zBNA for Pervasive Encryption Estimation
Zhaoyu 120000FVH1 Visits (7939)
zBNA is one of the capacity planning tools that can be downloaded from IBM PartnerWorld: http
A feature of zBNA included in Version 1.8.1 is the ability to evaluate a Z Server’s datasets and CF structures for encryption capabilities. zPET used zBNA to identify encryption candidates on z/OS V2R3.
To accomplish these tasks, we followed the zBNA’s User’s Guide to collect SMF data as the input for CP3KEXTR program running on z/OS to produce .edf and .dat files for zBNA consumption. Once that data is loaded (via the File, Load Files menu option) into the zBNA program we could use the new Encryption support via the Applications, Encryption menu option to see various views of estimated encryption for DASD Data Set and for CF structure data.
For DASD Data Set Encryption, zBNA will let you see estimations for DASD I/O rate (in GB/Hr) that is eligible for encryption as well as the estimated cost in MIPS for exploiting data set encryption
and the estimated change in CPU seconds for exploiting the encryption for a selected set of data sets.
In our environment, it made sense to compare the DASD I/O rate versus the CPU time. Here’s a screen shot from one of our systems called J80 that has been enabled with Data Set Encryption that shows the Estimated DASD Data Set I/O rate for all encryption eligible data sets (which includes data sets that have already been encrypted as well as unencrypted but eligible) being accessed by that system:
Here we see that the data J80 is accessing over time is more and more of type Linear data sets while most of the remaining types being accessed remains consistent. More importantly we can see the estimated cost in CPU Time of encrypting that data.
As shown in the visualized data, estimated CPU seconds for encrypting DASD data varies on different systems and in the different time intervals. System JH0 is estimated to have a higher CPU Time cost for data set encryption in the 3 monitored intervals than the other 4 systems monitored here. Within this sysplex, there were different workloads running on different systems at different times which resulted in variation in data being accessed.
Depending on the workload that is running, and therefore how much and what type of data access is being used, you can use zBNA to do similar estimations ahead of encrypting data or to review the cost once encryption is enabled.
zBNA provides equivalent views for CF structure data. The following figure shows CF structure data encryption estimation from the same systems:
Like the previous dataset encryption example, within one sysplex CF structure data encryption estimates vary between different systems due to the workload variation, however CPU Time estimates are consistent over time for each of the monitored systems.
Another feature of zBNA is that it can enable individual data set selection for the input into its estimation views. With this feature, it is possible to include datasets that are either currently encrypted or not for evaluation. Other selectable options include “Encrypted Estimated CPU time” for individual data sets that are not currently encrypted.
Below is an example from one of our systems:
For CF structure data, a similar user selection view can be obtained as seen below:
The results of this data set selection can also be exported in HTML or CSV format for easy evaluation and usage outside of zBNA.
For more information and details, reference the zBNA User’s guide at the IBM PartnerWorld landing site. We would love to hear your thoughts and experiences with these new functions of zBNA.