IBM

LinuxONE
2nd Limited Edition

by Judith Hurwitz
and Daniel Kirsch

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 IBM LinuxONE For Dummies®, 2nd Limited Edition

Published by
John Wiley & Sons, Inc.
111 River St.
Hoboken, NJ 07030-5774
www.wiley.com

Copyright © 2021 by John Wiley & Sons, Inc.

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any
means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections
107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests
to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111
River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/
permissions.
Trademarks: Wiley, For Dummies, the Dummies Man logo, The Dummies Way, Dummies.com, Making Everything
Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its
affiliates in the United States and other countries, and may not be used without written permission. IBM and the
IBM logo are registered trademarks of International Business Machines Corporation. All other trademarks are the
property of their respective owners. John Wiley & Sons, Inc., is not associated with any product or vendor
mentioned in this book.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS
OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK
AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS
FOR A PARTICULAR PURPOSE.  NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL
MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS
WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL,
ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF
A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL
BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO
IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT
THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE
OR RECOMMENDATIONS IT MAY MAKE.  FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES
LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND
WHEN IT IS READ.

For general information on our other products and services, or how to create a custom For Dummies book for your
business or organization, please contact our Business Development Department in the U.S. at 877-409-4177,
contact [email protected], or visit www.wiley.com/go/custompub. For information about licensing the For
Dummies brand for products or services, contact BrandedRights&[email protected].

ISBN: 978-1-119-73650-9 (pbk); ISBN: 978-1-119-73652-3 (ebk). Some blank pages in the print version may not
be included in the ePDF version.

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1

Publisher’s Acknowledgments

Some of the people who helped bring this book to market include the following:
Project Manager: IBM Contributors: Susan Proietti Conti,
Carrie Burchfield-Leighton Robert Enochs, Rebecca Gott,
Teressa Jimenez, Adam Jollans,
Sr. Managing Editor: Rev Mengle
Michael Jordan, Brian Lang,
Acquisitions Editor: Ashley Coffey Christina Malack, Alex McMullen,
Business Development Representative: Ismath Mohideen, Sowmya Nataraji,
Molly Daugherty Rohit Panjala, Traci Parker,
Rushir Patel, Nada Santiago,
Mark Shultz, Chad Smith, Enyu Wang

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 Table of Contents
INTRODUCTION................................................................................................ 1
About This Book.................................................................................... 1
Foolish Assumptions............................................................................. 2
Icons Used in This Book........................................................................ 2

CHAPTER 1: Explaining IBM LinuxONE...................................................... 3

The Evolution of LinuxONE.................................................................. 4
Looking at the LinuxONE Hardware................................................... 5
Architecting Security into LinuxONE................................................... 5
Protecting Data...................................................................................... 6
Secure Execution.............................................................................. 7
Data Privacy Passports.................................................................... 7
Scalability and Performance................................................................ 7
Reliability................................................................................................ 8
The LinuxONE Ecosystem..................................................................... 8
Workload Performance of LinuxONE.................................................. 9
Support for large high-performance databases.......................... 9
Support for large number of containers....................................... 9
Support for blockchain.................................................................... 9
Support for DevOps....................................................................... 10
The Customer Benefit of LinuxONE.................................................. 10

CHAPTER 2: IBM LinuxONE as a Secure Platform........................... 11

Why You Need a Secure Platform..................................................... 12
IBM’s Approach to Security with LinuxONE..................................... 13
Pervasive encryption..................................................................... 13
Hardware Security Module (HSM)................................................ 14
Explaining Data Privacy Passports.................................................... 14
Seeing the Value of Secure Execution for Linux.............................. 15

CHAPTER 3: Scalable Databases for IBM LinuxONE...................... 17

Scaling LinuxONE and Databases..................................................... 18
Scale up, not out............................................................................ 18
Database scalability....................................................................... 18
Consolidating databases............................................................... 19
LinuxONE as a Database Platform.................................................... 19
IBM Cloud Hyper Protect DBaaS....................................................... 20

Table of Contents iii

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 CHAPTER 4: IBM LinuxONE as a Cloud Platform............................. 21
The Role of Red Hat OpenShift Container Platform....................... 21
Understanding IBM Cloud Paks......................................................... 22
Cloud-optimized software and services...................................... 22
Infrastructure flexibility................................................................. 23
IBM Cloud Hyper Protect Services..................................................... 23

CHAPTER 5: IBM LinuxONE as the Digital Assets

and Blockchain Platform...................................................... 25
Understanding Digital Assets and Blockchain................................. 26
Introduction to Digital Assets............................................................ 27
LinuxONE Security Enables Blockchain and Digital
Assets.................................................................................................... 27
Built-in encryption......................................................................... 28
Key management........................................................................... 28
Workload isolation......................................................................... 28
IBM Secure Service Container technology.................................. 29
Performance................................................................................... 29
Blockchain and Digital Asset Deployment Patterns........................ 29

CHAPTER 6: The Economics of IBM LinuxONE................................... 31

Consolidating Workloads................................................................... 32
Supporting Higher Utilization............................................................ 32
Using Open Source Software............................................................. 34
Looking at Additional Savings............................................................ 35

CHAPTER 7: The IBM LinuxONE Open Ecosystem.......................... 37

Open Source........................................................................................ 37
The Breadth and Depth of Linux....................................................... 38
LinuxONE as a Development and Deployment Platform............... 39
LinuxONE as a DevSecOps Platform................................................. 40
LinuxONE for Solution Providers and Cloud
Service Providers................................................................................. 41

CHAPTER 8: Ten Reasons to Consider IBM LinuxONE................. 43

iv IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 Introduction
A
s more companies transform their IT infrastructures with
hybrid cloud services, they require environments that pro-
tect the safety of their intellectual property, such as data
and business rules. In addition, businesses need a set of hybrid
cloud services that combines the security and integrity of their
enterprise computing environment with the economic viability of
the hybrid computing environment. Welcome to IBM LinuxONE.

LinuxONE is a hardware system designed to support and exploit

the Linux operating system based on the value of its unique under-
lying architecture. We are in an era where openness is paramount
to support the needs of corporations. At the same time, in the era
of cloud computing, businesses need scalability and security to
support increasingly complex workloads. The business value of
LinuxONE is that it can be used within a multicloud environment
to support a range of workloads and a variety of customer scal-
ability requirements.

LinuxONE supports open APIs and Red Hat OpenShift. The open-
ness of the platform means your business can create a hybrid
environment that can include both on-premises environments
and public cloud services.

About This Book

IBM LinuxONE For Dummies, 2nd Limited Edition, is designed to
help you understand LinuxONE as an integrated hardware and
software environment that supports a hybrid cloud environment.
This book provides you with an overview of the value of LinuxONE
when compared to other platforms.

Introduction 1

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 Foolish Assumptions
The information in this book is useful to many people, but we
have to admit that we did make a few assumptions about who we
think you are:

»» You’re already familiar with enterprise and cloud computing

and need to understand how to enable your company to
scale in the era of the hybrid cloud.
»» You’re planning a long-term cloud strategy and want to
understand the value of the private cloud and how it can be
used to support your business goals.
»» You need to ensure that data is managed in a secure
manner.
»» You’re a business leader who wants to ensure that you have
a predictable, secure, and resilient computing infrastructure.

Icons Used in This Book

The following icons are used throughout the book.

This icon highlights important information that you should

remember.

Tips help identify information that needs special attention. You

may save money, time, or resources.

This icon points out content that you should pay attention to in
order to avoid problems.

This icon is reserved for more technical information.

2 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 IN THIS CHAPTER
»» Examining the history and evolution of
LinuxONE

»» Understanding the hardware of

LinuxONE

»» Making sure to protect data

»» Looking at scalability, performance, and

reliability

»» Grasping the LinuxONE ecosystem

»» Seeing LinuxONE in action: Workload

performance

»» Cashing in on the business benefits of

LinuxONE

Chapter  1
Explaining IBM
LinuxONE

L
inux adoption has grown dramatically over recent years,
expanding from initial use by startups for web servers, into
its use today for a vast range of enterprise computing work-
loads. These mission-critical applications have in turn placed
greater requirements on the underlying server hardware for secu-
rity, scalability, and resilience. As more enterprises move to a
cloud-native architecture, Linux combined with containers and
Kubernetes has become an invaluable platform to support cloud-
native development and deployment. IBM LinuxONE is an impor-
tant platform to support this DevOps and continuous delivery
process. Because LinuxONE is based on open source Linux, devel-
opers can use the same tools they’re familiar with in any on-
premises or cloud environment; because of LinuxONE’s
capabilities, it can safely run development alongside production
workloads.

CHAPTER 1 Explaining IBM LinuxONE 3

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 LinuxONE is an enterprise-grade Linux server with a unique
architecture designed to meet the needs of mission-critical work-
loads. It brings together IBM’s experience in building secure,
resilient, and scalable systems with the openness of the Linux
operating system. LinuxONE is a Linux-only platform intended to
support customers interested in leveraging the open source eco-
system combined with highly secure and highly scalable servers.

Linux has been available on supercomputers for more than a

decade, so it’s no novice at being the operating system for pow-
erful machines. However, LinuxONE is focused squarely at enter-
prise computing in the era of the cloud. After you understand the
hardware and software platform of LinuxONE, you can under-
stand the business opportunities and benefits of LinuxONE.

In this chapter, we provide an overview of what LinuxONE is

and how it can be used to support growing requirements in the
enterprise.

The Evolution of LinuxONE

Over the years, centralized enterprise computers and their work-
loads have taken on many new roles, such as hosting servers
in client-server applications or hosting the Internet. In the late
1990s, IBM made the strategic decision to support the Linux
operating system on its enterprise server architecture.

In 2014, IBM saw a shift in how clients were deploying Linux and
open source. This was driven by the use and maturity of open
source software for enterprise application deployments. Clients
were increasingly looking for scale, performance, availability, and
security in their Linux servers. Observing this shift, IBM decided
to build a system to address these requirements.

IBM decided to take existing components from across its Systems

portfolio and fashion a platform that’s designed to deliver on
these new expectations for enterprise Linux servers. The Linux-
ONE system was launched in August 2015. With IBM’s acquisition
of Red Hat in 2019, the LinuxONE platform gained support for
additional foundational components such as Red Hat OpenShift.
In parallel, LinuxONE continues to work closely with its other
Linux Distribution Partners, SUSE and Canonical (Ubuntu).

4 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 The result is a platform that can run cloud-native applications,
provide enterprise class-leading security, has high enterprise
server reliability, and can consolidate workloads from many
smaller servers onto a single integrated LinuxONE machine.

Looking at the LinuxONE Hardware

LinuxONE is currently in its third generation. Named IBM Linux-
ONE III, the platform can be delivered in two models: Model LT1
and LT2. Both models are designed to support cloud-native devel-
opment and deployment. They support pervasive encryption and
IBM Data Privacy Passports to protect data at rest and in transit:

»» LT1 can be configured in one to four frames. It supports up

to 190 processor cores, running at 5.2 gigahertz (GHz), up to
32 terabytes (TB) of RAM, and 640 dedicated Input/Output
(I/O) processors. It supports tens of thousands of sessions
and millions of containers.
»» LT2 is designed for midsized businesses and is therefore an
entry point into the LinuxONE III family. This model is
delivered as a single 19-inch frame so that it can easily fit
into existing data centers. It is based on the same technology
foundation as Model LT1 and is available with up to 16TB of
memory and up to 64 processor cores, running at 4.5 GHz,
instead of 5.2 GHz, to support hundreds of production and
development virtual machines (VMs) in a single frame
footprint.

LinuxONE processor cores are designed to be more powerful than

x86 processor cores, through a combination of processor archi-
tecture, clock speed, cache, optimization, and I/O offloading.
While security and scalability are the key differentiators of these
platforms, the hardware also provides reliability and performance
benefits for many important cloud workloads.

Architecting Security into LinuxONE

Security is architected into LinuxONE for both the hardware
and software. For example, pervasive encryption is designed to
encrypt all data associated with an application, database, or cloud

CHAPTER 1 Explaining IBM LinuxONE 5

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 service  — whether at rest or in transit. This level of protection
is achieved through hardware-accelerated encryption of data,
delivered with little overhead by the on-chip Central Proces-
sor Assist for Cryptographic Function (CPACF) and the dedicated
Crypto Express adapter. The availability of this level of encryption
at scale can make it easier for organizations to meet compliance
mandates for regulations such as Health Insurance Portability
and Accountability Act (HIPAA) and Payment Card Industry Data
Security Standard (PCI DSS).

Security is further promoted by protecting cryptographic keys by

using a Hardware Security Module (HSM). Protected key encryp-
tion is processed in the CPACF for high speed and stored in an
HSM.  This key encryption enables fast encrypting and decrypt-
ing of complete disks (volumes) or selected partitions. Logical
partition (LPAR) isolation, standard on all LinuxONE processors
for generations, isolates workloads running in partitions to help
ensure the integrity of applications and data and minimize secu-
rity breaches and their damaging impact both financially and to
an organization’s credibility.

IBM Hyper Protect Virtual Servers, formerly known as IBM Secure

Service Containers, adds further security capabilities at a logical
partition level. Hyper Protect Virtual Servers provides workload
isolation, restricted administrator access, and tamper protection
against internal threats, including from systems administrators.

Linux itself provides a comprehensive set of security technolo-

gies, including firewalls, VPNs, auditing tools to support regula-
tory compliance, and SELinux, a kernel-based security subsystem.
For more details on security of LinuxONE, check out Chapter 2.

Protecting Data
In order to maximize data protection, LinuxONE offers two ser-
vices: IBM Secure Execution and IBM Data Privacy Passports. Both
these offerings help provide a comprehensive way to protect data
in a distributed environment that spans from LinuxONE to a mul-
ticloud environment.

6 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 Secure Execution
Secure Execution for LinuxONE III is a hardware-based approach
to security that’s intended to protect sensitive data in use. To
achieve this objective, it isolates individual on-premises and cloud
workloads from both internal and external attacks. To accom-
plish data protection, Secure Execution uses a hardware-based
Trusted Execution Environment that isolates workloads in order
to restrict access to data. It can process unencrypted memory
securely without exposing the data to the hosted or other external
environments. Secure Execution also provides isolation between
KVM hypervisor hosts and guests in the VMs.

Chapter 2 provides more detail on Secure Execution.

Data Privacy Passports

Data Privacy Passports is designed to support encryption every-
where through a secure service container appliance. To achieve
this objective, an organization’s security policy can remain active
and operate on eligible data regardless of where the data resides
in the enterprise. Check out Chapter 2 for more information.

Scalability and Performance

LinuxONE is designed to be a high-performance machine. With
its processors, clock speed, I/O bandwidth, and more, LinuxONE
is designed to operate at near 100 percent utilization. In contrast,
x86 machines often operate at relatively low utilization levels
(typically near 50 percent, although case studies show that num-
ber is often lower in practice). In addition, because encryption is
built into the processor cores in hardware, encryption processing
doesn’t add high overhead and can also reduce the need for the
customer to add third-party encryption tools.

LinuxONE systems can scale vertically or horizontally without

disruptions to running applications. The scalability of LinuxONE
is efficient because you can scale up within the same machine.
This scalability is ideal for “systems of record” workloads, such
as databases and transaction processing, and reduces the costs of
scaling workloads. In comparison, to scale out with an x86 sys-
tem, you’re required to add more servers and dedicate more floor
space, management tools, and networking — anything associated
with adding new systems to your environment.

CHAPTER 1 Explaining IBM LinuxONE 7

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 Reliability
Reliability is a well-known capability of IBM’s unique enterprise
server architecture  — for example, the fact that its design has
no single points of failure. LinuxONE inherits these capabilities,
including component redundancy to allow the machine to con-
tinue when a single component fails. This feat is possible because
maintenance and repairs can be performed concurrently while the
machine is still running workloads.

The LinuxONE Ecosystem

The LinuxONE environment is designed as a unified system based
on the Linux operating system combined with the most impor-
tant open source services, ranging from databases to manage-
ment tools. Therefore, IBM has marshaled key open source and
industry software for LinuxONE systems, including Python, Go,
Swift, Java, and other languages; MongoDB, PostgreSQL, Apache
Spark, Node.js, Hadoop, and other tools, including Linux contain-
ers, Chef, and Puppet. A critical part of the LinuxONE ecosystem
is support for Red Hat’s Kubernetes platform, OpenShift. Red Hat
OpenShift helps to accelerate DevOps and transformation efforts
across Linux-based on-premises and cloud environments. This
support for Red Hat OpenShift means that workloads can be man-
aged and moved across LinuxONE III and cloud environments —
connecting on-premises and cloud ecosystems.

These technologies work seamlessly on LinuxONE, just as they do

on other hardware platforms, requiring no special skills. Because
of its open source heritage, LinuxONE can operate both in the
traditional data center or as a private cloud platform. Linux-
ONE runs the enterprise Linux distributions  — Red Hat, SUSE,
and Ubuntu — as well as community editions, including CentOS,
Debian, Fedora, and OpenSUSE.

For more information on the LinuxONE ecosystem, flip to

Chapter 7.

8 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 Workload Performance of LinuxONE
The unified platform of LinuxONE is designed to support demand-
ing performance requirements in the enterprise. While we could
give you countless examples of the benefits of this level of perfor-
mance, in this section, we describe four use cases where custom-
ers benefit from the workload performance.

Support for large high-performance

databases
Many databases use sharding or other scale-out mechanisms
because the data is too large to fit on a single machine. Because of
the scalability and performance of LinuxONE, a massive database
can often fit on a single LinuxONE machine. Performance is often
improved because everything is in the same server  — avoiding
the overhead of additional communications and coordination,
the latency from gathering results, and the application changes
required with a scale-out approach.

Support for large number of containers

LinuxONE systems have been enabled for Linux containers,
Kubernetes, and Red Hat OpenShift with integrated management.
Supporting high numbers of containers is key for businesses that
service a large number of enterprise customers in areas such as
telecommunications, cloud service providers (CSPs), and financial
institutions.

Support for blockchain

Blockchain is a technology for creating distributed, secure led-
gers that represent the history of transactions and life cycle of
things (Bitcoin is the best-known application of blockchain).
Blockchain is an ideal technology to run on LinuxONE. It relies on
data encryption and decryption, and LinuxONE’s hardware cryp-
tography is designed for superior performance at scale. When the
size of a blockchain network or the size of the ledger gets huge,
LinuxONE’s massive available RAM still allows verification of the
ledger to occur in memory for optimal performance. Check out
Chapter 5 for more information on blockchain.

CHAPTER 1 Explaining IBM LinuxONE 9

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 Support for DevOps
LinuxONE is an important platform to support the DevOps pro-
cess. Because LinuxONE is based on open source Linux, developers
can use the same tools they’re familiar with in any on-premises
or cloud environment and can safely run development alongside
production workloads.

The Customer Benefit of LinuxONE

One of the consequences of the movement to hybrid cloud is
the need to have performance, resilience, scalability, security,
and manageability as the foundation. The cloud has brought the
imperative of elasticity and security to the forefront of how busi-
nesses are supporting their customers, suppliers, and ­partners.
You can no longer assume that you can estimate the capac-
ity you’ll need a year in the future. While you can continue to
add individual servers, management and security concerns are
holding back businesses from achieving their goals. Ironically,
LinuxONE — based on one of the longest lasting architectures in
the industry — has emerged as one of the most forward-focused
platforms to support change.

10 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 IN THIS CHAPTER
»» Knowing why you need a secure platform
to protect your data

»» Seeing the LinuxONE approach to

security

»» Understanding the ability to encrypt all

your data

»» Using Secure Execution for Linux

Chapter  2
IBM LinuxONE as a
Secure Platform

S
ecurity must be at the center of any IT platform. If critical
business data is compromised or customer data is leaked,
your business’s reputation may be damaged, and you may
face regulatory and legal consequences. Likewise, if corporate
data is exposed, you risk the chance of losing significant intel-
lectual property.

When you’re considering an infrastructure platform, you need

to understand the security features inherent to the platform,
both in the cloud and on premises. In this chapter, we discuss
how the IBM LinuxONE system incorporates many security
capabilities.

CHAPTER 2 IBM LinuxONE as a Secure Platform 11

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 UNDERSTANDING CONFIDENTIAL
COMPUTING
A new movement in the industry has introduced the concept of confi-
dential computing. The term confidential computing refers to protection
of data in use and is a key pillar of data protection. It uses hardware-
based techniques to isolate data, specific functions, or an entire appli-
cation from the operating system, hypervisor, or virtual machine (VM)
manager, and other privileged processes. The Linux Foundation hosts
the Confidential Computing Consortium, of which IBM is a member, to
define industry-wide standards for confidential computing and to pro-
mote the development of open-source confidential computing tools.
The focus of confidential computing is to store data in a trusted envi-
ronment. LinuxONE supports protection of data in use, as well as data
at rest and data in motion within the system.

Why You Need a Secure Platform

Initially, corporate management assumed that regulatory com-
pliance and audits would be enough to protect your company’s
data. However, many security risks come from third-party mali-
cious attacks. Management now understands that with the advent
of cloud computing many of the risks may be out of their direct
control.

Businesses are concerned about cybersecurity threats to the

information that is the lifeblood of their relationships with their
customers and partners. More and more data resides in a hybrid
cloud environment, and applications are designed to manage data
and provide collaboration between customers and partners.

We are not just talking about data stores here. Instead, data is
embedded in spreadsheets, documents, applications, and data-
bases on premises and in the cloud. At one point, the Chief Secu-
rity Officer (CSO) may have had direct control over how security
was handled. However, increasingly, distributed data and appli-
cations make it difficult for the CSO to control this complex set
of services. At the same time, security is now a major concern
of business management. Management needs to report to share-
holders that security is being managed at the highest level.

12 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 A common misconception exists that when a business entrusts its
data and applications to a cloud provider it is no longer respon-
sible for security. But in fact, the business remains responsible
for keeping track of this highly distributed data, including who’s
allowed to access the data and whether regulations are adhered
to. To be successful at protecting your assets, there needs to be a
partnership between the cloud vendor and the security manage-
ment team.

IBM’s Approach to Security

with LinuxONE
In Chapter  1, we discuss how LinuxONE is designed to support
industry-standard Linux. LinuxONE provides customers with
a combination of a highly scalable standards-based platform
designed with security at the core. Security is built in at the low-
est levels of the platform for LinuxONE. Security is at the heart of
helping businesses to protect their assets at the most sophisti-
cated level possible. This approach requires a sophisticated tech-
nique of protecting the integrity of data at rest, in motion, or in use
called Cloud Hyper Protect Services. This service can be deployed
either on LinuxONE or in the cloud as a service (see Chapter 4 for
more details about IBM Cloud Hyper Protect Services). Important
technologies for ensuring this level of protection are delivered
through IBM Hyper Protect Services, which employs pervasive
encryption, Hardware Security Module (HSM), and IBM Secure
Service Container as underlying technologies for data protection.

Pervasive encryption
Pervasive encryption can automatically encrypt data both at rest and
in flight and doesn’t require application changes. This approach
enables companies to encrypt all their data by default with little
compute overhead.

One of the benefits of the LinuxONE system is the extent of the

security services. Because of the architecture of LinuxONE, secu-
rity is pre-integrated at every level of the hardware and software
stack. LinuxONE-based security is designed to encrypt data in
bulk. Therefore, it is possible to encrypt all the data associated
with an application or a database at one time.

CHAPTER 2 IBM LinuxONE as a Secure Platform 13

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 Providing encryption of everything and at every level is in stark
contrast to the way encryption is typically approached. Most
companies only encrypt a small amount of data, leaving the vast
majority of data completely unencrypted. All the unencrypted
data is at risk of being leaked by mistake or stolen by a criminal.
On the other hand, when all the data is encrypted, even if it’s
exposed to people outside of your organization, it will be mean-
ingless without the encryption key.

Traditionally, encrypting all your data required a large amount

of compute and time overhead; however, the LinuxONE platform
has dedicated hardware specifically tuned for encryption. The on-
chip encryption co-processor is on every compute chip next to the
main processor.

Hardware Security Module (HSM)

LinuxONE can also include CryptoExpress adapters, which sup-
port high-speed encryption as well as provide an HSM for securely
storing and protecting encryption keys. These CryptoExpress
adapters are protected using a tamper-responsive hardware envi-
ronment that self-destructs encryption keys if it senses an attack.

Explaining Data Privacy Passports

IBM Data Privacy Passports is a capability available on LinuxONE
III service that’s deployed on IBM Hyper Protect Virtual Servers.
It’s designed to protect eligible data after it leaves its source and
travels throughout the enterprise and into distributed and hybrid
cloud environments. This solution focuses on the security of data
itself rather than the security of networks, hardware, or software,
in order to reduce vulnerabilities that exist with point-to-point
data protection.

Before data leaves the system of record, the Data Privacy Pass-
ports component known as the Passport Controller provides pro-
tection, enforcement, policy, and key management. The goal of
Data Privacy Passports is to ensure that privacy is maintained and
managed based on policy as eligible data is moved from its source
such as a system of record to other systems, including a variety of
clouds. The objective is to provide transparent end-to-end data
level protection and privacy. It achieves this goal by encrypting

14 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 eligible data based on corporate rules and compliance require-
ments. Data Privacy Passports is designed so data access can be
either granted or revoked in order to maintain control, and you
can do so even after the data has left its source. This is especially
important when data moves from the system of origin in order to
conduct sophisticated analysis of data.

To execute on this process, Data Privacy Passports secures SQL-

based structured data sources that are accessed via Java Database
Connectivity (JDBC) APIs. The policy governed by the Passport
Controller allows each persona to have a different view of the
same table, based on its need to know. And policies can be set
accordingly. Data owners may see all data in the clear, whereas
others will see it either enforced, like masked value or encrypted
as a Trusted Data Object.

Setting up Data Privacy Passports has two critical stages:

1. The system administrator installs and configures the

Hyper Protect Virtual Server hardware and software.
At this stage, the data owners identify which data needs to be
protected.
2. Once identified, the security administrator sets up the
policy for Data Privacy Passports based on which users
have authorization to access the data under what
conditions.
At this stage, the system administrator activates the approval
policy and connects the policy to the source and target
databases.

Seeing the Value of Secure

Execution for Linux
While existing techniques can provide extensive protection of
data in flight and data at rest, protecting the third state — data in
use — is the new frontier. Protecting data while in use has been
a challenge so far because applications need to have data that’s
unencrypted, or not protected, in order to run computations.
This poses a significant security issue because this type of data
remains exposed in memory and can be exploited by malware or

CHAPTER 2 IBM LinuxONE as a Secure Platform 15

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 other threat vectors to steal information. The Confidential Com-
puting Consortium is an industry-wide movement to help protect
data while it is in use through the implementation of hardware-
based techniques such as Trusted Execution Environments (TEE).

IBM Secure Execution for Linux is a LinuxONE exclusive TEE tech-

nology that’s built into the hardware and firmware of the system.
It is designed to protect the confidentiality and integrity of data
and code in use (during runtime). Unencrypted data and memory
while in use can now be securely processed in a protected exe-
cution environment, often termed an enclave. Secure Execution
offers workload isolation and access restrictions to help ensure
that other compromised guests or malicious administrators don’t
have access to your sensitive workloads. Secure Execution can
help provide a highly secure and trustworthy hosting solution for
enterprise ready multi-tenant workloads on premises or in the
cloud and hybrid environments.

The value of Secure Execution is that it can help mitigate some

of the data exposure concerns that many organizations have
expressed when approached with the idea of moving their most
sensitive workloads to the cloud. Secure Execution can maintain
confidentiality and integrity for data in use, regardless of who
may own or have access to the machine on which the software
is running. By protecting data in use, the last pillar of data secu-
rity, Secure Execution makes it possible to run sensitive work-
loads more securely even on untrusted or malicious infrastructure
and help you move one step closer to realizing a Zero-Trust
environment.

16 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 IN THIS CHAPTER
»» Scaling approaches for LinuxONE
and databases

»» Choosing LinuxONE for running

databases

»» Looking at IBM Cloud Hyper Protect

DBaaS

Chapter  3
Scalable Databases
for IBM LinuxONE

T
he key difference between IBM LinuxONE and other Linux
systems is that LinuxONE’s hardware is engineered to offer
dramatic improvements in performance, security, and reli-
ability. In particular, LinuxONE can scale up to handle large data-
bases when compared to other approaches. The platform also
enables the consolidation of multiple database servers onto a sin-
gle system. These hardware advantages create the opportunity to
run databases on a single scale-up LinuxONE machine rather
than multiple scale-out servers. Transitioning from a scale-out to
a scale-up strategy helps organizations increase performance,
achieve higher utilization, and reduce costs.

In this chapter, we provide an overview of LinuxONE and why it’s

well suited to running large databases. We also discuss an IBM
product designed to deploy and monitor secure databases in the
cloud.

CHAPTER 3 Scalable Databases for IBM LinuxONE 17

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 Scaling LinuxONE and Databases
Organizations have coped with large volumes of data for decades,
but the challenge is exacerbated by the ever-increasing volume of
big data that’s applied to advanced analytics problems at a mas-
sive scale. This rapid data increase requires significant process-
ing power and computing resources that can scale performance
quickly as demands change.

Scalable processing power can be achieved in various ways. The

cloud has demonstrated the ability to scale massively by scaling
out  — using many independent, cooperating virtual machines
(VMs), running on commodity servers. While this scale-out
approach can work for systems of insight and systems of
collaboration, there are challenges for systems of record because
of the need to achieve immediate consistency in data across mul-
tiple VMs  — and managing a sprawling network of distributed
servers can quickly become difficult. In addition, as you continue
to scale out, you’ll likely introduce latency and increase costs.

Scale up, not out

Instead of scaling out, you can scale up. Scaling up allows you to
get more compute and storage resources from a single machine.
With the scale-up model, you begin with a small VM and add pro-
cessors and memory as your workloads expand.

LinuxONE uses a fast commercially available processor running at

4.5 or 5.2 gigahertz (GHz). Input/Output (I/O) is offloaded up to
640 dedicated co-processors, speeding access to data. And Linux-
ONE can run many workloads that otherwise require multiple
x86 machines. For example, a single IBM LinuxONE III system is
designed to scale up to billions of transactions per day, support up
to 8 terabytes (TB) of main memory, contain 30 CPUs, and provide
extreme I/O bandwidth with a 16 gigabit (Gb) channel — all while
designed for 99.999 percent availability. However, you can start
by provisioning and paying for a much smaller workload and scale
up as your requirements expand.

Database scalability
There’s no shortage of databases in the world. Each platform
has its strengths and weaknesses depending on its use and con-
straints. For example, some databases are designed to run as

18 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 clusters of cooperating servers in the cloud. This scaled-out con-
figuration can manage larger quantities of data than a single
machine and can continue to scale out with even more servers to
meet additional demands.

Other on-premises databases are designed to operate on a single

machine. If a business needs to deploy a workload larger than the
machine’s capacity, it may need to use a strategy like sharding —
another form of scaling out.

When the data is complex or has many interconnections, shard-

ing (partitioning a large database into smaller units) will also
introduce latency to data access when it is retrieved and reassem-
bled from multiple partitions. Add in the extra communication
required between the scaled-out servers as well as the manage-
ment overhead of a cluster of servers, and the performance cost
of the scaled-out solution can become significant. Therefore, as a
general solution, sharding can cause as many (or more) problems
as it solves. In contrast, a single LinuxONE machine, with its high
capacity and performance, can handle large databases in a single
system without requiring sharding.

Consolidating databases
One common use case for LinuxONE is to host the consolidation of
commercial databases onto a single system. The benefits include
increased performance, better throughput of data, and more effi-
cient sharing of resources. Customers have reported consolidation
ratios of 10:1 cores or more, which can lead to the opportunity
for significant savings in software license fees where these are
calculated on a per-core basis. See Chapter 6 for a more detailed
discussion of LinuxONE and total cost of ownership (TCO).

LinuxONE as a Database Platform

The Linux operating system has enjoyed success in the enterprise
and has a broad and deep ecosystem for databases and applica-
tions. One of the benefits of LinuxONE is that it supports many of
the popular SQL and NoSQL databases. Many databases are avail-
able on LinuxONE. Two of the commercial databases, Oracle and
IBM Db2, are among the most popular. Two others, PostgreSQL
and MongoDB, are prominent open source databases that can also
benefit from LinuxONE’s scalability.

CHAPTER 3 Scalable Databases for IBM LinuxONE 19

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 The Linux operating system can be tuned to optimize perfor-
mance of applications and databases. For example, administra-
tors can configure swapping conditions, RAM page size, choice of
filesystem to use (ext4, XFS, ZFS), filesystem parameters, as well
as many other system features. The scale-up capacity and perfor-
mance allow many large database workloads to be handled by a
single LinuxONE server. Also, multiple databases and applications
can be consolidated on a single LinuxONE server for cost savings
without a performance penalty. In addition, a database running
on LinuxONE can exploit the large memory to hold data.

IBM Cloud Hyper Protect DBaaS

One of the issues keeping many highly regulated businesses from
moving to the cloud is the fear of putting sensitive customer data
at risk. To address this issue, IBM created the service IBM Cloud
Hyper Protect Database as a Service (DBaaS) to provide high lev-
els of data confidentiality. This cloud-based platform provisions
and manages cloud databases with strong security features and is
built on IBM LinuxONE and delivered through IBM Cloud. The data
owner maintains complete control over the data. IBM Cloud Hyper
Protect DBaaS includes built-in workload isolation that restricts
administrative access so it incorporates tamper protection. In
fact, IBM can’t access the data within your database service.

Where databases used to be installed and configured by hand,

IBM Cloud Hyper Protect DBaaS presents a visual, graphical user
interface where you can select a database type (currently, Mon-
goDB or PostgreSQL), a processor class, and security features to
apply. One click then creates a cluster of three databases for you,
one primary and two secondary, in a controller/follower/follower
configuration.

Databases are protected by security features like hardware pro-

tected encryption keys (via a Hardware Security Module [HSM]),
and IBM Secure Service Container technology. The cluster of
three databases provides not only scale-out performance but
also redundancy for extra protection of data. Users can monitor
their running databases from the IBM Cloud Hyper Protect DBaaS
Graphical User Interface (GUI) or use their favorite database-
specific management tools. With IBM Cloud Hyper Protect DBaaS,
you don’t have to be a database administrator (DBA) or database
expert to provision highly secure databases quickly and easily.

20 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 IN THIS CHAPTER
»» Understanding the role of Red Hat
OpenShift

»» Explaining IBM Cloud Paks

»» Introducing IBM Cloud Hyper Protect

Services

Chapter  4
IBM LinuxONE as a Cloud
Platform

B
usinesses are turning to hybrid cloud as a way to manage
their workloads to support customers and partners. One
solution to support all workloads and business situations
doesn’t exist. Both corporations and cloud service providers
(CSPs) are evaluating a new generation of cloud offerings as a
solution. In this chapter, you explore IBM Cloud Pak Solutions and
Red Hat OpenShift in combination with IBM LinuxONE in a hybrid
cloud environment. LinuxONE can be deployed in a variety of
cloud use cases, including in the IBM Cloud as the foundation for
IBM Cloud Hyper Protect Services or IBM Blockchain Platform.

The Role of Red Hat OpenShift

Container Platform
The foundational layer of the IBM hybrid cloud platform is pro-
vided by Red Hat OpenShift. Red Hat OpenShift is platform agnos-
tic, runs on multiple clouds and architectures, and has been
available for IBM LinuxONE since early 2020. Red Hat Open-
Shift Container Platform is built on Kubernetes and enables new

CHAPTER 4 IBM LinuxONE as a Cloud Platform 21

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 cloud-native applications to be developed and existing appli-
cations to be modernized. These new and modernized applica-
tions are designed for high performance and for the flexibility to
respond to customer and market changes. Applications built on
Red Hat OpenShift and deployed on LinuxONE inherit the enter-
prise qualities of LinuxONE, with high levels of security and fast
performance through co-location with core data.

Understanding IBM Cloud Paks

IBM Cloud Pak Solutions are an integrated set of solutions infused
with artificial intelligence (AI) designed for the hybrid cloud.
Cloud Pak offerings are built on Red Hat OpenShift and can run
on public clouds, private clouds, and on-premises infrastructure.
Cloud Pak Solutions are designed so they can sit on top of any
public or private cloud. The benefit of this software abstraction
layer is that LinuxONE can become the high-end hybrid cloud
platform. For LinuxONE, four Cloud Pak offerings are currently
available:

»» Cloud Pak for Applications: An enterprise-ready container-

ized software solution that modernizes existing applications
and develops new cloud-native applications
»» Cloud Pak for Integration: A pre-integrated API-based
platform to support data integration, messaging and events,
high-speed transfer, and integration security
»» Cloud Pak for Data: Designed to unify data services through
an integrated data catalog, open source, and third-party
microservices
»» Cloud Pak for Multicloud Management: A solution that
provides consistent visibility, automation, and governance
across a range of hybrid multicloud management capabili-
ties, such as infrastructure management and application
management.

Additional Cloud Paks will be made available on LinuxONE,

including Cloud Pak for Security and Cloud Pak for Automation.

Cloud-optimized software and services

Because Cloud Pak Solutions are based on Red Hat’s OpenShift
container architecture, several optimized services are part of

22 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 the platform. Cloud Pak offerings give you a common catalog of
services that increases developer productivity. The catalog helps
manage microservices so they can scale both horizontally and
vertically. The structure of the catalog makes it easier to gov-
ern, deploy, and maintain software and services to support rapid
development, test, and deployment. Services that are managed in
the catalog include Helm charts, Terraform templates, and Cloud
Foundry buildpacks.

Red Hat OpenShift serves as the foundation for Cloud Pak Solu-
tions and incorporates a broad range of managed middleware,
data, and analytics services, supporting both cloud-native and
existing applications. New Kubernetes services included are
Microservices Builder, IBM Watson Studio, security services, and
IBM API Connect. Developers can leverage existing application
development skills such as Java, Spring, and Open Liberty through
the Red Hat Runtimes and IBM middleware. API connectivity and
management services make it possible to integrate services across
public, private, and existing enterprise environments.

Infrastructure flexibility
The IBM Cloud Pak Solutions environment can operate on any
existing hardware environment that supports Red Hat OpenShift,
including IBM LinuxONE, IBM Z, IBM Power Systems, IBM Stor-
age, IBM Hyperconverged Systems, and x86-based systems. It
also supports a variety of clouds, including VMware, Amazon Web
Services, Microsoft Azure, Google Cloud Platform, and IBM Cloud.

IBM Cloud Hyper Protect Services

IBM Cloud Hyper Protect Services is a portfolio of IBM Cloud ser-
vices deployed on LinuxONE.  The portfolio provides advanced
security, database, and virtual servers offerings that use the
enterprise-grade capabilities of LinuxONE but are available to
everyone through the IBM Cloud catalog. These include

»» IBM Cloud Hyper Protect Crypto Services: This is a fully

managed, dedicated key management and cloud Hardware
Security Module (HSM) service. The HSM is the only one
among several popular compared cloud providers based on
FIPS 140-2 level 4-evaluated technology offered by a public

CHAPTER 4 IBM LinuxONE as a Cloud Platform 23

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 cloud provider. Through this, enterprises can fully manage
their encryption keys in the cloud and have exclusive control
of the HSMs that protect those keys, which enables a Keep
Your Own Key (KYOK) functionality to help achieve more
authority over your data.
Multiple IBM Cloud services integrate with Hyper Protect
Crypto Services for key management. Additionally, the
service can be used as a cloud HSM for application-driven
data integrity and to protect data in transit (such as SSL
offloading).
»» IBM Cloud Hyper Protect Database as a Service (DBaaS):
This is a cloud service designed to provide highly secure
databases on demand, such as PostgreSQL and MongoDB
Enterprise Edition. It’s designed to provide data confidential-
ity, security, performance, and reliability for moving highly
sensitive confidential data and workloads to the IBM Cloud.
Clients can quickly provision, manage, and protect sensitive
data workloads.
The service leverages LinuxONE encryption capabilities,
allowing clients to retain their data in an encrypted client
database without needing specialized skills. It uses IBM
Secure Service Container to provide workload isolation,
restricted administrator access, and tamper protection
against internal threats. The Docker-based stack inherits
security without any code changes. With IBM Cloud Hyper
Protect DBaaS, clients can deploy integrated database
clusters in the IBM Cloud, manage database instances using
APIs, Command Line Interfaces (CLIs) or User Interfaces (UIs),
administer database content, and monitor their database
environments.
»» IBM Cloud Hyper Protect Virtual Servers: IBM Cloud Hyper
Protect Virtual Servers are the industry’s first customer-­
managed LinuxONE-based virtual servers offering in the
public cloud. The offering gives customers complete
authority over their workloads and confidentiality of code,
data, and business Internet protocol (IP) within a secure
environment. Workloads are protected from both internal
and external threats, and not even privileged users, such as
cloud administrators, can access client data. Finally, a client
can easily provision, manage, maintain, and monitor
instances in the IBM Cloud using a standard UI.

24 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 IN THIS CHAPTER
»» Understanding the fundamentals of
digital assets and blockchain

»» Introducing digital assets

»» Enabling blockchain and digital assets

with LinuxONE security

»» Looking at the deployment patterns

behind blockchain and digital assets

Chapter  5
IBM LinuxONE as the
Digital Assets and
Blockchain Platform

B
usiness leaders are beginning to understand that block-
chain is much more than just the technology that underlies
Bitcoin and other cryptocurrencies. The core architecture of
blockchain allows a means of conducting secure transactions
among many participants. The blockchain architecture ensures
that the transactions are secure, auditable, and transparent to all
stakeholders. Digital assets are blockchain-native assets that are
secured using cryptography.

The IBM LinuxONE platform is engineered to provide a broad

array of security capabilities, ranging from pervasive encryp-
tion to IBM Data Privacy Passports and IBM Hyper Protect
Virtual Servers (for more details on LinuxONE security, check out
­Chapter 2). LinuxONE’s depth of security helps applications that
are using blockchain perform faster and more efficiently while
delivering the highly rated common criteria levels of security
through logical partitions rated at EAL 5 level.

CHAPTER 5 IBM LinuxONE as the Digital Assets and Blockchain Platform 25

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 This chapter explains how digital assets housed in a private
blockchain provide the required security to protect the privacy
and security of corporate and customer information. The value of
digital assets and blockchain are explained in the context of the
hybrid cloud.

Understanding Digital Assets

and Blockchain
A blockchain is a digital database containing information (such
as records of financial transactions) that can be simultaneously
used and shared within a large decentralized, publicly accessible
network for public blockchains, or within a private network for
enterprise blockchains. In public blockchains (for example, Bit-
coin or Ethereum) participation is unrestricted and anonymous.
Therefore, nodes don’t have a legal identity, are geographically
dispersed, and tend to be large networks with low throughput.
These properties are in contrast to enterprise blockchains where
only selected parties (such as a consortium of banks) can partici-
pate. These enterprise nodes are legal entities and tend to be slim
networks designed to drive much higher throughput compared to
public blockchains.

Before blockchains were developed, a central clearinghouse was

responsible for verifying the identity of participants, managing
inventory of the product (for example, currency), conducting
transactions (purchases), and providing security and transpar-
ency. Each party kept its own records of transactions, resulting
in delays and expense to reconcile the discrepancies. A security
breach of the central authority could be catastrophic, risking the
financial underpinning of the marketplace and possibly destroy-
ing trust in the business.

The breakthrough for blockchain was to replace a central author-

ity with a distributed consensus model that transformed the cen-
tralized database into a “distributed, shared ledger” available to
all members of the network.

To ensure the highest level of security, the system or platform

must be separated from endpoint security for both users and
devices.

26 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 Introduction to Digital Assets
An asset is simply anything of value, meaning that somebody is
willing to trade something else for the asset or wants to steal it.
An asset can be physical, such as a box of chocolates. Most peo-
ple think of assets as durable, that they don’t expire, but assets
are often perishable at least to some degree. Because assets have
value, their owners, custodians, and managers want to handle
them with care and defend them against thieves. For example,
they keep chocolates refrigerated, in  locked warehouses, and
sell them (trade them for Swiss francs, for example) to chocolate
lovers before the chocolate starts growing mold.

Digital assets are non-physical assets ultimately represented as

sequences of binary digits (1s and 0s). Because it’s technically
possible to preserve binary data indefinitely with extreme fidel-
ity, digital assets are nonperishable in a literal sense. However,
digital assets can certainly depreciate in value even to zero. Binary
data is also technically easy to copy, which results in a significant
protection challenge when digital assets are private secrets. Some
examples of digital assets include video game software code, dig-
ital photographs of celebrities, missile launch codes, as well as
codes captured in hotel room key cards that allow time-limited
access to hotel rooms, and cryptocurrencies such as Bitcoin.

LinuxONE Security Enables Blockchain

and Digital Assets
Both LinuxONE and blockchain emphasize the importance of
security to ensure that the business solutions built or running
on their platforms are robust and secure from security threats.
The threats to digital assets are broad. Threats range from simple
carelessness on the part of administrators or operators to sophis-
ticated threats from external players. One of the biggest chal-
lenges to protecting digital assets is securing the private key.
Additionally, threats occur when code is compiled to build an
image that’s stored in memory. A common error is for this code
to be left displayed, leaving this information open to intruders.

CHAPTER 5 IBM LinuxONE as the Digital Assets and Blockchain Platform 27

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 LinuxONE provides a solution to this common problem by provid-
ing a secure memory enclave. Rather than leave code to be clear
text, LinuxONE builds an image in a secure memory enclave. This
secure container service creates a protected memory. Known as
confidential computing, this approach to securing data stored in
memory is critical for creating safe blockchain and digital assets.

While LinuxONE’s hardware and software have security benefits

for all applications, there are features that particularly benefit
blockchain. In this section, we discuss the primary benefits of
LinuxONE security in protecting your digital assets.

Built-in encryption
Encryption and decryption have a performance cost, and Linux-
ONE has dedicated on-chip co-processors for hardware encryp-
tion and decryption of data without the typical processing
overhead associated with software encryption. The low overhead
of LinuxONE hardware encryption enables pervasive encryption
to be practical, automatically protecting all data.

Key management
LinuxONE has a security hardware module (the Hardware Security
Module, HSM) that supports the storage of private keys required
for cryptographic signing in a tamper-resistant module. This is
another feature that improves performance and security. These
HSMs hold the root wrapping key material that in turn encrypts
the user’s private keys. The private keys are never presented in
clear text within the system, and the root wrapping key material
never leaves the HSM.

Workload isolation
Workloads are also isolated on LinuxONE, using the firmware vir-
tualization of logical partitions (LPARs). These ensure near air-
gap separation between workloads and have enabled LinuxONE
to be common criteria certified at EAL5+, one of the highest com-
mercially available certifications.

28 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 IBM Secure Service Container
technology
Building on logical partitions is the IBM Secure Service Container
technology, which takes workload isolation to the next level by
providing a secure computing environment for Linux applica-
tions. IBM Hyper Protect Virtual Servers (on premises) and IBM
Cloud Hyper Protect Virtual Servers (in the IBM cloud) use this
technology to protect data and applications from each other and
from systems administrators. We discuss security in more detail
in Chapter 2 and IBM Cloud Hyper Protect Services in Chapter 4.

Performance
One of the requirements for blockchain is a sophisticated level
of security. Therefore, it’s imperative that the deployment plat-
form has the best possible performance so the system performs
at the speed demanded by complex blockchains and digital asset
management environments. These deployment models require a
significant amount of encryption as well as support for hashing
algorithms.

Blockchain workloads use a lot of encryption and hashing in

blockchain. LinuxONE handles this level of performance through
a number of capabilities, including an on-chip cryptographic
accelerator. LinuxONE also provides a high-capacity scale-up
environment, with large memory, a dedicated Input/Output (I/O)
subsystem, and a large cache available.

Blockchain and Digital Asset

Deployment Patterns
Clients are selecting the deployment pattern that best matches
their business requirements for blockchain. Some customers are
deploying their entire blockchain network on premises while
other businesses are selecting a hybrid pattern. Still other com-
panies are operating the blockchain in a public cloud.

CHAPTER 5 IBM LinuxONE as the Digital Assets and Blockchain Platform 29

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 Because of its distributed architecture, blockchain is well suited
for the hybrid cloud model and can be deployed both in the public
cloud and on premises. The decision on where to deploy block-
chain could, for example, depend on if a managed service is
preferred for ease of use, or whether government, industry, or
corporate regulations mean that data needs to be held locally.

For both cases, blockchain, running on LinuxONE, benefits from

the LinuxONE security capabilities, including pervasive encryp-
tion, workload isolation, and the additional protection of IBM
Secure Service Container technology.

LinuxONE is an open platform for blockchain technologies. There-

fore, customers have a choice of deployment models. For exam-
ple, popular deployments include hyperledger fabric (managed by
the Linux Foundation) and the IBM Blockchain Platform. More
recently LinuxONE now supports R3, Ltd.’s distributed permis-
sioned blockchain ledger protocol called Corda Enterprise.

There are a number of patterns available for customers protect-

ing digital assets in a blockchain. Digital assets can be managed
in a blockchain custody solution. Independent software vendors
offer a variety of solutions that leverage LinuxONE and IBM Hyper
Protect Virtual Servers. For example, a fintech startup created a
smart contract and digital asset offering in order to help busi-
nesses store and transfer assets securely. Fintechs may leverage
the LinuxONE platform to build and host their digital asset cus-
tody solutions, recognizing the security value proposition offered
through Hyper Protect Virtual Servers and the Crypto Express
HSM.

30 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 IN THIS CHAPTER
»» Consolidating workloads onto LinuxONE

»» Examining higher utilization

»» Reducing cost with open source software

»» Saving money in additional areas

Chapter  6
The Economics of IBM
LinuxONE

Y
ou may assume the total cost of ownership (TCO) of the
enterprise-grade IBM LinuxONE platform is much higher
than commodity servers. However, customers are surprised
at the economic advantage of the LinuxONE platform compared to
a similarly complex set of applications running in an x86 envi-
ronment. The economics of LinuxONE become clear when you
begin to compare the TCO of a LinuxONE machine versus other
servers. x86-based infrastructures tend to have workloads dis-
tributed over many individual servers while LinuxONE-based
infrastructures consolidate workloads onto fewer LinuxONE cores.
The primary reason for software savings is due to per-core licens-
ing. LinuxONE requires fewer cores to run an equivalent x86
workload; therefore, fewer licenses are required. Secondary and
indirect costs also have a significant impact on TCO.

In this chapter, we explain how LinuxONE provides cost savings

by consolidating workloads, supporting higher utilization, using
open source software, and more. We also discuss two business
cases where organizations replaced x86-based environments
with LinuxONE servers.

CHAPTER 6 The Economics of IBM LinuxONE 31

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 Consolidating Workloads
Workload consolidation gathers workloads from multiple servers
and runs them on a single, larger server. LinuxONE servers can
run many workloads simultaneously and consolidate workloads
from x86 servers. The result is fewer LinuxONE servers than the
number of x86 servers they replace.

Consolidation has many advantages. Removing the servers whose

workloads are consolidated onto a larger server can reduce hard-
ware costs. Having fewer physical machines to run and maintain
can reduce operations costs. Additional savings are gained by the
reduction in data center infrastructure resources required, includ-
ing less networking (because of fewer servers to connect), freed-
up floor space, reduced power requirements, and redeployment
of staff from administration to innovation. The largest savings
typically comes from fewer software licenses due to dramatically
fewer processor cores required to run the same work.

Supporting Higher Utilization

Because LinuxONE servers have higher processing, storage, and
Input/Output (I/O) capacities than x86 servers, a LinuxONE server
will generally support many more active applications than an x86
server. However, that’s not the whole story. LinuxONE and x86
machines support fundamentally different levels of CPU utilization.

Understanding the utilization capacities of servers is critical when

comparing hardware platforms. Utilization is the percentage of
overall processor performance consumed by a computer when
running workloads. After a processor reaches 100 percent of pro-
cessor utilization, no additional processing power is available.
Remember that you must plan for application spikes. For exam-
ple, an application’s load might average just 20 percent of the
server’s utilization, but during brief high-demand periods that
20 percent could spike to nearly 100 percent.

When workloads exceed 100 percent of processor capacity, even

if from temporary spikes, overall performance decreases as the
machine struggles to manage the workloads it can’t service. x86
servers rarely sustain high levels of utilization, further limiting
available performance. Because exceeding the available processing

32 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 capacity is counterproductive, organizations usually over-
provision compute resources and limit the number of workloads
on machines to avoid bottlenecks.

LinuxONE cores run at high speed and high utilization and con-
tain other performance features that support demanding work-
loads. LinuxONE cores are also designed to provide sustained
high utilization. Therefore, LinuxONE machines have the capac-
ity to handle spikes that near 100 percent utilization without
over-provisioning. Further, LinuxONE machines are designed to
reach higher average utilization levels, while x86 machines often
reserve a large portion of their capacity simply to handle spikes.

THE COST BENEFIT OF MIGRATING

TO LinuxONE
A mid-sized financial services organization stood at a crossroads. As it
grew, it added more and more servers to its data center to support its
database workload. The company had forty-two x86 servers with
1,512 cores. Expenses began to exponentially increase. For example,
its software licensing costs increased because the licenses were based
on the number of cores. Likewise, networking costs between all the
machines ran high. The company knew it had to look at alternatives. It
considered the cloud but determined the costs to be similar to, if not
more than, the current environment.

The company learned more about the LinuxONE platform and discov-
ered that it could begin consolidating database workloads. To run the
database workload, the company needed two IBM LinuxONE
Emperor II platforms with 135 cores — close to 1,400 fewer cores
than was needed with their forty-two x86 servers. After implementing
the LinuxONE the company realized the following savings:

• Migration: 50 percent savings

• Energy: 86 percent savings
• Networking: 98 percent savings
• Staffing: 28 percent savings
• Software: 89 percent savings
(continued)

CHAPTER 6 The Economics of IBM LinuxONE 33

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 (continued)

Although the company spent more on hardware and system soft-

ware, switching to LinuxONE resulted in a TCO savings of 41 percent,
or $12 million, over five years. The company realized savings within
the first year, and the difference in annual run rate was approximately
$2.5 million.

Using Open Source Software

The accelerating growth of data from mobile devices, social
media, and big data activities is exerting pressure on data stor-
age, communications bandwidth, and processor power resources.
Using open source operating system and tools on LinuxONE can
offer economic advantages over proprietary offerings and a more
manageable path to handle the continuing rapid growth of data
that organizations handle. There is also a large ecosystem of open
source partners and tools. LinuxONE customers can take advan-
tage of a wide variety of free open source tools or lower priced
tools, many of which aren’t available on proprietary platforms.

LOOKING AT THE VALUE

OF SUSTAINABILITY
Understanding the value of a sustainability is tightly linked to the eco-
nomics of the LinuxONE platform. The single- and multi-frame models
are designed with TCO in mind. The design is intended to fit the sys-
tems into the cloud data centers to coexist with other platforms in the
hybrid cloud environment.

One of the most important characteristics of sustainability requires

limiting the amount of greenhouse gas emissions in order to address
the impact of human activity on the environment. Many nations have
laws requiring compliance with environmental directives that can
result in financial penalties. In addition, businesses view minimizing
greenhouse gas emission as a way to satisfy expectations of custom-
ers. The typical data center can consume as much as 50 times the
energy per floor space of a commercial building. Therefore, reducing
energy consumption can have a dramatic impact on costs and
sustainability.

34 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 For example, a global insurance company’s data center costs and
database and application server workloads were increasing. The
insurance company selected a LinuxONE system and decreased
costs significantly. The company moved from fifty-five x86 servers to
one LinuxONE system. This resulted in an 86 percent reduction in
required floor space and a 62 percent reduction in energy consump-
tion. Administration efforts were also dramatically reduced. Overall
the company significantly reduced its carbon footprint.

How can your business achieve the objectives of reducing energy con-
sumption? It can invest in an energy-efficient data center design that
focuses on addressing the carbon footprint of the hardware, heating,
ventilation, and air-conditioning systems in order to reduce electricity
consumption. This may be accomplished through better sharing of
resources, lowering overall power consumption, and reducing floor
space requirements.

Looking at Additional Savings

The robustness, resiliency, and security of LinuxONE have poten-
tial to save customers money in other ways by reducing costs
associated with downtime, repairs, and security breaches. Linux-
ONE customers can realize savings in these two areas as well:

»» Achieving high availability (HA): Enterprise applications

require high uptime and use HA to achieve it. HA is provided by
maintaining redundant hardware and software environments,
often with constant data mirroring. Providing HA can be a costly
and difficult process. However, fault tolerance is built into the
LinuxONE server, and redundant parts take over seamlessly
without staff intervention. Mean time between failures (MTBF) of
the underlying technology is measured in decades.
»» Planning for disaster recovery: In a traditional scale-out
environment with potentially hundreds of servers, each server
must be replicated in another physical region with constant
data mirroring from the active servers to achieve a reliable DR
plan. DR is easier in a LinuxONE environment because of the
greatly reduced number of servers and associated infrastruc-
ture that must be replicated to handle failovers. In fact, with
LinuxONE there may be only one or two physical servers that
must be maintained along with accompanying failover systems.

CHAPTER 6 The Economics of IBM LinuxONE 35

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 LinuxONE DEPLOYMENT
AT A BANK
A banking enterprise was experiencing 30 percent year-to-year
growth in new accounts and also for transactions from different appli-
cations, credit cards, core bank accounts, and peripheral accounts.
The company faced frequent server upgrades and additions, which
led to a sprawling infrastructure. The easiest approach was to keep
doing what it had always been doing, but that created a complex envi-
ronment that required more people and more processes. DR was
another growing concern. If a move to DR was needed, could the busi-
ness do it confidently? Would all data be accessible at the right speed
and within the right amount of time?

After learning about the LinuxONE platform, the company contacted

IBM for help. The Chief Information Officer (CIO) explained that the
company needed a platform that could scale to avoid frequent
upgrades. Key objectives and issues for the client were

• Achieving scalability: The company needed an environment that

would scale up as demand increased.
• Increased security: Data protection was one of the key require-
ments for everything the company did.
• Reducing database costs: With the company’s existing scale-out
strategy, software licenses for the increasing numbers of cores
were becoming expensive.

The client decided to use a phased LinuxONE approach. It started small,

moving a few workloads at a time and increased capacity over time to
minimize costs. Unlike other architectures, LinuxONE growth can hap-
pen without disruption so moving the workloads was simple. The phase-
one migration of 20 applications was complete in less than 90 days.

The business was convinced of the technical merits of the LinuxONE

solution, but the financial benefits convinced its board. In phase one,
the company saw reduced TCO of 40 percent, or $10 million over five
years. The largest savings came from reduced application and data-
base license pricing due to a core reduction of ten times for the work-
loads. The business case also showed that fewer staff members were
required, freeing up resources to work on new projects. In the data
center, floor space, networking, and cabling were also areas for sav-
ings, and those savings were realized in the first year.

36 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 IN THIS CHAPTER
»» Introducing LinuxONE’s open source
background

»» Delivering innovation and agility

»» Recognizing the breadth of software

available with LinuxONE

»» Using LinuxONE for software

development and DevOps

Chapter  7
The IBM LinuxONE Open
Ecosystem

L
inux is a dominant operating system in the overall comput-
ing landscape for both on premises and cloud environments.
The IBM LinuxONE open ecosystem includes the broader set
of Linux software developed and used by the Linux community.
Although many different Linux distributions exist, the vast
majority of Linux software can run on any Linux distribution.

In this chapter, you focus on the LinuxONE ecosystem for part-

ners and customers. You explore how open models foster inno-
vative software and how software stability is maintained in the
context of constant innovation. You also see how these traits have
attracted innovative developers who are creating new offerings on
top of the LinuxONE platform.

Open Source
Linux is an established platform for business. Many software
developers build applications and tools on top of Linux because
the operating system is open source and ubiquitous. By using the
open source model, developers from many different companies

CHAPTER 7 The IBM LinuxONE Open Ecosystem 37

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 around the world have formed a community to continue the evo-
lution and innovation of Linux. For example, Google’s Android
operating system, used in many smartphones, is based on a mod-
ified version of Linux.

Communities work at their own schedules to build open source

code. These experts work in collaboration to innovate whenever
they can to produce new features and capabilities. Keeping up
with the rapid pace of open source software development needs to
be balanced with the enterprise need for reliable and stable soft-
ware that is fully tested and secured.

This need for production-ready, open source software is why

many businesses choose open source software with enterprise
support. For example, three enterprise Linux distributions that
have been certified and tested to run on the LinuxONE platform
are Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise
Server (SLES), and Canonical’s Ubuntu LTS.  In addition, com-
munity versions of Linux are available for LinuxONE, including
CentOS, Debian, Fedora, and OpenSUSE. By supporting a variety of
Linux distributions, the LinuxONE platform gives customers and
developers choice.

The Breadth and Depth of Linux

Linux offers the same operating system features one would expect
from other platforms, including everything from productivity
tools to web and mail servers. Firewalls and other security fea-
tures are all standard. Because so many organizations are running
Linux, the vast majority of software vendors selling significant
business applications release versions that run on Linux.

Further, many open source applications and tools are built on,
and for, Linux. These tools include hypervisors, languages, run-
times, management, and analytics platform. The Linux distribu-
tions that are certified for LinuxONE include graphical tools that
make it easy for administrators to add various development tools
and software.

38 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 Open source software is free (although there may be a charge for
support and service), so you can try a variety of tools to see which
works best for your business. In addition, like Linux, many of the
open source tools have enterprise versions. LinuxONE offers sup-
port for a variety of the key Linux distributions, including Red Hat
Linux, Open SUSE, and Ubuntu.

LinuxONE as a Development
and Deployment Platform
LinuxONE supports a broad ecosystem of third-party tools and
languages. Linux has always offered many tools for developers,
and the quantity and quality of these tools have grown over the
years.

Today, a developer can install Linux with its development options

and have everything needed to code, test, and package soft-
ware. Linux also includes other tools needed to design, develop,
and deploy software. Organizations that are creating a develop-
ment, security, and operations (DevSecOps) process will find a
wide variety of tools designed to support their practice. LinuxONE
also supports a broad set of enterprise programming languages
such as Python, Ruby, C and C++, Go, Swift, Java, and Lisp. Script-
ing and other interpreted languages are also available, including
shells, PHP, perl, awk, and others.

Beyond programming languages and integrated development

environments (IDEs), LinuxONE supports open-source relational
databases (PostgreSQL, MySQL, and MariaDB) and NoSQL data-
bases (MongoDB, Cassandra, Redis, Apache Hadoop). Databases
such as these are able to take advantage of the scalability and per-
formance of LinuxONE and avoid the need for sharding (we dis-
cuss this in Chapter 3).

Because of LinuxONE’s enterprise architecture, some applications

may need to be recompiled for LinuxONE.  Other applications,
such as those written using interpretive languages (for example,
Java or Python), should be able to run on LinuxONE without need-
ing to be ported. Most recently, Linux containers and Kubernetes
have become popular with both developers and IT operators, and
these are also supported on LinuxONE — including through Red
Hat OpenShift.

CHAPTER 7 The IBM LinuxONE Open Ecosystem 39

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 Focusing on development processes, Linux also includes source
control systems and bug tracking/issue management software.
Finally, many commercial software products are also available for
LinuxONE, including Oracle database, Temenos T24 core bank-
ing, IBM Financial Transaction Manager, IBM middleware such
as Db2 and WebSphere, and Jira, one of the top tools used for agile
product management.

LinuxONE as a DevSecOps Platform

Many organizations are moving to using a development, secu-
rity, and operations (DevSecOps) approach. Rather than keeping
development, operations, and security separate, DevSecOps com-
bines them into a single practice. Many companies have already
developed DevOps practices, and DevSecOps is the next step.
DevSecOps begins with a change in culture founded in ongoing
learning (to raise security awareness with developers who may
already be entrenched in DevOps processes) and the empower-
ment of security experts to determine the best ways to embed
security into applications.

The benefit of DevSecOps is that you have higher-quality, fully

tested code that’s more secure and released more quickly than
traditional development methods. LinuxONE is a good platform
for DevSecOps because the platform is designed to be secure, and
development and production systems can safely be run on the
same server through workload isolation and container support.

Although DevSecOps is largely about changing your corporate

culture and processes, a successful implementation does require
technology and tools. Because many independent organizations
are creating tools for Linux, you are able to take advantage of
best-of-breed tools and software. DevSecOps depends on the
ability to quickly and conveniently create new virtual servers for
test and staging areas, deploy test instances with secure contain-
ers, and scale up production instances to handle changing loads.
These tasks are routine for LinuxONE, making it an ideal platform
as part of a DevSecOps practice.

40 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 LinuxONE for Solution Providers
and Cloud Service Providers
LinuxONE is gaining a growing foothold as a platform for
solution providers (SPs) and cloud hosts who deliver cloud and
application services and provide data center management for cli-
ents. SPs can leverage this highly optimized open Linux platform
to quickly build and deploy environments clients need to run their
businesses. By using familiar applications, the IT specialists can
design systems in secure containers assigned for one or mul-
tiple individual clients, providing privacy and security that cli-
ents demand, while simplifying life for developers and satisfying
ongoing service level agreements (SLAs) from a single LinuxONE
system. In turn, the system provides a platform that supports
cloud-based usage reporting so SPs can leverage monthly pric-
ing models and easily increase customers’ IT resources as needed
through planned business growth or routine computing spikes.

SPs also look to LinuxONE as a preferred platform for

consolidation  — for Linux application environments, managed
growth, and optimized utilization for x86 distributed server farms
and to manage large open databases like Oracle with intelligence
and improved total cost of ownership (TCO) in mind. The inher-
ent benefits of the platform and built-in security allow the SPs to
start their work on a proven, trusted cloud-ready infrastructure,
which increases speed to market and quality of IT overall.

CHAPTER 7 The IBM LinuxONE Open Ecosystem 41

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 IN THIS CHAPTER
»» Meeting your organization’s computing
requirements

»» Securing all your data and applications

»» Supporting the LinuxONE platform

Chapter  8
Ten Reasons to Consider
IBM LinuxONE

S
electing a platform that protects your business and cus-
tomer data and supports innovation can be difficult. You
need to consider many issues when making a decision. The
IBM LinuxONE platform may be a good choice for the following
reasons:

»» Hybrid cloud: The availability of Red Hat OpenShift and IBM

Cloud Pak Solutions on IBM LinuxONE brings together the
world of cloud-native applications and services with that of
enterprise data center IT. Red Hat OpenShift applications can
be developed once and deployed anywhere, including on
LinuxONE where they inherit the system’s underlying
security, scalability, and resilience.
»» Security: Having security at the application layer or infra-
structure level is no longer enough — you need protection at
every level of your environment. Security needs to range
from securing your cloud assets to data at rest and data in
transit to your container platforms.

CHAPTER 8 Ten Reasons to Consider IBM LinuxONE 43

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
 »» Scalability: Meeting increasing customer demands and
creating new services mean that the size and complexity of
your workloads is likely expanding. LinuxONE’s scale-up
approach allows you to meet expanding needs without
adding additional hardware and complexity.
»» Capacity: You can’t always anticipate how much computing
power you need. Adopting a system that can support
compute-heavy workloads is an important step in protecting
your infrastructure investments.
»» Manageability: The centralized approach of LinuxONE can
be much easier to manage than complex distributed
systems.
You can experience performance problems if you have too
many systems trying to communicate across the network.
Management can be impacted if critical operations aren’t
effectively coordinated.
»» Costs: Your existing IT infrastructure servers are likely
underutilized, and your staff costs are high. If you can reduce
costs, budget can be allocated toward innovation.
The LinuxONE platform dramatically supports sustainability
and cost reduction by reducing power usage.
»» Blockchain distributed ledger and digital asset applica-
tions: In order to protect your intellectual property and
customer data, you need a highly secure approach that
supports a transparent, trusted chain of custody.
»» Innovation: To compete in fast-moving markets, you need
to innovate and leverage new technologies, including
containers, analytics, and artificial intelligence (AI). Get a
platform that combines the latest innovation in software
with secure and scalable systems of record.
»» Linux and open source: Open source and the Linux
operating system drive innovation and efficiency for your
organization. The LinuxONE platform supports the three
most common Linux distributions.
»» Differentiating your cloud services: As a service provider,
you need a platform that’s scalable and secure enough to
differentiate your services from those of competitors.
You want your teams to focus on innovation and customer
needs, not the underlying platforms.

44 IBM LinuxONE For Dummies, 2nd Limited Edition

These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
WILEY END USER LICENSE AGREEMENT
Go to www.wiley.com/go/eula to access Wiley’s ebook EULA.