Z Enterprise.Optimization And Security

© 2010 IBM Corporation

IBM zEnterprise Value for Business Workloads and Applications Becoming Responsive, Flexible and Competitive

© 2010 IBM Corporation2

Agenda

Recognizing the Workloads The evolution of the consumer transaction

The Value of IBM zEnterprise™

What the computer does vs. what the computer is

Real Customers – Real ValueOur initial learning from studies done with clients like you

Discussion and QuestionsA few thoughts about a way forward

2

© 2010 IBM Corporation33

Smart Work for a Smarter Planet

Smarter Cloud: Conserve energy. Consolidate resources. With mandates like

these, we have to be smarter about accessing, processing and storing data.

Smarter Healthcare: Smarter healthcare starts with the individual. Changing the way patient

information is used to treat the “whole” person, not parts at a time.

Smart Thinking: Taking advantage of a new wealth of information to be able to make more

intelligent decisions and rise to the top.

Smarter Shopping: Information exchange and collaboration, offer a tremendous opportunity

to strengthen customer loyalty.

Smarter Money: Using advanced analytics to turn a numerical ocean into actionable insight

and intelligence.

Upromise®: Providing the ability to shop online at over 100 Web sites, stores, restaurants while earning and accumulating savings for college

education

Medical Home: Primary care physicians act as "coaches," leading a team that manages a

patient's wellness, preventive and chronic care needs

Mobile Banking: Having the ability to check balances, move money across accounts and

initiate payment to a vendor, all from your cellular phone

‘Single Moments of Truth’: Insurance, Banking, Retail, Travel & transportation are all industries

that want a single view of all information for Customer Care & Insight

Online Universities: Providing millions the ability to remotely take courses from several colleges and universities simultaneously, consolidating

resources and skills

Around the world, industries are re-shaping business models to meet the demands of a sophisticated consumer and fiercely competitive economy

..Insights, risk reduction, reduced time to market, responsive, efficient

© 2010 IBM Corporation4

These new business models are driving requirements for complex changes into the components of a traditional workload or application

Future requirements include complete application integration in an optimal fashion

Special Purpose systems and

optimizers

General PurposeEnterprisesystems

Evolving & Emerging Workload Components

Networking

Optimized for a specific set of applications or components

Optimized fora broad set of

applicationsor components

TraditionalWorkload

Components

XMLJava™

Analytics Data Protection

SOA

Sensors

Events

Search

Digital Media

Encryption

What is a workload?The relationship between a group applications and/or systems related across several businessfunctions to satisfy one or more business processes. e.g. Retail Merchandising, On-line Banking

© 2010 IBM Corporation5

The competition says run it all on one platform – ONE SIZE FITS ALL

While in theory, all workloads could run on a single platform, the reality is all platforms have a role to play

• You need the data serving strengths of the mainframe, the security, the resiliency, the scalability

• You need the computational strength of Power Systems™, for HPC and large scale application serving

• You need the breadth of IBM System x®, for front end applications, special function servers and a myriad of niche applications

Creating a single platform infrastructure can be highly inefficient, ineffective and unsustainable in the long term

Collaboration is the key to success

© 2010 IBM Corporation6

Applications that are competitive targets …

Banking Insurance Retail Healthcare Telco Public Sector

Core Banking

Internet Rate Quotes

On-line Catalog

Patient Care Systems

Business Support Systems

(BSS)

Electronic Tax

Reporting

Wholesale Banking – Payments

Policy Sales & Management

(e.g. Life, Annuity, Auto)

Supply Chain Management

On– line Claims

Submission & Payments

Operation Support

System (OSS)

Web based Social

Security

Customer Care & Insight

Claims Processing

Customer Analysis

Patterns of OLTP, web browsing, business analytics, work flow processing

© 2010 IBM Corporation7

These workloads have recognizable patternsMulti-Tier Web

Serving

Database (z)•DB2 for z/OS or IMS

Application (Power /UNIX)•WebSphere•JBoss

Presentation (x86)•WebSphere•Apache / Tomcat

Database (z)•DB2 for z/OS

Application (Power / UNIX)•WebSphere•JBoss

Database (z)•DB2 for z/OS

Application (z)•WebSphere

Application (x86)•WebSphere•Apache / Tomcat

Database (z)•DB2 for z/OS, IMS

Transaction Processing (z)•CICS, MQ

Application (Power /UNIX)•WebSphere•JBoss•WebLogic

Presentation (x86)•WebSphere•Windows

Data Warehouse & Analytics

Master Data ManagementDatabase (z)

DB2 for z/OSApplication (z)

WebSphere MDM (AIX, Linux on z)

SAP

Database (z) DB2 for z/OS

Application (z) Linux® for z

Database (z)DB2 for z/OS

Application (Power)AIX®

Database (z) DB2 for z/OS

Application (x86) Linux for x86

Analytics System z/OS

DB2 Cognos® (Soon!) SAS

Linux for System z Cognos SPSS InfoSphere™

Warehouse

Core Applications

Database (z) DB2® for

z/OS®, IMS™

Application (z) CICS®

COBOL WebSphere®

Database (z) DB2 for z/OSOracle on

Linux for z

Application (z) WebSphere

© 2010 IBM Corporation

There are patterns for security as well

8

ProfessionalServices

ManagedServices

Hardware& Software

Common Policy, Event Handling and Reporting

The IBM Security Framework

Security Governance, Risk Management and ComplianceSecurity Governance, Risk Management

and Compliance

People and Identity

Data and Information

Application and Process

Network, Server, and End-point

Physical Infrastructure

AuthenticationAccess ControlData PrivacyAudit/ComplianceRegistration/EnrollmentIncident and Event Management

Strategy: zEnterprise as a control point for the Enterprise

© 2010 IBM Corporation9

Virtualization Centralize Management of virtual servers across a heterogeneous pool> 100,000 virtual servers in a single zEnterprise System

Efficiency Economies of scale for Labor, software and environmental costsReduce labor, energy, and development costs, by up to 70%, 90%, and 20% (respectively)

AvailabilityResiliency management and

fewer points of failureFault tolerant and fault

avoiding serversCentralized workload

management aligned to business priorities

ScalabilityAbility to meet massive demands

from users and dataProcess up to a Trillion instructions per second with a single zEnterprise System

zEnterprise: Full Value for Your IT Infrastructure

Securityindustry leading security at

the core of an integrated infrastructure

Identifies potential fraud in Real Time

© 2010 IBM Corporation10

Agenda

The Value of zEnterprise

What the computer does vs. what the computer is

10

© 2010 IBM Corporation

Continued WebSphere optimizations for z/OS From then to now

Continued investment to optimize WebSphere software for z/OS environment

1.35 times performance improvement for JPA 2.0 applications that exploit the caching features available in WebSphere Version 7, and the WebSphere Version 7 JPA Feature Pack

Uplevel to zEnterprise hardware produces 1.43 times performance improvement

From then to now – 1.93 times performance improvement

System z10Announce

zEnterprise Hardware

WebSphere Version 7Announce

DayTrader 2.0No Caching

WebSphereVersion 7.0.0.9

JPA Feature Pack

DayTrader 2.0 Data Caching

System z10 EC zEnterprise

Then Now

© 2010 IBM Corporation12

Linux on zEnterprise Lower acquisition costs of hardware and software vs distributed servers*• Less than $1.00/day per virtual server (TCA)*• Reduce floor space by up to 90% compared to distributed servers*• Reduce energy consumption by up to 80% compared to distributed servers*

Consolidate 40 Oracle server cores to 2 Linux Cores on zEnterprise

Lower acquisition costs of hardware and software vs distributed servers*• Less than $1.00/day per virtual server (TCA)*• Reduce floor space by up to 90% compared to distributed servers*• Reduce energy consumption by up to 80% compared to distributed servers*

Consolidate 40 Oracle server cores to 2 Linux Cores on zEnterprise

The Most Efficient Platform for Large Scale Consolidation:

* Distributed server comparison is based on IBM cost modeling of Linux on zEnterprise vs. alternative distributed servers. Given there are multiple factors in this analysis such as utilization rates, application type and local pricing, etc.; savings may vary by user

Consolidation on System z

$0.0

$0.5

$1.0

$1.5

$2.0

New X86 z10 z196

Mil

lio

ns

HW maint

HW

SW S&S

SW OTC

74% less thanNehalem

74% less thanNehalem

39% less than Nehalem

39% less than Nehalem

© 2010 IBM Corporation13

Imagine the possibilities…..An operational advantage you can turn into a business advantage

Business Problem–Data warehouse can detect trends, but not necessarily prevent fraud or upgrade transactions in real time because data is copied in bulk or batch mode

Insight instead of Hindsight–Opens up opportunities for real time analytics

–Preventing fraud–Making business analytic decisions faster

–Improved performance and lowers cost–Uses blade-based specialty processors, storage for warehouse workloads–Boosts overall query performance up to 80x –Customers could see a 40% reduction in storage utilization–Supports in-memory column store for parallel star schema queries –Uses column-based compression to minimize storage needs–Unchanged interfaces to DB2 for z/OS and thus no changes to the BI/DW applications–Provides capability to perform both transactional (OLTP) and warehousing (OLAP) type of queries in the same database management system

zEnterprise

ISAO or

DecisionSupport

Transform

Z196Claims

POSCredit/Debit

DB

CognosOn

Linux

Bla

de

s

© 2010 IBM Corporation

Application Architecture: The Complexity of Distributed

Business Objectives A bank has four basic transactions

– Credit, Debit, Transfer, Inquiry And they have a variety of choices for front end interface

– ATM, Branch Terminal, Kiosk, Web browser, PDA, Cellphone Customer uses a Bladecenter to drive multi channel transformation The back end processing remains the same regardless of the

presentation deviceFully Distributed Model (if deployed) Each application becomes a cluster of server images and must be

individually authenticated and managed Each line is a separate network connection, requiring high bandwidth

and protection Data is replicated across enterprise to meet scalability Customer deploys/builds automation processes to facilitate system

recovery with additional software – this is not trivial and requires additional software and unique development

High environmental needs and full time employees to manage infrastructure

Management Considerations for an enterprise

AuthenticationAlert processingFirewallsVirtual Private Networks

Network BandwidthEncryption of dataAudit Records/ReportsProvisioning Users/Work

Disaster Recovery plansStorage ManagementData TransformationsApplication Deployment

How does the Virtualization Manager improve these?

Application Servers

WebSphere®

Service PlatformDatabase

Connectors

SQLJ

Service

MessageServlet

Loan Applic.

Bank Teller

GeneralLedger

Credit CardProcessing

Risk AnalysisService

Service

Con

nectors/Ap

pliances

CurrentAccounts

BatchPrograms

Bill PaymentDatabase

SQLJ

CurrencyExchange

Temp data toElectronic Data Warehouse

Batch Process

RMI/IIOP

EJB

WAS

BillPayment

EJBs

AuthenticationServer

M

gt

M

gt

M

gt

M

gt

M

gt

Mg

t

M

gt

M

gt

Mg

t

Mg

tMg

t

Mg

t

Mg

t

© 2010 IBM Corporation

Application Architecture: A Large Enterprise

End User – Hosted Client

Application Server

Service Platform

Desktop Framework

Devices

Websphere

Service PlatformDatabase

Connectors

SQLJ

Service

MessageServlet

Loan Applic.

Bank Teller

GeneralLedger

Credit CardProcessing

Risk Analysis Service

Service

Connectors

CurrentAccounts

Banking Portal

Device Apps.

XML over HTTP(S)

Middleware Services

BatchPrograms

Bill PaymentDatabase

SQLJ

Desktop Framework Services

Personalization

Service Systems& Databases

MQ

CurrencyExchange

Temp data toElectronic Data Warehouse

Batch Process

RMI/IIOP

EJB

WASBillPayment

EJBs

AuthenticationServer

System zEnterprise

Potential advantages of consolidating your application and data serving Security Fewer points of intrusion Resilience Fewer Points of Failure Performance Avoid Network Latency Operations Fewer parts to manage Environmentals Less Hardware Capacity Management On Demand additions/deletions

With

IFLWith zAAP

& zIIP Utilization Efficient use of resources Scalability Batch and Transaction Processing Auditability Consistent identity Simplification Problem Determination/diagnosis Transaction Integrity Automatic recovery/rollback

Security Fewer points of intrusion Connectivity Improved throughput Simplification Problem Determination/Monitoring Development Consistent, cross platform tools

With

zBX

zEnterprise Combinations – reducing control points

Assumes the Bladecenter for the multi channel transformation

Can leverage Websphere on either Linux for System z or z/OS

The Bladecenter functionality can be migrated to zBX in the future

TCA and TCO advantages over distributed It’s the very same programming model in a

different container that provides a superior operations model

© 2010 IBM Corporation16

Agenda

What happens when there isn’t collaboration?

How computing silo’s create operational risk

16

© 2010 IBM Corporation17

Wireless StoreInfrastructure

BankBank

HackerHacker

HQHQ

Regional Regional Data centerData center

BranchBranchManagerManager

Point ofPoint ofSaleSale

Point ofPoint ofSaleSale

Branch uses WEP for LAN activity

Processes cards with banks

Hacker plugs in and gets copies of all transactions

Problem detected and branch systems get fixed

Mainframe doesn’t appear affected by distributed leaks

Hypothesis: Mainframe could help secure end users if they use good procedures

Branch managers run inventory transactions to mainframe

No encryption on sign in

No audit records analyzed

??????

?

?

?

Customer Problem

© 2010 IBM Corporation18

Real World Customer Problems That problem could never happen at my business

– Wrong – this problem can occur anywhere there is a change in security administrative control

The weakest link in an enterprise is typically the end user interface

– Virus, worms, Trojan Horses enable someone to hijack the end user interface

– In turn, that hijacked desktop can be used to log into any other server•Is it “really the authorized end user”? Perhaps not.

–That’s a large risk to a business.

Outsourcers and mainframe IT operations have SLA’s that protect the data they host on their systems.

Do their customers and end users have SLA’s that specify minimum desktop security? Do they manage Desktops and mainframes together?

– Typically not – as a result, there is a major risk that a compromised end user interface can result in compromised mainframe access.

Our Goal is to look at security management across these domains

© 2010 IBM Corporation19

Examples of End to End Security

Wireless BusinessInfrastructure

BankBank

HQHQOutsourcerOutsourcer

RegionalRegionalData centerData center

BranchBranchManagerManager

Point ofPoint ofSaleSale

Point ofPoint ofSaleSale

Mainframe Userid and Password Encryption via Host on Demand

Virtual Private Network encryption (which exploits the zIIP)

Audit and anomaly detection via TCIM

Fraud Forensics, Analysis and Prevention via Intellinx (which exploits the zAAP)

LAN encryption via WPA which exploits z/OS PKI

z/OS PKI deployment with Global Services

PKI management via Venafi

HackerHackerOrOrInsiderInsider

??????

?

?

?Compliance Insight Manager

Global Services:Security & Privacy Consulting

z/OS PKI Services

© 2010 IBM Corporation20

Agenda

Real Customers – Real Value

Our initial learning from studies done with clients like you

20

© 2010 IBM Corporation21

Large European Bank – Internet Banking (today)

21

Today’s Environment

System z with CICS, IMS and DB2 for data serving and core business logic, using WebSphere on Power for additional business logic and presentation capability; Web servers on System x Blades running Linux

Challenges/Issues • Extremely complex environment

• Majority of maintenance applied to systems manually

• Several single points of failure

• Bank presence in multiple countries across Europe and are maintaining different infrastructures based on acquisitions

© 2010 IBM Corporation22

Large European Bank – Internet Banking (tomorrow)

22

The Environment with zEnterprise

Integrate core business logic and data serving on System z (IMS/CICS/DB2) with IBM Blades; POWER 7 Blades running WebSphere and System x Blades as virtualized Linux based Web Servers, all managed in a zBX.

Business AdvantageSimplification and standardization of the environment will allow bank to be more flexible responsive to local country banks adding functionality and growing banking revenue.

Operational AdvantageA single management and policy framework across Web serving, transactions and database to lower the cost of enterprise computing

Mainframe Quality of Service characteristics will be extended to application servers to manage risks

The dynamic resource management of the mainframe is extended to all devices within a multi-tier architecture to improve quality of services

Organizational AdvantageReduce level of manual coordination, freeing up staff to train and focus on backlog of business application function development

HM

C –

Un

ifie

d R

eso

urc

e M

anag

er

PR/SM

SESE

PR/SM

Vir

tual

Mac

hin

ez/

OS

Vir

tual

Mac

hin

ez/

OS

Vir

tual

Mac

hin

ez/

OS

Vir

tual

Mac

hin

ez/

OS

zEnterprise Blade Extension

PowerVM™

AIX

AIX

AIX

xHyp

Lin

ux

Lin

ux

Lin

ux

x86 Power

AMM

Vir

tual

Mac

hin

ez/

OS

© 2010 IBM Corporation2323

US Healthcare Provider – Information Hubs (today)

ASP

ASPASP z/OSz/OS

IMS

SOAP

Gateway MQ

IMS TM

IMS DB

.net

WindowsWindows

z/OSz/OS

IMS

SOAP

Gateway

MQ

IMS TM

IMS DB

Power - AIXPower - AIX

MDM

WebSphereMember Hub

Provider Hub

Product HubService Layer

z/OSz/OS

Today’s Environment

Master Data Management Server is running on AIX today on Power servers front ending multiple data stores on DB2 on z/OS and IMS

Challenges/Issues

• Client grew through acquisitions and has multiple systems – looking to consolidate data and systems to reduce complexity and the number of systems to update

• Challenged to support new industry mandates

• Need to standardize on platforms to reduce complexity for dev/test/prod

• Need to reduce the time required to configure a new dev/test environment

• Need ability to monitor the end-to-end transaction flow to determine bottlenecks

• New Application – Some architectural choices still being investigated

© 2010 IBM Corporation2424

US Healthcare Provider – Information Hubs (tomorrow)The Environment with zEnterprise

Consolidate information into ‘information hubs’ that will be used by all aspects of the business. Two options being considered for Master Data Management using DB2 on z/OS for consolidated data store, with WebSphere on either AIX or Linux for System z.

Operational Advantage•Application and Data Proximity•Flexibility of architectural choices as designs are selected for performance and cost•Network –high speed, private, possible opportunity for reduced requirements for firewalls and encryption•Allows for virtualization across multiple tier workloads•Consistency /Standardization of OS/middleware/application reduces variations in test•Consolidate floor space, reduced energy costs

Business Advantage•Consolidation and Simplification will provide client agility to better compete in the highly volatile and competitive healthcare industry.

zOS

/WG

SzO

S/W

GS

IMS

SOAP

Gateway

MQ

IMS TM

IMS DB

ASP

ASPASPz/OSz/OS

IMS

SOAP

Gateway

MQ

IMS TM

IMS DB .net

WindowsWindows

P7 - AIXP7 - AIX

MDM

WebSphere

Member Hub

Provider Hub

Product Hub

Service Layer

zOS

zOS

Option B

zEnterprise with POWER7 Blades

zBX

zOS

/WG

SzO

S/W

GS IMS

SOAP

Gateway

MQ

IMS TM

IMS DB

ASP

ASPASPz/OSz/OS

IMS

SOAP

Gateway

MQ

IMS TM

IMS DB .net

WindowsWindows

MDM

WebSphere

Member Hub

Provider Hub

Product Hub

Service Layer

zOS

zOS

Option A

zEnterprise with MDM on Linux for System z

System z

z/VMz/VM

RHEL 5 for System z

RHEL 5 for System z

© 2010 IBM Corporation25 IBM Confidential until Announcement

Payment Services A unique national digital identity card project implemented on a country-wide scaleBusiness Need:Payment Business Services (PBS) won the contract for implementing and running a digital signature (PKI) infrastructure for the national danID in Denmark.

To meet the needs of the client, PBS had to be able to accommodate the following:• Same userid and logon-id procedure for both the public and the banking infrastructure.• Access from any computer. • Improved security of a two-factor-authentication with a one-time password.

Benefit:This solution allows all Danish citizens to sign-on and perform digital signatures banking and public systems using a single shared one-time password (OTP) device. It is an innovative solution combining a general purpose engine, specialty engines and hybrid-accelerators, used together to improve the price/performance ratio. IBM provides the operational platform for the digital signature infrastructure. The IBM System z9 Enterprise Class server running z/OS is the platform for development, test and production. IBM developed cryptographic security based on mandated security regulations.

© 2010 IBM Corporation26

A few thoughts about a way forward

26

Collaboration is a key to success. It provides: Business advantage Operational advantage Organizational advantage

a more secure environment

… thanks for joining us today

© 2010 IBM Corporation2727

Questions?

© 2010 IBM Corporation2828

The following are trademarks of the International Business Machines Corporation in the United States and/or other countries.

The following are trademarks or registered trademarks of other companies.

* Registered trademarks of IBM Corporation

* All other products may be trademarks or registered trademarks of their respective companies.

Intel is a trademark of Intel Corporation in the United States, other countries, or both.

Upromise is a registered trademark of Sallie Mae, Inc.

Java and all Java-related trademarks and logos are trademarks of Sun Microsystems, Inc., in the United States and other countries

Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.

UNIX is a registered trademark of The Open Group in the United States and other countries.

Microsoft, Windows and Windows NT are registered trademarks of Microsoft Corporation.

Red Hat, the Red Hat "Shadow Man" logo, and all Red Hat-based trademarks and logos are trademarks or registered trademarks of Red Hat, Inc., in the United States and other countries.

Notes: All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions.This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area.All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.

AIX*CICS*Cognos*DataPower*DB2*e-business logo*IBM*IBM logo*

IMSInfoSpherePOWER7Power SystemsPowerVMSystem zSystem x

WebSphere*zEnterprisez/OS*z/VM*

Trademarks

ZSP03409-USEN-00