IBM WW Z Security ConferenceOctober 6-9, 2020

Secure Db2 acceleration with IBM Db2 Analytics Accelerator

on IBM Z

Chris Watson

Analytics expert on IBM Z

watson@de.ibm.com / linkedin.com/in/christopher-watson-98125682

1

IBM WW Z Security Conference – October 6-9, 2020 2

What makes this year special?

And why is that relevant?

IBM WW Z Security Conference – October 6-9, 2020 3

Your data?

Do your critical business assets receive the same attention and protection?

Your business products?

Your business workloads?

IBM WW Z Security Conference – October 6-9, 2020 4

Db2 Analytics Accelerator and Db2 for z/OS

WHAT

An integrated, hybrid, workload-optimized database management system

HOW

Runs each query workload efficiently in an optimal environment

WHY

To ensure the greatest performance and cost efficiency, while retaining full control over data security

WOW

Exploit IBM Z data in-place to improve efficiency, drive smarter outcomes, and gain competitive differentiation

TransactionProcessing

HTAPAnalyticalWorkload

IBM WW Z Security Conference – October 6-9, 2020

Keep your business and your clients safer

Perform fraud detection in seconds instead of many minutes or hours

on up-to-date business critical data

5

Free up Db2 primary storage using the Accelerator as an archivewhile retaining super fast query access

IBM WW Z Security Conference – October 6-9, 2020 6

Db2 Analytics Accelerator and Db2 for z/OS

TWO PLATFORMS

“On IBM Z” – A ‘Software’ Appliance

“On IIAS” – A ‘Hardware’ Appliance

ONE LOGICAL INTERFACE

Db2 users see the same behaviour

Accelerator on IBM Integrated Analytics System

Accelerator on IBM Z

IBM WW Z Security Conference – October 6-9, 2020 7

Db2 Analytics Accelerator on IBM Z

A fully integrated software appliance– Running on IBM Z servers in a Secure Service Container (SSC) LPAR

– ”download & go” – very easy to deploy

– Delivers the full SW stack including operating system, docker engine, Db2 Warehouse engine, IDAA components, and infrastructure management

A solution leveraging IBM Z infrastructure– Runs on all IBM Z systems starting with z13 (z13, z13s, z14, z14 ZR1, z15)

– Leverage “white space” (unused capacity) in existing systems – or dedicate a stand-alone system, e.g., LinuxONE

– Leverage existing storage systems (CKD or FB) – no dedicated storage system required

– Leverage existing Z high-availability and disaster recovery solution by integration of the accelerator with GDPS/Metro

IBM WW Z Security Conference – October 6-9, 2020 8

Db2 Analytics Accelerator on IBM ZLeverages IBM Secure Service Container

– SSC security features ensure that the appliance image cannot be tampered with and the appliance code & data are protected and kept confidential both in flight and at rest

Accelerator on Z runs natively in an SSC LPAR on IFLs

Customizable configuration and highly flexible scaling

– Single-Node: Minimum 2 IFLs / 64 GB memory, maximum 40 IFLs / 4,096 GBMulti-Node: Minimum 30 IFLs / 1.5 TB memory, maximum 190 IFLs / 20 TBCan utilize shared infrastructure such as network or storage adapters

No additional licensed software required – no z/VM, no KVM, no Linux on Z, no Docker, …

– Accelerator not supported to run under z/VM or KVM control

No operating system access or maintenance

– No system administrator access to appliance possible

– All required updates, e.g., security fixes, component updates, etc., are delivered and installed as accelerator image updates

– All required configuration via administrative UI or configuration files

IBM WW Z Security Conference – October 6-9, 2020 9

Db2 Analytics Accelerator on IBM ZProduct Components

IBM Z

Db2 code including SPs

Accelerator Appliance§ Can be deployed on the same

CEC as Db2 or on a different one

Appliance UI

§ Data Studio with Db2 Analytics Accelerator Studio Plug-in

§ Data Server Manager 2.1.5+

Dedicated highly available

network connectionOSA

OSA

OSA

OSA

IBM WW Z Security Conference – October 6-9, 2020 10

IP OSA1: 10.101.8.1

LPAR1

IP OSA1: 10.101.8.2

LPAR2

CPC 1 (Db2)

OSA1

IP OSA2: 10.101.8.3

LPAR3

CPC 2 (Db2 + Accelerator)

OSA2

IP OSA3: 10.101.8.5

IP OSA3: 10.101.8.6

LPAR6

CPC 3 (Accelerators)

OSA3

IP OSA3: 9.150.5.42

IP OSA3: 9.150.5.43

LPAR4

IP OSA2: 10.101.8.4

IP OSA2: 9.150.5.41IP 9.150.5.44

Accelerator Data

Accelerator DataAccelerator Management

Accelerator Management

Accelerator Data

Accelerator Management

LPAR5

Db2

Db2

Db2

Deployment on IBM Z - EXAMPLE IMPLEMENTATION: MULTIPLE DB2 SUBSYSTEMS AND MULTIPLE ACCELERATORS

IBM WW Z Security Conference – October 6-9, 2020

Db2 Analytics Accelerator Version 7.5Integrated Synchronization

Deeper integration between Db2 for z/OS and Db2 Analytics Accelerator to provide insight from the most current transactional data

Integrated, low-latency data coherence protocol between Db2 for z/OS and the Db2 Warehouse

– Db2 for z/OS log reading zIIP enabledReduced CPU and memory usage

– Complete application transparency

– Enterprise-grade HTAP enabler– Simplified administration, packaging, upgrades, support . . .

– Improved performance and lower cost

11

Accelerator

Db2 Warehouse

z/OS

Db2 for z/OS

IBM WW Z Security Conference – October 6-9, 2020

CP & zIIP eligible% Comparison of Integrated Sync and CDCLab Measurements

12

Integrated Synchronization used about 49% of CPU time compared to CDC for the same work:

– CDC 2,114 seconds

– Integrated Synchronization 1,076 seconds

Combined Integrated Synchronization work across all address-spaces is à 98% zIIP off-loadable

IBM WW Z Security Conference – October 6-9, 2020

Integrated Synchronization - DDF Secure Port Definition

Integrated Synchronization uses DDF to connect to Db2 for z/OS from the Accelerator

Only encrypted connections through AT/TLS are supported since Db2 log data is transferred to the Accelerator via this connection

Db2 DDF must have a secure port (SECPORT) defined

Check using command ‘-DIS DDF’– Example:

13

IBM WW Z Security Conference – October 6-9, 2020 14

Integrated Synchronization Db2-to-Accelerator Data Synchronization

Applications executingI/U/D Statements on replicated tables

Accelerator Users enabling tables for replication

Table T1

Log data processor

Db2 Log

Table T2

Table T3

Table T1

Table T2

Table T3

Accelerator Server

Encrypted Log Data

Stored Procedures

Log Data Provider Staging

area

Process control

IBM WW Z Security Conference – October 6-9, 2020 15

Chris WatsonZ analytics expert

Z Advanced Technical Skills teamBoeblingen Development Lab

watson@de.ibm.com

linkedin.com/in/christopher-watson-98125682

Secure Db2 acceleration with IBM Db2 Analytics Accelerator on IBM Z