Transparent cloud tiering

Transparent cloud tiering is a licensed function that enables volume data to be copied and transferred to cloud storage. DS8000® transparent cloud tiering is a feature in conjunction with z/OS® and DFSMShsm that provides server-less movement of archive and backup data directly to an object storage solution. Offloading the movement of the data from the host to the DS8000 unlocks DFSMShsm efficiencies and saves z/OS CPU cycles.

DFSMShsm has been the leading z/OS data archive solution for over 30 years. Its architecture is designed and optimized for tape, being the medium in which the data is transferred and archived.

Due to this architectural design point, there are inherent inefficiencies that consume host CPU cycles, including the following examples:

Movement of data through the host: All of the data must move from the disk through the host and out to the tape device.
Dual Data Movement: DSS must read the data from the disk and then pass the data from DSS to HSM, which then moves the data from the host to the tape.
16K block sizes: HSM separates the data within z/OS into small 16K blocks.
Recycle: When a tape is full, HSM must continually read the valid data from that tape volume and write it to a new tape.
HSM inventory: Reorgs, audits, and backups of the HSM inventory via the OCDS.

Transparent cloud tiering resolves these inefficiencies by moving the data directly from the DS8000 to the cloud object storage. This process eliminates the movement of data through the host, dual data movement, and the small 16K block size requirement. This process also eliminates recycle processing and the OCDS.

Transparent cloud tiering translates into significant savings in CPU utilization within z/OS, specifically when you are using both DFSMShsm and transparent cloud tiering.

Modern enterprises adopted cloud storage to overcome the massive amount of data growth. The transparent cloud tiering system supports creating connections to cloud service providers to store data in private or public cloud storage. With transparent cloud tiering, administrators can move older data to cloud storage to free up capacity on the system. Point-in-time snapshots of data can be created on the system and then copied and stored on the cloud storage.

An external cloud service provider manages the cloud storage, which helps to reduce storage costs for the system. Before data can be copied to cloud storage, a connection to the cloud service provider must be created from the system. A cloud account is an object on the system that represents a connection to a cloud service provider by using a particular set of credentials. These credentials differ depending on the type of cloud service provider that is being specified. Most cloud service providers require the host name of the cloud service provider and an associated password, and some cloud service providers also require certificates to authenticate users of the cloud storage.

Public clouds use certificates that are signed by well-known certificate authorities. Private cloud service providers can use either self-signed certificate or a certificate that is signed by a trusted certificate authority. These credentials are defined on the cloud service provider and passed to the system through the administrators of the cloud service provider. A cloud account defines whether the system can successfully communicate and authenticate with the cloud service provider by using the account credentials. If the system is authenticated, it can then access cloud storage to either copy data to the cloud storage or restore data that is copied to cloud storage back to the system. The system supports one cloud account to a single cloud service provider. Migration between providers is not supported.

Client-side encryption for transparent cloud tiering ensures that data is encrypted before it is transferred to cloud storage. The data remains encrypted in cloud storage and is decrypted after it is transferred back to the storage system. You can use client-side encryption for transparent cloud tiering to download and decrypt data on any DS8000 storage system that uses the same set of key servers as the system that first encrypted the data.

Notes:

Client-side encryption for transparent cloud tiering requires IBM® Security Key Lifecycle Manager v3.0.0.2 or higher. For more information, see the IBM Security Key Lifecycle Manager online product documentation.
Transparent cloud tiering supports the Key Management Interoperability Protocol (KMIP) only.

Cloud object storage is inherently multi-tenant, which allows multiple users to store data on the device, segregated from the other users. Each cloud service provider divides cloud storage into segments for each client that uses the cloud storage. These objects store only data specific to that client. Within the segment that is controlled by the user’s name, DFSMShsm and its inventory system controls the creation and segregation of containers that it uses to store the client data objects.

The storage system supports the OpenStack Swift and Amazon S3 APIs. The storage system also supports the IBM TS7700 as an object storage target and the following cloud service providers:

Amazon S3
IBM Bluemix - Cloud Object Storage
OpenStack Swift Based Private Cloud