From Containers to Cloud with Linux on IBM Z. Utz Bacher STSM Linux and Containers on IBM Z

Similar documents
Running Docker applications on Linux on the Mainframe

Red Hat Cloud Suite 1.1

IBM. Avoiding Inventory Synchronization Issues With UBA Technical Note

Merging Enterprise Applications with Docker* Container Technology

z/vm Evaluation Edition

IBM Mainframe Life Cycle History

IBM Endpoint Manager Version 9.1. Patch Management for Ubuntu User's Guide

IBM LinuxONE the largest scalable Linux Server

IBM Blockchain IBM Blockchain Developing Applications Workshop - Node-Red Integration

Docker and Oracle Everything You Wanted To Know

z/vm 6.3 Installation or Migration or Upgrade Hands-on Lab Sessions

Effective PMR Submission Best Practice. IBM Learn Customer Support

Using Netcool/Impact and IBM Tivoli Monitoring to build a custom selfservice

VMworld 2017 Content: Not for publication #CNA1699BE CONFIDENTIAL 2

Behind the Glitz - Is Life Better on Another Database Platform?

Optimize Your Heterogeneous SOA Infrastructure

IBM Lifecycle Extension for z/os V1.8 FAQ

Kubernetes made easy with Docker EE. Patrick van der Bleek Sr. Solutions Engineer NEMEA

Release Notes. IBM Tivoli Identity Manager Universal Provisioning Adapter. Version First Edition (June 14, 2010)

z/osmf 2.1 User experience Session: 15122

CNA1699BU Running Docker on your Existing Infrastructure with vsphere Integrated Containers Martijn Baecke Patrick Daigle VMworld 2017 Content: Not fo

IBM SPSS Text Analytics for Surveys

Transfer Data from TM1 to IBM Cognos Controller with a TI Process

IBM Bluemix compute capabilities IBM Corporation

VIOS NextGen: Server & Storage Integration

IBM Security Access Manager for Versions 9.0.2, IBM Security App Exchange Installer for ISAM

How to Develop Responsive Applications with IBM MQ Light (beta) Matthew Whitehead WebSphere MQ Development 1st July 2014

Software Defined Storage for the Evolving Data Center

Red Hat Atomic Details Dockah, Dockah, Dockah! Containerization as a shift of paradigm for the GNU/Linux OS

Containerization Dockers / Mesospere. Arno Keller HPE

IBM InfoSphere Data Replication s Change Data Capture (CDC) Fast Apply IBM Corporation

Red Hat Roadmap for Containers and DevOps

KVM for IBM z Systems Limits and Configuration Recommendations

Release Notes. IBM Security Identity Manager GroupWise Adapter. Version First Edition (September 13, 2013)

Release Notes. IBM Tivoli Identity Manager Rational ClearQuest Adapter for TDI 7.0. Version First Edition (January 15, 2011)

Oracle PeopleSoft Applications for IBM z Systems

IBM Data Center Networking in Support of Dynamic Infrastructure

IBM. Business Process Troubleshooting. IBM Sterling B2B Integrator. Release 5.2

SAP on IBM z Systems. Customer Conference. April 12-13, 2016 IBM Germany Research & Development

IBM Application Runtime Expert for i

Computing as a Service

Continuous delivery of Java applications. Marek Kratky Principal Sales Consultant Oracle Cloud Platform. May, 2016

20 years of Lotus Notes and a look into the next 20 years Lotusphere Comes To You

2-4 April 2019 Taets Art and Event Park, Amsterdam CLICK TO KNOW MORE

Cisco Cloud Strategy. Uwe Müller. Leader PreSales Cloud & Datacenter Germany

Welcome to Docker Birthday # Docker Birthday events (list available at Docker.Party) RSVPs 600 mentors Big thanks to our global partners:

IBM Db2 Warehouse on Cloud

Open Source on IBM I Announce Materials

Container in Production : Openshift 구축사례로 이해하는 PaaS. Jongjin Lim Specialist Solution Architect, AppDev

WebSphere Commerce Developer Professional

Deployment Patterns using Docker and Chef

Active Energy Manager. Image Management. TPMfOSD BOFM. Automation Status Virtualization Discovery

WebSphere Commerce Professional

Requirements Supplement

IBM LinuxONE Rockhopper

Red Hat Cloud Infrastructure 1.1

Oracle Solutions for IBM z Systems

Azure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region

Rational Asset Manager V7.5.1 packaging October, IBM Corporation

Define Your Future with SUSE

IBM InfoSphere MDM Inspector

HiperSockets for System z Newest Functions

IBM Power Systems: Open innovation to put data to work Dexter Henderson Vice President IBM Power Systems

Fast and Easy Persistent Storage for Docker* Containers with Storidge and Intel

SYMANTEC DATA CENTER SECURITY

IBM InfoSphere Master Data Management Reference Data Management Hub Version 11 Release 0. Upgrade Guide GI

Release Notes. IBM Tivoli Identity Manager GroupWise Adapter. Version First Edition (September 13, 2013)

Amir Zipory Senior Solutions Architect, Redhat Israel, Greece & Cyprus

z/vm 6.3 A Quick Introduction

High performance and functionality

Red Hat Container Strategy Ahmed El-Rayess

The Challenge of Managing WebSphere Farm Configuration. Rational Automation Framework for WebSphere

Industry-leading Application PaaS Platform

WebSphere Commerce Developer Professional 9.0

Docker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications

zmanager: Platform Performance Manager Hiren Shah IBM March 14,

Oracle Solaris 11: No-Compromise Virtualization

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Oracle Big Data SQL. Release 3.2. Rich SQL Processing on All Data

[Docker] Containerization

WebSphere Application Server 6.1 Base Performance September WebSphere Application Server 6.1 Base Performance

IBM i Version 7.2. Systems management Logical partitions IBM

ZVM20: z/vm PAV and HyperPAV Support

Running KVM for Dynamic Infrastructure Creation

Table of Contents 1.1. Introduction. Overview of vsphere Integrated Containers 1.2

Oracle Solaris Virtualization: From DevOps to Enterprise

InfoSphere Warehouse with Power Systems and EMC CLARiiON Storage: Reference Architecture Summary

Oracle Application Container Cloud

RED HAT'S CONTAINER STRATEGY. Lars Herrmann General Manager, RHEL, RHEV and Containers June 24, 2015

Przyspiesz tworzenie aplikacji przy pomocy Openshift Container Platform. Jarosław Stakuń Senior Solution Architect/Red Hat CEE

Readme File for Fix Pack 1

that will impact New IoT Technology Trends Production Automation

MAPI Gateway Configuration Guide

LINUX CONTAINERS. Where Enterprise Meets Embedded Operating Environments WHEN IT MATTERS, IT RUNS ON WIND RIVER

Taking your next integration or BPM project to the cloud WebSphere Integration User Group, 12 July 2012 IBM Hursley

Going cloud-native with Kubernetes and Pivotal

Real-life technical decision points in using cloud & container technology:

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

IBM BigFix Compliance PCI Add-on Version 9.2. Payment Card Industry Data Security Standard (PCI DSS) User's Guide IBM

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Transcription:

From Containers to Cloud with Linux on IBM Z Utz Bacher <utz.bacher@de.ibm.com> STSM Linux and Containers on IBM Z

A Message Brought To You By Our Lawyers Trademarks of International Business Machines Corporation in the United States, other countries, or both can be found on the World Wide Web at http://www.ibm.com/legal/copytrade.shtml. The following are trademarks or registered trademarks of other companies. Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. Windows Server and the Windows logo are trademarks of the Microsoft group of countries. ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office. UNIX is a registered trademark of The Open Group in the United States and other countries. Java and all Java based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom. Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and other countries. * Other product and service names might be trademarks of IBM or other companies. IBM Corporation 2015. All Rights Reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. 2

What are Containers? Self-sufficient packages of software app A app B Layering allows for simple packaging Serves a single task Solutions are broken down into smaller services Consistent handling from Development to Operations liberty Ubuntu (base image) PostgreSQL Docker: An Open Platform to Build, Ship, and Run Distributed Applications Clustering with Docker swarm or Kubernetes 3

Container Benefits No software-level dependencies between containers or to host Portability and cross platform deployment through generic build description Simple re-use of components in different scenarios Componentization of solutions (micro-services) Density through lightweight container mechanisms in Linux kernel Bridges Dev to Ops consistent tooling and environment 4

Container Benefits No software-level dependencies between containers or to host Portability and cross platform deployment through generic build description Simple re-use of components in different scenarios Componentization of solutions (micro-services) Density through lightweight container mechanisms in Linux kernel Bridges Dev to Ops consistent tooling and environment 5

Virtualization vs. Containers 6 Infrastructure oriented: coming from servers, now virtualized virtual server resource management several applications per server isolation persistence Service oriented: application-centric application management solution decomposed DevOps dynamic

Microservice Deployment Types Scale up for maximum efficiency Isolation, QoS and scaling for tiers and tenants 8 Grouping microservices end-to-end allows for simple scaling and optimized local communication

Microservice Challenges: Latency Internal flow between microservices user request edge service A B C E D B F Network latencies add up in meshes of microservices z Systems: large complex with in-box networks reduces latencies 9

functional decomposition (microservices) Microservice Challenges: Scaling The Scale Cube (From Abbott & Fisher: The Art of Scalability ) IBM Z: sometimes bigger is better starting point horizontal scale-out (cloning) massive scale Replication of components is mostly simple Splitting applications into microservices can be hard Data partitioning is often hard Scaling stateful services can be complex e.g. transactional context across microservices IBM Z can scale anywhere from horizontally to vertically scale-up can simplify solutions 10

Containers on IBM Z Technology and tooling identical to distributed platforms Second level virtualization provides perfect tenant isolation with low overhead while providing container agility and efficiency Co-location to traditional applications (e.g. via HiperSockets) Container performance inherits platform performance characteristics allows both scale-up and scale-out in a box good economics through density, utilization, (micro)service co-location, scaling Structure solutions along solution requirements, not environment-imposed restrictions

Multi-Architecture Images Common Dockerfile docker build docker push All official images on Docker Hub are multi-arch today Numerous images backed by s390x versions docker build docker push manifest-tool push image: webapp:latest manifests: - image: webapp-s390x platform: architecture: s390x os: linux - image: webapp-amd64 platform: architecture: amd64 os: linux

Docker on IBM Z High Level Summary Docker and base ecosystem available with full functionality Based on identical source code IBM Z is part of Docker s Continuous Integration pipeline Delivered as part of Docker s (CE, EE) and Linux distribution deliverables (SLES, Ubuntu) Docker today enables mixed architecture development and deployment Commercial support and products available Docker/IBM Distributions RogueWave Docker Enterprise Edition is available for IBM Z 15

Docker Enterprise Edition: Container as a Service private image registry access/user mgmt app & cluster mgmt image scanning/monitoring content trust/verification policy-based automation integrated lifecycle mgmt secrets network volumes resilient cluster multi-arch orchestration container engine on-prem OS certified infrastructure Cloud environment certified infrastructure 16 scheme from https://www.docker.com/enterprise-edition

Docker Enterprise Edition Tiers Basic: engine Standard: plus UCP and DTR Advanced: plus Docker Security Scanning Phase 1: engine running on IBM Z, DTR/UCP on x86 Phase 2: all tiers running on IBM Z Serviced through IBM Elite Supprt 18

Kubernetes on IBM Z High Level Summary Kubernetes and base ecosystem available with full functionality Based on identical source code IBM Z binaries are built as part of the release process Kubernetes today allows mixed architecture development and deployment Docker Hub Content (images) valid for kubernetes 19

Hybrid Cloud and IBM Z Hybrid Cloud Private Public Dedicated Local On Premise Traditional IT e.g. on IBM Z Hybrid Cloud: Cloud-style deployment and speed + traditional IT services If Hybrid Cloud is taken serious, IBM Z is a natural part of it Best fit thinking applies to Cloud, too: Public for ultimate scale-out, flexibility and global presence Dedicated for isolation requirements off-prem Local for more controlled and adapted environment Local with Z for optimized services with maximum security and performance through proximity and scalability Integration of traditional IT to leverage existing assets with a consistent IT consumption model

IBM Cloud Private: Ramping up on Z Framework for Private and Hybrid Cloud computing Based on open tooling/formats Based on (Docker) containers, orchestrated with kubernetes Common services (automation, integration, management, logging, monitoring, service mesh, etc) IBM Middleware, Data & Analytics Services Cloud Foundry platform for PaaS style dev t Integration across Clouds with Cloud Automation Manager (CAM) Includes driving IaaS via Terraform VMware and OpenStack

Secure Service Container (SSC) Being compromised by a rogue administrator/privileged insider is perceived as one of the biggest risks to companies. SSC provides ideal framework to package appliances. SSC: Internal closed partition for running appliances, managed through firmware no need for Linux infrastructure or skills Tamper proof environment with chain of trust for executed content Access to shell, memory, disk contents, or dumps prevented by trusted firmware code Confidentiality of code and data in appliance, even against highest privilege admins

Outlook: SSC with Container-As-A-Service (CaaS) Vision: Client brings workload Platform takes care of infrastructure SSC: Internal closed partition no need for Linux infrastructure or skills Tamper proof environment Access to SSC is prevented Confidentiality of code and data CaaS: Add container execution platform: Docker, Kubernetes environments Integrates with standard management e.g. Open Source tooling, Docker EE, ICP Confidentiality from infrastructure admin Note: still in early phase. IBM looking for beta sponsor users

container Outlook: Technology used in Current HSBN Offering Plain Containers: There are hundreds of system calls Use can be restricted libseccomp, SELinux, AppArmor, capabilities App in name space But still a large attack surface bugs, DoS System calls Linux (host kernel) 25

KVM guest Outlook: Technology used in Current HSBN Offering Isolated Containers: Transparently use KVM to run Container workload Improved isolation through hardware-based virtualization technology Smaller attack surface from untrusted container workload towards hosting environment Maintain Docker ecosystem and user experience KVM not visible to user, started under the covers Re-use of Docker images without any changes App Syscalls Virtual I/O OS kernel KVM hypervisor (Docker host) 26

THANK YOU

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback