, special purpose PUs

• Device Driver Innovation‒ SUSE Solid Driver Program (SSDP)

43

Improve Operational Efficiency

Installer – Workflow

Reboot

SUSE Linux Enterprise 12

Install without updates

Services

Install with updatesNetwork Register

Reboot

Installation Setup

Installation Setup

Log-in

Log-in

SUSE Linux Enterprise 11

Wait

Wait

Reboot Network UpdateRegister Wait

44

Improve Operational Efficiency

SUSE® Customer Center

45

Network – IPv6

Status

• System Installation & Patching over IPv6

• Broad range of service prepared and tested

•

Ongoing

• IPv6 compatibility and certification (USGv6)‒ https://www.iol.unh.edu/services/testing/ipv6/usgv6tested.php

‒

Benefits

• Deploy and use in pure IPv6 environment

• Scale networks beyond IPv4 limitations

• Answer compliance needs

46

SUSE® Linux Enterprise 12

Filesystem Recommendations

Type?

New Filesystem?

Purpose?

Snapshots?Snapshots?

ext3|4xfs

btrfs

OS Data

No

Yes

Yes

Convert

No

ext2/3/4

xfs

reiserfs

Yes

No

Note: the conversion to btrfs from ext2/3 leaves a copy of the old file system which should be deleted at some point

47

Btrfs – Functionality – Maturity

Today Future

Copy on Write Inode Cache

Snapshots Auto Defrag

Subvolumes RAID

Metadata Integrity Compression

Data Integrity Send / Receive

Online metadata scrubbing Hot add / remove

Manual Defragmentation Seeding devices

Manual Deduplication Multiple Devices

Quota Groups “Big” Metadata

48

Technology Overview

Subvolume

Normal Filesystem With Subvolumes

/

/opt

/usr

FSTREE FSTREE

SubVols/ /usr /opt

49

YaST2 Management

50

Btrfs Disk Space And Extents

# btrfs filesystem df /Data: total=14.50GB, used=12.20GBSystem, DUP: total=8.00MB, used=12.00KBSystem: total=4.00MB, used=0.00Metadata, DUP: total=1.75GB, used=904.11MB

# df ­h /Filesystem      Size  Used Avail Use% Mounted on/dev/sda7        20G   14G  4.3G  77% /# 

Disk utilization12,2GB + 2x 0,9GB + = 14 GB

51

Increase Uptime

Query: Ready for Live Patching

• SUSE Linux Enterprise Live Patching‒ Live patching for the kernel is designed and developed by SUSE Labs

‒ Ease of use: Builds on well-known update processes

• Use Cases‒ Mission-critical systems: Improve general availability and run until the next

“maintenance window”

‒ Massive, time-critical deployment

• Advantage‒ Works with zero execution interruption

‒ Other implementation stop the whole system (milliseconds to seconds range) when patching

• Read more at: https://www.suse.com/products/live-patching/

52

Why Live Patching ?

• Common tiers of change management:

1) Incident response – (we're down, actively exploited …)

2) Emergency change – (we could go down, are vulnerable …)

3) Scheduled change – (time is not critical, we keep safe)

• Live patching fits in with 1 and 2

• Rebooting a 1000 servers is not a quick way to fix a pressing issue and also carries the risk of them not coming up for other reasons

• Live patching allows quick response and leaving an actual update to a scheduled downtime window

https://www.suse.com/promo/kgraft.html

53

Link Summary

• 16418: Features of SUSE Linux Enterprise Server for System z (M.Kraft) https://share.confex.com/share/124/webprogram/Session16418.html

• 16432: Linux Bootloaders on System z (M.Kraft)https://share.confex.com/share/124/webprogram/Session16432.html

• 16451: systemd, the Wave of the Future (M.Post)https://share.confex.com/share/124/webprogram/Session16451.html

• TUT7562: Networking—It's a Wicked World (O.Kirch)http://www.susecon.com/doc/2014/sessions/TUT7562.pdf

• TUT7988: SUSE Linux Enterprise 12—Modules, Cores and BuildServiceshttp://www.susecon.com/doc/2014/sessions/TUT7988.pdf

• 16431: KVM for System z (M.Post)https://share.confex.com/share/124/webprogram/Session16431.html

• 16427: Introduction to KVM for z/VM Lovers (M.Schwidefski / C.Erhardt)https://share.confex.com/share/124/webprogram/Session16427.html

54

SUSE® Linux Enterprise

Documentation and Release Notes

• Product Pages– https://www.suse.com/products/systemz/

– http://www.suse.com/products/highavailability/

– https://www.suse.com/products/highavailability/geo-clustering/

• Unix to Linux Migration– http://www.suse.com/solutions/enterprise-linux-servers/unixtolinux.html

• Documentation– http://www.suse.com/documentation/

• Release Notes– http://www.suse.com/releasenotes/

55

http://www.suse.com/lifecycle/

56

Life Cycle and Policies

General Support Extended Support

Years1-5

Years6-7

Years8-10

Years 11-13

Self Support Yes Yes Yes Yes

Maintenance Patches Yes Yes Yes 1, LTSS 2

Technical Support Yes Yes Yes 3, LTSS 4

Security Patches Yes Yes Yes LTSS 5

Defect Resolution Yes Yes Limited6 LTSS 7

Service Packs Yes Yes No No

Additional Hardware Enablement and Software Enhancements

Yes Limited8 No No

Source: https://www.suse.com/support/policy.html

1 Access to previously released patches with an active subscription.2 Access to patches for earlier product versions possible with optional Long Term Service Pack Support (LTSS).3 Limited migration and configuration assistance provided with standard or priority subscription.4 More comprehensive installation, migration, configuration and break fix technical support available with optional LTSS.5 Only available with LTSS.6 Limited to severity level 1 and 2 defects.7 Only available with LTSS. Limited to severity level 1 and 2 defects.8 Discretionary, based on customer and partner requests.

57

SUSE® Linux Enterprise 12 SP1

Kernel Capabilities

CPU bits 64 64 64

max. # logical CPUs 8192 64 2048

>1PiB/64 TiB 4 TiB/256 GiB 1 PiB/64 TiB

max. user-/ kernelspace 128 TiB/ 128 TiB φ/φ 2 TiB/2 EiB

max. swap space up to 29 * 64 GB (x86_64) or 30 * 64 GB (other arch.)

max. #processes 1048576

max. #threads per process

FD_SETSIZE 1024

max. size per block device Up to 8 EiB on all 64-bit architectures

Supported on certified hardware only

max. RAM(theoretical/certified)

Maximum limit depends on memory and other parameters (Tested with more than 120000).

58

SUSE® Linux Enterprise 12 SP1

Major Linux (local) Filesystems

Feature ext 2/3 reiserfs xfs ext4 btrfsData/Metadata Journaling •/• •/• •/• CoWJournal internal/external •/• •/• •/• •/• CoWOffline extend/shrink •/• •/• •/• •/•Online extend/shrink •/•Inode-Allocation-Map table u.B*-tree B+-tree table B-treeSparse Files • • • • •Tail Packing ○ • ○ ○ •Defrag ○ ○ • • •ExtAttr / ACLs •/• •/• •/• •/• •/•Quotas • • • • Subvol.max. Filesystemsize 16 TiB 16 TiB 8 EiB 1 EiB 16 EiBmax. Filesize 2 TiB 1 EiB 8 EiB 1 EiB 16 EiB

○/•

○/○

•/○ •/○ •/○ •/○

Default Filesystemfor the data

Default Filesystemfor the OS

SUSE Linux Enterprise 12The Technology

60

SUSE® Linux Enterprise Server for System z 12

What's New - Overview

• Architecture Level Set for z/Architecture‒ zarch=z196 - GCC to use instruction set of z196

‒ mtune=zEC12 - GCC to use instruction scheduling of zEC12

‒ Kernel, user land, applications

• IBM zEnterprise exploitation continued‒ z13, zEC12, zBC12, z/VM 6.3, z196 EC, z114 BC support

‒ zBX support (blade center extension)

• Improved RAS tools and System z specific support‒ Dump to zfcp/SCSI partition

‒ CryptoExpress4 support

‒ Disk mirroring with RT enhancement (DASD/mdadm)

61

SUSE® Linux Enterprise Server for System z 12

What's New - Overview

• Transactional Memory support‒ Kernel, GCC, binutils

‒ Allow kernel and applications to improve performance

• STT_GNU_IFUNC support‒ Glibc, binutils, GCC

‒ Provide multiple versions of the same function in a library

‒ Performance improvements for selected library functions on newer hardware

‒ Transparent for ISV applications

62

SUSE® Linux Enterprise Server for System z 12

Accelerate Innovation

• Cryptographic acceleration support‒ Latest hardware and crypto stack (incl. PKCS#11 (EP11)

‒ New dedicated installation pattern

‒ Support of SHA-256 algorithm and CPACF MSA4 extensions

• Support transparent large pages‒ Potential speedup for applications that access large amounts

of memory

• src_vipa: IPV6 enablement‒ Virtual IP address migration now available for IPv6 networks

63

SUSE® Linux Enterprise Server for System z 12

Increase Uptime

• Disk mirroring with real-time enhancements‒ Continuous operation in case of temporary disk storage unit

timeout

• PCHID mapping ‒ PCHID to CHPID mapping speeds up problem root cause

determination

• Concurrent FLASH MCL updates‒ Perform concurrent mircocode updates for build-in Flash

Express devices during operation

64

SUSE® Linux Enterprise Server for System z 12

Improve Operational Efficiency

• Simple configuration of large amounts of disks‒ Restructured UI and workflow

• Improve performance of dasdfmt ‒ Format in parallel and speed up single volume format

• Multiple netiucv paths between z/VM guests‒ More throughput and redundancy

• Query OSA Address Table ‒ Gather and display OSA and TCP/IP configuration

• Optimized compression library zlib ‒ Faster: installation of system and packages, java class decompression,

compressed backups, pdf generation, etc

65

cgroups - Resource Control

Consider a large university server with various users - students, professors, system tasks etc. The resource planning for this server could be along the following lines:

CPUsTop cpuset (20%)

/ \

CPUSet1 CPUSet2

| |

(Profs) (Students)

60% 20%

MemoryProfessors = 50%

Students = 30%

System = 20%

Disk I/OProfessors = 50%

Students = 30%

System = 20%

Network I/OWWW browsing = 20%

/ \

Prof (15%) Students (5%)

Network File System (60%)

Others (20%)

Source: /usr/src/linux/Documentation/cgroups/cgroups.txt

66

Tools Onboard

cgroups – Resource Control

A system administrator can provide a list of devices that can be accessed by processes under cgroup

‒ Allow/Deny Rule

‒ Allow/Deny : READ/WRITE/MKNOD

Limits access to device or file system on a device to only tasks in specified cgroup

Source: http://jp.linuxfoundation.org/jp_uploads/seminar20081119/CgroupMemcgMaster.pdf

•

What's New withSUSE® Linux Enterprise Server

for System z 11 SP4

68

SUSE® Linux Enterprise Server for System z 11 SP4

• z support continued ‒ z13, zEC12, zBC12, z/VM 6.3, zBX support

‒ z196 EC, z114 BC, z10 EC, z10 BC, z9 EC, z9 BC, support

‒ http://www.ibm.com/systems/z/os/linux/resources/testedplatforms.html

• Improvements at a glance‒ s390-tools and performance monitoring updated

‒ OFED introduction

‒ Crypto support refresh

‒ Networking enhancements

‒ Update to IBM Java 7.1

69

SUSE® Linux Enterprise Server for System z 11 SP4 Generic Enhancements

• Package and repository management‒ Zypper can now display locked packages

‒ Repository xml-based rpm metadata with sha256 checksums

• Miscellaneous‒ Kernel: MCS mutex support (scalabilty)

‒ Updated btrfs tools (latest level)

‒ sha256 in cryptsetup's luksFormat command (more secure)

‒ sshd X11 forwarding with IPv6

‒ ltrace is now multi-thread capable

70

z Exploitation

• OpenFabrics Enterprise Distribution (OFED™)‒ Open-source software for RDMA and kernel bypass

applications

‒ Support for RoCE Express Card (Infiniband)

• Crypto Express 4S‒ Device Driver Exploitation for EP11 and libica update

• Networking‒ QETH: Display Switch Port Mode

‒ SRC_VIPA IPv6 enablement

71

z Exploitation

• Refresh IPL code‒ Improve maintainability

‒ New keywords for cio_ignore for IPL and Console device

‒ snIPL interface to control dynamic CPU capacity

• Performance monitoring‒ Sampling of CPU cycles

‒ Basic sampling - snapshot of various PSW bits and instruction address at specific time interval

‒ Support for raw sample data - sampling data made available to the perf program that be used/posted by external applications

‒ Support for diagnostic sampling - provides a snapshot of hardware-model dependent information

72

Subscription Management ToolOverview

SMT is a proxy and auditing tool that mirrors the Customer Center and tightly integrates with it.

It allows you to accurately register and manage an entire SUSE® Linux Enterprise deployment, guaranteeing the subscription compliance and secure IT process flow organizations require.

Customer's Network

SMT

CustomerCenter

Unpublished Work of SUSE LLC. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE LLC. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.