Preview: IBM z/VM V6.4 -- Delivering industry-proven advanced virtualization capabilities to support the increasing demands of your businessIBM United States Software Announcement 216-009
February 16, 2016
|Table of contents|
|At a glance|
IBM® z/VM® V6.4 is planned to help you extend the business value of IBM z Systems and IBM LinuxONE technology across the enterprise by integrating applications and data, while providing exceptional levels of availability, security, and operational ease. World-class virtualization technology offered by z/VM can provide the ability to host a large number of virtual servers running different operating systems on a z Systems server and LinuxONE.
The ability of z/VM to support multiple machine images and architectures provides a highly flexible production and test environment for z Systems and LinuxONE operating systems that simplifies migration from one release to another, facilitates the transition to newer applications, provides a test environment whenever one is needed, and consolidates several systems onto one physical server. A fundamental strength of z/VM is the ability for virtual machines to share system resources with very high levels of resource utilization.
z/VM V6.4 enables extreme scalability, security, and efficiency, creating cost savings opportunities, and provides the foundation for cognitive computing on z Systems and LinuxONE. z/VM V6.4 is planned to deliver:
- Increased efficiency with HyperPAV paging that takes advantage of DS8000 features to increase the bandwidth for paging and allow for more efficient memory management of over-committed workloads.
- Easier migration with enhanced upgrade-in-place infrastructure that provides an improved migration path from previous z/VM releases.
- Improved operations with ease of use enhancements requested by clients, such as querying service applied to the running hypervisor and providing environment variables to allow programming automation based on systems characteristics and client settings.
- Improved Small Computer System Interface (SCSI) support for guest attachment of disk and other peripherals, and hypervisor attachment of disk drives to z Systems and LinuxONE systems to:
- Increase efficiency by allowing an IBM FlashSystem® to be directly attached to z/VM for system use without the need for an IBM System Storage® SAN Volume Controller (SVC).
- Enable ease of use with enhanced management for SCSI devices to provide information needed about device configuration characteristics.
- Increased scalability by exploiting Guest Enhanced DAT to allow guests to take advantage of large (1 MB) pages, decreasing the memory and overhead required to perform address translation.
- Integration of new CMS Pipelines functionality which previously was not formally incorporated within the z/VM product, allowing a much more inclusive set of tools for application developers.
Back to top
z/VM V6.4 is the result of over 40 years of innovation and refinement and can provide users with the ability to respond to rapidly changing market requirements more quickly and easily than with discrete single-operating-system servers. Unlike distributed hardware-based solutions, virtualization technology allows you to virtualize processor, communications, storage, I/O, and networking resources to help reduce the need to duplicate hardware, programming, and data resources. Contrasted with a discrete server implementation, z/VM-based z Systems and LinuxONE solutions are designed to provide significant savings, which may help lower your total cost of ownership (TCO) for deploying new business and enterprise application workloads on these systems.
z/VM V6.4 is planned to provide support for the IBM z13, IBM z13s, LinuxONE Rockhopper, and LinuxONE Emperor. Support for simultaneous multithreading (SMT) technology extends per-processor core capacity growth beyond single-thread performance for Linux on z Systems on an IBM Integrated Facility for Linux (IFL) specialty engine on a z13 server. On LinuxONE, support for SMT technology extends per-processor core capacity growth beyond single-thread performance on core workloads with support for two threads per core. z/VM multithreading technology support can enable additional price performance benefits over previous hardware generations and can meet workload requirements transparently.
z/VM is a natural fit to run Linux on z Systems or LinuxONE. With z/VM, you can run hundreds of Linux virtual machines (servers) in the same logical partition (LPAR) or thousands of virtual machines in multiple LPARs with z Systems or LinuxONE.
In addition, Linux on z Systems can take advantage of the vector extension facility (SIMD) instructions available on z13 servers. This provides a powerful framework for the development of new Business Analytics workloads, porting numerically intensive workloads from other platforms, and accelerating Business Analytics workloads on z13, z13s, and LinuxONE. This design allows the z13, z13s, or LinuxONE servers to deliver additional potential capacity for Linux workloads, crucial for mission-critical applications and cloud service delivery.
z/VM V6.4 is designed to enhance:
- Efficiency and elasticity:
- Improved paging scalability by supporting HyperPAV paging technology
- Guest large page support
- Guest Transactional Execution support
- Memory scalability efficiency improvements
- Ease of use capabilities:
- Upgrade in place to support z/VM release migration
- The ability of z/VM systems administrators to exploit new ease of use improvements to allow more efficient management of the z/VM systems, including:
- Determination of installed APARs and PTFs
- CP environment variables
- Query Shutdown command
- SCSI management queries
- CMS Pipelines modernization
Back to top
z/VM V6.4 is planned to support the following z Systems servers:
- LinuxONE Emperor
- LinuxONE Rockhopper
- IBM zEnterprise® EC12
- IBM zEnterprise BC12
- IBM zEnterprise 196
- IBM zEnterprise 114
Back to top
|Planned availability date|
Fourth quarter, 2016
Previews provide insight into IBM plans and direction. Availability, prices, ordering information, and terms and conditions will be provided when the product is announced.
Back to top
Enhancements planned for z/VM V6.4 include:
Efficiency and elasticity. The efficiency of the overall z/VM hypervisor has been enhanced with the following scalability improvements:
- HyperPAV paging technology. z/VM will exploit the ability for an IBM DS8000® device to execute multiple I/O requests to an ECKD paging volume in parallel from a single z/VM image. In HyperPAV mode, I/O resources can be assigned on demand as needed. If the base volume is busy, z/VM will select a free alias from a pool, bind the alias device to the base device, and start the I/O. When the I/O completes, the alias device is returned to the pool to be used for another I/O in the same logical subsystem (LSS).
The primary objective of supporting HyperPAV paging technology is to provide improved paging throughput, which will increase the efficiency of the z/VM frame replenishment algorithm used to manage storage over-committed workloads. HyperPAV paging will allow concurrent I/O to each paging volume, enabling you to manage fewer CPOWNED volumes, each possibly of larger size. HyperPAV technology exploitation by the z/VM hypervisor will be expanded to the paging subsystem for:
- The SYSRES volume, and volumes containing checkpoint and warm start data
- Volumes used for paging, spooling, and the z/VM user directory
- Minidisk pools, as defined by a guest's use of the MAPMDISK IDENTIFY macro
- Guest large page support. z/VM will be enhanced to provide support for the Enhanced DAT facility, which allows a guest to exploit large (1 MB) pages in addition to the currently supported 4K pages. A larger page size decreases the amount of guest memory needed for DAT tables and also decreases the overhead required to perform address translation. In all cases, guest memory is mapped into 4K pages at the host level.
Guests such as Linux for z Systems, which exploit large page support, can benefit from reduced memory footprints and address translation times, which can decrease overhead, improving throughput.
- Guest Transactional Execution support. z/VM will be enhanced to enable guest exploitation of the Transactional Execution Facility. This allows a program to issue multiple instructions that appear to operate atomically. This support offers an alternative to more costly and mutually exclusive mechanisms, such as software locks. This can improve the efficiency and scalability of multithreaded software that can include compiled Java code or guest operating system functions.
- Memory scalability efficiency improvements. Improvements to memory management algorithms provide for future enhancements that can increase performance of workloads that experience available list lock or spin lock contention.
Ease of use improvements. z/VM systems administrators will be able to exploit Systems Management usability improvements to allow more effective management of the z/VM system, by taking advantage of:
- CP environment variables. Provides the ability to allow automation to adapt more easily to different operating environments or modes in a coordinated fashion across many guests to help simplify the control and testing of your system setup. For example, the operator will be able to indicate at IPL time that the system is running in a disaster recovery or test environment. This indication enables changes in the devices used, the choice of virtual machines and the sequence in which they are activated, and additional operations to be triggered.
- Query Shutdown command. Enables a z/VM system programmer or a guest virtual machine to determine whether a system shutdown is in progress and obtain additional information about the shutdown. In addition, informational messages will be sent to the primary system operator console so the system operator can figure out after the fact what was shut down and by whom. This can help you to automate an orderly shutdown of your system and its virtual servers. This function can be of particular value to virtual machines that coordinate the shutdown of other virtual machines. The coordinating virtual machines would receive the quiesce signal that the system is shutting down, issue the new QUERY to get the additional information needed, and take the appropriate action for an orderly shutdown.
- SCSI management queries. Provides enhancements to the commands available for EDEVICEs within z/VM that can improve the usability and problem diagnosis for EDEV-intensive environments and provide a clearer end-to-end view of the storage configuration. This allows you to verify with your storage team that the configuration is consistent between z/VM and the disk storage subsystem.
- CMS Pipelines. Provides modernized Pipelines functionality by adopting 20 years of development since the original Pipelines integration into z/VM. This addresses client concerns with using downloaded code, including fixes not previously integrated in the z/VM product. It broadens the ecosystem, enables innovation for clients and ISVs, and includes additional functionality.
- DirMaint to RACF® Connector. Modernizes the Connector with a collection of functional enhancements that improve how z/VM security is handled in a managed environment, where system programmers do not have access through traditional 3270 interfaces, bringing processing in line with modern z/VM practices. z/VM User Directory statement analysis and DirMaint option recognition have been added to the Connector so that the appropriate security policy changes can be passed directly to IBM RACFVM. This allows a z/VM environment managed by IBM Wave for z/VM or OpenStack to function properly, even with RACFVM installed on the system. The security administrator does not need perform separate operations to RACFVM or IBM zSecure to make security policy changes every time a new security rule is implied by an authorized change to the z/VM User Directory.
Hardware currency. The following improvements for hardware currency will be incorporated in z/VM:
- ESA/390 removal. Enhancements enable hypervisor initialization and termination, SAPL, and stand-alone utilities to run entirely in z/Architecture® mode. The z13 is planned to be the last z Systems server to support running an operating system in ESA/390 architecture mode. All future systems will support only operating systems that run entirely in z/Architecture mode.
In addition, support will be added to simulate a z/Architecture-only environment, by providing a virtual machine environment that is always in the z/Architecture architectural mode and cannot switch to the ESA/390 architectural mode. This can be useful for testing software in a z/Architecture-only environment, in advance of deploying software on a future z/Architecture-only machine.
- FlashSystem support for FCP-attached SCSI disks. A z/VM storage administrator can use FlashSystem storage as a z/VM-system-attached DASD without the need for an intermediate SVC.
Migration. z/VM upgrade in place is extended to support three releases:
- Enhancements will be made to provide a migration path for a member of an SSI cluster using an upgrade-in-place procedure. Upgrade in place can allow you to move a new release of z/VM to an existing system with minimal impact to the running system. Enhancements allow upgrading from z/VM V6.2 or V6.3 to z/VM V6.4 and position your system for future releases beyond z/VM V6.4. Upgrade in place also remains supported for a non-clustered z/VM system.
For a detailed description of z/VM capabilities, refer to the http://www.ibm.com/vm/ website.
IBM Wave for z/VM (IBM Wave)
IBM Wave for z/VM (IBM Wave) can dramatically simplify the management of virtualized environments into an intuitive experience, to help reduce the cost and skills of managing Linux environments based on z/VM on z Systems servers and LinuxONE.
IBM Wave intelligent visualization of the virtual server environment and physical infrastructure provides intuitive management of physical servers, z/VM, Linux images running as z/VM guests, and other resources. IBM Wave provides the necessary capabilities for virtual server provisioning and can readily scale as you grow your enterprise. With IBM Wave, you can rapidly gain insight into your entire virtualized infrastructure topology at a glance and also accelerate the path to a highly virtualized cloud infrastructure.
IBM Wave Release 2 further expands these capabilities by delivering increased support for Linux distributions and devices and for reporting and auditing, as well as additional enterprise-grade security and performance enhancements.
The following Statements of Direction made with the IBM Wave V1.2 Software Announcement 215-162, dated May 11, 2015, were delivered in Service Pack 2:
- Enhanced audit logging to allow an IBM Wave administrator to satisfy corporate auditing needs by accessing a consolidated log of specified auditable activities
- Support of the installation and execution of the IBM Wave server (IBM WAVESRV) on Red Hat RHEL 7 and SUSE SLES 12 distributions
IBM Wave is developed using lean and agile principles, providing enhancements and new function on an ongoing basis. These enhancements are made available via future service updates.
IBM Cloud Manager with OpenStack for System z®
OpenStack is an infrastructure as a service (IaaS) cloud computing open source project that is managed by the OpenStack Foundation. With IBM’s adoption of OpenStack as part of its cloud strategy, the z/VM V6.4 for z Systems and LinuxONE operating environment can be natively managed using OpenStack open cloud architecture-based interfaces. z/VM drivers provide OpenStack enablement for z/VM, and for z/VM virtual machines running Linux on z Systems and LinuxONE.
Open standards offer a common foundation and compatible interfaces for companies to augment computing resources at a moment’s notice to meet changing client demands, such as adding a new mobile application for a new group of clients to drive additional revenue. Open standards such as OpenStack help enterprises be more nimble and address major client concerns, like vendor lock-in, the need to hire expensive specialized experts, long application development cycles, and security challenges.
For additional information on IBM Cloud Manager with OpenStack for System z, refer to Software Announcement 215-106, dated February 24, 2015.
Additional capabilities to enhance the security of z/VM have been delivered in the service stream.
IBM recently enhanced the security capabilities of z/VM with the following PTFs for APARs VM65719 and PI40702 to include:
- Upgrade of RACF/VM password encryption support, for stronger protection against offline password attacks. This satisfies the Statement of Direction made in Hardware Announcement 115-001, dated January 14, 2015.
- Enhancements to RACF/VM security policy management, including:
- Minimum password change intervals
- Helpdesk support for the resetting of passwords and password phrases
- Password expiry support
- An upgrade to special character support for passwords and password phrases
- An uplift of the z/VM System SSL cryptographic library to z/OS® V2.1 equivalency, which keeps z/VM's TLS support in accordance with NIST SP 800-131a guidelines.
- AES Galois/Counter Mode encryption for connections to the hypervisor managed by the z/VM TLS/SSL Server.
Back to top
The z/VM hypervisor extends the capabilities of the hardware from the standpoint of sharing hardware, virtualization, and communication resources. Together with IBM Wave for z/VM (IBM Wave), the comprehensive management solution for z/VM-based virtual Linux server environments, the z/VM hypervisor makes it easy to extract the maximum value from the z/VM capabilities -- virtualization savings, operational efficiency, power savings, and optimal qualities of service. This virtualization technology is designed to enable organizations to run hundreds to thousands of Linux servers on a single mainframe, running with other z Systems operating systems, such as z/OS and z/VSE®, or as a large-scale enterprise LinuxONE server solution.
z/VM and KVM for IBM z Systems can co-exist on IBM z Systems and LinuxONE, giving you choices for virtualization implementations.
With z/VM V6.4 and its Linux infrastructure, you can reduce the time between deciding on the acquisition of new servers and then implementing them because new servers can be easily deployed in a matter of minutes. With this powerful capability, you can launch new products and services without the exhaustive planning for, purchasing, installing, and configuring new hardware and software that can be associated with conventional discrete hardware servers. Development groups that need test environments that are built and rebuilt rapidly to enable them to efficiently deliver their projects, handling change management in the process, can also benefit from this unique advantage.
The following capabilities are several key strengths of z Systems or LinuxONE and z/VM:
- Virtualization capabilities are more mature and robust than for other combinations of hardware and hypervisor.
- Single System Image (SSI) allows users to share all system resources with very high levels of resource utilization, extending the pool of resources that can be managed by administering multiple instances of z/VM as if they are one integrated system.
- Live guest relocation allows movement of a running Linux guest from one member of a Single System Image cluster to another without the need to shut down the server. This allows maintenance of the z/VM hypervisor without having to shut down Linux servers, extending availability functionality of z Systems and LinuxONE servers to the z/VM environment.
- z/VM virtual switch can make Linux networking simpler and reduce the physical resource requirements.
- Full volume backup of systems allows for complete disaster recovery when another data center is available.
- z/VM is easy to customize at the base installation level with only a relatively small number of configuration files. When z/VM is configured properly, longer periods of time between planned outages may be achieved.
Advanced virtualization features like multisystem virtualization and live guest relocation with z Systems, LinuxONE, z/VM, and Linux on z Systems or LinuxONE help to provide an efficient infrastructure for deploying private clouds to support workloads that scale both horizontally and vertically at a low total cost of ownership.
With the z/VM and z Systems or LinuxONE security-rich environment, your most valuable information can be protected, helping to reduce organizational and reputational risk. Designed to work with z Systems and LinuxONE, z/VM provides advanced security features that can deliver client value. The security certification of z/VM helps ensure the security of sensitive data and business transactions to allow you to run production servers side-by-side on the same server with test and development servers.
To help ensure data-at-rest stays safe and secure, z/VM supports the use of the IBM Full Disk Encryption (FDE) feature of the IBM DS8000. z/VM also supports the ability of guests to use encrypted tape.
The TCP/IP for z/VM TLS/SSL server is available to facilitate security-rich and private conversations between z/VM servers and external clients. With z/VM support for TLS 1.2 and SHA-2 hashing, a z/VM server can use the latest cryptographic protocols in a FIPS 140-2 compliant mode to communicate securely with a client without a change to the server itself.
z/VM makes the Crypto Express5S feature, a tamper-resistant cryptographic coprocessor, available to guests with either dedicated access for use in both secure-key or clear-key operations or shared access for clear-key operations. z/VM can virtualize z Systems cryptographic devices so they can be shared by many Linux systems and supports the z13 limit for greater than 16 domains for the Crypto Express5S feature. With shared access, z/VM can also balance the workload across multiple cryptographic devices. Should one device fail or be brought offline, z/VM can transparently shift Linux systems using that device to an alternate cryptographic device without user intervention.
Back to top
|Statement of general direction|
IBM Wave support for Canonical Ubuntu distributions for z Systems and LinuxOne. IBM intends to provide support for the planned Canonical Ubuntu distributions with IBM Wave in future service packs. This support is planned to be staged, initially supporting virtual servers with Canonical Ubuntu. Support of the installation and execution of the IBM Wave server (IBM WAVESRV) on Canonical Ubuntu distributions is planned to be delivered within the service stream.
Dynamically managed thread activation levels. IBM intends to provide support in a future z/VM deliverable that will allow clients to dynamically manage the number of activated threads per configured core that can be enabled for simultaneous multithreading (SMT) without requiring an IPL of the z/VM system.
Stabilization of z/VM support for the IBM System z10® server family. z/VM V6.3 is the last z/VM release planned to support the IBM System z10 server family of servers. Either an IBM zEnterprise 196 (z196) or an IBM zEnterprise 114 (z114) is the required minimum level of server for z/VM V6.4. Refer to the IBM Support Portal for the most current support lifecycle information for z/VM.
Type " z/VM " in the "Search software lifecycle" box, then scroll on the page until you find z/VM.Fee-based service offerings for z/VM V6.3 are planned to be available from IBM for System z10 clients through December 31, 2019. These offerings will provide support beyond the end of support date for z/VM V6.3.
IBM's statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM's sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remain at our sole discretion.
Back to top
For information on z/VM V6.3, refer to Software Announcement 213-297, dated July 23, 2013.
For information on the z13s, refer to Hardware Announcement 116-002, dated February 16, 2016.
Back to top
|Statement of good security practices|
IT system security involves protecting systems and information through prevention, detection, and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, or misappropriated or can result in misuse of your systems to attack others. Without a comprehensive approach to security, no IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products, or services to be most effective. IBM does not warrant that systems and products are immune from the malicious or illegal conduct of any party.
IBM z Systems, IBM LinuxONE, z Systems, IBM z13, z13, ECKD, DirMaint, zSecure and FlashSystem are trademarks of IBM Corporation in the United States, other countries, or both.
IBM, z/VM, IBM FlashSystem, System Storage, zEnterprise, DS8000, RACF, z/Architecture, System z, z/OS, z/VSE and System z10 are registered trademarks of IBM Corporation in the United States, other countries, or both.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Oracle and Java are trademarks of Oracle and/or its affiliates in the United States, other countries, or both.
Other company, product, and service names may be trademarks or service marks of others.
For the most current information regarding IBM products, consult your IBM representative or reseller, or visit the IBM worldwide contacts page