Red Hat OpenShift is perhaps best known for providing a platform for developing and deploying cloud-native, microservices-based applications.

But when the IBM Z Firmware development team in Germany were looking to modernize their DevOps process, they found the ideal environment in Red Hat OpenShift running on IBM Z.

Scalability and Security

IBM Z systems sit at the heart of many of the world’s biggest companies and most critical workloads. Optimized for performance, security and reliability, IBM Z is designed to handle billions of transactions without missing a heartbeat.

The IBM Z firmware layer sits between the physical hardware and the operating system, and executes many of the low-level operations of the IBM Z system. Creating and maintaining this layer is the responsibility of the IBM Z Firmware development organization, which includes hundreds of developers.

The challenges the team faced were similar to those faced by many large development organizations – flexibility, security, and availability, especially combined with the need to scale. How could existing Jenkins setups be easily extended to add new workers? How could the existing login server be updated to support new security requirements? And how could runtime environments be designed with high availability in mind?

“The DevOps process is based around a large code pipeline, moving from source code management to binary repositories to automated testing, all managed by Jenkins scripts and workers”, commented Ralf Schaufler, IBM Z Firmware Integration Architect. “Supporting this are tools for bug tracking, access control, and backup.”

Technical Solution

The team looked at various options and decided to go with Red Hat OpenShift as this provided a secure enterprise DevOps capability, as well as a CI/CD pipeline. Although most of the IBM Z Firmware artifacts run on the IBM Z architecture (s390x), some run on x86 – and so OpenShift’s support for heterogeneous environments could offer additional benefits in the future.

The next question the team faced was whether to run OpenShift in the cloud or on-premises on Z. They determined that the cloud would be a more expensive option, especially as they have a fairly static environment of hundreds of users. In addition, running OpenShift on-prem on IBM Z enabled them to co-locate the development environment next to the test environments. This dramatically reduced the time taken to transfer IBM Z firmware images between development, simulation, and new hardware – and increased security by locating all these environments in the same protected zone with local access only.

“The first use case we implemented was to migrate their multi-user development server to ‘interactive containers’ running on Red Hat OpenShift on IBM Z”, said Edmund Breit, Senior IT Specialist, IBM Z Firmware Delivery & Suppprt. “This enabled us to use the access control features of OpenShift and meet the IBM security requirements for developers.”

The next use case they deployed was to use Jenkins for the Continuous Integration and Development (CID) pipeline within Red Hat OpenShift, supporting greater scalability and enabling updates to be packaged and then included in the next driver update. This simplified the pipeline automation, and can also potentially enable future multi-arch support for both s390x and x86 firmware production in the future.

“We’re now looking at further use cases, including supporting virtual machines as well as containers, wider options for persistent storage, and additional CID services”, added Edmund.

“The migration of the DevOps process to OpenShift on Z has proved very successful and delivered a more secure and scalable approach,” continued Ralf. “This has also been helped by the Red Hat OpenShift for Z development team being close by in the IBM Boeblingen lab.”

>>For more information about Red Hat OpenShift and IBM Z, read the IDC sponsored white paper “Building the Open Hybrid Cloud: Red Hat OpenShift, Enterprise Linux, and Ansible on IBM Z, LinuxONE, and Storage.”