WEBCAST IBM z14 - PROFI AG · 3 Webcast –IBM z14 1. ... IBM z Unified Resource Manager Management...
37
WEBCAST – IBM z14 26.09.2017 Birgit König Tel: 06151 8290-7787 Email: [email protected] Torsten Lennon-Gutenberger Tel: 0160 90 52 0773 Email: [email protected]
-
Upload
hoangthuan -
Category
Documents
-
view
227 -
download
4
Transcript of WEBCAST IBM z14 - PROFI AG · 3 Webcast –IBM z14 1. ... IBM z Unified Resource Manager Management...
WEBCAST – IBM z14
26.09.2017
Birgit KönigTel: 06151 8290-7787
Email: [email protected]
Torsten Lennon-GutenbergerTel: 0160 90 52 0773
Email: [email protected]
Webcast – IBM z142 IBM z14 Webcast
1,3 Mio Transactions per second
running on IBM Mainframes
- 20 x more than Google searches
87% of all credit card payments
involving an IBM Mainframe
68% of all Production workload is
running on IBM Mainframe by 6% of the
costs
Webcast – IBM z143
1. Naming / Overview
2. System Design
3. I/O Subsystem
4. Secure Service Container
5. Pervasive Enryption
6. Hardware Management Console (HMC)
7. z14 Operating Systems
8. Functional Comparison
IBM z14 Webcast
Webcast – IBM z144IBM z14 Webcast
Naming / Overview
5
Brand Name: IBM
Product Class: IBM mainframe
Family Name: IBM Z®
Family Short Name: Z
Product Line Name: IBM Z®
Product Line Short Name: Z
Product Name: IBM z14™
Short Name: z14™
Models: M01, M02, M03, M04, M05
Machine Type: 3906
Workload Optimizing Attachments:IBM z BladeCenter® Extension (zBX) Model 004
IBM DB2® Analytics Accelerator for z/OS®
Management Firmware: IBM z Unified Resource Manager
Management Firmware Short Name: Unified Resource Manager or zManager
IBM Z naming for IBM z14
IBM z14 Webcast
6
1.2 GHz
1.7 GHz
4.4 GHz
5.2 GHz5.0 GHz
5.5 GHz
2003z990
130 nm SOI32 Cores**Superscalar
Modular SMP
2005z9 EC
90 nm SOI54 Cores**
System level scaling
2012zEC12
32 nm SOI101 Cores**
OOO and eDRAMcache
improvementsPCIe Flash
Arch extensionsfor scaling
2010z196
45 nm SOI80 Cores**OOO core
eDRAM cacheRAIM memoryzBX integration
2008z10 EC
65 nm SOI64 Cores**
High-freq core3-level cache
2015z13
22 nm SOI141 Cores**
SMT &SIMD
Up to 10TB of Memory
GH
z/ P
CI*
* MIPS Tables are NOT adequate for making comparisons of IBM Z processors. Additional capacity planning required** Number of PU cores for customer use
1202*+33%
GHz
+18%
1514*+26%
GHz
+6%902*+50%
GHz
+159
%
1695*+12%
GHz
-9%
z14 Continues the CMOS Mainframe Heritage
5.2 GHz
1832*+8%
GHz
+4%
2017z14
14 nm SOI170 Cores**
Enh. SMT & SIMD
Up to 32 TB of Memory
111,556*+42%
78,426*+50%
52,286*+64%
31,826*
+72%146,462*
+31%
IBM z14 Webcast
7
IBM z14 at a glance
System, Processor, Memory
Five hardware models: M01, M02, M03, M04, M05
10 core 5.2GHz 14nm PU SCM
1 - 170 PUs configurable as CPs, zIIPs, IFLs, ICFs, up to 196 Pus
Increased Uniprocessor capacity
Up to 33 sub capacity CPs at capacity settings 4, 5, or 6
CPC Drawers and backplane Oscillator
Enhanced SMT and new instructions for SIMD
Enhanced processor/cache design with 1.5x more on-chip cache sizes
Up to 32 TB DRAM, protected by Redundant Array of Independent Memory (RAIM)
Virtual Flash Memory (VFM)
192 GB HSA (96GB on z13)
Improved pipeline design and cache management
I/O Subsystem, Parallel Sysplex, STP, Security
PCIe Gen3 I/O fanouts with 16 GBps Buses
6 CSS, 4 Subchannel sets per CSS
0 – 5 PCIe I/O Drawer Gen3 (no I/O Drawer)
Next generation FICON Express16S+
10 GbE RoCE Express2
Integrated Coupling Adapter (ICA SR) and Coupling express LR for coupling links
Support for up to 256 coupling CHPIDs per CPC
CFCC Level 22
Crypto Express6S and CMPSC compression and Huffman Coding compression
STP configuration and usability enhancements (GUI)
IBM zHyperLink Express
OSA-Express6S
Secure Service Container
RAS, simplification and others
L3 Cache Symbol ECC Acoustic and thin covers (space saving)
N+1 radiator design for Air Cooled System Drop “Classic” HMC UI
ASHRAE Class A3 design Enhanced SE and HMC Hardware (security)
Support for ASHRAE Class A3 datacenter TKE 9.0 LICC
Largesum TCP/IP hardware Checksum (OSA-Express6S) Pause-less garbage collection
Universal Spare SCM s (CP and SC) Simplified and enhanced functionality for STP configuration
Enhanced Dynamic Memory Relocation for EDA and CDR Virtual Flash Memory (replaces IBM zFlash Express)
PR/SM
Up to 170 CPUs per partition
IBM Dynamic Partition Manager updates
Up to 85 LPARs
16 TB Memory per partition
Announce: July 17, 2017
IBM z14 Webcast
Webcast – IBM z148IBM z14 Webcast
System Design
IBM z14 Webcast9
Capacity and Performance
Max capacity increased by about 31%
170-way (z14) vs 141-way (z13)Workstation Enhancements – Simplification -
Customizing
Average performance increase of ~ 10% versus same z13 model
Increase of SMT performance vs. z13 of about 15%
SMT (for zIIP and IFL) vs. Single Thread: ~10-40% (average: 25%)
6x Encrease of CPACF Coprozessor Performance
6x Encrease of Compression Coprozessor Performance
IBM z14 Webcast10
Who delivers the performance increase?
6x performance increase of Crypto and Compression Co-processors
contribute to the overall systemperformance
Improved out-of-order execution
Pause-less garbage collection
Enhanced chip and ASIC designs
Improved Cache Management and bigger Cache size (1,5x)
Common System Controller (L4 Cache) for entire Drawer
z13: twoSystem Controller per Drawer (one per Node)
Pipeline optimizations and improved branch prediction
Four faster dynamic address translation engines vs one for z13
zHyperLink
IBM z14 Webcast11
z14 vs. z13 CPC Drawer Structure and Interconnect
Drawer
Drawer
Drawer
Drawer
4 Drawer z14 System
Fully Interconnected
SC
CPcluster
CPcluster
SC
CPcluster
CPcluster
SC
CPcluster
CPcluster
SC
CPcluster
CPcluster
PU
PU
Mem
PSI
Mem
PUGX Bus
2x PCIe
GX Bus
2x PCIePU
SCSC
MemMem DIMMs
PU
PU
GX Bus
2x PCIe
Node 1
GX Bus
2x PCIe
GX Bus
2x PCIe
GX Bus
2x PCIe
MemMem
A-Bus
S-Bus
X-Bus
Node 0
X-Bus
SCSC
A-Bus
z1
4 F
ully P
op
ula
ted
CP
C D
raw
er
z1
3 F
ully P
op
ula
ted
CP
C D
raw
er
L1 (Instruction) increased by 33%
L2 (Data) increased by 2x
L3 increased by 2x
Improved L4 latency
12
Guarded Storage Facility (GSF) for Pause-less Garbage Collection
• Problem:
– When garbage collection occurs today, all threads running under a JVM must stop
– Customers are consolidating from multiple to single JVM environments to increase productivity and save money.
– The consolidation effort generates heap sizes >100GB where garbage collection pauses can take minutes!
– Long pause times cause transactional application failures and SLA violations.
• Solution:
– Define flexible new architecture that provides hardware assisted read barriers for guarded storage involved in a
garbage collection/compaction event.
– Whenever a Pointer is loaded from memory, the pointer is checked against a pending GC, and in case of a “hit”, the
control flow is redirected
– The Dynamic Runtime can then assist in GC-ing the pointed-to object, before resuming the SW thread.
– Software exploitation of fast hardware barrier detection and acceleration will allow application threads to run
concurrently during the majority of garbage collection events
• Impact:
– Reduces worst case latency impacts for critical applications like financial trading platforms
– Maintains SLAs, and keeps IBM Z servers in our customers modernization roadmaps.
– Decreasing garbage collection time by 10x
– 3x performance increase of JVM
IBM z14 Webcast
Webcast – IBM z1413IBM z14 Webcast
I/O Subsystem
14
IBM zHyperLink™
• Co-existence with FICON and ZHPF
• Syncronous instead of asynchronous I/O
• zHyperLink™ is FAST enough the CPU
can just wait for the data
– No Un-dispatch of the running task
– No CPU Queueing Delays to resume it
– No host CPU cache disruption
– Very small I/O service time
• Transparently gives DB2 apps
fundamentally better latency than
applications on platforms without
zHyperLink
• Point-to-point connection using PCIe Gen3
• Currently: DB2 Read only
SAN
FICON/zHPF
<20 μsec
>50,000 IOOPs/SEC
8 GB/sec
zHyperLink
IBM Z
CPC
DS8880
IBM z14 Webcast
15
• Feature Code #0431
– Two ports per feature
– Maximum of 16 features (32 ports)
– Function ID Type = HYL
– Up to 127 Virtual Functions (VFs) per port (254 per feature)
– Point to point connection using PCIe Gen3
– Maximum distance: 150 meters
• DS8880 models 984, 985, 986 and 988.*
zHyperLink
Express
DB2 V11 or V12
z/OS V2.1, V2.2 and V2.3DS8880
R8.3
SAN
IBM zHyperLink™
IBM z14 Webcast
16
Primary/Secondary
Storage Subsystem
Optic
s
Node
1
Node
2
Optic
s
z14
Optics
Optics
Optics
Optics
zHyperLink
Adapter
zHyperLink
Adapter
FICON
FICON
Optics
Node
1
Node
2
Primary/Secondary
Storage Subsystem
Optics
SANz14
Optics
Optics
Optics
Optics
zHyperLink
Adapter
zHyperLink
Adapter
FICON
FICON
SAN
Optics
Optics
Optic
sO
ptic
s
PPRC
PPRC
Transactions that can run against local DASD
can run faster with zHyperLinks
IBM zHyperLink™
IBM z14 Webcast
New Coupling Facility Long Reach Link
• New adapter and channel type for long distance coupling
– Feature Code #0433
• “Coupling Express LR” adapter in PCIe IO drawer
– 32 features per system for z14 and z13 (Two ports per feature)
– 16 features for z13s (Two ports per feature)
– Long-distance optics/fiber
• Fiber is same single-mode fiber as used for ISC and PSIFB-1x (9/125 μm)
• 10km unrepeated distance, up to 100 km with qualified DWDM,
More than 100 km requires RPQ 8P2981.
• 10 Gbps link speed
• Point-to-point only (no switching)
• Four channels (CHPIDs) per port
– Each channel is identified by VCHID/CSS.CHPID
– CHPID type (CL5) -- NEW
• RoCE (RDMA over Converged Ethernet)• Support similar to RoCE (Resource groups, Adapter & Link intitialisation, Diagnostics & Service)
• STP support
– Using CQE timestamps
– No Going-Away-Signal (GAS)
• Why the new adapter?
– Provides a non-InfiniBand based solution for long distance coupling connectivity
IBM z14 Webcast
18
Coupling Link Roadmap (High End Systems)
Last
Generation to
Support
Last
Generation to
Order
Initial Offering
zFuture*z14*z13
zEC12
New Build or
Carry Forward
ICA SR ICA SR ICA SR
12X HCA3-O and
1X HCA3-O LR
12X HCA3-O and
1X HCA3-O LR
12X HCA3-O and
1X HCA3-O LR
ISC-3
12X HCA2-O and
1X HCA2-O LR
GA1/2 GA2+*
Coupling Express
LR
Coupling Express
LR
Coupling Express
LR**
*All statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only
** Coupling Express LR is the future Long Distance Ethernet Coupling Link which will reside in the PCIe I/O drawer. Like ICA SR, it will require z13 to z13(+) connectivity.
z196
12X HCA3-O and
1X HCA3-O LR
ISC-3
12X HCA2-O and
1X HCA2-O LR
z10
ISC-3
12X HCA2-O and
1X HCA2-O LR
ICB-4
ICA SR
IBM z14 Webcast
19
Asynchronous System Managed CF Duplexing for Lock StructuresA Continuously Available Solution That Makes Duplexing CF Lock Structures at GDPS Distances Practical
• Secondary structure updates are performed asynchronously with respect to primary updates
Designed to drive out cross-site latencies that exist today when replicating CF data across distance
Designed to avoid the need for synchronous speed-of-light communication delays during the processing of every duplexed update
operation
• Value
Improves performance with cross-site duplexing of lock structures at distance
Maintains robust failure recovery capability through the redundancy of duplexing
Reduces z/OS, CF, and link utilization overhead costs associated with synchronous duplexing of lock structures
• Requirements
CFCC Level 22, 21 minimum service level 02.16, z13/z13s GA2+ or higher, z14
z./OS V2.3, z/OS V2.2 SPE with PTFs for OA47796, OA49148, OA51945, OA52015
Exploitation Required; First Exploiter: IRLM/DB2 Lock Structure; DB2 V12 with PTFs
DSG 1 members
DSG 2 members
DSG 1 members
DSG 2 members
Site A Site B
PPRC/MMP
Cache and SCA P DSG 2
Lock P DSG 1
S
Cache and SCA S DSG 1Cache and SCA S DSG 2
Cache and SCA P DSG 1
Lock P DSG 2
Lock S DSG 2 (Lags) Lock S DSG 1 (Lags)
IBM z14 Webcast
Webcast – IBM z1420IBM z14 Webcast
Secure Service Container
21
Secure Service Container Protection
• No system admin access• Once the appliance image is built, OS
access (ssh) is not possible
• Only Remote APIs available
• Memory access of system admin is disabled
• Encrypted disk
• Debug data (dumps) encrypted
• Strong isolation between container instances• High assurance isolation (EAL5)
• Requires dedicated HW
• Blockchain is being deployed in a SSC
Container Software
Runtime Environment
Secure Execution
Context
Appliance Content
IBM Z or LinuxONE platform
SSC
High assurance isolation (EAL5)
IBM z14 Webcast
IBM z14 Webcast22
Secure Service Container
IBM z14 Webcast23
Common Appliance Management
• The Secure Service Container Framework provides appliance management controls
for appliance administrators
Services
Applications
Operating SystemMa
na
ge
me
nt
Management is provided via Remote
APIs (RESTful) and web interfaces
Admin/User controls:
• View messages and events
• Network management
• User management
• Disk management
• View Appliance status
• Export/import data
• Apply service, updates
• Software license support
Some management can be excluded
based on appliance need
User has no direct access to the
integrated software stack components
Webcast – IBM z1424IBM z14 Webcast
Pervasive Encryption
IBM z14 Webcast25
Pervasive Encryption with IBM z Systems
Broadly protect Linux file systems and z/OS data sets1 using policy controlled encryption that is transparent to applications and databasesData at Rest
Integrated Crypto Hardware
Hardware accelerated encryption on every core – CPACF performance improvements of up to 6x
Next Gen Crypto Express6S – up to 2x faster than prior generation
Protect z/OS Coupling Facility2 data end-to-end, using encryption that’s transparent to applications
Clustering
Protect network traffic using standards based encryption from end to end, including encryption readiness technology2 to ensure that z/OS systems meet approved encryption criteria
Network
Secure deployment of software appliances including tamper protection during installation and runtime, restricted administrator access, and encryption of data and code in-flight and at-rest
Secure Service Container
1 Statement of Direction* in the z/OS Announcement Letter (10/4/2016) - http://ibm.co/2ldwKoC2 IBM z/OS Version 2 Release 3 Preview Announcement Letter (2/21/2017) - http://ibm.co/2l43ctN
* All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
And we’re just getting started …
The IBM Enterprise Key Management Foundation (EKMF) provides real-time, centralized secure management of keys and certificates with a variety of cryptographic devices and key stores.
Key Management
ICSF (Integrated Crypto Support Facility)
ICSF + TKE (Trusted Key Entry)
ISKLM (IBM Security Life Cycle Management)
EKMF (Enterprise Key Management Foundation)
IBM z14 Webcast26
Multiple Layers of EncryptionRobust data protection
Coverage
Com
ple
xity &
Se
cu
rity
Con
tro
l
App Encryption
hyper-sensitive data
Database EncryptionProvide protection for very sensitive in-use (DB level), in-flight & at-rest data
File or Dataset Level EncryptionProvide broad coverage for sensitive data using encryption tied
to access control for in-flight & at-rest data protection
Full Disk and Tape EncryptionProvide 100% coverage for in-flight & at-rest data with zero host CPU cost
Protection against
intrusion, tamper or
removal of physical
infrastructure
Broad protection & privacy managed
by OS… ability to eliminate storage
admins from compliance scope
Granular protection & privacy managed by
database… selective encryption & granular
key management control of sensitive data
Data protection & privacy provided and managed by
the application… encryption of sensitive data when
lower levels of encryption not available or suitable
z14 CPACF
Performance
enables encryption
at course scale
IBM z14 Webcast27
CPACF
Data Protection // z/OS Dataset Encryption
z/OS
CF
z/OS z/OS
SANNetwork
Storage System
***
. DB2,IMS,
zFS, etc..
Client Value Proposition:Reduced cost of encryption along
with simple policy controls allows
clients to enable extensive encryption
to protect data in mission critical
databases including DB2, IMS and VSAM
Includes Audit Functions
LinuxONE/Linux on z
abc
z/OS Dataset Encryption: • Application transparent & enabled by
policy (SMS)• Encryption tied to fine grained access control• Host encryption via CPACF as data written-to
or read-from disk.• Supports ext. format sequential & VSAM• Includes HSM & DSS migration/backup of
encrypted data sets• Supports: CICS, DB2, IMS, Logger, & zFS
In-memory system or application data buffers will not be encrypted
***
Protection of data at-rest z/OS 2.2 & 2.3
IBM z14 Webcast28
CPACF CPACF
CPACF CPACF
Data Protection // Coupling Facility Encryption
z/OS
CF
CF
z/OS z/OS
SANNetwork
End-to-End encryption of CF Data:• Host Protected key CPACF Encryption
(High Performance / Low Latency)• Data encrypted in the host and remains
encrypted until decrypted by host• No application enablement required• List & Cache Structures only – No Lock!• Non-disruptive encryption enablement –
during rebuilt mechanism
Storage System
abc
***
***
XES
Client Value Proposition:Simplify and reduce cost of
compliance by removing CF
and CF data from
compliance scope (i.e. ability
to encrypt all CF data)
Protection of data in-flight and in-use (CF)
z/OS Parallel Sysplex Cluster
z/OS 2.3
IBM z14 Webcast29
CP
AC
F
Data Protection // Linux on z File Encryption
z/OS
CF
z/OS z/OS
SANNetwork
Storage System
Client Value Proposition:Integration of hardware accelerated Crypto into standard components for wide reach into solutions
LinuxONE/Linux on zDB server block device
encryptionabc
z/OS
Linux on z and LinuxONE
Focus on Transparent Enablement:• Transparent data encryption optimized with
z14 CPACF hardware performance gains• Leverage industry-unique CPACF encryption
which prevents raw key material from being visible to OS and applications.
Protection of data at-rest
***
***
IBM z14 Webcast30
Data Protection // Secure Service Container
CF
z/OS
z/OS z/OS
z/OS
SANNetwork
Storage System
LinuxONE/ z Systems
Secure Service Container
Extending the value of z hardware crypto
Protected-key CPACF –key value not visible to
OS or application
LinuxONE / z Systems
Client Value Proposition:Simplified, fast deployment and management of packaged solutions
Tamper protection during Appliance installation and runtime
Confidentiality of data and code running within the Appliance both at flight and at rest
Restricts administrator access to workload and data
Secure Service Container architecture builds on the value z systems hardware crypto using a runtime environment designed to help clients reduce risk.
Webcast – IBM z1431IBM z14 Webcast
Hardware Management
Console (HMC)
IBM z14 Webcast32
Hardware Management ConsoleHMC
Only Tree- Style (No more classic Style avail.)
Workstation Enhancements - Simplification - Customizing
Mobile Phone Access
iOS 10+ and Android 4.4 (Kit Kat)+
Available Free Apps in Apple & Google Play Stores
HMC V2.14.0 and Systems z14, z13/z13s, and zEC12/zBC12
Multi-factor Authentication
SNMP/BCPii API Enhancements
BCPii much faster on z/OS 2.3 and z14
Java Applet Removal for z14
Operating System Messages
Integrated 3270 Console
Integrated ASCII Console
Text Console
Server Time Protocol (STP) - Simplification
Webcast – IBM z1433IBM z14 Webcast
z14 Operating Systems
IBM z14 Webcast34
z/OS
Version 2.3 z/OS V2.3 further exploitation
z/OS V2.2 with PTFs (exploitation of more selected functions)
z/OS V2.1 with PTFs (exploitation of selected functions)
z/OS V1.13 EoS: IBM Software Support Service
z/VM
Version 6.4 z/VM 6.3 and 6.4 will be supported on z14 EC
z/VM 6.3 EoS 31.12.2017
z/VM 6.2 - will not be supported on z14 EC
z/VSE
Version 6.2
z/VSE 5.2 and 6.1 at GA- PTFs may be required
Z /VSE 5.1, 5.2, 6.1 and 6.2 can IPL on z14
Supported z14 adapters: FICON Express16S+, Crypto Express 6S, OSA Express6S
Linux on
z System SUSE SLES 11, 12 (Later releases: GA support TBD by
SUSE.) Red Hat RHEL 6, 7 (Later releases: GA support TBD by Red
Hat.) Ubuntu 16.04.
z14 Operating Systems
Webcast – IBM z1435IBM z14 Webcast
Functional Comparison
IBM z14 Webcast36
IBM z14 Webcast37
