Linux and z/VM on IBM System z and zSeries update

IBM Systems & Technology Group

Daniel Schwarzentruber dswt@ch..com

© 2006 IBM Corporation IBM Systems Trademarks and notices

The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States or other countries or both:

TM ƒ AIX7 ƒ GDDM7 ƒ PrintWay ƒ xSeries7 TM TM ƒ AnyNet7 ƒ GDPS7 ƒ PR/SM ƒ z/Architecture TM ƒ AS/4007 ƒ ƒ pSeries7 ƒ z/OS7

ƒ Candle7 ƒ IBM7 ƒ RACF7 ƒ z/VM7 TM ƒ CICS7 ƒ Infoprint7 ƒ Redbooks ƒ zSeries7 TM TM ƒ CICSPlex7 ƒ IMS ƒ Redbooks (logo) TM ƒ CICS/ESA7 ƒ IP PrintWay ƒ S/3907 TM ƒ DB27 ƒ iSeries ƒ System/3907 TM TM ƒ DB2 Connect ƒ Language Environment7 ƒ System z9

ƒ DPI7 ƒ MQSeries7 ƒ ThinkPad7 TM ƒ DRDA7 ƒ MVS ƒ Tivoli7 TM ƒ e business(logo)7 ƒ MVS/ESA ƒ Tivoli (logo)7

ƒ ESCON7 ƒ NetView7 ƒ VM/ESA7 TM TM ƒ eServer ƒ OS/27 ƒ VSE/ESA TM ƒ ECKD ƒ OS/3907 ƒ VTAM7 TM ƒ FFST ƒ Parallel Sysplex7 ƒ WebSphere7

‹Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. ‹Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. ‹Intel, Intel Inside (logos), MMX and Pentium are trademarks of Intel Corporation in the United States, other countries, or both. ‹UNIX is a registered trademark of The Open Group in the United States and other countries. ‹ is a trademark of Linus Torvalds in the United States, other countries, or both. ‹Red Hat is a trademark of Red Hat, Inc. ‹SUSE® LINUX Professional 9.2 from Novell® ‹Other company, product, or service names may be trademarks or service marks of others. ‹This information is for planning purposes only. The information herein is subject to change before the products described become generally available. ‹All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.

Refer to www.ibm.com/legal/us for further legal information.

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Agenda

ß Linux on IBM System z and zSeries ß z/VM support for Linux ß Linux Update and Distribution ß Summary

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Trend: Open Computing

° Open standards Open Computing  Improving information sharing by simplifying integration of disparate Open technologies standards  Promoting interoperability by using open published specifications ° Open architecture  Increasing collaboration by easily Community extending business processes – eg Innovation SOA Open Open  Innovating on top of common hardware architecture source specifications ° Open source  Promoting innovation by leveraging community development  Accelerating open standards adoption

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Linux on IBM System z z900 Linux + Virtualization + System z = SYNERGY z800 z990 ° The legendary IBM mainframe – IBM System z™ z890  Legendary dependability  Extremely security-rich, highly scalable  Designed for multiple diverse workloads executing concurrently  Proven high volume data acquisition and management ° The IBM mainframe virtualization capabilities – z/VM® 5.3  Improved scalability for applications with large memory requirements  Increased number of virtual guests possible with dedicated devices z9 EC z9 BC  … and improved performance and enhanced SCSI disk support ° The easy deployment and configuration of virtual Linux® servers – IBM Director Extensions 5.20  Automated deployment of z/VM virtual servers and installation of Linux systems  Reduced customization steps for z/VM hosted virtual Linux servers ° Open standards – Linux for System z  Reliable, stable, security-rich  Available from multiple distributors  Plentiful availability of skills administrators and developers  Large selection of applications middleware and tooling from IBM, ISV’s and Open Source IBM System z9™ Enterprise Class (z9 EC) – formerly called z9-109 – and the System z9 Business Class (z9 BC)

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Integrated Facility for Linux (IFL) The specialty engine for the Linux workload ° Supports Linux on System z and z/VM ° Traditional mainframe software charges unaffected  IBM mainframe software IFL Capacity 300% % Increased Value  Independent Software Vendor products 262% ° Linux and z/VM charged only against the IFLs 244% ° IFL supports Capacity on Demand (On/Off CoD), Capacity Upgrade on Demand, and Capacity BackUp 164% (CBU) 132% ° IFLs on z9 BC, z890 and z800 run always on “full speed”  37% performance increase comparing z9 BC & z890 IFL 79% ° The IFL price for the new z9 BC servers is CHF180K  This is a 24% reduction when compared to other System z servers z800 z900 z890 z990 z9 BC z9 EC ° Aside from the reduced price for the IFL on the z9 BC, price/performance gains with each successive generation of technology  Consistent IFL price for all other System z generations

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Integrated Facility for Linux (IFL) Support

° z/VM Version 5 can run in an LPAR defined with IFL processors ° IFLs are processor processors dedicated to Linux only workloads  Only IPLA software can be licensed on IFL processors  Allocated from the set of spare processors on MCM  Less expensive than standard processors  Will not support traditional mainframe operating systems  Only usable in LPAR mode; cannot be mixed with standard processors

LPAR LPAR LPAR LPAR LPAR LPAR No: Yes: Yes: Yes: Std IFL IFL IFL IFL IFL IFL IFL IFL

° IFL processors are available on the z9 EC, z9 BC, z990, z890, z900, and z800  One standard processor must exist before IFLs can be added  Exceptions: z9 EC, z9 BC, z990, z890, and z800-0LF servers  Some servers don't have spare processors available for IFLs ° Adding IFLs does not change a server's model designation  No increase in fees for IBM software installed on standard processors

VMV53_160 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Exkurs: z/VSE

° Businesslösungen auf System z mit z/VSE und Linux von Dr. Klaus Goebel, Labor Böblingen, Deutschland.

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems IBM System z and zSeries processing capacity for Linux

°The Integrated Facility for Linux® (IFL) is a Central Processor (CP) dedicated to Linux workloads  is available for IBM System z9, zSeries z990, z900, z890, and z800

°O/O CoD - On/Off Capacity on Demand - Temporary capacity upgrade -  Non disruptive temporary of CP's or IFL's or ICF's or zAAPs in any situation °CBU - Capacity Backup - Temporary emergency upgrade –  Non disruptive temporary addition of CPs in an emergency situation  supports IFL on z9 °CIU - Customer Initiated Upgrade - Permanent upgrade  Customer capability to order and install permanent upgrade

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems ß Linux on IBM System z and zSeries ß z/VM support for Linux ß Linux Update and Distribution ß Summary

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Reale Hardware z/VM – The Virtual Machine Virtuelle Hardware

RDR z/VSE z/VM 192 z/OS PUN VM_ALPHA PRT 550

CMS ...IPL CMS 191 (Virtuelle (Conversational „Privater Management Bereich“ Monitor System) Console) VCP

- verwaltet reale Hardware CP (Control Program) - Simuliert virtuelle Maschinen ...IPL CMS CP0 CP1 CP2 CP3 (Hardware IFL Management Console)

RDR 520 521 Page Spool PUN OSA 550 PRT (Open 0 0

9 191 RDR 9 Systems 3 3 3 3 Adapter)

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems z/VM Evolution

Expand your opportunities with z/VM z/VM z/VM z/VM Version 3 Version 4 Version 5

06/2007

12/2005 09/2004 08/2003 05/2002 10/2001 07/2001 02/2001 z/VM z/VM z/VM V5.1 V5.2 V5.3 z/VM z/VM z/VM z/VM V4.4 (CCC)* z/VM V4.1 V4.2 V4.3 V3.1

12/2005 06/2003 12/2003 05/2005 09/2006 09/2007 04/2009 09/2010

Withdrawn from marketing Currently being marketed XX/XXXX - Service Discontinued and no longer serviced (bottom of box)

XX/XXXX - Planned general availability (top of box)

•The EAL3+ evaluated copy of z/VM V5.1 is available as the Common Criteria Certification feature of z/VM V5.2 •The Common Criteria Certification feature and z/VM V5.2 are planned to be withdrawn from marketing on June 15, 2007. VMV53_020 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Primary Uses of z/VM Platform by Function ° Guest Support ° On demand business ° Systems Management  Applications for VSE/ESA™, Linux,   Automated Operations ® Highly secure Access to: z/VSE™, z/VM, OS/390 , z/OS.e,  OSA/SF ®, • WWW z/OS TPF, and z/TPF  • Databases Systems Management API  Crypto Express2 support for z/OS and  ®  TCP/IP Coordination of DirMaint™ and RACF Linux changes ®  VM guest LAN  Parallel Sysplex Support  Enhanced directory management ®  FICON , FICON Express and Virtual  Simplified VLAN management with FICON CTCA support for GVRP  Enhanced memory utilization using  HCD and HCM VMRM between z/VM and Linux  Performance Toolkit for VM™ guests  OBSERVER Support  Enhanced memory management for z/VM  I/O Priority Queuing Linux guests (CMMA) V5.3  VM Resource Manager (VMRM)  Guest LAN sniffer  IPL from SCSI disks ° Communications  N-Port Identifier virtualization  TCP/IP  RSCS FL530  SNA  NJE ° Application Development  MQSeries® Client  C/C++ for z/VM Compiler ° Data  OSA-Express and OSA-Express2  IBM Debug Tool for z/VM  Distributed Relational Databases  OSA-Express2 OSA for NCP (OSN)  REXX  Shared File System  HiperSockets™ IPv6  CMS Pipelines  Storage Management Subsystem  VM guest LAN  POSIX  Byte File System  REXX Sockets  Network File System ° Security  Reusable Server Kernel LDAP server and client services  Binder/Loader RACF FL530data and file protection  Converged C Sockets Libraries  Longer passwords VMV53_030 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems The Value of z/VM for Linux

° z/VM enables a large number of Linux server images to run on a single System z9 and zSeries ° z/VM version (V5) contains significant support for Linux virtual servers, including exploitation of new System z9 and zSeries ° Infrastructure Simpification  Consolidate distributed, discrete servers and their networks  Can help improve IBM mainframe qualities of service  Exploit built-in z/VM systems management ° Speed-to-Market  Deploy servers, networks, and solutions fast  React quickly to challenges and opportunities  Allocate server capacity when needed ° Technology Exploitation  Linux with z/VM offers more function than Linux alone  Linux can exploit unique z/VM technology features  Build innovative on demand business solutions  z/VM provides support specific for Linux

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Potential Total Cost of Ownership (TCO) Savings with z/VM

° Deploying virtual servers can reduce hardware requirements, which may result in savings when purchasing, installing and configuring new hardware ° Fewer hardware servers occupy less space, which may result in savings on raised floor requirements, heating, cooling and electricity ° Guest support for zAAPs and can help use available zAAP and zIIP capacity not being used by z/OS LPARs to be allocated to a z/VM LPAR hosting z/OS guests running Java and DB2 workloads ° Virtual servers can be created in minutes, which can help reduce cost and time associated with planning for new business opportunities ° Sharing operating systems and application code between virtual servers can help you save on software, systems management and staffing ° System management tools are delivered as part of the system which can help avoid the cost of additional software to perform these tasks ° Network costs may be reduced since virtual servers communicate using HiperSockets or VM guest LANs, Inter-User Communication Vehicle (IUCV), and virtual channel-to-channel adapters

VMV53_050 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Costs of power of Intel Servers – 3 years

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Servers Supported by z/VM V5.3

° z/VM V5.3 requires hardware that implements the IBM 64-bit z/Architecture in order to execute properly:  IBM System z9™ Enterprise Class (z9 EC)  IBM System z9 Business Class (z9 BC)  IBM eServer zSeries® 990 (z990)  IBM eServer zSeries 890 (z890)  IBM eServer zSeries 900 (z900)  IBM eServer zSeries 800 (z800)

z/VM Version 5 Release 3 Availability – June 29, 2007

VMV53_060 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems IBM System z9 Enterprise Class (z9 EC)

° 5 Models - S08, S18, S28, S38 and S54 ° Processor Units (PUs)  12 (16 for Model S54) PUs per book  2 SAPs per book, standard  2 spares per server  8, 18, 28, 38 or 54 PUs available  CPs, IFLs, ICFs, zAAPs, zIIPs, optional SAPs ° Improved performance over the z990 ° Up to 512 GB of central processor storage ° Up to 4 Logical Channel SubSystems (LCSSs)  Up to 1024 channel paths/Up to 15 LPARs per LCSS ° Up to 60 LPARs  LPAR Mode only - No basic mode ° FICON Express4/FICON Express2/FICON Express  Up to 84 features / 336 channels (FICON Express4/2) ° Up to 1024 ESCON® channels ° N-Port ID virtualization (NPIV) ° OSA-Express2/OSA-Express  Up to 24 features  Fast Ethernet, 1000BASE-T Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet ° Up to 8 configurable Crypto Express2 ° IPL from FCP-attached SCSI disks ° Up to 16 HiperSockets

VMV53_070 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems IBM System z9 Business Class (z9 BC)

° 2 Models – R07, S07 (73 Capacity Indicators) ° 8 Processor Units (PUs)  1 SAP per system, standard  0 spares per server  Up to 7 PUs available  CPs, IFLs, ICFs, zAAPs, zIIPs, optional SAP ° Improved performance over the z890 ° Up to 64 GB of central processor storage ° Up to 2 Logical Channel SubSystems (LCSSs)  Up to 15 LPARs per LCSS ° Up to 30 LPARs  LPAR Mode only - No basic mode ° FICON Express4/FICON Express2/FICON Express  Up to 28 features / 112 FICON channels ° Up to 420 ESCON® channels ° N-Port ID virtualization (NPIV) ° OSA-Express2/OSA-Express  Up to 24 features  Fast Ethernet, 1000BASE-T Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet ° Up to 8 configurable Crypto Express2 ° IPL from FCP-attached SCSI disks ° Up to 16 HiperSockets

VMV53_080 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems IBM eServer zSeries 990

° 4 Models (A08, B16, C24, D32), 1 - 32 way  Up to 32 IFLs ° Improved performance over the z900 ° Up to 256 GB of central processor storage ° Up to 4 Logical Channel SubSystems (LCSSs)  Up to 1024 channel paths  Up to 15 LPARs per LCSS ° Up to 30 LPARs  LPAR Mode only - No basic mode ° Up to 120 FICON Express Channels ° Up to 240 FICON Express2 Channels ° Up to 512 ESCON channels/no parallel channels ° Support for cascaded FICON directors ° IPL from FCP-attached SCSI disks ° Up to 16 HiperSockets for high-speed interconnections ° Up to 48 OSA-Express ports ° Virtual LAN (IEEE 802.1q) supported ° OSA-Integrated Console Controller (OSA-ICC) ° Support for Crypto Express2 ° OSA-Express2

VMV53_090 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems IBM eServer zSeries 890

° 1 Model - 28 capacity settings, 1 - 4 way  Model 110 has select features  Up to 4 IFLs ° Improved performance over the z800 ° Up to 32 GB of central processor storage ° Up to 2 Logical Channel SubSystems (LCSSs)  Up to 512 channel paths  Up to 15 LPARs per LCSS ° Up to 30 LPARs  LPAR Mode only - No basic mode ° Up to 20 FICON Express cards (40 channels) ° Up to 80 FICON Express2 Channels ° Up to 420 ESCON channels/no parallel channels ° Support for cascaded FICON directors ° IPL from FCP-attached SCSI disks ° Up to 16 HiperSockets for high-speed interconnections ° Up to 40 OSA-Express ports ° Virtual LAN (IEEE 802.1q) supported ° OSA-Integrated Console Controller (OSA-ICC) ° Secure cryptographic functions (Crypto Express2) ° OSA-Express2

VMV53_100 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems IBM eServer zSeries 900

° 41 general purpose models ° Up to 16-way (20 PUs), up to 64 GB memory  Up to 15 IFLs ° Up to 15 LPARs ° Maximum 64 GB of storage per LPAR ° Up to 256 ESCON / 88 parallel channels ° Up to 96 FICON channels ° FCP channel in support of Linux environments ° FICON Support for cascaded directors ° IPL from FCP-attached SCSI disks ° z/Architecture (64-bit) supported ° Enhanced I/O subsystem supports greater bandwidth  PCI Cryptographic Accelerator (PCICA) for IFL processors  OSA-Express enhancements ° HiperSockets for high-speed internal TCP/IP network ° Multiple clustered LPARs  CPU and dynamic channel management  Channel subsystem priority queuing

VMV53_110 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems IBM eServer zSeries 800

° 10 General Purpose Models (1- 4 way)  Up to 3 IFLs ° Up to 32 GB of central processor storage ° Up to 15 LPARs ° Maximum 32 GB of storage per LPAR ° Up to 240 ESCON/No parallel channels ° Up to 32 FICON channels ° FCP channel in support of Linux environments ° FICON Support of cascaded directors ° IPL from FCP-attached SCSI disks ° z/Architecture (64-bit) supported ° I/O subsystem supports:  OSA-Express Gb and Fast Ethernet 155 ATM Token-Ring  PCI Cryptographic Accelerator and Coprocessor  PCICA for IFL processors ° HiperSockets for high-speed internal TCP/IP network ° zSeries Entry License Charge™ (zELC) Software pricing ° Also available as an integral component of:  IBM eServer zSeries Offering for Linux

VMV53_120 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems z/Architecture Supported by z/VM

° IBM z/Architecture is an extension of the IBM Enterprise Systems Architecture/390® (ESA/390) and features:  64-bit general registers, 64-bit operations, and 64-bit virtual and real addressing  Compatibility for ESA/390 application programs ° z/VM support of z/Architecture  Requires 64-bit capable processor  Exploits central storage greater than 2 GB for guest and virtual disk (VDISK) pages and for minidisk cache  Enhanced exploitation of large real memory providing 2 GB real-storage constraint relief  Runs 64-bit capable guests with greater than 2 GB of virtual storage (z/OS, z/OS.e, z/VM, and Linux for System z)

VMV53_130 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems z/VM Version 5.3 Enhancements

° Enhanced scalability and constraint relief ° Networking virtualization enhancements  Enhanced virtual network management  Support for greater than 128 GB real storage  Enhanced failover support for IPv4 and IPv6 devices  Up to 32 real processors in a single z/VM image  Virtual IP Address (VIPA) support for IPv6  Enhanced memory management for Linux guests  Enhanced memory utilization using VMRM ° Security between z/VM and Linux guests  Delivery of LDAP server and client  ™ HyperPAV support for IBM System Storage  Enhanced system security with longer passwords DS8000™   ® Conformance with industry standards and SSL server Enhanced FlashCopy support enhancements  Tape data protection with support for encryption ° Virtualization enhancements for Linux and other ° Systems management enhancements guests  Enhanced management functions for Linux and other virtual images  Guest support for IBM System z specialty  Enhanced Performance Toolkit for VM engines (processors)  Enhanced guest configuration  Enhanced VSWITCH and guest LAN usability  Guest support for Modified Indirect Data Address Words (MIDAWs) ° Installation, service, and packaging changes   Guest ASCII console support Service and installation enhancements   Enhanced SCSI support RSCS repackaged as an optional feature  New RACF® Security Server for z/VM  z/Architecture CMS shipped as a sample program  Withdrawal of the ROUTED and BOOTP servers

VMV53_140 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems z/VM Version 5 Terms and Conditions

° International Program License Agreement (IPLA)  Program Use License One-time charge (OTC) for standard or IFL processors – Engine-based Value Units Can be transferred within an enterprise Service by mail, fax, and e-mail only under basic warranty  Subscription and Support (S&S) Comparable service as traditional ICA products Not required but highly recommended Must decline when ordering if not desired Annual renewable charge per processor Adds telephone support No additional charges for updates, new versions and releases ° SoftwareXcel available for an additional charge ° IPLA applies to z/VM base code and the optional features  DirMaint, RSCS, RACF Security Server for z/VM, and the Performance Toolkit for VM ° No-charge upgrade to the Performance Toolkit for VM for:  Customers who purchased z/VM V4 S&S for the RTM, PRF, or Performance Toolkit for VM features  Customers who purchased the FCON/ESA program (5788-LGA)

VMV53_150 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Example of IPLA Charges for z/VM Version 5

L L C C V i i n n M M S u u z/OS z/OS S S E x x Linux Linux

z/OS z/OS z/OS z/VM z/VM Linux LPAR1 LPAR2 LPAR3 LPAR4 LPAR5 LPAR6

CP CP zAAP zIIP CP CP CP IFL IFL IFL IFL IFL 1 2 1 1 3 4 5 1 2 3 4 5 System z

z/VM charges - 5 processors z/VM charges – 5 processors

VMV53_170 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Statements of Direction

° Common Criteria Certification: IBM intends to evaluate z/VM V5.3 with the RACF Security Server optional feature for conformance to the Controlled Access Protection Profile (CAPP) and Labeled Security Protection Profile (LSPP) of the Common Criteria standard for IT security, ISO/IEC 15408, at Evaluation Assurance Level 4 (EAL4). This new SOD represents a modification to IBM's previously expressed Statement of Direction of July 27, 2005, which stated IBM's intent "to evaluate z/VM V5.2 with the RACF for z/VM optional feature for conformance to the Controlled Access Protection Profile (CAPP) and Labeled Security Protection Profile (LSPP) of the Common Criteria standard for IT security, ISO/IEC 15408, at Evaluation Assurance Level 4 (EAL4).“ Based on additional assessment of requirements, IBM no longer intends to evaluate z/VM V5.2. ° OSA-Express2 link aggregation and failover support: IBM intends to provide virtual switch (VSWITCH) support for IEEE Standard 802.3ad Link Aggregation in z/VM V5.3. This support is designed to allow all OSA-Express2 features that are associated with a virtual switch to be grouped and used as a single "fat pipe", helping to increase bandwidth and provide near-seamless failover in the event of a link failure. This z/VM support requires associated OSA- Express2 support that is planned to be available on IBM System z9 servers. ° RPC server support: IBM intends to withdraw support for the RPC/CSL interface from the System Management API server in a future z/VM release. ° TCP/IP functions: IBM intends to withdraw support for the Network Database (NDB) system, Trivial File Transfer Protocol (TFTP) server, X25 interface (includes X25IBI server), and SNALINK server in a future z/VM release. ° 3480 Distribution Media: IBM intends to withdraw 3480 tape as a distribution medium in a future z/VM release. z/VM is planned to continue distribution on 3590 tape, on DVD, and electronic delivery of z/VM from ShopzSeries.

Note: All statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.

VMV53_180 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Virtualization Technology for Linux Guests

© 2006 IBM Corporation IBM Systems

VMV53_190 Rapid Horizontal Growth with Linux on z/VM

Typical UNIX environment Linux on z/VM

Network Network

Virtual networking options available with z/VM

App App App App App App App App

UNIX UNIX UNIX UNIX Linux Linux Linux Linux

Server Server Server Server z/VM Shared processors, memory, network, ...

Shared Disks

° Dedicated processors, disks, adapters... ° Shared resources  Resources wasted when idle  Idle capacity given to servers that need it ° Complex system management ° Simplified system management  Networking and software products required for  Everything in one box command and control  Automation tools included in z/VM ° New servers available in hours/days ° New servers online in minutes/seconds ° Capacity on Demand available

VMV53_210 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Server Consolidation with Linux on z/VM

Traditional Server Farm Server farm in a box

Intel Intel Sun Sun HP System z9 Linux Linux Linux Linux Intel Intel Sun Sun HP IBM eServer Linux Linux Linux Linux Intel Intel Sun Sun HP IBM eServer Linux Linux Linux Linux Intel Intel Sun Sun HP IBM eServer Linux Linux Linux Linux Intel Intel Sun Sun HP System z9 Linux Linux Linux Linux Intel Intel Sun Sun HP IBM eServer Linux Linux Linux Linux Intel Intel Sun Sun HP IBM eServer z/VM in IBM System z9 and zSeries

° Discrete servers consume incremental ° Can help reduce costs without sacrificing server expense autonomy (one server per application)  Hardware price and maintenance ° Virtual, high-speed, inter-server connectivity  Floor space, power, cooling ° Exploit an architecture designed for high availability  Additional support staff ° Mainframe qualities of service  Per server (processor) software fees ° Tested disaster recovery services ° Connectivity requires kilometers of cables ° Connect to discrete servers as required ° High availability enabled by spares/re-boots ° Disaster recovery difficult to test

Server farm in a box

VMV53_220 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems z/VM Virtual Networking – Using z/VM Guest LANs ° A guest LAN is a "virtual" LAN created by the z/VM Control Program ° OSA-Express (QDIO) and HiperSockets guest LANs can be created  Point-to-point, Multicast, and Broadcast (QDIO) connections are supported ° Linux images can connect to one or more guest LANs  And connect to real network adapters at the same time  This enables a Linux image to provide external routing and firewall services for other Linux images

Linux Linux Linux Linux Guest LAN #2 Guest LAN #1 Linux Linux Linux Linux Linux Real Network Linux Linux Linux Linux Linux

Guest LAN #3 Linux

Linux Linux Linux Linux z/VM

VMV53_230 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems z/VM Virtual Networking – Using Virtual IP Switches

° Virtual switches allow virtual-QDIO connections to physical LAN segments without requiring a router  Allows virtual machines on the guest LAN to be in the same subnet with the physical LAN segment  Reduces copying of the data being transported  Provides centralized network configuration and control  May reduce overhead associated with router virtual machines

z/VM guests in Linux TCP/IP VM Linux Linux Linux TCP/IP z/OS same z/VM LPAR Guest 1 guest 1 Guest 2 Guest 3 Guest 4 guest Guest 2 Virtual QDIO adapters Operates as Virtual Switch (Guest LAN) part of z/VM CP Same network z/VM CP subnet

QDIO OSA- Express

Physical Ethernet LAN IPv4

VMV53_240 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Enhanced scalability and constraint relief

© 2006 IBM Corporation IBM Systems

VMV53_250 Support for more than 128 GB real storage

° Changes to page table allocation allow z/VM images to support significantly more real storage (memory) than the prior limit of 128 GB as well as more total host virtual (guest real) storage. ° Page management control blocks (PGMBKs) now reside above the 2 GB address line ° May help reduce or eliminate the need to spread large workloads across multiple z/VM images ° Management of contiguous frames may also reduce storage management overhead and help improve performance

° Potential benefit:  Benefits most customers who experience storage constraints, regardless of the amount of central storage configured for z/VM use

IBM Systems VMV53_260 66. GSE zOS Expertenforum 2007, Interlaken Up to 32 real processors in a single z/VM image

° Allow up to 32 real processors in a single z/VM image  An increase from the prior maximum of 24

° Potential benefit:  z/VM overhead is expected to be lower with fewer, more CPU-intensive guests than with many lightly loaded guests  Excessive over commitment of storage could also contribute to increased overhead

VMV53_270 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Enhanced memory management for Linux guests ° Real memory constraint detected and Linux images signaled to reduce virtual memory consumption ° Exchange page usage information between Linux guests and z/VM ° Reclaim “unused” pages at higher priority Virtual ° Demand on real memory and z/VM paging Memory subsystem is reduced z/VM Paging Subsystem ° Helps improve overall system Disk space performance and guest image Linux Linux Linux Linux Linux throughput ° Guest further benefits from the Host Page-Management Assist (HPMA) to Real re-instantiate pages for next use Memory ° Potential benefit: Expanded Storage z/VM  Exchange of information can allow both the z/VM host and its guests to optimize their use and = Unused = Volatile management of memory = Stable = Volatile discarded

VMV53_280 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Enhanced memory utilization using VMRM between z/VM and Linux guests

° Assists in managing memory contention in the system between z/VM and Linux guests ° Detects when memory is constrained and notifies the Linux guests  Guests can then take action to adjust their memory consumption to help relieve the memory constraint Virtual Memory ° Demand on real memory and z/VM z/VM Paging paging subsystem is reduced Subsystem ° z/VM V5.2 support available Disk space with CMS PTF for APAR VM64085 Linux Linux Linux Linux Linux ° Linux support currently available with SLES 9 and 10

° Potential benefit: Real  Can significantly improve overall system Memory performance in cases where the overall z/VM Expanded system is constrained for real storage and much of that storage is being held by one Storage z/VM or more Linux guests = Inactive virtual memory = Active virtual memory More information available at: www.ibm.com/servers/eserver/zseries/zvm/sysman/vmrm/vmrmcmm.html VMV53_290 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems HyperPAV support for IBM System Storage DS8000 ° IBM System Storage DS8000 HyperPAV is designed to:  Provide more efficient Parallel Access Volumes (PAV) function  Help customers who implement larger volumes to scale I/O rates without the need for additional PAV-alias definitions  Help to reduce overhead, help improve addressing efficiencies, and provide storage capacity and performance enhancements  Enable a dynamic response to changing workloads  Reduce costs via simplified management of aliases  Enable customers to stave off migration to larger volume sizes ° z/VM support is designed to:  Potentially reduce the number of alias-device addresses needed for parallel I/O operations  Provide support of HyperPAV volumes as linkable minidisks for guest operating systems, such as z/OS, that exploit this new PAV architecture ° Potential benefit:  Transparently provide the potential benefits of HyperPAV volumes for minidisks owned or shared by guests that do not specifically exploit HyperPAV volumes, such as Linux and CMS

IBM Systems VMV53_300 66. GSE zOS Expertenforum 2007, Interlaken Enhanced FlashCopy support

° Support for the FlashCopy V2 feature of IBM System Storage disk devices has been enhanced to include the capabilities to:  Specify multiple target minidisks accepting up to 12 target minidisks to be copied  Determine the status of FlashCopy requests by allowing the user to query the number of Flashcopy relationships active for one or more of their virtual DASD  Exploit hardware asynchronous cache destage and discard  designed to eliminate delayed hardware response messages and providing quicker responses  Makes a FlashCopy appear synchronous to the virtual machine FlashCopy  May facilitate automation of processes that exploit this technology. ° Potential Benefits:  Help simplify the tasks required to automate backups and make multiple copies of disk data

IBM Systems VMV53_310 66. GSE zOS Expertenforum 2007, Interlaken Virtualization Technology and Linux Enablement

© 2006 IBM Corporation IBM Systems

VMV53_320 Support for IBM System z specialty processors

° z/VM V5.3 introduces support for zAAP and zIIP specialty processors  System z Application Assist Processors (zAAPs) provide an economical Java execution environment under z/OS and z/OS.e  System z9 Integrated Information Processors (zIIPs) are designed to help improve resource optimization and lower the cost for eligible z/OS and z/OS.e workloads by offloading software system overhead from standard Central Processors (CPs); this includes certain DB2 processing ° New z/VM guest support for zAAPs and zIIPs includes:  Simulation support  Dispatches the virtual processors on real CPs to help eliminate the cost associated with purchasing and installing new real specialty-processor hardware  Provides a test platform for z/VM guests to exploit mixed-processor configurations  Virtualization support  Dispatches the virtual processors on corresponding specialty processors of the same type in the real configuration  Can help improve your total cost of ownership by allowing spare zAAP and zIIP capacity to be used for guest Java and DB2 workloads. zAAPs and zIIPs cost less than standard CPs ° Potential benefit:  Can allow users to assess the operational and CPU utilization implications of configuring a z/OS system with zIIP or zAAP processors without requiring the real specialty processor hardware  Avoiding the purchase of additional CPs, thereby helping to reduce your costs both for additional hardware and for software licensing fees  Consistent with z/OS, there are no z/VM license fees associated with real zAAP or zIIP processors

VMV53_330 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Enhanced VSWITCH and guest LAN usability

° Dynamic change support for VLAN ID and promiscuous mode authorization  Changes are effective immediately and no longer require a revoke, grant, and uncouple/couple to take effect ° New capability to configure a native VLAN identifier  Provides ability to specify a native VLAN identifier for untagged traffic and a default VLAN identifier for guest ports  The DEFINE VSWITCH command now supports specification of a native VLAN identifier ° New virtual network monitor domain  Virtual NIC data counts are now included in records found in a new Virtual Network monitor domain  Recorded data includes:  Inbound packets  Outbound bytes  Frame counts per MAC/VLAN  Provided for virtual NICs coupled to any Guest LAN or VSWITCH ° Potential benefit:  Enhanced ease-of-use for the VSWITCH and guest LAN environments

VMV53_340 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Guest support for Modified Indirect Data Address Words (MIDAWs)

° MIDAW facility is a CCW-indirect-data-address word facility being added to z/Architecture to coexist with the current IDAW facility offering alternatives to using CCW data chaining in channel programs ° z/VM V5.3 is designed to provide:  Guest use of MIDAWs  Operating systems such as z/OS 1.6 (or later) to use this new aspect of z/Architecture without regard to whether the operating systems are running in a or a virtual machine  Capability for guest operating systems to exercise their code-paths just as they would on the real machine ° Potential benefits:  Reduce channel, director, and control unit overhead by reducing the number of CCWs and frames processed  Decrease response time for exploiting I/O  Increase the number of I/O operations per second that can be processed and thus move more data per second, especially on faster FICON channels

VMV53_350 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Guest ASCII console support

° System ASCII console is a facility that comes with all System z models and is presented by the Hardware Management Console (HMC) ° z/VM V5.3 provides guest access to the system ASCII console  Can facilitate recovery of the guest during an emergency situation  Uses tools (such as vi and emacs) that are familiar to Linux support staff  Supports a VT220 data stream

° Potential benefit:  Can help lower system costs by helping to reduce the need to provide alternative facilities, such as duplicate network resources, to achieve desired guest- recoverability characteristics

VMV53_360 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Enhanced SCSI support

° z/VM V5.3 provides additional enhancements for SCSI disk support for Linux users, including: Point-to-Point Fibre channel links Potential benefit: may provide a lower-cost installation than the current requirement for a Fibre channel switched fabric Dynamically determined preferred paths for emulated FBA devices (EDEVICEs) on SCSI disks in an IBM System Storage DS6000 Potential benefit: No longer need to specify which paths are preferred in a SET EDEVICE command or an EDEVICE configuration-file statement Faster formatting of emulated FBA devices (EDEVICEs) on SCSI disks in an IBM Enterprise Storage Server (ESS) or IBM System Storage DS8000 Display of additional SCSI device characteristics when using the QUERY EDEVICE DETAILS command Checking for erroneous mapping of multiple emulated-device (EDEVICE) definitions onto the same SCSI disk when bringing emulated disks online

VMV53_370 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems SSL Support for additional Linux distributions

° Support will be provided for:  Novell SUSE Linux Enterprise Server (SLES) 9 Service Pack 3 (64-bit)  Novell SUSE Linux Enterprise Server (SLES) 9 Service Pack 3 (31-bit)  Red Hat Enterprise Linux (RHEL) AS 4 Update 4) (64-bit)  Red Hat Enterprise Linux (RHEL) AS 4 Update 4) (31-bit) ° SSL server has been enhanced to allow a Linux guest to remain active after a critical error is encountered during server operations. ° SSLADMIN command has been enhanced to:  Allow the specification of the number of days that a self-signed certificate is to be valid  Enhance the management of the SSL server LOG files, by providing the ability to:  Maintain log information in a file named other than SSLADMIN LOG  Specify a maximum size to be established for the SSL server log  Purge log information accumulated by the SSL server ° Potential benefits:  Additional Red Hat Package Manager (RPM) packages supports more distributions

VMV53_380 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Network virtualization

© 2006 IBM Corporation IBM Systems

VMV53_390 Enhanced virtual network management

° z/VM V5.3 provides:  Simple Network Management Protocol (SNMP) data for virtual networking devices  SNMP subagent that will return bridge Management Information Base (BRIDGE-MIB) data for the z/VM Virtual Switch (VSWITCH)  MIB data returned is defined by RFC 1493  Subagent acquires the information using a Control Program Diagnose interface (Diagnose x‘26C’)  Programming interface to obtain information about virtual networks

° Potential benefit: z/VM  Helps network administrators: SNMP SNMP Linux Linux  Manage virtual network performance Server Subagent NIC NIC  Find and solve virtual network problems Diagnose 26C  Plan virtual network growth z/VM TCP/IP z/VM Virtual Switch

OSA OSA Network Management Switch Station

VMV53_400 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Enhanced failover support for IPv4 and IPv6

° Business continuance support – enables failover capability for the z/VM TCP/IP stack in the event of an adapter connection failure  Requires two )or more) QDIO or LAN Channel Station (LCS) EthernetI dXevices on the same network  When one devices stops or fails, another device is designed to take over responsibility for the traffic destined for the failed device ° Failover support includes: SNA  OSA-Express devices (in QDIO Ethernet or LCS Ethernet mode)  Virtual IP Addresses (VIPA)  Proxied addresses – those which PROXYARP services are being provided through a takeover-eligible device ° Potential benefit:  Failover support for Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) devices has been enhanced

VMV53_410 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Virtual IP Address (VIPA) support for IPv6

° Enable and configure a virtual device for IPv6 ° Associate real IPv6-capable network adapters with a specific IPv6 virtual link

° Potential benefit:  Designed to improve the capability of the TCP/IP stack to maintain connections in the event that a real network device fails

VMV53_420 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Additional TCP/IP for z/VM FL530 enhancements

° New Trace Route (TRACERTE) authorization  Eliminates the restriction that TRACERTE can only be used by privileged users  Potential Benefit:  TRACERTE is useful for anyone debugging networking issues ° Dynamic DEVICE and LINK deletion support  TCP/IP stack no longer has to be re-cycled to remove devices and links from the stack configuration  Potential Benefit:  Programmatic access via C and REXX socket interface ° SMTP enhancements  Fixes SMTP processing of nickname files; enhances host name resolution  Potential Benefit:  Allows users to specify a nickname label in SMTP NAMES that matches any of the userids in the list defined by that nickname

VMV53_430 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Security

© 2006 IBM Corporation IBM Systems

VMV53_440 z/VM LDAP server and client support services

° z/VM LDAP server has been adapted from the IBM z/OS 1.8 Tivoli Directory Server ° Executes in a CMS virtual machine; a subcomponent of z/VM TCP/IP ° Enables a common user name space between z/VM and Linux ° z/VM LDAP server provides:  LDAP Version 2 and Version 3 protocol support  Interoperability with LDAP V2 or V3 protocol-capable clients  Native authentication using:  Challenge-Response Authentication Method (CRAM-MD5)  DIGEST-MD5 authentication  Simple (unencrypted) authentication  Access controls on directory information  SSL communication (SSL V3 and TLS V1)  Client and server authentication using SSL/TLS ° LDAP client utilities provide a way to add, modify, search, and delete entries in any server that accepts LDAP protocol requests ° Interoperates with z/VM RACF Security Server feature ° Potential benefit:  New user authentication, authorization, and auditing capabilities

VMV53_450 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Enhanced system security with longer passwords

° Supports the use of passwords that are longer than eight characters, called password phrases (also known as passphrases)  Requires presence of an external security manager (e.g., RACF)  May contain mixed-case letters, numbers, blanks, and special characters ° New Callable Services Library (CSL) routine, DMSPASS, allows authorized CMS applications to authenticate passwords or password phrases ° z/VM subcomponents/functions changed to support passphrases:  LOGON command  File Transfer Protocol (FTP)  System Management API  Remote Execution Protocol (REXEC) server  Internet Message Access Protocol (IMAP) server  Performance Toolkit for VM ° Potential benefits:  Allows for an exponentially greater number of possible combinations of characters than traditional passwords  Enables a z/VM system to meet the enterprise password requirements imposed by many companies, governments, and institutions

IBM Systems VMV53_460 66. GSE zOS Expertenforum 2007, Interlaken SSL server enhancements

° z/VM V5.3 adds Secure Sockets Layer/Transport Layer Security (SSL/TLS) support for:  industry-standard secure FTP (RFC 4217)  Telnet (draft specification #6)  SMTP sessions (RFC 3207) ° New socket APIs to control the acceptance and establishment of TCP sessions that are encrypted with SSL/TLS ° Potential benefit:  Helps to reduce the need to dedicate a separate port for secure connections ° z/VM SSL server has been enhanced to more easily allow weak cipher suites to be excluded ° Potential benefit:  Helps to enable enforcement of enterprise requirements for strong encryption on network connections (128 bits or higher)

IBM Systems VMV53_470 66. GSE zOS Expertenforum 2007, Interlaken IBM System Storage TS1120 Model E05 Tape Drive encryption support

° Drive-based tape encryption is a standard feature on all newly-shipped IBM System Storage TS1120 Model E05 drives  Designed to help address tape data security concerns  Chargeable upgrade feature for existing E05 drives ° z/VM supports drive-based data encryption  Requires that the IBM Encryption Key Manager be running on another operating system, using an out-of-band (such as TCP/IP) connection to the tape control unit  Includes encryption for DDR and SPXTAPE, as well as for guests that do not provide for their own encryption, such as CMS and Linux on System z  Enables encryption of tapes by guests, such as z/OS, that have the ability to control the tape- encryption facilities themselves and to optionally run the Encryption Key Manager  Support is included in the z/VM V5.3 base product  z/VM V5.1 and V5.2 require the PTF for APAR VM64063 ° DFSMS/VM FL221 with the PTF for APAR VM64062: – Supports locating encryption-capable 3592 tape drives in an Enterprise Automated Tape Library – Provides tape-encryption capabilities for a z/VSE guest running on z/VM ° Potential benefit  Help protect your data on tape in a more efficient way

IBM Systems VMV53_480 66. GSE zOS Expertenforum 2007, Interlaken Systems management

© 2006 IBM Corporation IBM Systems

VMV53_490 Enhanced management functions for Linux and other virtual images ° New sockets-based server interface for z/VM Systems Management API  Multitasking capable and supports both AF_INET and AF_IUCV socket requests  Replaces the Remote Procedure Call (RPC) and CSL routines of prior z/VM releases  RPC server is still available at a function level that matches z/VM V5.2  IBM intends to remove the RPC server in a future z/VM release ° New functions available with new server include:  Create, delete, and query the IPL statement in a virtual image's directory entry  Create and delete virtual switches and guest LANs  Obtain processor, memory, and device information for active virtual images  Check the validity of a given user ID and password combination ° Enhancements to existing functions include:  Exploitation of new Asynchronous CP Command function  Password phrase support  Providing a list of active virtual images  Architected output is provided for some query functions that previously returned command responses in a data buffer ° Potential benefit:  Applications can be more easily written by customers or solution providers to help administrators, especially those who lack in-depth VM knowledge, manage large numbers of virtual images running in a single z/VM system

VMV53_500 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Performance Toolkit for VM enhancements

° V5.3 new function includes:  Support for passphrases when accessing the Performance Toolkit using the Web interface  Change the service process for Performance Toolkit from a full-individual object MODULE to service by individual object parts, reducing the size of the service deliverable  Provide new or updated displays and reports to support the following new z/VM V5.3 functions: Linux monitor data for CPU IDs and "steal time" counters Monitor data for virtual network devices and virtual switches Monitor data for guest simulation of zAAPs, zIIPs, and IFLs Monitor data for up to 32 processors in a z/VM image

° Potential benefit:  Helps manage your performance more efficiently

VMV53_510 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Enhanced guest configuration

° DIRECTXA supports a new COMMAND statement in a virtual machine definition or profile to configure the virtual machine ° Any form of a command may be invoked using this capability, including privileged class commands (such as SET RESERVED), on behalf of the virtual machine ° Eliminates the need to provide some other method to configure it

° Potential benefits:  Helps improve the guest LOGON process  Offers added flexibility and convenience for configuring large-scale virtual server environments

VMV53_520 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Asynchronous CP Command API

° Introduces a new IUCV service (*ASYNCMD) and a new CP command (FOR) ° The *ASYNCMD system service allows CP command responses from the FOR command to be captured by a program ° The z/VM System Management API (SMAPI) server uses *ASYNCMD ° A REXX exec using the "STARMSG" CMS Pipeline stage can capture the responses

° Potential benefit:  Provides an asynchronous method to initiate CP commands for another userid and capture responses which are specific to those commands

VMV53_530 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Installation, service, and packaging

© 2006 IBM Corporation IBM Systems

VMV53_540 Installation and service changes

° Additional DVD installation options  Second-level DVD installation process now supports moving the contents to an FTP server directory or a second-level CMS minidisk and then installing from the server or minidisk  Potential benefit:  Provides more options for customer environments and can facilitate electronic delivery of z/VM

° Enhanced status information  Automated service command, SERVICE, has been enhanced  Displays the service and production levels for preventive service (RSU)  Displays an applied, built, and production status for corrective service.  Potential benefit:  Can provide a quicker and easier way to determine service status.

VMV53_550 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems RSCS repackaged as an optional feature

° Remote Spooling Communications Subsystem (RSCS) V3.2.0 (5684-096) has been repackaged as a priced, optional feature of z/VM V5.3  Licensed as an IPLA optional feature  OTC charge based on engine-based Value Units  Operates only on z/VM V5.3  Operates on standard and IFL processors  S&S required for traditional service and no-charge upgrades  Preinstalled but disabled, license required ° Provides dynamic command authorization support through a new server: RSCSAUTH  Runs in a disconnected virtual machine and is authorized for all RSCS commands  Can eliminate the need to re-cycle RSCS when changing system and link authorizations ° Potential benefit:  Can be licensed on standard and IFL processors

Note: The stand-alone RSCS V3.2.0 (5684-096) product is planned to be withdrawn from marketing effective September 30, 2007

IBM Systems VMV53_560 66. GSE zOS Expertenforum 2007, Interlaken New RACF Security Server for z/VM

° Licensed as an IPLA optional feature of z/VM V5.3  OTC charge based on Engine-based Value Units  Operates on standard and IFL processors  Operates only on z/VM V5.3  S&S required for traditional service and no-charge upgrades  Preinstalled but disabled, license required ° Provides support for mixed-case passwords and password phrases  Password phrase can be a string of up to 100 characters, including blanks, and can be used in addition to, or in place of, the traditional 8-character password  An installation exit is provided to help enable customers to define rules governing the length and content of password phrases ° Additional password management enhancements have also been added ° RACF SMF Unload utility has been updated to store the unloaded data in industry-standard XML format, making it suitable to be examined by a variety of applications, including XML browsers and spreadsheets

° Note: IBM intends to withdraw the stand-alone RACF for VM V1.10.0 (5740-XXH) product from marketing on March 5, 2007 and to discontinue service support for the standalone RACF for VM V1.10.0 (5740-XXH) product to be effective May 5, 2008.

All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.

IBM Systems VMV53_570 66. GSE zOS Expertenforum 2007, Interlaken Miscellaneous changes

° U.S. Daylight Saving Time (DST) effect on z/VM  U.S. Government's Energy Policy Act of 2005 and corresponding legislation enacted by the governments of Canada and Bermuda extends DST by four weeks, beginning in 2007 in the United States, Canada, and Bermuda  New sample system configuration file statements will be shipped with z/VM V5.3  System programmers should change the dates that are specified on TIMEZONE_BOUNDARY statements in the existing system configuration files that their systems use  Language Environment PTF for APAR VM64117 must be applied to z/VM V5.1 and V5.2 ° z/Architecture CMS shipped as a sample program  Enables the use of z/Architecture instructions, including those that operate on 64-bit registers, by CMS programs  Does not exploit or explicitly support 64-bit addressing mode but it does not impose serious restrictions on programs that enter 64-bit addressing mode themselves  No formal support available ° Withdrawal of the ROUTED and BOOTP servers  The ROUTED and BOOTP servers have been removed from z/VM V5.3  MPRoute is the only dynamic routing server supported by TCP/IP for z/VM FL530

VMV53_580 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Performance Toolkit for VM FL530

° Licensed as an IPLA optional feature of z/VM V5  OTC charge based on Engine-based Value Units  Operates on standard and IFL processors  S&S required for traditional service and no-charge upgrades  Preinstalled but disabled, license required ° New function level for z/VM V5.3 ° Helps simplify performance analysis and resource management on your z/VM system by analyzing system monitor data and produces performance reports and history files, including:  System resource utilization, transaction response time, and throughput  Resource utilization by userID, DASD activity, and channel utilization

VMV53_590 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Directory Maintenance Facility (DirMaint) FL530

° Licensed as an IPLA optional feature of z/VM V5.3 OTC charge based on Engine-based Value Units Operates on standard and IFL processors Operates only run on z/VM V5.3 S&S required for traditional service and no-charge upgrades Preinstalled but disabled, license required ° New function level for z/VM V5.3 ° Provides efficient and security-rich interactive facilities for maintaining your z/VM system directory ° Required support for z/VM V5.3 is applied to the DirMaint feature supplied with the V5.3 system DDRs and system image (DVD)

VMV53_600 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Primary Uses of z/VM Platform by Product ° Guest ° Systems Management ° Data – Linux on System z – DITTO/ESA – DB2 for VSE and VM – DB2 for VSE and VM – NtuneMON – NFS – DITTO/ESA – CA-VM:Manager – DITTO/ESA – DirMaint, RACF Security – Extended Facilities Product Server, RSCS, Performance – QMF™ Toolkit for VM – STK SnapShot – DFSMS/VM ° Application Development – IBM Backup and Restore Manager, Tape Manager, – C/C++ Compiler z/VM Archive Manager, and – IBM Debug Tool for z/VM V5.3 Operations Manager – COBOL, FORTRAN, PL/I – Tivoli OMEGAMON XE for ® – VisualAge Millennium z/VM and Linux Language Extensions – VisualAge Generator Server – CCCA ° e-business – High Level Assembler – TCP/IP ° Communications – Web390 – ESAWEB – ACF/NCP, ACF/SSP – UltraQuest Reporter – TCP/IP – WebFOCUS – RSCS ° End-User Computing – CA-VM:Webgateway – VM/Pass-Through – DB2 for VSE and VM – EnterWEB – ACF/VTAM, SNA – GDDM®

VMV53_610 66. GSE zOS Expertenforum 2007, Interlaken IBM Systems ß Linux on IBM System z and zSeries ß Hardware Support ß z/VM support for Linux ß Linux Update and Distribution ß Summary

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Linux Versions

° Former version of Linux for S/390 - 31-bit addressing  Linux 31-bit distributions are supported on 9672 S/390 G5 and G6 and S/390 Multiprise® 3000 servers. IBM System z9 and zSeries hardware can also run code built for the 31-bit mainframe systems ° Linux for System z9 and zSeries - 64-bit addressing  Linux 64-bit is supported on IBM System z9 and zSeries architecture (z9 EC, z9 BC, z9 109, z990, z890, z900 and z800) ° Applications for Linux on IBM System z or zSeries will either be  64 bit binaries or  31 bit binaries certified for running in 31 bit compatibility mode on 64 bit linux version or  Strict 31 bit binaries

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Kernel 2.6 with Linux on System z and zSeries

° O(1) Scheduler ° New POSIX compliant threading model  Allows faster and more processes  Kernel assisted threading  Response time improvements: linear  Speedup for Java multi-threaded appls complexity in 2.6 vs square complexity ° with 2.4 IPv6 and IPsec additional features  ° Allows for cryptographic security at network Block I/O protocol level  Allows customizable I/O priorities  Enables stage I for HW crypto exploitation  Asynchronous I/O layer improvements ° New file system and volume manager  Big improvement for Web servers and DB features ° Memory Management enhancements  XA (extended attributes)  Provides more capacity for swapping  Mgmt and security improvements for systems Samba servers ° SMP scalability enhancements and per-  ext3 with ACL support CPU optimizations ° Constraint relief  Performance improvement by lock  Support for disks larger than 2 TB contention reduction  Support for > 32 CPUs  Improved memory consumption

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Kernel 2.6 – Support for large configurations

Maximum CPU (IA32) 64 Maximum CPU (System z) 64 (hard limit) Maximum RAM (IA32) 64 GB Maximum RAM (System z) 256 GB Maximum major devices 1095 Maximum minor devices 1M Maximum FS size (IA32) 16 TB Maximum FS size (System z) 8 EB Threading Library NPTL Native Posix Threading Library Max. PIDs (Process/ Threads) 1 billion Max. UIDs / GIDs (users/groups) 4 billion

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Distributions for Linux on System z Latest service Based on Gcc Glibc level kernel D D i i s s t SLES 8 SP4 2.4.21 3.2 2.2.5 t r r i i b b u u t t i SLES 9 SP3 update1 2.6.5 3.3 2.3.3 i o o n n

U U p SLES 10 GA 2.6.16 4.1 2.4 p d d a a t t e RHEL 3 Update 8 2.4.21 3.2.3 2.3.2 e

RHEL 4 Update 4 2.6.9 3.4 2.3.4

RHEL 5 GA 2.6.18 4.1 2.4

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems SLES9 SP3 U1: New Enhancements

 zfcp Performance Statistics  DIAG250 for 64 bit guests  Linux kernel module to access PR/SM LPAR performance data based on diag204  FICON: Add DASD runtime switch for logging  FCP performance data collection - I/O statistics

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems RHEL5.0: New Enhancements

•Disaster/Recovery: access by VOLSER •3592 Control Unit recognition •qeth - set IP v4/v6 routers separately •Linux kernel module to access PR/SM •Linux-z/VM Monitor Stream LPAR performance data (diag 204) •Linux API for access to z/VM Monitor records •Channel Path measurement Data •DASD DS6000 support: pref. path •FCP point-to-point support •APPLDATA Enhancements (Linux & •Linux usage of CPU timer z/VM monitor stream) •N-Port-ID Virtualization (NPIV) •Enhance APPLDATA record layout for •Adjustment of CPU Accounting steal time information (Linux & z/VM •(big) xip2fs integration into ext2 monitor stream) •FCP re-IPL/reboot support •s390dbf support for crash •Kernel machine check handling •FCP DS6000 support •SCSI IPL: Export SCSI IPL Parameter List •Software Support for CP Assit for AES, •DASD support for write barriers SHA, and PRNG •s390 debug feature optimization •Exploit zSeries Support for HAL •Enhance zfcp traces & logs - DD •SNMP - include netsnmp package •Enhance zfcp traces & logs - tool •Restrict RHEL 5 on zSeries to 64 bit •Multiple Subchannel Set (MSS) Support for PAV Aliases •dump device configuration •V=V QDIO Pass-thru stage 2 •Provide 31 bit development environment •DIAG250 for 64 bit guests on 64 bit distribution •Support for GuestLAN Sniffer •Pick up newest version of s390tools •Kernel Access to Crypto Hardware: AES & SHA •tune gcc to z9-109 •DASD fast fail support •z990-follow-on new instruction support •ADTools Oprofile Call-Graph-Patch •z990-follow-on tuning •Open source 3590 tape device driver •Kernel stack overflow •Linux PAV support for LPAR avoidance/detection •HyperSwap support in DASD device driver and Common I/O layer •Compiler back-end perfomance improvements stage 2 •DASD awareness for multipath-tools •(= Enable multipath tools for LPAR PAV)

•Deprecate Linux Claw NW DD for IP •Deprecate Linux CTC NW DD for IP

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Distribution Life Cycle

°

SLES D D i  Support (1) –since 8/2005 i s s t  t

General Support: GA + 5 years r r i  i b Extended Support: GA + 7 years b u  Self Support: GA + 10 years u t t

 i SLES 8: End of support 11/2007 i o o n n

U ° RHEL U p p  d Support (2) d a  Full Support: GA + 2.5 years a t t e  Deployment : GA + 3 years e  Maintenance: GA + 7 years

(1) http://support.novell.com/lifecycle/index.jsp?sourceidint=suplnav5_lifecycle, http://support.novell.com/lifecycle/lcSearchResults.jsp?st=linux&sl=-1&sg=-1&pid=1000&x=34&y=9 (2) http://www.redhat.com/security/updates/errata/ http://www.redhat.com/security/updates/

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Is SLES 8 supported on System z9?

° SLES 8 is supported by Novell until 11/2007.

° SLES 8 is supported on System z9 in “z990 compatibility mode”:  A customer running a workload with SLES 8 on a z990 can safely migrate that workload to a System z9  SLES 8 will not exploit new features of the System z9

° Two “exceptions” apply  The System z9 does not support token ring  None of the Crypto adapters available for System z9 is supported by SLES 8

° We strongly encourage SLES 8 customers to migrate to SLES 9 or SLES 10.

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Functional Restrictions

Goal:  stream line design of Linux on System z A  urge customers to use the best technology available A d d  j reduce development & maintenance efforts j u u s s t t i i n ° Restriction to 64 bit distribution support for SLES 10, RHEL 5 & later n g  Requires 31bit execution & SW development environment g

H H W W ° Stop support of legacy devices

S  S

SLES 10, RHEL 5 & later u u p  CTC, CLAW for IP (CTC will remain for SNA: CTCmpc) p p  IUCV for IP (IUCV infrastructure remains) p o o r r t  “SLES 11” and “RHEL 6” and later t  FBA DASD

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Consequences of 64-bit only Distributions

° HW: S/390 architecture no longer supported A A  d

G5, G6, MP3000 d j j u u s s t ° t

z/VM: only 31-bit guests no longer supported i i n n g g

H ° User space applications: H W W 

both 31 bit and 64 bit applications supported S S u  31-bit compatibility libraries u p  p

Requirement to service and maintain 31 bit applications p p o  Which tools do ISVs need to service & maintain their 31-bit SW? o r r t – Debuggers, Profilers, t – Interpreters, … – …

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Compilers & Architecture Support

° IBM continuously provides enhancements  to exploit the new instructions of each new HW generation A A  d to tune performance to HW generations d j j u ° Yet SW (Distributions, IBM MW, ISV SW) will be compiled with options that u s s t allow to run SW on all supported HW generations t i i n n g Intention to deal with this in the future g

H  Tune each major distribution wrt the key HW generation in the field at GA H W of that distribution W

S  With a new major distribution IBM may drop the support of the oldest S u currently supported HW generation u p p p  In general no changes between SPs or updates p o o r ° E.g., gcc default options for SLES 10 r t t  -tune=z-109  -march=z900

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Themes & Focus 2007

Themes  Pervasive VM  Thru Virtualization leadership & ease of use  z/OS integration  E.g. Linux Utilities for System z, seamless integration, …  Large Servers  E.g. RAS, I/O scalability & performance

Technology Focus Areas  Security  E.g. Cryptography improvements (E2E stack!), data security & data integrity  Business resiliency & RAS (throughout the SW stack, top down)  E.g. thru Multi-system virtualization, application mobility  Ease of use  Avoiding complexity in the first place and thru improved Systems Management

Basic Hygiene  future HW and storage support, as well as software currency

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Pervasive VM Through Virtualization leadership & ease of use

° Reduce virtualization overhead  Directed diag support R  CMM2 ° Fast boot support for z/VM guests e l

 Kernel NSS support e ° Support Linux Guest monitoring through z/VM tooling (APPLDATA) a s  Application data support e  Support for dynamic CPU de/attachment

 Steal time support T ° Linux guest management (IBM director support) h e  AF IUCV support m ° Increase flexibility in z/VM device configuration  Improved handling of dynamic subchannel mapping e s

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems z/OS Integration

Share data with z/OS R

3592 tape encryption e l e a s

Share time (stamps) with z/OS e

ETR support T h e m

Joint z/OS Linux D/R solution e s HyperSwap support

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Large Servers

E.g. LPAR support, I/O scalability & performance R

° Monitoring of virtual servers e l • Linux kernel module to access PR/SM LPAR performance data e a • Channel Path measurement data s e

• High performance data serving T

• Linux PAV support for LPAR h e • I/O & NW Performance tuning m • Dynamic switch for qeth_perf and qdio_perf e s • DASD runtime switch for logging • FCP performance data collection

• Server Management • snIPL SCSI Load

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Cross Theme Efforts

° Security • Enhanced Linux System Layout • Secure Key Crypto • Sysfs support for Crypto DD • In-kernel Pseudo Random Number Generation R • (3592 tape encryption support) e l e a

° RAS s e • (Dynamic switch for qeth_perf and qdio_perf) • (DASD runtime switch for logging) T • (FCP performance data collection) h • s390dbf for crash e • dump tool enhancements m

• Reboot with alternate parameters from FCP e • IPL/dump on panic s • Device Support • 3592 control unit recognition • (3592 tape encryption)

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Open source Code Drop 10/2005 and 3/2006

° Kernel ° Kernel  Kernel machine check handling  ADTools Oprofile Call Graph patch  HAL support stage I  In-kernel Crypto API access to Hardware Crypto ° Virtual Server ° Virtual Server  Adjustment of CPU accounting  Collaborative memory management stage 2  xip2fs integration into ext2 ° Networking  Linux usage of CPU timer  Support for GuestLAN Sniffer  User space access to CP commands (1)  V=V QDIO Pass-thru stage 2 ° Networking  Deprecate the following Linux networking device  Linux NCP CDLC support drivers  CTC (IP only) ° Storage - ESCON/FICON  IUCV (for AF_INET traffic, IUCV base  DASD tool harmonization infrastructure is kept)  ° Storage - FCP CLAW (IP only)  N-Port-ID Virtualization (NPIV) ° Common I/O   FCP re-IPL/reboot support Multiple Subchannel Set (MMS) Support  zfcp Performance Statistics ° Storage - ESCON/FICON  SCSI IPL: Export SCSI IPL Parameter List  DIAG250 for 64 bit guests  ° RAS HyperSwap support in DASD driver and common   Support for new 64bit Vmdump format I/O layer   Update SCSI System dumper DASD fast fail support ° Security *All statements regarding IBM’s future direction and intent are subject to  CEX2A (PCIXCC fast path) DD support change or withdrawal without notice, and represent goals and objectives only. (1) ... Pre-req for IBM Director and XDR

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Major ISVs Supporting Linux on System z9 and zSeries

ERP, Production Planning, Logistics Stock tracking °ABAS Software AG °RTS Realtime Systems °SAP Core Banking Applications ° IFS °Sanchez, M2M, S2, ... Database Mail & Calendaring server ° Oracle 9i & 10g °Sendmail (Mail) ° Software AG Tamino (XML Database) °Bynari (Mail & Calendaring) Application & e-business Integration °Nexus Neon °Tibco Development & Testing Tools ° Iona °Logics Software ° BEA WebLogic °Rational Software (now IBM) ° Aeonware (B2B/B2C) °Rogue Wave Software Systems Management °Dignus °BMC Patrol °ACTS (testing) °BMC Mail Server Knowledge Agent °Acucorp Inc. (Cobol solutions) °BMC Web Server Knowledge Agent °MicroFocus °Computer Associates Firewall ° Legato Networker for Linux °zGuard ° LinuxCare (Levanta) °StoneSoft (Stonegate) °Veritas Software Corp. Grid Computing Windows migration (ASP, .NET) °Platform ° Stryon Software °Data Synapse Print server °Globus Toolkit °Macro4

ISVs are constantly releasing new applications for Linux on zSeries

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems ITSO Redbooks / Redpapers

° z/VM and Linux on IBM System z: The Virtualization Cookbook for SLES9,SG24-6695-01 ° Solaris to Linux Migration: A Guide for System Administrators, SG24-7186-00 ° Linux for zSeries and System z9,SG24-6694-00 ° z/VM and Linux on zSeries: From LPAR to Virtual Servers in Two Days,SG24-6695-00 ° Linux on IBM eServer zSeries and S/390: Best Security Practices, SG24-7023-00 ° A Shared WebSphere Application Server Installation for Linux on zSeries,REDP-3998-00 ° WebSphere Portal Installation on Linux for zSeries, REDP-3699-00 ° IBM Communication Controller Migration Guide, SG24-6298-01 ° Linux on zSeries: Samba-3 Performance Observations, REDP-3988-00 ° IBM Lotus Domino 6.5 for Linux on zSeries Implementation, SG24-7021-01 ° IBM Dynamic Infrastructure for mySAP Business Suite on IBM zSeries, SG24-6473-00 ° Experiences with Oracle 10g Database for Linux on zSeries, SG24-6482-00 ° Networking Overview for Linux on zSeries, REDP-3901-00 ° Linux on zSeries: Fibre Channel Protocol Implementation Guide, SG24-6344-00 ° Linux Handbook A Guide to IBM Linux Solutions and Resources, SG24-7000-01

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems ß Linux on IBM System z and zSeries ß Linux Hardware Support ß z/VM support for Linux ß Linux Update and Distribution ß Summary

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Linux for IBM System z Choosing the correct Linux platform can provide significant advantages

° The legendary IBM mainframe - IBM System z ° The IBM mainframe virtualization capabilities - z/VM 5.2 ° The easy server deployment and configuration – IBM Director Extensions 5.10 ° Open standards operating system - Linux for System z

Linux for System z ° Increased performance and security for application Infrastructure simplification communication Linux NCP CDLC support via OSA OSA Layer 2 sequence numbers for CCL ° Increased service level management N-Port-ID Virtualization (NPIV) retrofit ° FCP re-IPL/reboot support retrofit Increased resource utilization s Security e ° Increased business continuity and disaster recovery g CEX2A (PCIXCC fast path) DD support a

t ° Increased availability, security, and robustness of the Software Support for CP Assist for AES, n SHA, and PRNG a applications

v Integrated Crypto and Related Functions d ° Increased administrator efficiency

A Systems Management ° Reduced number of places one needs to troubleshoot User space access to CP commands Support for new 64-bit VMdump format ° Reduced number of software licenses required to DASD tool harmonization support applications Update SCSI System dumper Enhance FCP traces and logs

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Linux on IBM System z Take back control of your IT infrastructure ° Unify the infrastructure  IT optimization and server consolidation based on virtualization technology and Linux  Linux can help to simplify systems management with today's heterogeneous IT environment ° Leverage the mainframe data serving strengths  New solution deployed in less time, accessing core data on DB2® on z/OS  Reduced networking complexity and improved security network “inside the box” ° A secure and flexible business environment  Linux open standards support for easier application integration  Unparalleled scale up / scale out capabilities  Virtual growth instead of physical expansion on Intel® or RISC servers ° Leverage strengths across the infrastructure  Superior performance, simplified management, security-rich environment  High-performance security-rich processing with PCICX cryptographic co-processors  Backup and restore processes, Parallel Sysplex and GDPS for Disaster Recovery

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems Why should you use Linux on System z?

° Mainframe qualities of service ° The ability to scale up and out ° System z virtualization for consolidation and control ° The ability to add processing power quickly, when it’s needed ° Benefit from established processes and disciplines ° Proximity to data running on other operating systems on the same System z ° To help reduce the cost of operation ° To help reduce complexity and simplify maintenance tasks

For the same reasons that IBM does – it makes good business sense.

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems [email protected]

66. GSE zOS Expertenforum 2007, Interlaken IBM Systems