The modern mainframe
Before we jump into the scenarios, letâs focus a bit on the mainframe and the market to understand why the mainframe is such an attractive option to many businesses. Today the landscape is plagued with the growing costs and complexity of business computing. From the late 70s to present the business market has changed from one where computing was an enterprise specialty driven by highly centralized and shared environments, to one where compute capacity consists primary of decentralized assets being driven by a massive collection of Internet-connected consumers. The client server architecture, which has been growing significantly for many decades, has become unsustainable in recent years and has impacted business strategy accordingly.
A recent report entitled âAn Inefficient Truthâ (published by the UK environment group, Global Action Plan) states that with more than 1 billion computers on the planet, the global IT sector is responsible for about 2% of human carbon dioxide emissions each year â a similar figure to that of the global airline industry.
The growing rate of servers in the market is compounding energy issues and is wholly unsustainable. For example looking at the chart below we can see the servers in the market have grown almost 50% from 2005 to the projected 2010 install base, and more importantly the cost to mange those servers has increased at relatively the same rate (from the Dec 2006 report - Virtualization 2.0: The Next Phase in Customer Adoption Doc #204904. ) With energy costs on the rise, it costs far more to power and manage the servers than cost of acquiring them. With Intel™ servers averaging 5% - 10% utilization and UNIX® servers averaging 20% â 40% utilization depending upon workload, virtualization and other factors, it would seem the greater part of the available compute capacity is sitting untapped and unavailable â consuming energy and space without any productive transactions. The mainframe runs, without degradation, at upwards of 100% utilization, enabling you to leverage your full investment.
Figure 1. IDC Server install base and associated spend
IBM®âs internal project to consolidate 3900 UNIX servers to 30 mainframes will save 81% in energy and use only 14% of the floor space occupied by the existing solution (see this press release. The target mainframes will be reduced by almost 2x if consolidation occurs on the System z10 mainframe vs the z9 mainframe. The mainframe is an energy efficient server with significant consolidation capability powered by massive virtualization.
System z is architecturally compatible with all systems on the market today and needs to be, as it contains more than 70% of global data. More importantly it is operationally superior, with a 40+ year history in enterprise class, virtualized, multi-user, multi-system computing. At its core the mainframe is designed to not fail and to have integrity, with redundant hardware components and dual instruction sets. Security extends into the hardware with crypto technology. And the power needed for a mainframe is less than that of distributed systems.
System z, while powerful, is still just the server. Things get really interesting when you factor in operating systems, software, and applications. While the mainframe supports a wider array of operating systems, in this article we focus on z/OS and z/VM running with Linux. Linux on system z is no different than x86 Linux and the distributions are common, featuring the same open source stack. z/VM provides a powerful virtualization layer for Linux environments enabling up to 1000 virtual images per z/VM instance, and enabling the virtualization of a multitude of assets including storage, networks, I/O, memory, etc. z/OS provides an enterprise class experience with autonomic response to workload patterns and integrated middleware.
Additionally, the mainframe provides support for all of the latest standards, including Web 2.0 technologies such as PHP and Perl, as well as the evolving list of SOA standards, including XML, Web services, SCA, SDO, and a great many others.
Using business scenarios to select deployments
This section focuses on a series of scenarios, based on real customer business pains that provide an opportunity for System z. The standard disclaimer applies â there are no easy answers. Questions presented to executive years ago would likely have a different answer today. For example, in the early 90âs the analysts declared the mainframe was dead and decentralized computing was the way of the future â¦ yet here we are, in the midst of server sprawl with the same analysts telling us that centralized computing is the way to go. There are no wrong decisions, just varying degrees of difficulty.
The next sections focus on the following business drivers â¦
- Resiliency of operations and recovering from disasters
- Complexity of the IT enterprise
- Securing IT assets
- Controlling the proliferation of IT assets
Business resiliency & disaster recovery
Increasingly business logic is being written in Java™ and other open programming languages. This Java proliferation often causes a proliferation of distributed servers. Planning for peak workload of this business logic often requires additional servers, as does planning for premium customer accounts with service level agreements. On average a single production server usually has 4 duplicated servers running in the background to support quality assurance, back-up, test, and other operations. Supporting production workloads in a distributed environment requires a lot of servers in the background â often running idle, consuming energy and management resources.
When you factor in the need to recover core mainframe business assets, as well as the other critical distributed assets in the enterprise, you may find yourself with incomplete recovery plans. Worse yet, you might have recovery plans built around corporate organizations â for example, one set of plans for critical distributed assets and another, different recovery plan for mainframe assets. More often than not, these recovery plans are only validated in the event of a disaster.
To summarize, trying to achieve resiliency and disaster recovery typically causes these business problems:
Critical business logic requires increasingly complex solutions for necessary recoverability
- Disaster recovery plans are often incomplete and untested
- Multiple disaster recovery plans are common in complex IT environments and increase the likelihood of failure to recover from disasters
Workloads must meet service level agreements and uptime requirements
- Often require isolated systems for priority workloads, increasing system complexity and overhead
- Peak workload is costsly due to the need for spare capacity
- Systems operations is an increasingly manual, labor-intense experience for the business
If these difficulties sound familiar, then you might want to consider the advantages of z/OS.
By definition, resiliency is the ability of a system to adapt to change. Change is constant and businesses are frequently being competitively defined by the abilities and availability of their IT. If your core goal is to ensure resiliency of operations, moving Java business logic to middleware running on z/OS provides a greater ability of that logic to absorb shock and respond to change. For starters, middleware is differentiated on z/OS. Middleware on z/OS plugs into the underlying operating system core capabilities, which make it the most dynamic and capable operating environment.
Figure 2 shows how you can use WebSphere Application Server for z/OS for added middleware resiliency. A controller provides core communications into the application server, while the servants process the application code (servants are the basic equivalent of a distributed application server). Between the controller and servant, z/OS Workload Manager provides prioritized queuing to handle critical work according to the service level agreements by which it is governed.
Figure 2. WebSphere Application Server runtime configuration on z/OS
Resiliency of z/OS is apparent in a number of ways on:
- Middleware on z/OS is self optimizing:. As greater workload is introduced into the system, additional servants are dynamically started to keep pace with the requests. The requests are prioritized accordingly to ensure the non-critical work does not consume resources needed by critical work. This ability becomes very important in times of resource constraint to ensure priority work is completed. Equally important, as the workload decreases, the servants respond accordingly, by closing when they are no longer needed.
- Middleware on z/OS is self healing:. Servants are not only dynamically responsive to changes in workload; they are also recoverable entities. If a servant fails, itâs the middleware recovers the in-flight work and starts it on another servant.
- The controller is recoverable: When a controller fails, the Sysplex Distributor re-routes the workload to another application server, while the z/OS Automatic Restart Manager restarts the controller. When the controller is up again, the Sysplex Distributor rebalance the workload across the available application servers.
- The hardware resources of the system are recoverable. If a processor fails, it is isolated and the remaining available processors are rebalanced among the existing workloads, according to their priorities.
Business resiliency hinges upon the basic concept of availability of systems. Certain businesses and industries must conform to certain availability requirements, which are dictated by contractual agreements. Downtime is costly and can impact the business â in both profitability and reputation. One standard measure of availability is counting the nines in the percentage of up time, so 5 9s would be 99.999% of the time. This availability averages to approximately 5 minutes of downtime a year. System z with z/OS is a 5 9âs platform, from the hardware throughout the software stack and into the applications.
In fact, System z is named for its availability - z is for zero downtime. The system is built with spare components capable of hot failovers to ensure continuous operations. In the event you outgrow the capacity of your existing system during peak workload, you can leverage capacity on demand to continue your business momentum without interruption.
A more advanced availability option is to leverage parallel sysplex technology, which enables you to run 32 z/OS systems as a single entity that is transparent to end users and applications. A parallel sysplex delivers unprecedented availability and scalability for applications and data.
Finally, the IBM Geographically Dispersed Parallel Sysplex (GDPS) service offering provides zero data loss, and recovery of operations in seconds in the event of full and total regional disasters. It ensures business continuity in the face of massive losses.
Recentralizing core middleware assets onto z/OS provides simplified operations with a single viewpoint into large system clustering, with advanced workload balancing across all systems.
As more and more businesses adopt service oriented architectures, a self-optimizing and self-healing system becomes more of a necessity and less of a ânice to haveâ feature. Reuse is one of the core benefits of service oriented architectures, and it is complementary to the centralization of the mainframe. As we begin to develop and deploy shared services across the enterprise, their importance increases. Within an SOA, business criticality of a service must be determined from an enterprise perspective. SOA and z/OS are a natural fit and provide a sophisticated computing environment across the business.
Reducing enterprise complexity
Java business logic is typically created and deployed in distributed (Intel) environments and often in a somewhat unregulated fashion. Highly decentralized environments often follow a far different set of operating rules than a centralized environment. Distributed server growth curves can be nearly linear in high growth environments, and with that comes an equally alarming management cost growth curve. Complexity becomes unavoidable. Decentralized computing, while affording incremental growth, creates highly complex and costly environments, marked by the follow business problems:
- Systems operations is an increasingly manual, labor-intensive experience for the business
- As complexity increases, so do the costs and the potential for component failure
- Rolling out new applications is difficult
Workloads are managed and maintained separately
- Growth (and costs) are linear
- Underutilized servers
- Ensuring scalability requires spare capacity
Software maintenance is a painful process with considerable migration pains
- Inflexible platforms make roll-outs manual, resulting in instabilities
- Troubleshooting is difficult because it is hard to pinpoint problems.
If these difficulties sound familiar, then consider the advantages of z/OS.
Simplification often starts with a consolidation plan, but extends beyond that. Reducing the moving parts of an enterprise is critical to the overall simplification plan. Many workloads make sense to group together, and planning for these complementary workloads plays to a key historic strength of z/OS.
Utilization is a significant complexity factor. While distributed servers are often cheaper than other options, you are really only able to leverage a portion of them. A UNIX system with a 25% - 35% average utilization rate results in disparate single server workloads. While it is often cheaper to get started in this environment, growth requires more of everything, resulting in spiraling costs. Eventually most of your effort in this environment becomes focused on maintenance.
A mainframe, on the other hand, features significant utilization rates, often near 100%. High utilization has been a design point for over 40 years. The server and z/OS operating system are designed to run mixed workloads effectively and efficiently. System automation and dynamic response allow businesses to refocus maintenance efforts towards innovation.
Figure 3. WebSphere App Server transactional overhead
The following information is the result of a customer application benchmark study led at the IBM Washington Systems Center. It illustrates the benefits achieved for a specific customer application implemented with solution application logic executing in an EJB Container co-located with the database server on the same z/OS system environment, versus using a distributed business logic implementation executing in a remote EJB Container. Figure 3 illustrates the results of a customer benchmark comparing local and remote connections from WebSphere Application Server to DB2 on z/OS (from Optimizing WebSphere Performance on z/OS).
Moving from remote (type 4) connection to local (type 2) connections resulted in:
- Average CPU time per EJB transaction reduced by over 77%
- Number of bytes of data transferred per EJB transaction reduced by 99%
Reducing the number of physical tiers and operating system instances reduces the overall management costs. These reduced management costs result from limiting the variation in platform skills required, the number of support staff, and the physical footprint of the server. Unlike other platforms, which are generally dedicated to a single task (such as data serving) per operating system instance, z/OS can easily scale and manage application servers, database servers, security servers, and messaging servers within a single operating system instance. z/OS can scale both vertically and horizontally through the proven clustering technology of Parallel Sysplex, which enables the operating system and database instances to behave as a single image while providing unparalleled capacity to execute the most demanding application workloads.
Securing the enterprise
In many respects, security is much like availability â it is a basic requirement that must never be compromised. Many organizations do not properly assess or recognized the value of a solid security strategy in the organization. Security is a non functional requirement (NFR) that has no direct business functional value, yet it is one of the most critical elements required in an enterprise. The key ingredient in a solid security strategy is proper investment, planning, and implementation.
Every aspect of the IT enterprise has security implications. In a business world where transactions extend beyond the boundaries of a single enterprise, it is difficult to distinguish where one enterprise ends and another begins. For example, in June of 2007 a panel of financial services and retail executives were unable to agree which side bears the brunt of the burden to ensure compliance with the Payment Card Industry (PCI) Data Security Standard.
Issues facing businesses for security and compliance issues include:
Increasing regulatory requirements
- Compliance requirements are evolving and expected to increase
- Many regulations tend to share a common base set of IT controls
- Regulations in a global market are impacting corporations
- Security risks arise from many sources, including breaches and errors
- Complexity of IT portfolios hamper security efforts
- Ensuring consistent security across your business is difficult
- Lack of predictability across complex infrastructures drives rapid cost inflation
- Failure to achieve compliance or to prevent security breaches can impose enormous costs
- How much compliance is enough?
If security is a pressing commitment for your enterprise, you need to consider the advantages of a z/OS deployment.
Security is rapidly emerging as one of the most important aspects of IT, but it is not well understood or well defined in the market. The headlines regularly declare security breaches of large proportions with ever increasing price tags to resolve.
In addition to server sprawl we find ourselves in the midst of information sprawl. Centralized data, as contained on the mainframe, has a clear security advantage. However, that data is frequently replicated off platform and duplicated across the enterprise, making it easier for theft to occur.
The FBI Crime and Security Survey for 2006, ,shown in Figure 4, indicates some shocking security trends. Unauthorized access of information is up 350% year to year to an all time high of over $10M(usd) with theft of proprietary information growing 169% to over $6M(usd). Total losses for 2006 are over $52M in the US.
Figure 4. Results of the 2006 FBI Crime & Security Survey
With security, the loss of information is often not immediately felt. Many firms indicate breaches cost an average of $100 per lost record, but some estimates are as high as $182.00 per record.
The mainframe delivers an unprecedented security experience. Because the mainframe is built upon highly centralized, multi-user environments, security for the mainframe must follow suite. Data access is rarely homogenous, and the mainframe provides a number of fronts with which to ensure a compliant and flexible security solution, including:
- Integrity of virtual partitions - the only server with EAL5 certification
- Integrated security with intrusion prevention services, and support for internet open standards
- Data & Application Integrity
- Security built into all layers to help prevent intrusion from malicious software (malware) and viruses
- Centralized control of access to resources with strong audit features
- Data Protection
- Robust encryption solutions to help protect data at rest, and data in flight
- Hardware encryption acceleration and fault-tolerant key protection
System z offers an elastic defense, or defense in depth. Defense in depth was originally a military strategy that seeks to delay rather then prevent the advance of an attacker, buying time by yielding space. With mainframe defense in depth, intruders are blocked at all fronts, by focusing on a series of zones. These security zones include:
- The network â z/OS Communications Server prevents intrusions with real-time detection aimed at statistical anomolies, including IPSec end-to-end security.
- The server - a robust security zone, with self destructing cryptography upon tampering, EAL 5-certified LPARs and granularity down to an individual address space. You can configure internal communications through the hipersockets in the hyperviser layer, which is drastically locked down compared to TCP/IP communications. Finally, security is more affordable with IPSec support coming for the z9 Integrated Information Processor (zIIPs).
The operating environment layer - where z/OS is easily the most robust and secure place to run your business. z/OS has EAL4+ certifications for Controlled Access Protection Profile (CAPP) and Labeled Security Protection Profile (LSPP). CAPP mode provides a single class of access control mechanism: discretionary access control. LSPP mode provides two classes of access control mechanisms: discretionary and mandatory access controls.
z/OS also has EAL4+ certification for multi-level security, which addresses government requirements for highly secure data that can be shared between agencies on demand. RACF provides an auditable security infrastructure for your most valued enterprise assets. Finally, the operating environment for z/OS supports additional Tivoli security products, which are targeted to specific security needs.
- The application environment layer - delivers security in a variety of ways. On one hand you have a core systems security aspect that encompasses CICS, IMS, DB2 and MQ. On the other hand, you have the open environments supported by WebSphere products, with WebSphere Application Server acting as the core runtime for the entire WebSphere software stack. And WebSphere, while leveraging the z/OS security capabilities, also provides its own security features.
- Finally, the last zone is the data protection layer, provides a barrier to defend your most important asset â your data. The data protection facilities include encrypting tape, encrypting data in the database for IMS and DB2, and a number of network encryption options using industry standards (SSL/TLS, IPSec, etc.) for encrypted transactions and for encryption over VPNs.
Taking an attitude of âgood enoughâ when it comes to the security of your IT assets could cost you your business.
Heavy distributed environments require additional servers for many if not all business requirements, including scaling to handle peak workloads, addressing gold or platinum standard customers, failover environments, â¦ the list can go on. With most businesses focused on driving down costs, a strictly distributed server solution, while cheap at first, rapidly becomes a cost nightmare. This is especially true when you consider that most distributed servers run, on average from 5 to 10% utilized. For some businesses the cost of distributed server growth results in the cost of a new data center.
To summarize, the primary drivers of mainframe consolidations include:
Each distributed server in production requires anywhere from two to five servers to support it: test, quality assurance, overflow, failover, etc.
- Paying software license fees for ALL of these servers
- Paying to power and cool ALL of these servers
- Paying to support ALL of these servers
Intel servers average 5 to 10% utilization, UNIX servers average anywhere from 20 to 40%
- Virtualization software provides some assistance
Software fees follow a linear growth curve
- Incremental growth will eventually accrue the price tag of a new data center
If this sounds familiar, you should consider the Linux advantage on System z.
Many customers are faced with rapidly growing distributed middleware environments. As Java assets get larger and drag with them growing license fees, greater management and facility costs, and IT complexity, Linux on System z provides the best environment for consolidation of Java assets.
Consolidating middleware on Linux on System z raises the bar for distributed workloads. The core values of System z, such as mean time between failures (MTBF), utilization rates, and crypto technology, provide a sophisticated base for Linux, enabling you to deploy workloads in the same physical systems as the data. Plus, it is faster, easier and cheaper to provision a virtual server than a physical one, making Linux on System z running under z/VM a virtualization dream.
On the Intel and RISC platforms, virtualization lets you spread operating system images across multiple servers, helping to improve hardware utilization. Mainframe virtualization does that too, but it goes so much further. System z is engineered for virtualization from the silicon up; everything is shared and virtualized.
Virtualizing with z/VM enables a unique experience:
- Supports the total hardware and software redundancy that gives System z its superior availability
- Means that hardware and software can be maintained and enhanced while in production
- Contributes to the 100% application isolation that gives System z its unique security characteristics
- Virtualizes everything, including the network, eliminating network delays and network hardware costs
- Enables you to share workloads and databases across datacenters miles apart, to provide unmatched business continuity
- Allows servers to run at close to 100% capacity, while meeting demanding interactive response time targets for tens of thousands of users
- Allows data centers to respond to huge variations in workload demand from moment to moment, without manual intervention
- Allows a small team to manage and operate the equivalent of hundreds of Intel and RISC top-end servers, reducing labor costs
This proven technology is a keystone in many shops, but one customer stands out. Nationwide Insurance has used Linux on the mainframe as a key consolidation and simplification strategy that has resulted in $15 million in savings over 3 years. The best description of this project comes from Nationwideâs Chief Architect, Guru Vasudeva, in his keynote address at LinuxWorld 2006.
Architectural leadership provided by z/VM virtualization enables:
- Non-disruptive, on/off capacity for on-demand capability
- Linux and z/OS application integration
- Highly granular allocation of hardware assets so you can add âsmallâ server images to existing configurations with minimal impact
- Large-scale server hosting for potentially thousands of server images
Resource consumption recording and reporting
- Capture data at hypervisor level (CP Monitor)
- Useful for charge-back, capacity planning, problem determination, and fix verification
- Hot stand-by minus the additional server expense
- Autonomic, non-disruptive disk failover to a secondary storage subsystem
- Architecture simulation for configuration requirements
- In-memory application sharing to share program executables among multiple server images
- High-speed, server-memory-cached disk I/O
- Virtual disks in storage provide high-speed read and write access to files in memory (excellent swap devices for Linux)
- Built-in console message routing from all virtual servers to a single virtual machine (system automation)
- Virtual Machine Resource Manager
- âHands freeâ auto-logon of server images using z/VM âAutologâ support
- Initiate operating system shutdown from âoutsideâ the server image without requiring agent running on guest OS
- 256 Linux images can share a single System z cryptographic card using z/VM
- Clone, patch, and âgo liveâ with easy rollback
And lastly, the economic benefits and the ability to leverage specialty engines make this an ideal consolidation story. As stated earlier in the paper, IBM leverages this advantage through our ECM consolidation project, which has provided the reduction of approximately 3900 UNIX servers to a mere 30 mainframes. By trading physical servers for virtual ones, IBM will be able to reduce costs along a broad front, including expenditures related to:
- Energy consumption: in replacing 3,900 servers (each with its own power supply) with 30 mainframes, IBM is expected to save enough electricity to power a small town.
- Software: which often is priced on a per processor basis. IBM expects to help minimize software licensing charges as the new IBM mainframes contain significantly fewer processors than the current 3,900 servers.
- System support: the project is expected to free up IBM technical personnel from system administration tasks to work on higher-value projects, including designing and building customer solutions.
This article provides a brief overview of where the mainframe may be the right platform for you, focusing on four key business scenarios:
- The resiliency and recovery of z/OS based assets
- Simplifying your IT infrastructure with z/OS
- Securing assets on a z/OS mainframe at varying layers, all acting together to provide a formidable front
- Consolidating open standards middleware using industry leading virtualization
The real answer is not usually z/OS or Linux on the mainframe, but a combination of both. The strongest customer deployments are those where the strengths of the underlying operating environment are leveraged for the workload that needs it.
- Global Action Plan
- IBM's Project Big Green Spurs Global Shift to Linux on Mainframe
- Optimizing WebSphere Perfornamce on z/OS
- CSI/FBI: 2006 Computer Crime & Security Survey Source: Computer Security Institute
- Dec 2006 report - Virtualization 2.0: The Next Phase in Customer Adoption Doc #204904