Embed Size (px)
Citation preview
IBM Cloud Private on Linux on IBM Z & LinuxONEPresentation for Vicom Infinity
Kershaw Mehta - Chief Architect for Cloud Computing for IBM Z ([email protected])
December 14, 2017
2
Existing, Monolithic Apps Extended / Enabled Solutions
Container Cloud
Build once, deploy anywhereAuto Scaling, CI / CD, DevOps, Docker, Linux,
PaaS, Open Source, ISV Containers …
New Cloud Native Apps
Web, Mobile, Cognitive, BD&A, AI
Lin
es o
f B
usin
ess
Pro
pri
eta
ry
Enterprise Resource Planning
Lin
es o
f B
usin
ess
Pro
pri
eta
ry
CustomerRelationshipManagement
Lin
es o
f B
usin
ess
Pro
pri
eta
ry
RelationalDatabase
Lin
es o
f B
usin
ess
Pro
prieta
ryCustomerApp
Web, Mobile, Cognitive, BD&A, AI
Cloud ServicesLinux, DevOps,
PaaS, Open Source,
Containers,
Cognitive Services
Data
Function
By 2018, Over 60% of New AppsWill Use Cloud-Enabled Continuous
Delivery and
Cloud-Native Application Architectures to Enable Faster
Innovation and Business Agility. (IDC Prediction)
Continuous
Integration
& Delivery
DevOps
Micro Services Containers
Cloud Native Developer
Experience
Evolution of how workloads are built & delivered
3
Traditional New Workload Paradigm Shift
Cloud-Enabled Application Cloud-Native Application
Application composed of multiple services (microservices)
Each service is elastic
Each service is resilient
Each service is composable
Virtualization Platform
Physical Infrastructure
Operating System
Da
tab
ase
We
b S
erv
er
We
b S
erv
er
Application code
Requires
specialized
skill
Technology
Silos
Infrastructure
Concerns
IaaS
PaaS
Service Service Service
Infrastructure
Abstraction
It’s All About the
Applications
Business
Focus
ApplicationsComposed of
microservices
IBM
Clo
ud
Priva
te o
n
Lin
uxO
NE
Cloud Platform Evolution
4
Advantages of Containers
• Lightweight footprint & minimal
overhead
• Portability across machines
• Simplify DevOps practices
• Speed up Continuous Integration
• Enable microservice architectures
• Isolation
Virtual Machines Containers
Containers are an abstraction at the
app layer that packages code and
dependencies together
Virtualization Platform
Physical Infrastructure
Operating System
Data
base
Web S
erv
er
Messagin
g
Application code
IaaS
PaaS
Service Service Service
Applications
The What and Why of Docker Containers?
5
• IBM Cloud Private (ICp)
• ICp for LoZ/LinuxONE
• ICp use cases for LoZ/LinuxONE
Agenda
6
IBM Cloud Private v2.1 – GA Oct. 24th 2017
• Kubernetes-based, open platform with PaaS
and developer services
• Integrated operations management services
– and flexibility to integrate with existing
tools / processes
• Catalog of modernized and containerized
IBM middleware and data services
• Untethered environment, providing complete
control
• Runs on existing infrastructure
• Evolution of IBM Bluemix Local and IBM
Spectrum Conductor for Containers
• Provides heterogeneous support &
integrated solution for x86, Power and Linux
on z/LinuxONE
Manage Your Applications
Manage Your Container Cluster
7
IBM Cloud Private Offering Structure
8
• IBM Cloud Private (ICp)
• ICp for LoZ/LinuxONE
• ICp use cases for LoZ/LinuxONE
Agenda
9
• Deliver manage-to-z ICP Platform for IBM z
• Deployment of workloads onto worker-nodes running on IBM z
• Deliver subset of IBM Middleware (MW) workloads and popular Open Source packages and bring your own workloads for IBM z
• Create a Build, Test, Development & Production Environment for z
• Works the same as the current Intel toolchains used by MW teams today
• Support for IBM z becomes as simple as pressing a button to include IBM z in the CI/CD process
• Enables deployment of z/OS subsystem from ICp (roadmap)
IBM Cloud Private (ICp) for LoZ / LinuxONE
10
IBM Cloud Private on LoZ/LinuxONE
• Docker Containers and Kubernetes
• Service Catalog with a library of services (Db2, WAS, DSX, Node, etc)
• Manage-to z (from Intel or Power)
* Secure Service Container in ICp on roadmap - All statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Kubernetes based container platform
Middleware, Data & Analytics Services
Common Services
with Linux on z
Intel/z
11
IBM Cloud Private on LoZ / LinuxONE with Cloud Foundry
* Secure Service Container in ICp on roadmap - All statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
• Cloud Foundry (CF) is a PaaS solution and is optional add-on to ICP and will only
run on x86
• The ICp Master runs on Intel, ICp worker nodes on z and CF on Intel
• CF is entirely optional and is not required for operations of ICp on Linux on z /
LinuxONE
Kubernetes based container platform
Middleware, Data & Analytics Services
Cloud FoundryCommon Services
with Linux on z
IntelIntel/z
12
IBM Cloud Private Architecture on LoZ / LinuxONE
Consistent IBM Cloud User experience
Core Platform
Middleware &
Process
Services
Domain Software & Services Hybrid Cloud Mgmt Services
Brokerage Deployment
Planning &
Optimization
DevOps &
OrchestrationApplication
Integration
Data
Repositories
Analytics &
Reporting
Data
Integration
& Governance
Infrastructure
Containers
Storage(Object &
Block)Network
Compute
Core Services
LoggingIAM
Encryption & Key Management
API & Data Connect
UsageMetering
Monitoring
Event
Audit
Data & Analytics Services
Databases
Analytics &
Cognitive
Runs on platform & uses core services Management Services to manage hybrid clouds
Consistent runtimes & core management services with public cloud
New
Apps
Kubernetes
Connected User experience – UI, API, DataManaged Services Options
Provider Managed
Client Managed
With LinuxONE * Core Services Agents
Cloud Managed (future)
* Secure Service Container in ICp on roadmap - All statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
13
Secure Service Containers* with ICp
• Pervasive Encryption for all your ICp container workloads and ICp core-
services running on LoZ
• Security is transparent to the application
• No code changes or special configuration needed
• Kubernetes master node secured in SSC
• Pod Security Policies locked down
• Federation between ICp master and k8s master secured
• ICp Worker nodes secured in SSC
• Protection from privileged user access
• Only secure subset of k8s apis are allowed
• Calico security policies are locked down
• SSC+ IBM Vulnerability Advisor + (optional) SysDig Secure provides a
comprehensive security solution unique to IBM LinuxONE/Linux on z
* Secure Service Container + ICp on roadmap - All statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
14
Infrastructure prerequisites for ICp
• ICp doesn’t need OpenStack or VMWare as a pre-req
• ICp only needs a RHEL/Ubuntu(/SLES support soon!) OS
• ICp is also hypervisor agnostic
• Works on zVM/KVM/bare-metal etc
• ICp even installs docker as part of its bootstrapping process
• Can use pre-existing docker install
15
The most secure data serving
platform in the world…
…To do more work with fewer
servers at lower cost
• Integrated cloud platform for enterprise
workloads which need to be run in a customer
controlled and secure environment
• Designed for refactoring heritage enterprise
applications to the cloud era—componentized,
leveraged for multiple enterprise needs, highly
optimized, secured and highly available
connect to existing apps and migrate at your
pace
• Complete environment for developers and
operations admins to unleash innovation and
meet enterprise business needs
• Developers can quickly started developing
cloud-native services either on x86 distributed
systems or LinuxONE with no change in tooling
• Deploy private cloud in minutes leveraging
LinuxONE vertical scaling capability, Containers with
DevOps or add from dozens of IBM and Open
Source supported services
• One platform for entire business processes with
highest Security rating & highest Cloud SLA
availability of any commercially available server
• Support massive workloads with thousands of users
in parallel and up to thousands of Linux servers – all
in one box
• Enables deployment of z/OS subsystem from ICp
• Leverage upcoming secure service container
technology on Linux on Z/LinuxONE to protect from
privileged users, ransomware, malware
• Key Protect Technology enables hardware support
for tamper-proof encryption key storage
IBM Cloud private on LoZ/LinuxONE – Benefits
16
1. ELK only runs on master nodes (x or p). Data from z worker node is collected via Filebeat2. Prometheus and Grafana only runs on master nodes (x or p). Data from z worker node is collected via node exporter3. Partial support via K8S periodic dumps now, working on getting full metering support on z4. Secure Service Container + ICp on roadmap - All statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Oct ‘17 Dec ‘17 Q1 ‘18 Q2 ‘18
• Analytics Services
• DSM
• Data Serving Services
• DB2 OLTP
• MongoDB
• Postgress
• Target for SLES
➢ SSC support Beta 1
• ICp 2.1 manage-to-z
• Core Services
• Logging
• ELK1
• Prometheus &
Grafana2
• N/W – Calico
• Metering3
• App services
• Liberty
• Node.js
• Blockchain
• Nginx
• Tomcat
• Web Terminal
• RHEL & Ubuntu
➢ SSC4 PoC
• Analytics Services
• DSX
• Data Serving Services
• DB2 Warehouse
• Integration Services
• Microservice Builder
• Tooling
• Transformation
Advisor
• Integration Services
• MQ
➢ SSC support Beta 2
IBM Cloud Private on LinuxONE Services Roadmap
17
• IBM Cloud Private (ICp)
• ICp for LoZ/LinuxONE
• ICp use cases for LoZ/LinuxONE
Agenda
18
Use Case 1 (in development roadmap*):
ICp managing a self service heterogeneous environment S
ecu
rity
DB2
z/OS
CPs/mem/IO/hipersockets
z/VM
service service service
Linux Linux
CICS
z/OSMF
ICp
KVM
Linux
service
ICp
z Systems/LinuxONEIntel(On-prem)
VMWare
ESXi
Public Cloud
zOS
Connect
Build integrated applications from services that span Linux, z/OS
and public cloud• High-speed, scalable, available and secure applications
• z/OS Cloud Bundle:
• Service broker technology for self-serve (DBz-aaS, WASz-aaS, MQ-aaS,
CICS-aaS etc)
• Incl. devops, micro-services, app life-cycle, zTrial, etc.
• Cloud automation to help overcome skill gaps
*Disclaimer: development plans and roadmaps are subject to change without notice
ICp master on Intel
ICp ICp
19
ICp worker nodes inside LinuxONE Secure Service Containers• Privacy and security in the cloud e.g. IBM Blockchain, hyperSecure DBaaS etc
Fully automated metal-to-service deployment
Se
cu
rity
CPs/mem/IO
…
Cloud tenant
Cloud
operator
Personas
Service
Secure Service
Container
Secure Service
Container
Secure Service
Container
Privileged user cannot see/touch secured workload
Linux on Z/LinuxONE
Use Case 2 (in development roadmap*):
Confidential Cloud Computing
Service Service
*Disclaimer: development plans and roadmaps are subject to change without notice
ICp master on Intel
20
• Compose high-performance scalable applications
• Dynamically and seamlessly re-allocate resources between guests
• Provide right-time analytics and powerful engagement
Extreme Virtualization and ScaleHypervisor partitioning built into firmware
Complete isolation – EAL5+
Supports as many as 85 hypervisor instances – z/VM or
KVM
1k Linux guests/hypervisor
+2 million docker containers
17TB Mongo instance
Hypervisor communication is via fast, in-memory TCP/IP
Hipersockets or Shared-OSA – 5x less latency than
discrete servers
• Massive dedicated I/O – 640 power co-processors
• 960Meg L4 cache, 5Ghz core, dual-TLBs, crypto
acceleration
Super Elastic SystemCombine horizontal and vertical scaling
Non-disruptively add/remove resources from Linux guests
Non-disruptively add/remove Linux guests
Use Case 3: Micro-Service Appliance
Linux on Z/LinuxONE
Se
cu
rity
CPs/mem/IO
…
DB2
LPAR 1 LPAR 2
Linux guest
…
1
1: In development, working with Oracle
Linux guest
ICp master on Intel
21
Clients can try the IBM
Cloud Private
Community Edition
Download ICp community at the following links, both z for the worker nodes and x86 for the master,
management and proxy.
https://hub.docker.com/r/ibmcom/icp-inception-s390x
https://hub.docker.com/r/ibmcom/icp-inception
Installation instructions
https://www.ibm.com/support/knowledgecenter/SSBS6K_2.1.0/installing/install_containers_CE.html
Try IBM Cloud Private Today
22
IBM has extensive experience with high transaction volume data and
infrastructure security. You can take advantage of this IBM expertise to:
• Arrange an IBM LinuxONE workshop, including presentations and
demonstrations of deploying solutions on the new technology
• Arrange a Discovery Session to determine how running open source software
on LinuxONE can benefit your workloads
• Perform IT assessments, develop implementation plans, or provide IBM
LinuxONE solution deployment services. IBM IT services professionals can
help you prioritize your IT projects, plan installations with little or no disruption
to your business operations, and perform as much or as little of the
implementation as you need.
• Register for the LinuxONE Community Cloud to experience a trial version of
deploying applications in a LinuxONE environment
https://developer.ibm.com/linuxone/
• IBM Cloud Private guided demo: https://ibm.biz/BdjSYK
• IBM Cloud Private proof of technology demos: https://ibm.biz/BdjSYn
• Free Community Edition: https://ibm.biz/BdjKEa
ICP – How to get started
For More Information please contact…
Len Santalucia, CTO & Business Development ManagerVicom Infinity, Inc.One Penn Plaza – Suite 2010New York, NY 10119917-856-4493 [email protected]
About Vicom InfinityAccount Presence Since 1990’sIBM Premier Business PartnerReseller of IBM Hardware, Software, and MaintenanceVendor Source for the Last 11 Generations of Mainframes/IBM StorageProfessional and IT Architectural ServicesVicom Family of Companies Also Offer Leasing & Financing, Computer Services, and IT Staffing & IT Project Management
