© 2017 IBM Corp.
Open Source Summit Europe Prague
October, 24th 2017
IBM LinuxONE
the largest scalable Linux Server
The Modernization possibilities on the Most Scalable Compute Platform for Secure Data Driven Workloads
Jens Voelker, [email protected] , Program Manager Linux Ecosystem Business Development & StrategyJohn Smith, [email protected] , Offering Manager IBM Z Ecosystem & strategy team
© 2017 IBM Corp.
Linux on LinuxONE – What is that?
The Hardware: Emperor II & Rockhopper
Platform Openness
From Moby to Docker EE
AgendaIBM LinuxONE6
6the largest scalable Linux Server
Unmatched Security: IBM Secure Service Containers
Scalable Data Serving
Open Mainframe Project
Linux Heritage & Strategy
© 2017 IBM Corp.
Linux on LinuxONE – What is that?
The Hardware: Emperor II & Rockhopper
Platform Openness
AgendaIBM LinuxONE6
6the largest scalable Linux Server
Scalable Data Serving
Open Mainframe Project
Linux Heritage & Strategy
From Moby to Docker EE
Unmatched Security: IBM Secure Service Containers
© 2017 IBM Corp.
How everything began with Linux on LinuxONE
Do one brave thing today ….. then run like hell!
© 2017 IBM Corp.
• Spectrum Scale™ (GPFS™)• Oracle 12c
1999: Linux on S/390®
2009: � z/VM v6� Enterprise Linux Server
2000:Integrated Facility
for Linux (IFL)
2007: IBM Big Green
Consolidation 3900 to 30
2001: HiperSockets™
� RHEL 7.3� SLES12 SP2� Ubuntu 16.04
2006: 1000 Appl., 300 ISVs2000:
DB2®,
WebSphere®
1999: IBM Linux Tech
Center
2001: Red Hat Linux
First release2000:
SUSE Linux
2002: major ISVs:
SAP, Oracle 9i
2014: � IBM Wave� OpenStack
2015: � KVM for IBM z� IBM Wave upd.� IBM zAware for Linux� IBM LinuxONE™
� RHEL 7.2� SLES 12 SP1--------------------------− SMT− SIMD in kernel− 10 Gb PCI / RoCE
Crypto enhance.
• Blockchain• Open source ecosystem ext.
2017: � IBM z14
� z/VM Subcapacity� IBM Wave 1.2 SP6
• Docker Enterprise Edition
• DBaaS reference architecture
• Spectrum Scale 4.2.3.1
� KVM support in SUSE and Ubuntu
� RHEL � SLES
� Ubuntu 17.04
• DB2 BLU• GDPS® Virtual Appliance • Financial Transaction Mgr • Open source ecosystem
2016: � KVM 1.1.2� z/VM 6.4
2013: >3000 Applications
Linux on the IBM Z Platform A 17-year Journey of Innovation and Technology
© 2017 IBM Corp.
What is Linux on IBM® LinuxONE® (IBM Z®)
Supported Virtualization
IBM z/VM® + IBM Wave for z/VM
KVM – incl. in distributions from SUSE and Canonical
Logical Partitions (LPAR)
standard mode: PR/SM™
DPM mode: IBM Dynamic Partition Manager
Linux is Linux is Linux .
Pure Linux®, no emulation
runs natively on IBM Z hardware or virtualized under z/VM or KVM
Not a unique version of Linux
Same Look & Feel
Supported Enterprise Linux distributions
Community Versions
2000 2017
See ‘z Systems Virtual Servers’
See ‘Tested Platforms’
0.3 % platform specific code in GCC
0.5 % of platform specific code in Glibc
< 2 % platform specific code e.g. device drivers in Linux Kernel
Linux on LinuxONE Platform
© 2017 IBM Corp.
Linux on LinuxONE – What is that?
The Hardware: Emperor II & Rockhopper
Platform Openness
AgendaIBM LinuxONE6
6the largest scalable Linux Server
Scalable Data Serving
Open Mainframe Project
Linux Heritage & Strategy
From Moby to Docker EE
Unmatched Security: IBM Secure Service Containers
© 2017 IBM Corp.
Linux on IBM LinuxONE™ Emperor II Basics
Nested virtualization Hardware optimized for two hypervisor levels
Extreme utilization Through balanced system design
HiperSockets™ Efficient and secure internal network for all workload communication
Virtualization
Management
z/VM + IBM Wave and/or KVM with standard manageability interfaces - efficiency at scale with easy administration, provisioning and automation
Linux VMs Up to thousands Linux VMs running standard Linux distributions
Protected Key
encryption
Fast in-system encryption without exposing private keys to the Operating Systems
Physicalresources
VirtualizedResources in
2nd level VMs
HiperSockets
communication
Memory - up to 32 TB
IFLs
I/O and Network
2nd levelhypervisor
LinuxGuests
LinuxGuests
Linux
LPAR LPAR LPAR LPAR LPAR LPAR
IFLs
Linux Linux Linux
© 2017 IBM Corp.
Up to4 TB
8X more memory
Up to20
Configurable cores at 4.3GHz
I/ODedicated I/O,RAS and other coprocessors
Up to40
ConfigurableLPARs
LargerCache
More workloads per server
Crypto Express5S
Performance and function
SMT,SIMD
Enhanced performance
Emperor II
Up to32 TB
>3X more available memory
Up to170
Configurable cores at 5.2GHz
I/ODedicated I/O,RAS and other coprocessors
Up to85
ConfigurableLPARs
LargerCache
More workloads per server
Crypto Express6S
Performance and function
SMT,SIMD
Enhanced performance
IBM GDPS solutionsContinuous availability & Disaster recovery
IBM Spectrum ScaleClustered file system
IBM zAware functionalityIBM Z Advanced Workload. Analysis
Reporter
IBM z/VM + IBM WaveVirtualization with efficiency at scale +
Intuitive virtualization management
KVM on IBM ZOpen source virtualization
Logical Partitions / Dynamic Partition Mgr
technology & capacity
Emperor & rockhopper
Unmatched server technology & capacity
Rockhopper
Linux on IBM LinuxONE™ Emperor II & Rockhopper
© 2017 IBM Corp.
LinuxONE has multi-dimensional growth and scalability options
Dynamic Changes
Capabilities
z/VM
LPAR
Linux Guest
Add CPU Yes Yes
Increase weight / share Yes Yes
Add memory Yes Yes
Add I/O adapter Yes Yes
Remove CPU Yes Yes
Decrease weight / share Yes Yes
Remove memory No Yes
Remove I/O adapter Yes Yes
Multi-dimensional growth and scalability options• Dynamically add cores (1 to 170), memory (up to 32 TB), I/O adapters (up to 160 PCIe slots), devices and network
cards
• Resources may be shared or dedicated
• Grow horizontally (add Linux guests), vertically (add to existing Linux guests) and diagonal (Mix and Match – Find your scale sweet spot)
• Grow and scale without disruption to running environment
• Provision for peak utilization, unused resources automatically reallocated after peak
Flexible Resource/Workload Management and High configuration flexibility• Advanced workload management enables maximum
utilization of the system resources• Goal-oriented approach for performance mgmt of a hypervisor• Ability to basically do a forklift upgrade to new z Systems server
Efficiencies of Consolidation• Less operational effort based on centralized management, using the same arrangements for
administration, security, backup and disaster recovery• Less efforts for less IT equipment
Add more resourcesto an existing Linux guest...
© 2017 IBM Corp.
Workload Management – LinuxONE Utilization
LinuxONE Workload Management
� Priority Workload
− No throughput reduction
− No response time increase
� Low Priority Workload
− Soaks up remaining processor minutes
� 1.9% unused processor minutes
Leading x86 Hypervisor
� Priority Workload− 31% throughput reduction− 45% response time increase
� Low Priority Workload− Soaks up more CPU minutes
� 21.9% unused CPU minutes
Too much resource given to Low Priority workload
High Priority workload gets less resource than needed
CPO study
© 2017 IBM Corp.
Linux on LinuxONE – What is that?
The Hardware: Emperor II & Rockhopper
Platform Openness
AgendaIBM LinuxONE6
6the largest scalable Linux Server
Scalable Data Serving
Open Mainframe Project
Linux Heritage & Strategy
From Moby to Docker EE
Unmatched Security: IBM Secure Service Containers
© 2017 IBM Corp.
Who is using Linux on IBM LinuxONE and IBM Z today
Used in over 60 countries across 22 industries around the globe
Most used in:
Banking and Financial Markets
Government
Insurance
Computer Services
Retail and Healthcare
Transportation and Telecommunication
based on Capacity
• 90 of the top 100 IBM Z clients are running Linux on IBM z (based
on total installed MIPS in 2Q2017)
• 49% of IBM Z clients have IFLs installed
� Very large installations with up to hundreds of cores/IFLs in USA, Japan, Brazil, Germany, UK and South Africa
� Small installations with 2 IFLs in all countries and on all IBM Z models
� Most clients run Linux co-located with z/OS®, z/VSE® and/or z/TPF on an IBM Z server
2000 In the market since 2000, well accepted and growing 2017
Installed Capacity Over Time
YE04 YE05 YE06 YE07 YE08 YE09 YE10 YE11 YE12 YE13 YE14 YE16YE15
Inst
all
ed
IF
L C
ap
aci
ty
2Q17
© 2017 IBM Corp.
LinuxONE has a continuous focus on IBM Z characteristics the Business benefits from
Consolidation Capabilities: • Server, Network, Storage, Staff, Skills, Utilities, Environmental, Applications Hosting
of different workloads at the same time
Business Resiliency Capabilities:• High Availability, • Disaster Recovery, xDR, Serviceability,
Reliability • Storage failover (HyperSwap™),
Data replication (Metro / Global Mirror)
Security Capabilities:• Privacy, • Regulatory requirements, • Identity management, • Common Criteria Certification, • Image Isolation,• Cryptographic Acceleration,• Centralized Authentication,• Physically secure communications
with HiperSockets™ and Guest LANs
Operational Simplification
Capabilities:• Virtualization, • Single Point of Control, • Single System Image,, • Resource Sharing
Flexibility / On demand Capabilities:• Mixed Workloads: Scale-up & scale-out, • Rapid server (de)commissioning, • Idle Servers don’t consume resources
Proximity to data:• Increased transaction throughput, HiperSockets• Shared data access• Integrated storage management
© 2017 IBM Corp.
LinuxONE Strategy & Roadmap
* Roadmap item
Scalable
Data Serving
• Leverage diagonal scale
up/out for data serving
• Provide central source of
truth
• Enable shift to Open
Source
– MongoDB® / MEAN
stack, other NoSQL …
– Postgres, MySQL,…
• Enable MS SQL® Windows
workloads for mission
critical Enterprises *
• Data consolidation makes
biz apps run better &
eliminates x86 DB sprawl
– Oracle®,DB2 ®,…
• Surround Data
– WebSphere, MQ, IBM
Integration Bus
Secure
Data Serving
• Most secure platform
in the world … where
data has extreme
performance & scale
• Pervasive Encryption
• No system admin
access to data ever via
encapsulated apps
with Secure Service
container
Deep Insight with
Data
• Bringing analytics
closer to the data for
better security/
resiliency, reduced
latency,
simplification
– Spark
– Cognos®
– SPSS®, SAS®, *
• Capture shift to
Cognitive (Data + AI)
– Watson
Machine
Learning
– Spark MLLib
– Tensor Flow
Enterprise DevOps
• Cloud Native
Development with sCaaS
or IBM Private Cloud
– Partnership with
Docker, IBM Cloud for
workloads leveraging
Containers with
Management-
Orchestration,
Microservices
• Engage in an API
economy
– API connect
– BlueMix
– Softlayer, AWS, Azure,
… connectivity
• Leverage Linux Distro
“Stacks” for KVM, IaaS -
PaaS
__ as-a-Service
• Blockchain as a
Service with Hyper
Ledger & SSC
• DB as a Service*:
Hosted or On Prem
• Secure Container as
a Service *
• Analytics-Cognitive
as a service *
Industry Solutions
• Build best-of-breed industry solutions with IBM , Open Source and ISV software.
• Partner with Key ISV– Banking– Insurance– Healthcare– Government– Cross-Industry e.g.
Security, Databases,6
© 2017 IBM Corp.
• Operational IT efficiency
• Business continuity with all-encompassingdisaster recovery solution
• Green IT through low power consumption
• Cost saving opportunities
• Operations for service predictability, based on high levels of Quality of Service
• Integration of data and applications, also with existing z/OS® or z/VSE® solutions on IBM Z
Streamlined IT for competitive advantageIT infrastructure cost
reductions and avoidances
� 63% less for facilities
� 60% less on licenses
� 60% less for power
� 57% less on server costs
� 30% less for security
� 30% less for maintenance
� 8% less for network hardware
Source: Recent Analyst Paper,
study with 10 organizations
Key Linux points for IBM LinuxONE
17
© 2017 IBM Corp.
Linux on LinuxONE – What is that?
The Hardware: Emperor II & Rockhopper
Platform Openness
AgendaIBM LinuxONE6
6the largest scalable Linux Server
Scalable Data Serving
Open Mainframe Project
Linux Heritage & Strategy
From Moby to Docker EE
Unmatched Security: IBM Secure Service Containers
© 2017 IBM Corp.
Linux your Way - Greater flexibility and choice
Distributions Hypervisors Languages Management Database AnalyticsRuntimes
DB2
Cloud Manager
vRealize
Other
Choose the distribution, runtime, hypervisor, database and analytics – it’s the Linux you know and love with the openness, flexi-bility and agility you need for you business.
Community Versions
IBM Wave for z/VM
© 2017 IBM Corp.
Development Process
Waterfall
DevOps
N-Tier
Application Architecture
Monolithic
Microservices
Virtual
Machines
Deployment Packaging
Physical Servers
Containers
Hosted
Application Infrastructure
Datacenter
Cloud
The digital Era transforms IT
© 2017 IBM Corp.
Linux on LinuxONE – What is that?
The Hardware: Emperor II & Rockhopper
Platform Openness
AgendaIBM LinuxONE6
6the largest scalable Linux Server
Scalable Data Serving
Open Mainframe Project
Linux Heritage & Strategy
From Moby to Docker EE
Unmatched Security: IBM Secure Service Containers
© 2017 IBM Corp.
From Moby and Docker CE on LinuxONE...
Moby/Docker and base ecosystem available
• Same code, same functionality
• LinuxONE is part of Docker‘s „Continuous Integration pipeline“
• Delivered as part of Docker’s (CE, EE) and Linux distribution deliverables (SLES, Ubuntu)
Docker today enables mixed architecture development and deployment
24
© 2017 IBM Corp.
... To Docker Enterprise Edition on LinuxONE
Same code, same functionality
25
© 2017 IBM Corp.
Microservice Challenges: Latency
26
user
request
edge
service
A
D
B
C
B‘
E
F
Internal flow between microservices
Network latencies add up in meshes of microservices
LinuxONE: large complex with in-box networks reduces latencies
© 2017 IBM Corp.
Microservice Challenges: Scaling
27
� Replication of components is mostly simple
� Splitting applications into microservices can be hard
� Data partitioning is often hard
� Scaling stateful services can be complex– e.g. transactional context across
microservices
starting point
massive scale
The Scale Cube(From Abbott & Fisher: „The Art of Scalability“)
horizontal scale-out
(cloning)
fun
ctio
na
l d
eco
mp
osi
tio
n
(mic
rose
rvic
es)
z Systems: sometimes bigger is better
z Systems can scale anywhere from horizontally to vertically
– scale-up can simplify solutions
© 2017 IBM Corp.
Containers on LinuxONE
Combine (second level) virtualization with containers
• perfect tenant isolation with low overhead while
• providing container agility and efficiency
Co-location to traditional applications (e.g. via
HiperSockets)
Container performance inherits platform
performance characteristics
• allows both scale-up and scale-out in a box
Economics through density, utilization, microservice co-location, scaling capabilities
28
Structure solutions along solution requirements, not environment-imposed restrictions
• Runs 4K active Docker containers on ave 2.0x better
than comparable Haswell-based system!
• Host over 10K Docker containers with mixed (heavy
& light) workloads
Better Container Density = More WL Throughput
© 2017 IBM Corp.
Docker Enterprise Edition Tiers
Basic: engine
Standard: plus UCP and DTR
Advanced: plus Docker Security Scanning
29
Phase 1: engine running on IBM Z, DTR/UCP on x86• standalone on Z as Docker EE Basic
• worker nodes on Z in Docker EE Standard and Docker EEAdvanced
Phase 2: all tiers running on IBM Z
Ordered directly via IBM and Serviced through IBM Elite Support
© 2017 IBM Corp.
IBM-Docker Partnership
IBM z Systems & Docker Inc. entered partnership to advance Docker Enterprise Edition as a supported enterprise product on IBM LinuxONE and Linux on z platforms
Mutual clients will order directly from IBM with electronic fulfillment by Docker
Supported by IBM and Docker, and along with x86, allows one stop Docker support
Available on all distros: RHEL 7, SLES 12, Ubuntu 16.04
Docker brings best of breed secure* container management & orchestration to the platform as clients increasingly turn to containers for devops and deployment of applications / new workloads.
press release & blog
*Security function & features not available in community or other community packages
© 2017 IBM Corp.
Linux on LinuxONE – What is that?
The Hardware: Emperor II & Rockhopper
Platform Openness
From Moby to Docker EE
AgendaIBM LinuxONE6
6the largest scalable Linux Server
Unmatched Security: IBM Secure Service Containers
Scalable Data Serving
Open Mainframe Project
Linux Heritage & Strategy
© 2017 IBM Corp.
A paradigm shift:From selective encryption to pervasive encryption
The practice of pervasive encryption can also:
• Decouple encryption from classification
• Reduce risk associated with undiscovered or misclassified sensitive data
• Make it more difficult for attackers to identify sensitive data
• Help protect all of an organization’s digital assets
• Significantly reduce the cost of compliance
Encrypting only the data required to achieve compliance should be viewed as a minimum threshold, not a best practice 6
But its hard
• My apps need to
know about this
• Impacts performance
especially at scale
© 2017 IBM Corp.
Requirements for a secure Operation
Running an applications inherits risks:
• Manipulation of the Operating System
• Theft or manipulation of data
• Unauthorized access
• Port vulnerabilities
An encapsulated environment reduces such and other risks significantly
© 2017 IBM Corp.
SSC:
• Internal closed partition for running appliances, managed through firmware
no need for Linux infrastructure or skills
• Tamper proof environment with chain of trust for executed content
• Access to shell, memory, disk contents, or dumps prevented by trusted firmware code
Confidentiality of code and data in appliance, even against highest privilege admins
Secure System Container (SSC)
Being compromised by a rogue administrator/privileged insider
is perceived as one of the biggest risks to companies
© 2017 IBM Corp.
SSC:
• Internal closed partition
no need for Linux infrastructure or skills
• Tamper proof environment
• Access to SSC is prevented
Confidentiality of code and data
Outlook: SSC with Container-As-A-Service (CaaS)
Vision: Client brings workload
Platform takes care of infrastructure
CaaS:
• Add container execution platform:
• Docker, Kubernetes environments
• Integrates with standard management
• e.g. Open Source tooling, Docker EE, ICP
• Confidentiality from infrastructure admin
• Note: still in early phase.
IBM looking for beta sponsor users
© 2017 IBM Corp.
The Base Infrastructure to Host and Build Software Appliances
• Easy Installation: Provides simplified mechanism for fast deployment and mgmt. of appliance-based solutions• O/S, Application, Services packaged as single solution
• Highly consumable: Manage the appliance through Remote, RESTful, API’s and web
interfaces
• Secure Runtime: Provides tamper protection during appliance installation and
runtime
• Data Privacy: Ensures confidentiality of data and code running within the Appliance
– both in-flight and at rest
• A Software Distribution: Enables Appliances to be
• delivered via software distribution channels vs
• hardware – including maintenance
Services
Applications
Operating System
Secure System Container
© 2017 IBM Corp.
No system admin access
• Once the appliance image is built, OS access (ssh)is not possible• Only Remote APIs available
• Memory access disabled• Encrypted disk• Debug data (dumps) encrypted
Strong isolation between container instances
• Based on LinuxONE EAL5+ protection profile• Requires dedicated HW
Secure System Container Protection
Container Software
Runtime Environment
Secure Execution Context
Appliance
Content
(i.e. Blockchain)
Mainframe & LinuxONE platform
SSC
EAL5+
X
© 2017 IBM Corp.
Linux on LinuxONE – What is that?
The Hardware: Emperor II & Rockhopper
Platform Openness
From Moby to Docker EE
AgendaIBM LinuxONE6
6the largest scalable Linux Server
Unmatched Security: IBM Secure Service Containers
Scalable Data Serving
Open Mainframe Project
Linux Heritage & Strategy
© 2017 IBM Corp.
PostgreSQL 9.6.1 Performance on Emperor II
up to 2x more throughput per core vs x86 Broadwell
1.6x1.8x
2.0x
1.9x
1.8x
1.8x
1.9x
1.5x
up to 45% more throughput usingFICON Express16S+ vs FICON
Express16S on z13
© 2017 IBM Corp.
MongoDB 3.4.1 Performance on Emperor II
up to 2.6x more throughput per core vs x86 Broadwell
2.4x
2.6x
2.5x
2.0x
1.7x
1.6x
Scale-up single MongoDB instance to 17 TB in
single system without sharding with 2.4x more
throughput / 2.3x lower latency leveraging
additional memory vs z13
2.4x
2.4x
0.44x
0.42x
© 2017 IBM Corp.
Linux on LinuxONE – What is that?
The Hardware: Emperor II & Rockhopper
Platform Openness
From Moby to Docker EE
AgendaIBM LinuxONE6
6the largest scalable Linux Server
Unmatched Security: IBM Secure Service Containers
Scalable Data Serving
Open Mainframe Project
Linux Heritage & Strategy
© 2017 IBM Corp.
Open Mainframe Project - A Child Company of the Linux Foundation
Financ
e
Operating System Cloud Networking
IoT Web
Technologies
Big Data
Middlewar
eAutomotiv
e
MobileSecurity
Jens Voelker
45
© 2017 IBM Corp.
Open Source and Mainframe in 2015 and before
Open source on
the mainframe
lacks a neutral
home for growth
Disconnected, independent
efforts; no shared
“hub” of innovation
Community events are
industry specific, also
not vendor agnostic
No place for students
and academic
institutions to engage
Enterprise level
engagement with
upstream projects limited
© 2017 IBM Corp.
Current Members Include
© 2017 IBM Corp.
Open Mainframe Project – Participation Levels
Participation
Level *Annual Fee
Board
Seat
TSC
Seat
Marketing
CommitteeNotes
Platinum Flat fee: $100,000 Yes Yes Yes Initial 2-year participant commitment
Platinum End-User
Flat fee: $10,000 Yes Yes Yes Initial 2-year participant commitment
Silver$2,000 – $15,000 depending on size**
1 per 10
No Yes
Academic Free1 per
10Yes
Restricted to academic institutions; expected to provide environment access for the community
Associate Free No Yes Non-profits, open source projects
Individual Free No No No
* Anyone (including individuals, students and developers in open source project communities) may participate in the technical community work without becoming a member of the LF or Open Mainframe Project
• The Open Mainframe Project is setup as a Collaborative Project under The Linux Foundation legal entity. All participants will have to be members of The Linux Foundation to participate. Please visit http://www.linuxfoundation.org/about/join/corporate to learn more about Linux Foundation membership.
** Silver Annual Fee Scale
• 3,000 employees = $15K
• 1,000 < 3,000 employees = $10K
• 500 < 1,000 employees = $5K
• < 500 employees = $2K
© 2017 IBM Corp.
Find out more the Project at www.openmainframeproject.org
Fill in the online form for more info: https://www.openmainframeproject.org/about/join
Alternatively contact John Mertic at the Linux Foundation: [email protected]
How to Join the Open Mainframe Project
© 2017 IBM Corp.
ISVs ClientsStudents
& Developers
� Available for ISV
through PartnerWorld
� Hosted by IBM in
Dallas, Boeblingen and
Beijing
� Port, test, benchmark
key applications
� Free access to
Developers Students,
and Entrepreneurs
� Hosted by Partnership
Universities: Syracuse,
Marist and others
� Get a LinuxONE virtual
machine in minutes
� Remote access
environment free of
charge for limited
time
� Client Sandbox for
Proof of Concept
work to verify and
test new apps and try
new technologies
Open Access
COMMUNITY
CLOUD
IBM LinuxONE Community Cloudwww.ibm.com/linuxone/try
© 2017 IBM Corp.
© 2017 IBM Corp.
A Message Brought To You By Our Lawyers
* Other product and service names might be trademarks of IBM or other companies.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.
IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
Windows Server and the Windows logo are trademarks of the Microsoft group of countries.
ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Java and all Java based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom.
Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and other countries.
Trademarks of International Business Machines Corporation in the United States, other countries, or both can be found on the World Wide Web at http://www.ibm.com/legal/copytrade.shtml.
The following are trademarks or registered trademarks of other companies.
© IBM Corporation 2015. All Rights Reserved.
• The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information
contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy,
which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other
materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering
the terms and conditions of the applicable license agreement governing the use of IBM software.
• References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or
capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment
to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken
by you will result in any specific sales, revenue growth or other results.
© 2017 IBM Corp.
Backup
© 2017 IBM Corp.
Docker Products on Linux on IBM LinuxONE at a Glance
Community EditionEnterprise Edition
Basic
Enterprise Edition
Advanced (June Version)
Enterprise Edition
Advanced
Container engine and built in orchestration, networking, security
x xx x
Docker CertifiedInfrastructure, Plugins and ISV Containers
xx
x
Docker Data Center x x
Image security scanning x
Support*Supported by RogueWave
IBM Elite Support IBM Elite Support IBM Elite Support
eGAAvailable from
docker.comJuly 19, 2017 July 19, 2017 future
Managing z nodes from x86, free
upgrade to EE Advanced in Sept.Managing z nodes either from
z or x86
© 2017 IBM Corp. © 2017 IBM Corporation 55
IBM LinuxONE : Designed for Pervasive Encryption
• New approach to encryption in-flight and at-rest data with IBMLinuxONE
• All data in and out is encrypted
• Data at rest is encrypted
• Completely isolate data within secure LPARs
• Easy & automated
• How do we make pervasive encryption possible and free of compute without a noticeable impact to performance
• Leverage on processor cryptographic acceleration
• Master keys are protected in a hardware cryptographic card
• Industry exclusive protected key encryption ensures encryption keys are never exposed to the OS, hypervisor or application in the clear