Nearly 20 years ago, Linux on IBM’s mainframes arrived. I begin this adventure with Linux on IBM Z in 2004 when SUSE entered North America for the first time. During those early days, we were all experimenting with this technology but, in time, applications such as WebSphere were in production, reaping the benefits of software savings.
For years IBM z/VM was the virtualization engine. With continuous improvement, no one challenged that this virtualization engine met the industry’s needs. For Mainframe customers, adding z/VM was relatively easy. Systems Administrators skilled in z/OS or z/VSE added one more operating system. Since z/VM primary function was virtualization in a Linux environment, all the other z/VM functions, such as CMS, were not needed so the 500 page manual was used sparingly.
Linux in this environment ran like Linux on other platforms so Linux Administrators maintained their Linux guests with few changes. Many of the same infrastructure tools ported to Linux on IBM Z. Exploiting this environment worked for our mainframe customers.
Market Acceptance
For years, most of our mainframe customers evaluated and implemented Linux on IBM Z. Webservers, MQSeries, Oracle were popular a decade ago and still are excellent Linux on IBM Z exploitations. Customers saved a lot of money! What’s not to like!
Then the Open Source phenonium started. It was slow but obvious that it was here to stay. By 2014, IBM saw the tea leaves, and stepped up to offer IBM KVM on IBM System Z. KVM virtualization was much easier than z/VM. It also offered the same look and feel on IBM System Z as other platforms. The learning curve for Linux on IBM Z dropped if the customer was a KVM shop and chose to implement KVM on IBM Z, instead of z/VM. In those early days (only five years ago!) both customer and those of us selling the product, looked for use cases. What we realized that Open Source software was used but not necessarily with KVM’s virtualization engine.
Within a short time, IBM discontinued IBM KVM for IBM System Z instead supporting the Linux distributions efforts to provide KVM. This made sense since KVM was already in the Linux distributions for other platforms and IBM could continue to support s/390 code needed to run KVM on IBM Z through those distributions. Yet, it still was slow to catch on.
LinuxONE Entry
Summer of 2015, IBM brought a new type of mainframe to the marketplace, not called a mainframe at all – the LinuxONE server. This server only ran Linux. (NOTE: this product evolved from the Enterprise Linux Server (ELS)). This server could consolidate 1000’s of virtual guests. The virtualization engine of choice – z/VM. But z/VM is used by the mainframe community, not the distributed customers. So, we primarily sold LinuxONEs to our mainframe customers, those customers that either liked the idea of application isolation or those seeing a lopsided large growth of Linux workload on IBM Z vs the traditional workload.
Yet, we wanted to see LinuxONE server installs explode with our x86 customers. So, let’s make it happen.
IBM Secure Service Containers
The Secure Service Container (SSC) announced September 2017 is evolving fast! IBM dabbled with a few applications early on such as zAware. This was followed by IBM Db2 Analytics Accelerator for z/OS (IDAA) and Blockchain which are products exploiting Secure Service Containers today. So, what is it?
Secure Service Container is a specialized container for installing firmware or software appliances isolated in its own LPAR. Included in the installation is the operating system, security mechanisms and other features needed to run the application. What’s amazing is its simplicity. As an example, the IBM IDAA installation instruction is a YouTube video. With that simple install, the SSC offers end-to-end tamper protection, which is FIPS-140-2 Level 4 security.
What if we can make the LinuxONE environment, with its virtualization engine and its guests, that easy to install and maintain? What if any systems administrator from any platform can easily install, deploy and maintain this server that can run 1000s of containers? IBM knew this to be the next evolution of the LinuxONE server.
IBM Hyper Protect for Virtual Servers
At IBM Technical University this year, Wilhelm Mild, Executive IT Architect from Germany, presented IBM Cloud Hyper Protect Services. He presented four IBM Cloud Hyper Protect Services appliances including:
1. Hyper Protect Crypto Services
2. Hyper Protect DBaaS (Database as a Service)
3. Hyper Protect Virtual Servers
4. Hyper Protect Containers
These appliances are self-installing in an LPAR and totally secure at FIP 140-2 Level 4, the highest level of security. IBM Z is the only platform in the industry with that security distinction. The future of LinuxONE installations could be incredibly easy for future administrators, even those with minimal knowledge of IBM Z. Imagine being able to roll out a LinuxONE server to their application and business teams after a single day! That’s simplification!
IBM Hyper Protect for Virtual Servers is targeted for Docker Containers. This offering provides a data encryption environment (data at rest, data in flight) with a focus of easy management, deployment and security. (Did I say easy?!) This is a cloud environment, enabling Docker images to run in dedicated virtual machines. The mechanisms for the cloud, security, and Docker imaging are all packaged together in IBM Hyper Protect for Virtual servers. Now Docker containers run in an easy to install and maintain appliance which ensures highly secure containers running on the most reliable server in the industry. Initial implementation supports Ubuntu containers with Red Hat and SUSE to follow. With this announcement, IBM truly understands what the marketplace needs.
Get ready!
IBM Hyper Protect for Virtual Servers is entering beta testing this fall. General Availability will be in 2020. Watch this space for these announcements. Get ready, LinuxONE will be ready for everyone.
More Information
As an IBM Platinum Business Partner, Mainline has extensive experience with IBM mainframe systems, and we can help you with z/VM, Linux on IBM Z and LinuxONE. To set up an in-depth discussion about how to get started using these technologies, please contact your Mainline Account Executive directly, or click here to contact us with any questions.
Related Blogs: