Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
IBM WW Z Security ConferenceOctober 6-9, 2020
Secure Db2 acceleration with IBM Db2 Analytics Accelerator
on IBM Z
Chris Watson
Analytics expert on IBM Z
[email protected] / linkedin.com/in/christopher-watson-98125682
1
IBM WW Z Security Conference – October 6-9, 2020 2
What makes this year special?
And why is that relevant?
IBM WW Z Security Conference – October 6-9, 2020 3
Your data?
Do your critical business assets receive the same attention and protection?
Your business products?
Your business workloads?
IBM WW Z Security Conference – October 6-9, 2020 4
Db2 Analytics Accelerator and Db2 for z/OS
WHAT
An integrated, hybrid, workload-optimized database management system
HOW
Runs each query workload efficiently in an optimal environment
WHY
To ensure the greatest performance and cost efficiency, while retaining full control over data security
WOW
Exploit IBM Z data in-place to improve efficiency, drive smarter outcomes, and gain competitive differentiation
TransactionProcessing
HTAPAnalyticalWorkload
IBM WW Z Security Conference – October 6-9, 2020
Keep your business and your clients safer
Perform fraud detection in seconds instead of many minutes or hours
on up-to-date business critical data
5
Free up Db2 primary storage using the Accelerator as an archivewhile retaining super fast query access
IBM WW Z Security Conference – October 6-9, 2020 6
Db2 Analytics Accelerator and Db2 for z/OS
TWO PLATFORMS
“On IBM Z” – A ‘Software’ Appliance
“On IIAS” – A ‘Hardware’ Appliance
ONE LOGICAL INTERFACE
Db2 users see the same behaviour
Accelerator on IBM Integrated Analytics System
Accelerator on IBM Z
IBM WW Z Security Conference – October 6-9, 2020 7
Db2 Analytics Accelerator on IBM Z
A fully integrated software appliance– Running on IBM Z servers in a Secure Service Container (SSC) LPAR
– ”download & go” – very easy to deploy
– Delivers the full SW stack including operating system, docker engine, Db2 Warehouse engine, IDAA components, and infrastructure management
A solution leveraging IBM Z infrastructure– Runs on all IBM Z systems starting with z13 (z13, z13s, z14, z14 ZR1, z15)
– Leverage “white space” (unused capacity) in existing systems – or dedicate a stand-alone system, e.g., LinuxONE
– Leverage existing storage systems (CKD or FB) – no dedicated storage system required
– Leverage existing Z high-availability and disaster recovery solution by integration of the accelerator with GDPS/Metro
IBM WW Z Security Conference – October 6-9, 2020 8
Db2 Analytics Accelerator on IBM ZLeverages IBM Secure Service Container
– SSC security features ensure that the appliance image cannot be tampered with and the appliance code & data are protected and kept confidential both in flight and at rest
Accelerator on Z runs natively in an SSC LPAR on IFLs
Customizable configuration and highly flexible scaling
– Single-Node: Minimum 2 IFLs / 64 GB memory, maximum 40 IFLs / 4,096 GBMulti-Node: Minimum 30 IFLs / 1.5 TB memory, maximum 190 IFLs / 20 TBCan utilize shared infrastructure such as network or storage adapters
No additional licensed software required – no z/VM, no KVM, no Linux on Z, no Docker, …
– Accelerator not supported to run under z/VM or KVM control
No operating system access or maintenance
– No system administrator access to appliance possible
– All required updates, e.g., security fixes, component updates, etc., are delivered and installed as accelerator image updates
– All required configuration via administrative UI or configuration files
IBM WW Z Security Conference – October 6-9, 2020 9
Db2 Analytics Accelerator on IBM ZProduct Components
IBM Z
Db2 code including SPs
Accelerator Appliance§ Can be deployed on the same
CEC as Db2 or on a different one
Appliance UI
§ Data Studio with Db2 Analytics Accelerator Studio Plug-in
§ Data Server Manager 2.1.5+
Dedicated highly available
network connectionOSA
OSA
OSA
OSA
IBM WW Z Security Conference – October 6-9, 2020 10
IP OSA1: 10.101.8.1
LPAR1
IP OSA1: 10.101.8.2
LPAR2
CPC 1 (Db2)
OSA1
IP OSA2: 10.101.8.3
LPAR3
CPC 2 (Db2 + Accelerator)
OSA2
IP OSA3: 10.101.8.5
IP OSA3: 10.101.8.6
LPAR6
CPC 3 (Accelerators)
OSA3
IP OSA3: 9.150.5.42
IP OSA3: 9.150.5.43
LPAR4
IP OSA2: 10.101.8.4
IP OSA2: 9.150.5.41IP 9.150.5.44
Accelerator Data
Accelerator DataAccelerator Management
Accelerator Management
Accelerator Data
Accelerator Management
LPAR5
Db2
Db2
Db2
Deployment on IBM Z - EXAMPLE IMPLEMENTATION: MULTIPLE DB2 SUBSYSTEMS AND MULTIPLE ACCELERATORS
IBM WW Z Security Conference – October 6-9, 2020
Db2 Analytics Accelerator Version 7.5Integrated Synchronization
Deeper integration between Db2 for z/OS and Db2 Analytics Accelerator to provide insight from the most current transactional data
Integrated, low-latency data coherence protocol between Db2 for z/OS and the Db2 Warehouse
– Db2 for z/OS log reading zIIP enabledReduced CPU and memory usage
– Complete application transparency
– Enterprise-grade HTAP enabler– Simplified administration, packaging, upgrades, support . . .
– Improved performance and lower cost
11
Accelerator
Db2 Warehouse
z/OS
Db2 for z/OS
IBM WW Z Security Conference – October 6-9, 2020
CP & zIIP eligible% Comparison of Integrated Sync and CDCLab Measurements
12
Integrated Synchronization used about 49% of CPU time compared to CDC for the same work:
– CDC 2,114 seconds
– Integrated Synchronization 1,076 seconds
Combined Integrated Synchronization work across all address-spaces is à 98% zIIP off-loadable
IBM WW Z Security Conference – October 6-9, 2020
Integrated Synchronization - DDF Secure Port Definition
Integrated Synchronization uses DDF to connect to Db2 for z/OS from the Accelerator
Only encrypted connections through AT/TLS are supported since Db2 log data is transferred to the Accelerator via this connection
Db2 DDF must have a secure port (SECPORT) defined
Check using command ‘-DIS DDF’– Example:
13
IBM WW Z Security Conference – October 6-9, 2020 14
Integrated Synchronization Db2-to-Accelerator Data Synchronization
Applications executingI/U/D Statements on replicated tables
Accelerator Users enabling tables for replication
Table T1
Log data processor
Db2 Log
Table T2
Table T3
Table T1
Table T2
Table T3
Accelerator Server
Encrypted Log Data
Stored Procedures
Log Data Provider Staging
area
Process control
IBM WW Z Security Conference – October 6-9, 2020 15
Chris WatsonZ analytics expert
Z Advanced Technical Skills teamBoeblingen Development Lab
linkedin.com/in/christopher-watson-98125682
Secure Db2 acceleration with IBM Db2 Analytics Accelerator on IBM Z