Transcription
Mainline Information SystemsPresents:Systems Z and x86 for Linux Applications –Explore the value differenceMarianne EggettMarianne.Eggett@mainline.comThe Technology Partner for Business Results
Agenda Overview of Linux on IBM Z and LinuxONE Server Comparison with x86 alternatives Wrap upwww.mainline.com 866.490.MAIN(6246)
More SecureCrypto co-processing shared byall coresLPAR is EAL5 Protects to FIPS 140-2 Level 4 certified (tamper proof)Secure Service Containers has evolved to Hyper Protect appliancesHigh priority workload receives resource precedenceIdle cores for automatic fail over with no disruption to applicationZero memory failures using RAIMConsolidate “priced per core” software www.mainline.com 866.490.MAIN(6246)Linuxz/VMPartitionPartition Consolidate 100s to 1000s of x86 cores has huge savings LinuxEncryption is 2.2 x’s faster than SkylakeIFLs 1.9 to 2.8 x’s more throughput for database applicationsJAVA garbage collection 92% less processing time KVMPartitionHWHW – cores, memory, I/OMean time to fail is measured in decades Costs Less2.3 GHz (Xeon Gold 6140 –Skylake)Per core crypto co-processing More Reliable5.2 GHz (Emperor II), 4.6 GHz(Rockhopper II)Linux Commodity x86 serverLinuxFaster PerformanceIBM LinuxONELinuxLinux on z and LinuxONE Key Facts to rememberIBM LinuxONE
FASTER PERFORMANCEwww.mainline.com 866.490.MAIN(6246)
www.mainline.com 866.490.MAIN(6246)5
IBM Z Architecture Based Server – Highly Engineered Processorand I/O Infrastructurewww.mainline.com 866.490.MAIN(6246)6
www.mainline.com 866.490.MAIN(6246)7
What LinuxONE can do that x86 can’tArchitectural differences – at thechip levelIntel Xeon“Skylake”processor chipIBM LinuxONEprocessor chip14 nm SOI chiptechnology14 nm SOI chiptechnologyIBM LinuxONECommodity x86 server5.2 GHz (Emperor II), 4.6 GHz (RockhopperII)2.3 GHz (Xeon Gold 6140 – Skylake)128 KB I 128 KB D / 2 MB I 4 MB D – per core64 KB / 256 KB per coreL3 cache128 MB – shared by all active cores on the chip24.75 MB – shared by all cores on chipL4 cache672 MB – on separate chip, shared by all active coresN/AYes, yes, yes, yesYes, yes, yes, yesJava enhancementsPause-less garbage collectionN/ACryptographic functionsPer core crypto co-processingCrypto co-processing shared by all coresCore clock speedL1 / L2 cacheSMT, SIMD, OOO, HTMwww.mainline.com 866.490.MAIN(6246)8
What LinuxONE can do that x86 can’tIBM LinuxONE can significantly improve service delivery for many Javaenterprise applicationsGarbagecollectionpause timeGarbagecollectionpause timeGarbagecollectionpause timeIBM LinuxONE garbagecollections times were: 92% lower than x86 server(Emperor II) 90% lower than x86 server(Rockhopper II)x86IBMApplication execution timeIBM LinuxONE Emperor II delivered3.8x92%IBM LinuxONE Rockhopper II deliveredMore throughputat a common response time3.0x80%Lower response timeat a similar throughput rateMore throughputat a common response timeLower response timeat a similar throughput rateBased on an IBM internal study. The x86 server used was a Lenovo SR650 ("Skylake"). Both platforms used 8 Linux cores, RHEL 7.4, and IBM Java 1.8 SR5. The workloads ran "bare metal" (noadditional software hypervisor) on both platforms. Guarded Storage Facility was enabled on IBM LinuxONE. Workload used was a large-scale Java transactional workload that simulates a retailbusiness.www.mainline.com 866.490.MAIN(6246)9
What LinuxONE can do that x86 can’tEncryption on LinuxONE is dramaticallyfaster than on x86250Encryption ThroughputThroughput (GB/s)200 9x betterLinuxONE150Skylake delivers improvedencryption, but LinuxONEis still 2.2x better100z1450Source: IBM internal study. OpenSSLSpeed Benchmark,AES-256-GCM, 8K Buffer, Broadwell vs. LinuxONE, 16 xcores per LinuxONE cores.Results my vary.www.mainline.com 866.490.MAIN(6246)012345678910Concurrent Encryptions111213141516x86
What LinuxONE can do that x86 can’tFast, internal communications reducesnetwork-induced latency and eliminatesthe network cabling nightmare Within a partition:– VMs communicate via virtual networkmanaged by hypervisor– No point-to-point physical connection Between partitions:PartitionPartition– VMs communicate over fast partition-topartition link (Hipersockets)– Secure IP communications,but at memory speed – better than airgapped commodity servers11www.mainline.com 866.490.MAIN(6246)
What LinuxONE can do that x86 can’tLinuxONE Emperor II delivers higher database throughputcompared to x86 serversTest runLinuxONE throughput exceedsx86 throughput (per core)DayTrader benchmark on WebSphere Application Server 8.5.5.9 and DB2 LUW 11.1.1.11.9xDayTrader benchmark on Apache TomEE 1.7.1 and MariaDB 10.1.212.3xMicroBM CPU benchmark on InfoSphere DataStage 11.52.8xAcme Air benchmark on Node.js 6.10 and MongoDB 3.4.22.5xpgBench benchmark on PostgreSQL 9.6.12.0xYCSB benchmark on MongoDB 3.4.12.6xWith LinuxONE, run multiple database servers and data types on thesame system, delivering more work with one system than x86-baseddata serving platformAll claims noted on this slide are based on IBM Internal measurements. Results may vary. Additional information is available upon requestwww.mainline.com 866.490.MAIN(6246)
MORE SECUREwww.mainline.com 866.490.MAIN(6246)
What LinuxONE can do that x86 can’tApplications and data are saferon LinuxONE than on x86 serversIBM LinuxONEx86 servers Every core has its own embedded co-processorfor cryptographic functions (CPACF) Cryptographic co-processor off die and sharedacross all cores CPACF is not optional; it’s just there; turn it onwith a feature number Crypto has to be specifically requested; it’s notobvious if it’s there or not Encryption throughout is 3-9x faster than x86 AES-NI does not perform as well Hardware Security Module (HSM) – CryptoExpress6S – is tightly integrated with CPACF,enabling unique “protected key” Available HSMs are not as integrated;protected keys are not the ones for data at restand data in flight Protects to FIPS 140-2, Level 4 – tamper proof Typically protects only to FIPS 140-2, Level 3 Logical partitions are rated by Common Criteriaas EAL 5 isolation. IBM Z/VM is EAL 4 . VMware is only EAL 4 , potentially leading to“noisy neighbor” or bleed-through effectswww.mainline.com 866.490.MAIN(6246)14
What LinuxONE can do that x86 can’tJust ordering an Intel server optimizedfor cryptography is a challengeIntroduced with Skylake, thePlatform Controller Hub (PCH)includes Quick AssistTechnology(QAT), which doesimplement AESIntroduced with WestmereInstructions assist, but do notfully implement, AES encryptionNot available in all CPU versionsuntil SkylakeBut the PCH is an off-die coprocessor, and shared by all coresC628Of the 7 versions of the PCH,C627 only 4 support QATC626QAT is a mutually exclusiveC625 featureC624QAT is only availableC622 on desktops and small serversC621?QAT is also available on an add-oncard, but performance is not muchbetter than AES-NI on SkylakeprocessorsAdding on a card may not be anoption for some systems15www.mainline.com 866.490.MAIN(6246)
What LinuxONE can do that x86 can’tLinuxONE has a clear advantageover x86 when it comes to securitybestLinuxONE securityHardware Security Module (HSM)Cryptographic accelerationProtected keyFile encryption Securingcommodity Linuxservers to the levelof IBM LinuxONE issimply notpossible www.mainline.com 866.490.MAIN(6246)Real-time auditNetwork traffic encryptionServer cluster traffic encryptionSecure service containers16DIY x86worstx86 with bolt-on transparentencryption
YouTube Video https://www.youtube.com/watch?v jDK3ZwEdX4IHear in this 5minute video ofIBM’s uniqueimplementation ofPervasiveEncryption foryour datavolumeswww.mainline.com 866.490.MAIN(6246)17
What LinuxONE can do that x86 can’tLinuxONE with Secure Service Containers is betterthan x86 alternativeIBM LinuxONEwith Secure Service Containersx86 with DIY security Encrypted Encrypted,restrictedaccess Integrity Isolation – EALchecks5 ApplicationContainerEngineBase OSApplicationApplicationContainerEngineBase OSContainerEngineBase OS SoftwarestackhardenedEncryption – Notby defaultIsolation – EAL4 RestrictedAccess – Notby nerEngineBase OSBase OSIntegrity checks Not by defaultApplicationContainerEngineBase OS keys/certificatesMost reliable,higher-performingFirmware hypervisorHypervisorLinuxONE HardwareIntel x86 EncryptedNeed to integrateseparate keymanagementsystem (KMS)Encryption – Notby defaultSource: IBM analysis as of 10/10/201818www.mainline.com 866.490.MAIN(6246)Software stack Not hardenedby default
NEW!!!IBM Cloud Hyper Protect ServicesHyper ProtectCrypto ServicesHyper ProtectDBaasHyper ProtectVirtual ServersHyper ProtectContainersKeep your own keys fordata encryption protectedby dedicated cloud HSM*Complete dataconfidentiality for yoursensitive dataCreate Linux VMs withown public ssh keyto maintain exclusiveaccess to code and dataBuild and deploy microservices within a hypersecure environment* Industry’s only FIPS 140-2(PostgreSQL, MongoDB EE)(Ubuntu)(Kubernetes)Beta 1Q/GA 2Q19Experimental in 1Q19Coming soonLevel 4 certified HSMGA 1Q19Only you have access to your data, encryption keys and workloads. Only your cloud admin has access!19www.mainline.com 866.490.MAIN(6246)
What LinuxONE can do that x86 can’t Secure Service Containersare the future for LinuxONE workloadsEAL 5 isolation No host- or OS-level interactionUp to16 TB Memory Administrator is not trusted – cannotaccess processor or memory state Access only to legitimate usersthrough narrowly scoped interfaces Data encrypted in flight and at restManagementUI / REST API Signed or encrypted, with verifiedboot componentsx86 servers do not have acomparable featurewww.mainline.com 866.490.MAIN(6246)20Docker EnablementApplication InterfacesManagement BackendBase Operating System
MORE RELIABLEwww.mainline.com 866.490.MAIN(6246)
What LinuxONE can do that x86 can’tIBM LinuxONE delivers the highestavailabilityFrom ITIC: Unplanned downtime per server, per year (inminutes) in 2017-2018 (Linux servers)% availabilityequivalent99.999830.91IBM LinuxONECisco UCS3.999.99926HP Superdome4.199.9992229Dell PowerEdge x86Oracle x863299.993923399.9937337HPE ProLiant x86510152025303599.9930040Source: ITIC 2017-2018 Global Server Hardware, Server OS Reliability Survey. ITIC surveys are independent, and receive novendor sponsorship.www.mainline.com 866.490.MAIN(6246)IBM LinuxONE exhibits truefault tolerance Close to 6 9’s availability – farbetter than traditional x86servers, and better thanconverged systems For IBM LinuxONE, the meantime between failures ismeasured in decades, notmonths99.99449Oracle OpenSolaris UltraSPARC0 22
What LinuxONE can do that x86 can’tIf a core fails, a spare can be “turned on” withoutsystem or program interruption Most LinuxONE servers ship with two extra coresdesignated as spares– Core0Core1Core2Core3In addition, any unused core can act as a spareCore failover (called sparing) istransparent to applicationsSpares need not be local on thesame chip or in the same drawerAny core can failover to a d L3CacheCore5Core6Core6Core7Core7Core8Core9Shared L3CacheCore5Core6Core6Core7Core7Core8Core9Typical x86 serversdo not have coresparing23www.mainline.com 866.490.MAIN(6246)
What LinuxONE can do that x86 can’tLinuxONE systems never go down because ofmemory failures LinuxONE uses special memory that isdesigned to eliminate even the most remotefailures (due to cosmic radiation)– Redundant Array of Independent Memory (RAIM)– Very robust , very cost effective– No performance penalty– Covers memory buses, DIMM connectors, clockfailures, etc. Zero observable memory failureson systems using RAIMA level of memory protectionnot found on typical servers24www.mainline.com 866.490.MAIN(6246)
COST LESSwww.mainline.com 866.490.MAIN(6246)
What LinuxONE can do that x86 can’tArchitectural differences –at the box levelLinuxONETypical x86serverTotal capacity (GHz)Total memoryNumber of server“equivalents”Up to 170 cores @ 5.2 GHz 884 GHzUp to 32 TB total,or 16 TB per logical partitionUp to 85 logical partitions, eachsupporting hundreds of VMs10-17x more GHzcapacity21-42x morememory85 : 12 sockets8-18 cores per socket2.3-3.2 GHzTotal 51-83 GHz766 GB1 server LinuxONE is a large, centralized server intendedto replace scores of x86 servers 26www.mainline.com 866.490.MAIN(6246)
What LinuxONE can do that x86 can’tAllocate or share resources across allapplications for increased flexibility “Shared everything” hardware design means resources can beshared or dedicated to different VMs– Dynamically add cores, memory, I/O adapters, devices and networkcards– Grow horizontally (add Linux VMs ) and vertically (add to existingLinux VMs)– Grow without disruption to running environmentAdd moreresourcesto anexistingLinux VM.– Provision for peak utilization, unused resources automaticallyreallocated after peakLinuxLinuxLinuxLinuxLinuxLinuxLinuxLinuxLinux. or clone more Linux VMswith a high degree of resourcesharing27www.mainline.com 866.490.MAIN(6246)
What LinuxONE can do that x86 can’tMaintain system availabilityeven as resources are added or reallocated All boxes ship with all cores Optionally, activate cores temporarily andpay only for “on” time (Capacity onDemand) uxLinuxLinux– Reallocate cores across VMs and acrosspartitions as business and applicationneeds changeLinux As demand increases, activate additionalcoresLinux– Activate only the number of cores tionPartitionHW – Example: Sales cycles may demand extracapacity during specific periodsActive coresInactive cores28www.mainline.com 866.490.MAIN(6246)
What LinuxONE can do that x86 can’tIBM LinuxONE delivers a cost advantageover x86 serversCommodityx86 serversIT Economics sizing tools show: Fewer resources (cores)needed to run the sameworkloads Resulting in drasticallylower costs Large, centralized servers with moreresources make more effective platforms,yielding lower cost per workloadand lower total cost of ownershipwww.mainline.com 866.490.MAIN(6246)29
IBM LinuxONE portfolio - siblings with footprint & scale differencesIBM LinuxONERockhopper IIIBM LinuxONEEmperor II Equivalent to 200 x86 cores Equivalent to 1300x86 cores Up to 8 TB memory Up to 32 TB memory I/O support for up to2 million IOPS I/O requirements up to 9 millionIOPS, raw I/O bandwidth of 832GB/S 19” industry standardform factor PDU-based1 with 200v to240v power Optional 16U of available framespace for additional components,e.g., storage, server, networkswitch Massive Capacity Back Up(CBU) on demand Need for on-site disasterrecovery Bulk power based on 480v Option for water cooling Air-cooled onlyBIG THROUGHPUT INA SMALL FOOTPRINTwww.mainline.com 866.490.MAIN(6246)EXTREMESCALE
Comparison with x86 alternativeswww.mainline.com 866.490.MAIN(6246)
Consolidate Oracle Databases on LinuxONE Emperor II at alower cost than x86220 coresWhich platform canachieve the lowest cost?BrokerageDatabaseWorkloads 5.46M (3yr TCA) 663/TPS5 x86 systems(each system with 44 cores/768 GB)Oracle VM & Oracle LinuxOracle 12c49 Brokerage Database Workloadseach with 64 GB memory driving200 GB databaseAverage 168 TPS per workloadThis is an IBM internal study designed to replicate a typical IBM customer workload usage in the marketplace. It consists ofIBM LinuxONE Emperor II with 33 cores, 3392 GB memory, z/VM, RHEL, Oracle 12c compared to a comparably tuned x86configuration with total of five x86 systems each with 44 Intel E5-2699 v4 cores, 768 GB memory, Oracle VM, Oracle Linuxand Oracle 12c executing a materially identical brokerage database workload in a controlled laboratory environment. Testsfor IBM LinuxONE Emperor II measured number of database workloads, each running as a guest on z/VM in a logicalpartition, executing identical SQL query transaction mix at an average throughput of 168 transactions per second. For the x86configuration, test measured number of database workloads, each running as a guest on Oracle VM and executing identicalSQL query transaction mix at an average throughput of 168 per second. The results were obtained under laboratoryconditions, not in an actual customer environment. IBM's internal workload studies are not benchmark applications. Prices,where applicable, are based on US prices as of 09/01/2017 for both IBM LinuxONE Emperor II and x86 environment. Pricecomparison based on a 3YR Total Cost of Acquisition (TCA) includes all HW, SW and 3 years of service & support which isthen divided by the number of average TPS, which results in per TPS.www.mainline.com 866.490.MAIN(6246)33 cores 3.08M (3yr TCA) 374/TPSIBM LinuxONE Emperor II(LM1/M01 with 33 cores/3392 GB)z/VM & RHELOracle 12c44% lower costEstimated for systems compared
How Sizings Effects the TCO?Comparative 5-Year Costs Between IBM System z 14 and Distributed CISCO Serversz14 Emperor vs CISCO for WebSphere ComparisonCisco 43 physical servers 324 WebSphere virtual servers 146 Production 103 QA 71 Development 5 Lab 765 coresCISCO w/324 virt Svrs & 765 cores(2) z14s w/27 IFLs for 40%(2) z14s w/15 IFLs for 20%(1) z14 w/30 IFLs for 20%(1) z14 w/23 IFLs for 10% 0 2,000 4,000 6,000 8,000 10,000 12,000 14,000 16,000ThousandsSavings5-yr TCOZ14 LinuxONE w/SMTSize for concurrent peak of virt servers 10% concurrent peak 33 x86 servers 20% concurrent peak 65 x86 servers 40% concurrent peak 130 x86 serversNOTE: Customer estimated CISCO Utilization. Distributed costs do not included HW refresh and HW maintenance. Z14 sizing assumes SMT 20% boost.www.mainline.com 866.490.MAIN(6246)
X86 Consolidations to IFLs and “IFL to x86 core ratios”:What to Expect from Different Technologies Consolidation ratios vary from 1:10 to 1:100, a 10X difference Average consolidations are generally between 1:12 and 1:25 forcurrent generations of hardware in well managed environments Why so many less IFLs than x86 cores?– Linux on z shares resources so fewer “bottlenecks” or lessprocessor, memory or I/O contention. Resources are managed byz/VM at machine speeds.– Ability to run at 80 to 99% average utilization rates compared to10% to 45% average utilization for Intel– IFLs share resources for workloads 24 x 7 (non concurrent peaks)– IFL commonly share environments (prod, dev., test, QA)www.mainline.com 866.490.MAIN(6246)
Steps To Build the Business CaseAnalyze ServerInventoryChoose ApplicationGather DetailsGather SAR DataOr Industry AverageRepeat and refineSize With IBMGather costs; SW, HWAdmin. Pricing/InvoicesBuild Business Casewww.mainline.com 866.490.MAIN(6246)Mainline Information Systems System z Linux Business Case Methodology2013
Energy SavingsBTUs and WattsTotal Annual Cost of Energy 63,715200150 50 40 5,733 30 20ThousandsThousands 70 60155,10650 10 DistributedServersCost based on 0.10 per KW rnationalwww.mainline.com sarederivedfromIDEASInternational
Labor Cost Comparison Between for Oracle x86 servers and Linux on IBM ZAdditional Savings, not included in Business CaseWindowServersLinux ServersTOTAL IntelServersSystem z LinuxServersSavingsAnnual Hours77,13712,23689,37427,20462,170Annual LaborCost5-Yr LaborCosts 984,734 156,211 1,140,945 347,281 793,664 4,923,670 781,053 5,704,723 1
IBM LinuxONE IBM LinuxONE Commodity x86 server Faster Performance 5.2 GHz (Emperor II), 4.6 GHz (Rockhopper II) 2.3 GHz (Xeon Gold 6140 – Skylake) Encryption is 2.2 x’s faster than Skylake IFLs 1.9
