LinuxOne For Dummies 2nd Limited Edition (2021)
LinuxOne For Dummies 2nd Limited Edition (2021)
LinuxONE
2nd Limited Edition
by Judith Hurwitz
and Daniel Kirsch
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IBM LinuxONE For Dummies®, 2nd Limited Edition
Published by
John Wiley & Sons, Inc.
111 River St.
Hoboken, NJ 07030-5774
www.wiley.com
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any
means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections
107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests
to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111
River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/
permissions.
Trademarks: Wiley, For Dummies, the Dummies Man logo, The Dummies Way, Dummies.com, Making Everything
Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its
affiliates in the United States and other countries, and may not be used without written permission. IBM and the
IBM logo are registered trademarks of International Business Machines Corporation. All other trademarks are the
property of their respective owners. John Wiley & Sons, Inc., is not associated with any product or vendor
mentioned in this book.
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS
OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK
AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS
FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL
MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS
WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL,
ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF
A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL
BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO
IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT
THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE
OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES
LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND
WHEN IT IS READ.
For general information on our other products and services, or how to create a custom For Dummies book for your
business or organization, please contact our Business Development Department in the U.S. at 877-409-4177,
contact [email protected], or visit www.wiley.com/go/custompub. For information about licensing the For
Dummies brand for products or services, contact BrandedRights&[email protected].
ISBN: 978-1-119-73650-9 (pbk); ISBN: 978-1-119-73652-3 (ebk). Some blank pages in the print version may not
be included in the ePDF version.
10 9 8 7 6 5 4 3 2 1
Publisher’s Acknowledgments
Some of the people who helped bring this book to market include the following:
Project Manager: IBM Contributors: Susan Proietti Conti,
Carrie Burchfield-Leighton Robert Enochs, Rebecca Gott,
Teressa Jimenez, Adam Jollans,
Sr. Managing Editor: Rev Mengle
Michael Jordan, Brian Lang,
Acquisitions Editor: Ashley Coffey Christina Malack, Alex McMullen,
Business Development Representative: Ismath Mohideen, Sowmya Nataraji,
Molly Daugherty Rohit Panjala, Traci Parker,
Rushir Patel, Nada Santiago,
Mark Shultz, Chad Smith, Enyu Wang
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Table of Contents
INTRODUCTION................................................................................................ 1
About This Book.................................................................................... 1
Foolish Assumptions............................................................................. 2
Icons Used in This Book........................................................................ 2
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
CHAPTER 4: IBM LinuxONE as a Cloud Platform............................. 21
The Role of Red Hat OpenShift Container Platform....................... 21
Understanding IBM Cloud Paks......................................................... 22
Cloud-optimized software and services...................................... 22
Infrastructure flexibility................................................................. 23
IBM Cloud Hyper Protect Services..................................................... 23
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Introduction
A
s more companies transform their IT infrastructures with
hybrid cloud services, they require environments that pro-
tect the safety of their intellectual property, such as data
and business rules. In addition, businesses need a set of hybrid
cloud services that combines the security and integrity of their
enterprise computing environment with the economic viability of
the hybrid computing environment. Welcome to IBM LinuxONE.
LinuxONE supports open APIs and Red Hat OpenShift. The open-
ness of the platform means your business can create a hybrid
environment that can include both on-premises environments
and public cloud services.
Introduction 1
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Foolish Assumptions
The information in this book is useful to many people, but we
have to admit that we did make a few assumptions about who we
think you are:
This icon points out content that you should pay attention to in
order to avoid problems.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IN THIS CHAPTER
»» Examining the history and evolution of
LinuxONE
Chapter 1
Explaining IBM
LinuxONE
L
inux adoption has grown dramatically over recent years,
expanding from initial use by startups for web servers, into
its use today for a vast range of enterprise computing work-
loads. These mission-critical applications have in turn placed
greater requirements on the underlying server hardware for secu-
rity, scalability, and resilience. As more enterprises move to a
cloud-native architecture, Linux combined with containers and
Kubernetes has become an invaluable platform to support cloud-
native development and deployment. IBM LinuxONE is an impor-
tant platform to support this DevOps and continuous delivery
process. Because LinuxONE is based on open source Linux, devel-
opers can use the same tools they’re familiar with in any on-
premises or cloud environment; because of LinuxONE’s
capabilities, it can safely run development alongside production
workloads.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
LinuxONE is an enterprise-grade Linux server with a unique
architecture designed to meet the needs of mission-critical work-
loads. It brings together IBM’s experience in building secure,
resilient, and scalable systems with the openness of the Linux
operating system. LinuxONE is a Linux-only platform intended to
support customers interested in leveraging the open source eco-
system combined with highly secure and highly scalable servers.
In 2014, IBM saw a shift in how clients were deploying Linux and
open source. This was driven by the use and maturity of open
source software for enterprise application deployments. Clients
were increasingly looking for scale, performance, availability, and
security in their Linux servers. Observing this shift, IBM decided
to build a system to address these requirements.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
The result is a platform that can run cloud-native applications,
provide enterprise class-leading security, has high enterprise
server reliability, and can consolidate workloads from many
smaller servers onto a single integrated LinuxONE machine.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
service — whether at rest or in transit. This level of protection
is achieved through hardware-accelerated encryption of data,
delivered with little overhead by the on-chip Central Proces-
sor Assist for Cryptographic Function (CPACF) and the dedicated
Crypto Express adapter. The availability of this level of encryption
at scale can make it easier for organizations to meet compliance
mandates for regulations such as Health Insurance Portability
and Accountability Act (HIPAA) and Payment Card Industry Data
Security Standard (PCI DSS).
Protecting Data
In order to maximize data protection, LinuxONE offers two ser-
vices: IBM Secure Execution and IBM Data Privacy Passports. Both
these offerings help provide a comprehensive way to protect data
in a distributed environment that spans from LinuxONE to a mul-
ticloud environment.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Secure Execution
Secure Execution for LinuxONE III is a hardware-based approach
to security that’s intended to protect sensitive data in use. To
achieve this objective, it isolates individual on-premises and cloud
workloads from both internal and external attacks. To accom-
plish data protection, Secure Execution uses a hardware-based
Trusted Execution Environment that isolates workloads in order
to restrict access to data. It can process unencrypted memory
securely without exposing the data to the hosted or other external
environments. Secure Execution also provides isolation between
KVM hypervisor hosts and guests in the VMs.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Reliability
Reliability is a well-known capability of IBM’s unique enterprise
server architecture — for example, the fact that its design has
no single points of failure. LinuxONE inherits these capabilities,
including component redundancy to allow the machine to con-
tinue when a single component fails. This feat is possible because
maintenance and repairs can be performed concurrently while the
machine is still running workloads.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Workload Performance of LinuxONE
The unified platform of LinuxONE is designed to support demand-
ing performance requirements in the enterprise. While we could
give you countless examples of the benefits of this level of perfor-
mance, in this section, we describe four use cases where custom-
ers benefit from the workload performance.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Support for DevOps
LinuxONE is an important platform to support the DevOps pro-
cess. Because LinuxONE is based on open source Linux, developers
can use the same tools they’re familiar with in any on-premises
or cloud environment and can safely run development alongside
production workloads.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IN THIS CHAPTER
»» Knowing why you need a secure platform
to protect your data
Chapter 2
IBM LinuxONE as a
Secure Platform
S
ecurity must be at the center of any IT platform. If critical
business data is compromised or customer data is leaked,
your business’s reputation may be damaged, and you may
face regulatory and legal consequences. Likewise, if corporate
data is exposed, you risk the chance of losing significant intel-
lectual property.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
UNDERSTANDING CONFIDENTIAL
COMPUTING
A new movement in the industry has introduced the concept of confi-
dential computing. The term confidential computing refers to protection
of data in use and is a key pillar of data protection. It uses hardware-
based techniques to isolate data, specific functions, or an entire appli-
cation from the operating system, hypervisor, or virtual machine (VM)
manager, and other privileged processes. The Linux Foundation hosts
the Confidential Computing Consortium, of which IBM is a member, to
define industry-wide standards for confidential computing and to pro-
mote the development of open-source confidential computing tools.
The focus of confidential computing is to store data in a trusted envi-
ronment. LinuxONE supports protection of data in use, as well as data
at rest and data in motion within the system.
We are not just talking about data stores here. Instead, data is
embedded in spreadsheets, documents, applications, and data-
bases on premises and in the cloud. At one point, the Chief Secu-
rity Officer (CSO) may have had direct control over how security
was handled. However, increasingly, distributed data and appli-
cations make it difficult for the CSO to control this complex set
of services. At the same time, security is now a major concern
of business management. Management needs to report to share-
holders that security is being managed at the highest level.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
A common misconception exists that when a business entrusts its
data and applications to a cloud provider it is no longer respon-
sible for security. But in fact, the business remains responsible
for keeping track of this highly distributed data, including who’s
allowed to access the data and whether regulations are adhered
to. To be successful at protecting your assets, there needs to be a
partnership between the cloud vendor and the security manage-
ment team.
Pervasive encryption
Pervasive encryption can automatically encrypt data both at rest and
in flight and doesn’t require application changes. This approach
enables companies to encrypt all their data by default with little
compute overhead.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Providing encryption of everything and at every level is in stark
contrast to the way encryption is typically approached. Most
companies only encrypt a small amount of data, leaving the vast
majority of data completely unencrypted. All the unencrypted
data is at risk of being leaked by mistake or stolen by a criminal.
On the other hand, when all the data is encrypted, even if it’s
exposed to people outside of your organization, it will be mean-
ingless without the encryption key.
Before data leaves the system of record, the Data Privacy Pass-
ports component known as the Passport Controller provides pro-
tection, enforcement, policy, and key management. The goal of
Data Privacy Passports is to ensure that privacy is maintained and
managed based on policy as eligible data is moved from its source
such as a system of record to other systems, including a variety of
clouds. The objective is to provide transparent end-to-end data
level protection and privacy. It achieves this goal by encrypting
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
eligible data based on corporate rules and compliance require-
ments. Data Privacy Passports is designed so data access can be
either granted or revoked in order to maintain control, and you
can do so even after the data has left its source. This is especially
important when data moves from the system of origin in order to
conduct sophisticated analysis of data.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
other threat vectors to steal information. The Confidential Com-
puting Consortium is an industry-wide movement to help protect
data while it is in use through the implementation of hardware-
based techniques such as Trusted Execution Environments (TEE).
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IN THIS CHAPTER
»» Scaling approaches for LinuxONE
and databases
Chapter 3
Scalable Databases
for IBM LinuxONE
T
he key difference between IBM LinuxONE and other Linux
systems is that LinuxONE’s hardware is engineered to offer
dramatic improvements in performance, security, and reli-
ability. In particular, LinuxONE can scale up to handle large data-
bases when compared to other approaches. The platform also
enables the consolidation of multiple database servers onto a sin-
gle system. These hardware advantages create the opportunity to
run databases on a single scale-up LinuxONE machine rather
than multiple scale-out servers. Transitioning from a scale-out to
a scale-up strategy helps organizations increase performance,
achieve higher utilization, and reduce costs.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Scaling LinuxONE and Databases
Organizations have coped with large volumes of data for decades,
but the challenge is exacerbated by the ever-increasing volume of
big data that’s applied to advanced analytics problems at a mas-
sive scale. This rapid data increase requires significant process-
ing power and computing resources that can scale performance
quickly as demands change.
Database scalability
There’s no shortage of databases in the world. Each platform
has its strengths and weaknesses depending on its use and con-
straints. For example, some databases are designed to run as
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
clusters of cooperating servers in the cloud. This scaled-out con-
figuration can manage larger quantities of data than a single
machine and can continue to scale out with even more servers to
meet additional demands.
Consolidating databases
One common use case for LinuxONE is to host the consolidation of
commercial databases onto a single system. The benefits include
increased performance, better throughput of data, and more effi-
cient sharing of resources. Customers have reported consolidation
ratios of 10:1 cores or more, which can lead to the opportunity
for significant savings in software license fees where these are
calculated on a per-core basis. See Chapter 6 for a more detailed
discussion of LinuxONE and total cost of ownership (TCO).
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
The Linux operating system can be tuned to optimize perfor-
mance of applications and databases. For example, administra-
tors can configure swapping conditions, RAM page size, choice of
filesystem to use (ext4, XFS, ZFS), filesystem parameters, as well
as many other system features. The scale-up capacity and perfor-
mance allow many large database workloads to be handled by a
single LinuxONE server. Also, multiple databases and applications
can be consolidated on a single LinuxONE server for cost savings
without a performance penalty. In addition, a database running
on LinuxONE can exploit the large memory to hold data.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IN THIS CHAPTER
»» Understanding the role of Red Hat
OpenShift
Chapter 4
IBM LinuxONE as a Cloud
Platform
B
usinesses are turning to hybrid cloud as a way to manage
their workloads to support customers and partners. One
solution to support all workloads and business situations
doesn’t exist. Both corporations and cloud service providers
(CSPs) are evaluating a new generation of cloud offerings as a
solution. In this chapter, you explore IBM Cloud Pak Solutions and
Red Hat OpenShift in combination with IBM LinuxONE in a hybrid
cloud environment. LinuxONE can be deployed in a variety of
cloud use cases, including in the IBM Cloud as the foundation for
IBM Cloud Hyper Protect Services or IBM Blockchain Platform.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
cloud-native applications to be developed and existing appli-
cations to be modernized. These new and modernized applica-
tions are designed for high performance and for the flexibility to
respond to customer and market changes. Applications built on
Red Hat OpenShift and deployed on LinuxONE inherit the enter-
prise qualities of LinuxONE, with high levels of security and fast
performance through co-location with core data.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
the platform. Cloud Pak offerings give you a common catalog of
services that increases developer productivity. The catalog helps
manage microservices so they can scale both horizontally and
vertically. The structure of the catalog makes it easier to gov-
ern, deploy, and maintain software and services to support rapid
development, test, and deployment. Services that are managed in
the catalog include Helm charts, Terraform templates, and Cloud
Foundry buildpacks.
Red Hat OpenShift serves as the foundation for Cloud Pak Solu-
tions and incorporates a broad range of managed middleware,
data, and analytics services, supporting both cloud-native and
existing applications. New Kubernetes services included are
Microservices Builder, IBM Watson Studio, security services, and
IBM API Connect. Developers can leverage existing application
development skills such as Java, Spring, and Open Liberty through
the Red Hat Runtimes and IBM middleware. API connectivity and
management services make it possible to integrate services across
public, private, and existing enterprise environments.
Infrastructure flexibility
The IBM Cloud Pak Solutions environment can operate on any
existing hardware environment that supports Red Hat OpenShift,
including IBM LinuxONE, IBM Z, IBM Power Systems, IBM Stor-
age, IBM Hyperconverged Systems, and x86-based systems. It
also supports a variety of clouds, including VMware, Amazon Web
Services, Microsoft Azure, Google Cloud Platform, and IBM Cloud.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
cloud provider. Through this, enterprises can fully manage
their encryption keys in the cloud and have exclusive control
of the HSMs that protect those keys, which enables a Keep
Your Own Key (KYOK) functionality to help achieve more
authority over your data.
Multiple IBM Cloud services integrate with Hyper Protect
Crypto Services for key management. Additionally, the
service can be used as a cloud HSM for application-driven
data integrity and to protect data in transit (such as SSL
offloading).
»» IBM Cloud Hyper Protect Database as a Service (DBaaS):
This is a cloud service designed to provide highly secure
databases on demand, such as PostgreSQL and MongoDB
Enterprise Edition. It’s designed to provide data confidential-
ity, security, performance, and reliability for moving highly
sensitive confidential data and workloads to the IBM Cloud.
Clients can quickly provision, manage, and protect sensitive
data workloads.
The service leverages LinuxONE encryption capabilities,
allowing clients to retain their data in an encrypted client
database without needing specialized skills. It uses IBM
Secure Service Container to provide workload isolation,
restricted administrator access, and tamper protection
against internal threats. The Docker-based stack inherits
security without any code changes. With IBM Cloud Hyper
Protect DBaaS, clients can deploy integrated database
clusters in the IBM Cloud, manage database instances using
APIs, Command Line Interfaces (CLIs) or User Interfaces (UIs),
administer database content, and monitor their database
environments.
»» IBM Cloud Hyper Protect Virtual Servers: IBM Cloud Hyper
Protect Virtual Servers are the industry’s first customer-
managed LinuxONE-based virtual servers offering in the
public cloud. The offering gives customers complete
authority over their workloads and confidentiality of code,
data, and business Internet protocol (IP) within a secure
environment. Workloads are protected from both internal
and external threats, and not even privileged users, such as
cloud administrators, can access client data. Finally, a client
can easily provision, manage, maintain, and monitor
instances in the IBM Cloud using a standard UI.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IN THIS CHAPTER
»» Understanding the fundamentals of
digital assets and blockchain
Chapter 5
IBM LinuxONE as the
Digital Assets and
Blockchain Platform
B
usiness leaders are beginning to understand that block-
chain is much more than just the technology that underlies
Bitcoin and other cryptocurrencies. The core architecture of
blockchain allows a means of conducting secure transactions
among many participants. The blockchain architecture ensures
that the transactions are secure, auditable, and transparent to all
stakeholders. Digital assets are blockchain-native assets that are
secured using cryptography.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
This chapter explains how digital assets housed in a private
blockchain provide the required security to protect the privacy
and security of corporate and customer information. The value of
digital assets and blockchain are explained in the context of the
hybrid cloud.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Introduction to Digital Assets
An asset is simply anything of value, meaning that somebody is
willing to trade something else for the asset or wants to steal it.
An asset can be physical, such as a box of chocolates. Most peo-
ple think of assets as durable, that they don’t expire, but assets
are often perishable at least to some degree. Because assets have
value, their owners, custodians, and managers want to handle
them with care and defend them against thieves. For example,
they keep chocolates refrigerated, in locked warehouses, and
sell them (trade them for Swiss francs, for example) to chocolate
lovers before the chocolate starts growing mold.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
LinuxONE provides a solution to this common problem by provid-
ing a secure memory enclave. Rather than leave code to be clear
text, LinuxONE builds an image in a secure memory enclave. This
secure container service creates a protected memory. Known as
confidential computing, this approach to securing data stored in
memory is critical for creating safe blockchain and digital assets.
Built-in encryption
Encryption and decryption have a performance cost, and Linux-
ONE has dedicated on-chip co-processors for hardware encryp-
tion and decryption of data without the typical processing
overhead associated with software encryption. The low overhead
of LinuxONE hardware encryption enables pervasive encryption
to be practical, automatically protecting all data.
Key management
LinuxONE has a security hardware module (the Hardware Security
Module, HSM) that supports the storage of private keys required
for cryptographic signing in a tamper-resistant module. This is
another feature that improves performance and security. These
HSMs hold the root wrapping key material that in turn encrypts
the user’s private keys. The private keys are never presented in
clear text within the system, and the root wrapping key material
never leaves the HSM.
Workload isolation
Workloads are also isolated on LinuxONE, using the firmware vir-
tualization of logical partitions (LPARs). These ensure near air-
gap separation between workloads and have enabled LinuxONE
to be common criteria certified at EAL5+, one of the highest com-
mercially available certifications.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IBM Secure Service Container
technology
Building on logical partitions is the IBM Secure Service Container
technology, which takes workload isolation to the next level by
providing a secure computing environment for Linux applica-
tions. IBM Hyper Protect Virtual Servers (on premises) and IBM
Cloud Hyper Protect Virtual Servers (in the IBM cloud) use this
technology to protect data and applications from each other and
from systems administrators. We discuss security in more detail
in Chapter 2 and IBM Cloud Hyper Protect Services in Chapter 4.
Performance
One of the requirements for blockchain is a sophisticated level
of security. Therefore, it’s imperative that the deployment plat-
form has the best possible performance so the system performs
at the speed demanded by complex blockchains and digital asset
management environments. These deployment models require a
significant amount of encryption as well as support for hashing
algorithms.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Because of its distributed architecture, blockchain is well suited
for the hybrid cloud model and can be deployed both in the public
cloud and on premises. The decision on where to deploy block-
chain could, for example, depend on if a managed service is
preferred for ease of use, or whether government, industry, or
corporate regulations mean that data needs to be held locally.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IN THIS CHAPTER
»» Consolidating workloads onto LinuxONE
Chapter 6
The Economics of IBM
LinuxONE
Y
ou may assume the total cost of ownership (TCO) of the
enterprise-grade IBM LinuxONE platform is much higher
than commodity servers. However, customers are surprised
at the economic advantage of the LinuxONE platform compared to
a similarly complex set of applications running in an x86 envi-
ronment. The economics of LinuxONE become clear when you
begin to compare the TCO of a LinuxONE machine versus other
servers. x86-based infrastructures tend to have workloads dis-
tributed over many individual servers while LinuxONE-based
infrastructures consolidate workloads onto fewer LinuxONE cores.
The primary reason for software savings is due to per-core licens-
ing. LinuxONE requires fewer cores to run an equivalent x86
workload; therefore, fewer licenses are required. Secondary and
indirect costs also have a significant impact on TCO.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Consolidating Workloads
Workload consolidation gathers workloads from multiple servers
and runs them on a single, larger server. LinuxONE servers can
run many workloads simultaneously and consolidate workloads
from x86 servers. The result is fewer LinuxONE servers than the
number of x86 servers they replace.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
capacity is counterproductive, organizations usually over-
provision compute resources and limit the number of workloads
on machines to avoid bottlenecks.
LinuxONE cores run at high speed and high utilization and con-
tain other performance features that support demanding work-
loads. LinuxONE cores are also designed to provide sustained
high utilization. Therefore, LinuxONE machines have the capac-
ity to handle spikes that near 100 percent utilization without
over-provisioning. Further, LinuxONE machines are designed to
reach higher average utilization levels, while x86 machines often
reserve a large portion of their capacity simply to handle spikes.
The company learned more about the LinuxONE platform and discov-
ered that it could begin consolidating database workloads. To run the
database workload, the company needed two IBM LinuxONE
Emperor II platforms with 135 cores — close to 1,400 fewer cores
than was needed with their forty-two x86 servers. After implementing
the LinuxONE the company realized the following savings:
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
(continued)
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
For example, a global insurance company’s data center costs and
database and application server workloads were increasing. The
insurance company selected a LinuxONE system and decreased
costs significantly. The company moved from fifty-five x86 servers to
one LinuxONE system. This resulted in an 86 percent reduction in
required floor space and a 62 percent reduction in energy consump-
tion. Administration efforts were also dramatically reduced. Overall
the company significantly reduced its carbon footprint.
How can your business achieve the objectives of reducing energy con-
sumption? It can invest in an energy-efficient data center design that
focuses on addressing the carbon footprint of the hardware, heating,
ventilation, and air-conditioning systems in order to reduce electricity
consumption. This may be accomplished through better sharing of
resources, lowering overall power consumption, and reducing floor
space requirements.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
LinuxONE DEPLOYMENT
AT A BANK
A banking enterprise was experiencing 30 percent year-to-year
growth in new accounts and also for transactions from different appli-
cations, credit cards, core bank accounts, and peripheral accounts.
The company faced frequent server upgrades and additions, which
led to a sprawling infrastructure. The easiest approach was to keep
doing what it had always been doing, but that created a complex envi-
ronment that required more people and more processes. DR was
another growing concern. If a move to DR was needed, could the busi-
ness do it confidently? Would all data be accessible at the right speed
and within the right amount of time?
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IN THIS CHAPTER
»» Introducing LinuxONE’s open source
background
Chapter 7
The IBM LinuxONE Open
Ecosystem
L
inux is a dominant operating system in the overall comput-
ing landscape for both on premises and cloud environments.
The IBM LinuxONE open ecosystem includes the broader set
of Linux software developed and used by the Linux community.
Although many different Linux distributions exist, the vast
majority of Linux software can run on any Linux distribution.
Open Source
Linux is an established platform for business. Many software
developers build applications and tools on top of Linux because
the operating system is open source and ubiquitous. By using the
open source model, developers from many different companies
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
around the world have formed a community to continue the evo-
lution and innovation of Linux. For example, Google’s Android
operating system, used in many smartphones, is based on a mod-
ified version of Linux.
Further, many open source applications and tools are built on,
and for, Linux. These tools include hypervisors, languages, run-
times, management, and analytics platform. The Linux distribu-
tions that are certified for LinuxONE include graphical tools that
make it easy for administrators to add various development tools
and software.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Open source software is free (although there may be a charge for
support and service), so you can try a variety of tools to see which
works best for your business. In addition, like Linux, many of the
open source tools have enterprise versions. LinuxONE offers sup-
port for a variety of the key Linux distributions, including Red Hat
Linux, Open SUSE, and Ubuntu.
LinuxONE as a Development
and Deployment Platform
LinuxONE supports a broad ecosystem of third-party tools and
languages. Linux has always offered many tools for developers,
and the quantity and quality of these tools have grown over the
years.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Focusing on development processes, Linux also includes source
control systems and bug tracking/issue management software.
Finally, many commercial software products are also available for
LinuxONE, including Oracle database, Temenos T24 core bank-
ing, IBM Financial Transaction Manager, IBM middleware such
as Db2 and WebSphere, and Jira, one of the top tools used for agile
product management.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
LinuxONE for Solution Providers
and Cloud Service Providers
LinuxONE is gaining a growing foothold as a platform for
solution providers (SPs) and cloud hosts who deliver cloud and
application services and provide data center management for cli-
ents. SPs can leverage this highly optimized open Linux platform
to quickly build and deploy environments clients need to run their
businesses. By using familiar applications, the IT specialists can
design systems in secure containers assigned for one or mul-
tiple individual clients, providing privacy and security that cli-
ents demand, while simplifying life for developers and satisfying
ongoing service level agreements (SLAs) from a single LinuxONE
system. In turn, the system provides a platform that supports
cloud-based usage reporting so SPs can leverage monthly pric-
ing models and easily increase customers’ IT resources as needed
through planned business growth or routine computing spikes.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IN THIS CHAPTER
»» Meeting your organization’s computing
requirements
Chapter 8
Ten Reasons to Consider
IBM LinuxONE
S
electing a platform that protects your business and cus-
tomer data and supports innovation can be difficult. You
need to consider many issues when making a decision. The
IBM LinuxONE platform may be a good choice for the following
reasons:
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
»» Scalability: Meeting increasing customer demands and
creating new services mean that the size and complexity of
your workloads is likely expanding. LinuxONE’s scale-up
approach allows you to meet expanding needs without
adding additional hardware and complexity.
»» Capacity: You can’t always anticipate how much computing
power you need. Adopting a system that can support
compute-heavy workloads is an important step in protecting
your infrastructure investments.
»» Manageability: The centralized approach of LinuxONE can
be much easier to manage than complex distributed
systems.
You can experience performance problems if you have too
many systems trying to communicate across the network.
Management can be impacted if critical operations aren’t
effectively coordinated.
»» Costs: Your existing IT infrastructure servers are likely
underutilized, and your staff costs are high. If you can reduce
costs, budget can be allocated toward innovation.
The LinuxONE platform dramatically supports sustainability
and cost reduction by reducing power usage.
»» Blockchain distributed ledger and digital asset applica-
tions: In order to protect your intellectual property and
customer data, you need a highly secure approach that
supports a transparent, trusted chain of custody.
»» Innovation: To compete in fast-moving markets, you need
to innovate and leverage new technologies, including
containers, analytics, and artificial intelligence (AI). Get a
platform that combines the latest innovation in software
with secure and scalable systems of record.
»» Linux and open source: Open source and the Linux
operating system drive innovation and efficiency for your
organization. The LinuxONE platform supports the three
most common Linux distributions.
»» Differentiating your cloud services: As a service provider,
you need a platform that’s scalable and secure enough to
differentiate your services from those of competitors.
You want your teams to focus on innovation and customer
needs, not the underlying platforms.
These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
WILEY END USER LICENSE AGREEMENT
Go to www.wiley.com/go/eula to access Wiley’s ebook EULA.