Arwed Tschoeke
07. – 08. November 2016 @ IBM z Systems Mainframe Event 2016
Virtualisierungs- und Containertechnologien mit IBM z Systems
© 2016 IBM Corporation 2
TrademarksThe following are trademarks of the International Business Machines Corporation in the United States and/or other countries.
Notes:
Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here.
IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply.
All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions.
This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area.
All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.
This information provides only general descriptions of the types and portions of workloads that are eligible for execution on Specialty Engines (e.g., zIIPs, zAAPs, and IFLs) ("SEs"). IBM authorizes customers to use IBM SE only to execute the processing of Eligible Workloads of specific Programs expressly authorized by IBM as specified in the “Authorized Use Table for IBM Machines” provided at www.ibm.com/systems/support/machine_warranties/machine_code/aut.html (“AUT”). No other workload processing is authorized for execution on an SE. IBM offers SE at a lower price than General Processors/Central Processors because customers are authorized to use SEs only to process certain types and/or amounts of workloads as specified by IBM in the AUT.
The following are trademarks or registered trademarks of other companies.
* Other product and service names might be trademarks of IBM or other companies.
* Registered trademarks of IBM Corporation
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce. ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office. Java and all Java based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. andLinux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. OpenStack is a trademark of OpenStack LLC. The OpenStack trademark policy is available on the OpenStack website.TEALEAF is a registered trademark of Tealeaf, an IBM Company.Windows Server and the Windows logo are trademarks of the Microsoft group of countries.Worklight is a trademark or registered trademark of Worklight, an IBM Company.UNIX is a registered trademark of The Open Group in the United States and other countries.
BladeCenter*DB2*DS6000*DS8000*ECKD
FICON*GDPS*HiperSocketsHyperSwapIBM z13*
OMEGAMON*Performance Toolkit for VMPower*PowerVMPR/SM
RACF*Storwize*System Storage*System x*System z*
System z9*System z10*Tivoli*zEnterprise*z/OS*
zSecurez/VM*z Systems*
© 2016 IBM Corporation 3
Agenda
• Virtualization basics
• PR/SM and DPM
• z/VM
• KVM
• Docker
© 2016 IBM Corporation 4
Virtualization in your daily life
• Ideas!?
Car SharingInternet Access Sharing
Bathroom Sharing
Money and virtual Money?
=> Sharing „a few“ real resources with „many“ users
© 2016 IBM Corporation 5
PR/SM-LPARs • Virtualization capabilities built into the system
• PR/SM manages and virtualizes all the installed and enabled system resources as a single large SMP system
• Full sharing of the installed resources with high efficiency and very low overhead
• High scalability with support for up to 40 (for z13s) or 85 (for z13) logical partitions
• IBM Dynamic Partition Manager simplifies management experience
• Ensured workload separation based on highest EAL5+ security certification
z/VM v6.4 (preview)
IBM Wave for z/VM
• Enables extreme scalability, security and efficiency creating cost savings opportunities
• Ease Migration with upgrade in place infrastructure provides a seamless migration path from previous z/VM releases (z/VM 6.2 and z/VM 6.3) to the latest version
• Operational improvements by enhancing z/VM to provide ease of use
• Improved SCSI support for guest attachment of disk and other peripherals, and hypervisor attachment of disk drives
• IBM Wave for z/VM simplifies the management of virtual Linux servers from a single user interface
• Provides the foundation for cognitive computing on z Systems
KVM on z Systems v1.1.1 • Support new analytics workloads with Single Instruction Multiple Data (SIMD) for competitive
advantage
• Deliver higher compute capacity with support for Simultaneous Multithreading (SMT) to meet new business requirements
• RAS support enhanced for problem determination and high availability setup to reduce down time and quickly react to business needs
• Secure and protect business data with Crypto exploitation
Hypervisors and Virtualization for z Systems
PR/SM and DPM
© 2016 IBM Corporation 7
PR/SM or LPAR Hypervisor
■ 'Processor Resource/System Manager' (PR/SM) and 'LPAR hypervisor' are commonly used
synonymously.
■ However the 'LPAR Hypervisor' is the program itself and 'PR/SM' is the facility of the whole
■ So PR/SM aka LPAR hypervisor is a Type-1 Hypervisor that manages logical partitions:
Each partition owns a defined amount of physical storage
Strictly no storage shared across partitions
No virtual storage management / paging done by LPAR hypervisor
Zone relocation lets each partition start at address 0
CPUs may be dedicated to a partition or may be shared by multiple partitions
I/O channels may be dedicated to a partition or may be shared by multiple partitions (Multiple image facility, MIF)
Each LPAR has its own architecture mode (ESA/390 or z/Architecture)
■ PR/SM is shipped with z Systems (considered as part of the firmware)
■ PR/SM was initially introduced in 1988 with the IBM 3090 processors
■ Beginning with z990, the PR/SM is always loaded (no Basic Mode anymore)
■ Separation of logical partitions is considered as good as having each partition on a separate
physical machine (Evaluation Assurance Level 5)
© 2016 IBM Corporation 8
What is DPM - Product Vision
Dynamic Partition Manager has been designed to deliver dynamic z Systems hardware and
virtual infrastructure management including integrated dynamic I/O management with
general virtualization knowledge and minimal required mainframe knowledge.
Provides simplified, consumable, enhanced z Systems experience reducing the
barriers of adoption for new and existing clients.
Facilitate configuring and operating
PR/SM LPARs in a way which is
familiar to someone performing
these actions on another platform.
Develop towards an adaptive
user experience, adjusting to
user roles, and reacting to
conditions and state
Lay the foundation for a
general z Systems user
experience overhaul.
© 2016 IBM Corporation 9
Dynamic Partition Manager (DPM) –At a Glance
DPM Mode
A CPC can be in non-DPM mode
or DPM mode. Enable DPM
mode with first IML.
Linux only
A CPC running in DPM mode is
Linux only. No z/OS, z/VM,
zVSE, zTPF support in Stage 1.
FCP Storage only.
Simplification
Provide simplified, consumable,
enhanced Partition life-cycle
and integrated dynamic I/O
management capabilities.
Cloud
Provides the technology
foundation that enables IaaS
and secure, private Clouds.
FIE
Initial focus on First In
Enterprise (FIE) customers
with support for existing
clients in a later stage.
“DPM provides simplified z Systems hardware and
virtual infrastructure management including integrated
dynamic I/O management for FIE customers that run
KVM on z as a hypervisor and/or Linux on z as a
Partition-hosted operating system.”
© 2016 IBM Corporation 10
IBM Dynamic Partition Manager (DPM)
IBM Dynamic Partition Manager partitions
IBM Dynamic Partition Manager (DPM)
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Built-in
FW
(MCS)
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
KVM
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
LinuxLin
ux
Lin
ux
Lin
ux
Lin
ux
Linux
KVM
Linux
Lin
ux
Lin
ux
Lin
ux
Lin
ux
Linux
SE
HMC
OSM
SCH
Provides simplified, consumable, enhanced z Systems experience for reducing the barriers of adoption for new and existing clients.
Deliver dynamic z Systems hardware and virtual infrastructure management including integrated dynamic I/O management with general virtualization knowledge while requiring minimal mainframe knowledge.
New virtualization management
mode
© 2016 IBM Corporation 11
Partition and I/O device management at the HMC
• Linux partitions or KVM partitions correspond to
LPARs under standard PR/SM
• Supports only Linux and Linux based hypervisors
• Creation of I/O Configuration Data Set (IOCDS) is
“under the covers”
• Supports dynamic updates of I/O
• Hardware and operating system message displays
are unchanged
• Problem determination and maintenance continues
to exist on the System Element (SE)
• On/Off Capacity on Demand (OOCoD) and Customer
Initiated Upgrade (CIU) supported for Linux
IBM Dynamic
Partition Manager
Lin
ux
KVM
Linux
Lin
ux
Lin
ux
Linux
HMC / SE
© 2016 IBM Corporation 12
Enabling DPM
• Support Element will reboot whenswitching between PR/SM modes
• The entire CPC is in DPM or Standard PR/SM mode
• Nothing carried forward from standard PR/SM to IBM Dynamic Partition Manager
• A CPC can be revert back to Standard PR/SM
• Prior Standard PR/SM configuration restored• Must not be part of an Ensemble• SERVICE or SYSPROG IDs can Enable/Disable DPM• HMCs can manage both DPM and Standard PR/SM CPCs simultaneously
© 2016 IBM Corporation 13
How DPM helps in a new Linux Environment
• z Systems and PR/SM require a HW
definition
• Dynamic IO – one of the key
differentiator of the platform would be
nice
• Having the option to have a GUI-based
administration
• Overcome the prejudice: z is old school
and complicated
• Everything is scripted (that‘s why we
need GUIs ;-) )
short version: No Texteditor required to get started, dynamic IO available
© 2016 IBM Corporation 14
How DPM looks like
© 2016 IBM Corporation 15
© 2016 IBM Corporation 16
© 2016 IBM Corporation 17
© 2016 IBM Corporation 18
© 2016 IBM Corporation 19
© 2016 IBM Corporation 20
z/VM
© 2016 IBM Corporation 22
IBM z/VM Hypervisor
■ z/VM is the product name of a Type-1 Hypervisor
■ z/VM
■ virtualizes the architecture:
■ Guests definitions are completely virtual (and do not necessarily be
consistent with physical HW)
■ support DASD and FCP
■ Offers the possibility to choose the solution with the largest
convenience factor
■ SSI Clustering for increased avaialbility
■ Integration into GDPS
■ Since z990 (with the removal of the Basic Mode), z/VM always runs
either in an LPAR or nested on another z/VM systems
© 2016 IBM Corporation 23
z/VM Version 6 Release 3Making Room to Grow Your Business
Product General Availability
2013/14 2015
See http://www.vm.ibm.com/zvm630/
z/VM
z/VM 6.1 z/VM 6.2 z/VM 6.3
z/VM z/VM
z/VM
z/VM
z/VM
z/VM support for zEDC Express and 10GbE RoCE Express features Available, CPU Pooling
z/VM
z/VMz/VM
2016
January 14
z13 and z/VM
Enhancements
Announcement
Feb 13
Base z13 & Crypto support Available
March 13
SMT and Scalability Support Available
June 26
Multi-VSwitch Link Aggregation Available
September 15
RACfenhancements,
Prorated Core time
January 14
dynamic PDR
migration,
SIMD support
Q4/14
z/VM6.4 GA
© 2016 IBM Corporation 24
Improved Scalability and TCO
• z/VM Paging enhancements
• Use of HyperPAV when available to increase bandwidth for paging
• Increases number of paging I/Os that can be in-flight at once
• Exploitation for Paging, Spooling, z/VM user directory, and minidisk pools
that are mapped to z/VM data spaces.
• Guest large page support
• Enhanced DAT facility for guest use
• 1 MB pages
• Decreases memory needed for DAT structures by guest with Enhanced
DAT support
• z/VM maps to 4KB pages at the host level.
• Guest Transactional Execution support
• Potential efficiency and scaling improvements for guests and guest
software that exploits
• Alternative for serializing a set of operations.
© 2016 IBM Corporation 25
Improved Scalability and TCO
• Memory scalability improvements
• Enhanced algorithms to further improve the efficiency of memory
management
• Provide a foundation for future enhancements in scaling and efficiceny
• Guest Transactional Execution support
• Potential efficiency and scaling improvements for guests and guest
software that exploits
• Alternative for serializing a set of operations.
• FlashSystems support for FCP-attached SCSI disks.
• Removes requirement of a San Volume Controller (SVC) to use
FlashSystems for z/VM system volumes and EDEVs
© 2016 IBM Corporation 26
System Programmer & Management Capability
• QUERY SHUTDOWN command
• Allows better understanding of state of the system
• Allows for increased programmatical management of the system
• CP environment variables
• New framework to allow information to be set and queried for automatic
processing
• Example: Indicate system is being started for Production or DR Test or
Actual DR
• New management queries for SCSI environment.
• Allows SCSI detailed information to be gathered for emulated devices
(EDEVs)
© 2016 IBM Corporation 27
System Programmer & Management Capability
• CMS Pipelines enhancements
• Pipelines is a powerful programming construct available in the CMS
environment
• Objective is to make available, with the product, many of the advances
made to Pipelines since it was last updated in the product
• Allows use of various tools and programming without the need to download
additional code
• DirMaint to RACF Connector
• Modernizes the Connector with a collection of functional enhancements
• Brings processing in line with modern z/VM practices
• Allows better passing of directory information to RACF
• Facilitates proper security policy in environment managed by IBM Wave for
z/VM or OpenStack
© 2016 IBM Corporation 28
System Programmer & Management Capability
• Upgrade In Place migration enhancements
• Upgrade In Place migration was introduced in z/VM 6.3
• Enhanced to allow migration to z/VM 6.4 from
– z/VM 6.2 or z/VM 6.3 (but not both at same time in cluster)
– Supports migration for clustered or non-clustered systems
© 2016 IBM Corporation 29
KVM
© 2016 IBM Corporation 30
KVM Overview
• KVM (Kernel Virtual Machine) is a Linux kernel-based hypervisor
• Developed and maintained by Avi Kivity / Qumranet,
recently acquired by Red Hat
• KVM turns the Kernel into a hypervisor by loading a kernel module and opening a
device node. The main parts of KVM are:
Kernel module kvm.ko
Hardware specific modules
Device node /dev/kvm (to create/run VMs from userspace with a set of ioctl()s)
• Virtual machines (or guests or domains) appear as normal Linux processes and
integrate seamlessly into the rest of Linux
• A VM has its own memory, that is separated from the user space process
• Virtual CPUs are not scheduled on it's own (vCPUs are realized as Linux threads, and
are still scheduled by the Linux Kernel process scheduler)
• In full virtualization mode it's possible to run multiple unmodified guest OSes in parallel,
with each having private virtual hardware (network, disk, graphics etc.)
• Exploits 'SIE' hardware instruction on z Systems
© 2016 IBM Corporation 31
LPARs (PR/SM™)
KVMz/VM
Lin
ux o
n z
Lin
ux o
n z
Lin
ux o
n z
Lin
ux o
n z
z/V
SE
Memory
Processors
I / O
z/T
PF
z/O
S
Lin
ux
on z
z/O
S
KVM for z Systems
In addition to z/VM, IBM supports a Kernel-based Virtual Machine (KVM) offering for z Systems that hosts Linux on z Systems guest virtual machines.
The KVM can be installed on z Systems processors.
The KVM offering co-exists with z/VM virtualization
environments, z/OS, Linux on z Systems, z/VSE and
z/TPF.
The KVM offering is optimized for the z Systems
architecture and provides standard Linux and KVM
interfaces for operational control of the environment.
– Enterprises will be enabled to easily integrate Linux
servers into their existing infrastructure and cloud
offerings.
© 2016 IBM Corporation 32
Linux Kernel (host)
KVM (/dev/kvm and kvm.ko)
Hardware
pCPU0 pCPU1 pCPU2 pCPUn. . .
Physical Drivers ...
File System & Block devices
Memory pNIC3pNIC2pNIC1disk3disk2disk1
vCPU0 vCPUm...
Linux Kernel (guest)
QEMU
Hardware
Emulation
iothread
Physical Drivers
File System & Block devices
Gu
est
mo
de
Ho
st P
roce
ss:
kvm
; kvm
-qe
mu
Gu
est
Pro
ce
ss
Ho
st P
roce
ss:
virsh
; virt-
ma
na
ge
r (v
ia lib
virt)G
ue
st
Pro
ce
ss
Kern
el
mo
de
User
mo
de
Qemu/KVM Component Diagram
Others
© 2016 IBM Corporation 34
Virtualization vs. Containers
Infrastructure oriented:
• coming from servers, now virtualized
• several applications per server
• isolation
• Separation between tenants
Service oriented:
• application-centric
• solution decomposed
• DevOps
• separations between the apps of a tenant
Hypervisor
HW
OS
App
App
App
OS
App
App
App
Hypervisor
HW
OS
Container
APPContainer
APPContainer
APP
© 2016 IBM Corporation 35
Docker and Containers
Docker in general offers different ways to access the Linux Kernel and software
resources that allows to constitute and form Containers:
libvirt
systemd-nspawn
lxc and
libcontainer
The recently introduced 'libcontainer' library – Dockers own way to access these
resources, like namespaces and cgroups – seems to prevail and to become accepted.
© 2016 IBM Corporation 36
How to Form µServices with Containers (here: Docker)
© 2016 IBM Corporation 37
IBM API ConnectEnterprise Node.js
Architecture of a µservice Based Solution
© 2016 IBM Corporation 38
Why LinuxONE• In 2014, there were nearly 850 Million US Airline passengers or ~
2.3 millions passengers per day.• On a bad travel day, an average user could generate ~20 page loads
with each page load generating ~100 web events. • This drives a server volume of ~ 4.6 billion web events per day!
Topology
Transaction DB
Summary
© 2016 IBM Corporation 40
• HW-accelerated virtualization
• integrates into the existing world
• efficient, secure, scalable
• large benefits in current
environments (consolidation,
efficiency) and future (µ
services, highly scalable, on
requirement)
• Choices:
• take what ever is suited best
– What is standard in your IT
– What provides the best match to the requirements
– Or both
• Remember: OR, not XOR
© 2016 IBM Corporation 41
Schoenaicher Str. 220
D-71032 Boeblingen
Phone +49 (0) 171 863 7780
Arwed Tschoeke
IBM Client Center –
Systems and Software –
z ATS
IBM Germany Lab
Thank you!