Successfully reported this slideshow.
Jan Kristian Nielsen - Client Architect2 maj 2012IBM System SoftwareHindsgavl – 2 maj 2012                                ...
IBM System Software Hierarchy    Enterprise-wide                           IBM Tivoli                      IBM Systems Dir...
System Management                    © 2009 IBM Corporation
IBM Systems Director 6.3       Simplify platform management       across server and storage       infrastructure       Foc...
IBM® Systems Directorprovides platform lifecycle management    Consolidation of Platform Management Tools    – Single cons...
What can IBM® Systems Director manage?  Blade and Modular System resources:   –   BladeCenter, Blade servers (x, Power, Ce...
IBM Systems Director - End-to-End Management –                                                                            ...
IBM Systems Director topology                            IBM System Director Server                                       ...
IBM Tivoli and Systems DirectorTogether deliver a comprehensive, ultra-scalable end-to-end systems andservice management s...
PowerSC          © 2009 IBM Corporation
IBM Power Systems                                                  PowerSC                                                ...
IBM Power Systems      Security Concerns in a virtualized environment1.        Trusted Boot          How can I be sure tha...
IBM Power Systems PowerSC Answers These Questions     1. Trusted Boot        How can I be sure that a VM’s OS has booted i...
IBM Power Systems PowerSC – Trusted Boot and Trusted Execution                                                   Challenge...
IBM Power Systems PowerSC Moves to “Known Good Model”     Only Allow Known Trusted Software to Run      Security Vulnerabi...
IBM Power Systems “But I’ve already written Scripts to check Security and Compliance”     A: Home Grown scripts are expens...
IBM Power Systems PowerSC – Security Compliance Automation                                                 Challenge: Demo...
IBM Power Systems PowerSC – Trusted Network Connect                                                 Challenge: Ensure that...
IBM Power Systems PowerSC – Trusted Logging                                                           Challenge: Prevent m...
IBM Power SystemsPowerSC EditionsSecurity and Compliance Options PowerSC Express                         PowerSC Editions ...
IBM Power Systems Learn more about PowerSC on the Web     http://www.ibm.com/systems/power/software/security/             ...
Performance Advisors              © 2009 IBM Corporation
Performance Advisors  Run advisors on test or production systems.  Advisors will evaluate the environment for performance ...
Introducing the VIOS Advisor      What is it?      The VIOS advisor is a standalone application that polls key performance...
Screenshot: 1 OverviewGet a comprehensive summary of your VIOS’ health on a single page.    https://www.ibm.com/developerw...
Components Monitored by VIOS Advisor  Component: CPU      Monitors                                  Addresses these common...
IBM Power Systems                                         END29          Power is Performance Redefined     © 2012 IBM Cor...
Upcoming SlideShare
Loading in …5
×

System Software, IBM Power Event

817 views

Published on

IBM Power - System software
Med IBM Power System Software kan du optimere og forenkle driften af din IT. Hør bl.a. om vores effektive nye software modul, IBM PowerSC (Security and Compliance).

Jan Kristian Nielsen, Client Architect, IBM

Published in: Technology
  • Be the first to comment

  • Be the first to like this

System Software, IBM Power Event

  1. 1. Jan Kristian Nielsen - Client Architect2 maj 2012IBM System SoftwareHindsgavl – 2 maj 2012 © 2012 IBM Corporation
  2. 2. IBM System Software Hierarchy Enterprise-wide IBM Tivoli IBM Systems Director VMControl PowerHA Operating Systems PowerVM PowerSC Hypervisor (Firmware) Single System Hardware © 2009 IBM Corporation
  3. 3. System Management © 2009 IBM Corporation
  4. 4. IBM Systems Director 6.3 Simplify platform management across server and storage infrastructure Focus on health, status, automation Manage physical and virtual resources Common navigation, look and feel Enable upward integration to enterprise service management4 © 2009 IBM Corporation
  5. 5. IBM® Systems Directorprovides platform lifecycle management Consolidation of Platform Management Tools – Single consistent cross-platform management tool – Simplified tasks via Web based interface – Manage many systems from one console Physical and Virtual Management – Discovery and Inventory of physical and virtual resources – Configuration and provisioning of platform resources – Status, Health, and Monitoring of platform resources – Visualization of server resource topologies – Move virtual servers between systems without disruption to running workloads Platform Update Management – Simplified consistent cross-platform tools to – acquire – distribute – install – firmware, driver and OS updates6 © 2009 IBM Corporation
  6. 6. What can IBM® Systems Director manage? Blade and Modular System resources: – BladeCenter, Blade servers (x, Power, Cell), I/O modules – System x servers – VMware ESX, VMware 3i, MSVS, Xen – Windows, Linux POWER System resources: – HMC, IVM, Virtual I/O Server, System i/p Servers – AIX, POWER Linux, IBM i Mainframe System resources: – Linux on zSeries – z/VM HP, Dell, and other OEM x86 systems SNMP-based devices: – Network, storage, power distribution units, etc. CIM-based devices – CIM = Common Information Model Storage resources (SMI-S) – LSI (IRC), DS3000, DS4000, DS6000, RSSM – SAS Switch (NSSM, RSSM), Brocade FC Switch, Qlogic FC Switch © 2009 IBM Corporation
  7. 7. IBM Systems Director - End-to-End Management – Other Systems Enterprise Service Management Management Software Integrated Service IBM® Systems Director Editions Management $$ Service & Support Manager VMControl Image Manager Transition Mgr for HP SIM Active Energy Manager Additional Plug-Ins Network Control Storage Control WPAR Manager VMControl Advanced BOFM Managers Configuration & Priced Plug-Ins Automation Update System x & Blade Center Base Systems Status Remote Access System z Director Managers Virtualization Core Director Services Power Systems & Discovery Configuration Storage Configuration Hardware Platform Managers Resource Management Managed virtual and physical environments Hardware IBM and non-IBM hardware 8 © 2009 IBM Corporation
  8. 8. IBM Systems Director topology IBM System Director Server Web-based Web- Interface Deploying agents: •Common Agent •Platform Agent •(No Agent) Management Interface Database (Local or Remote) – Apache Derby (local default), SQL, DB2 or Oracle IBM Systems Director Agents Managed Systems (All IBM Server platforms, Desktops, Laptops, SNMP devices, CIM devices) devices) Three-tier architecture Thousands of managed end-points Upward Integration modules supporting: – IBM Tivoli, Computer Associates, Hewlett Packard, Microsoft © 2009 IBM Corporation 9
  9. 9. IBM Tivoli and Systems DirectorTogether deliver a comprehensive, ultra-scalable end-to-end systems andservice management solution Physical/Virtual Resources and Applications FunctionalityIBM Systems Director IBM Tivoli IBM Tivoli “Care and feeding” of Integrated visibility, control & platform hardware Middleware automation across business and technology assets Tell me what I have See the business with Network IBM Systems Director real-time dashboardsLet me configure, install and tweak it Operating System Govern the business with integrated asset Tell me if it’s working control solutions Hardware Let me update it Optimize the business with automated solutions Functionality © 2009 IBM Corporation
  10. 10. PowerSC © 2009 IBM Corporation
  11. 11. IBM Power Systems PowerSC SECURITY AND COMPLIANCE The Foundation of Trust for AIX 12 Power is Performance Redefined © 2012 IBM CorporationIllustration by Chris Short
  12. 12. IBM Power Systems Security Concerns in a virtualized environment1. Trusted Boot How can I be sure that a VM’s OS has PowerSC booted in a known-trusted state? Platform Management2. Trusted Execution How can I be sure that the application TNC binaries are safe to run? App App App App3. Trusted Logging Trusted OS OS OS OS How can I be sure that audit files are safe Logging from malicious modification? VM1 VM2 VM3 VM4 Hardened4. Compliance Automation VIOS How can I raise alerts in when security SVM policies are violated?5. Trusted Network Connect How do I ensure that a new system is Hypervisor trustworthy when it attempts to join a secure network? vTrusted Platform Module 13 Power is Performance Redefined © 2012 IBM Corporation
  13. 13. IBM Power Systems PowerSC Answers These Questions 1. Trusted Boot How can I be sure that a VM’s OS has booted in a known-trusted state? 2. Trusted Execution How can I be sure that the application binaries are safe to run? 3. Trusted Logging How can I be sure that audit files are safe from malicious modification? 4. Compliance Automation How can I be sure data security standards are being followed? 5. Trusted Network Connect How do I ensure that a new system is trustworthy when it attempts to join a secure network?14 Power is Performance Redefined © 2012 IBM Corporation
  14. 14. IBM Power Systems PowerSC – Trusted Boot and Trusted Execution Challenge: Ensure that every virtual machine image in your datacenter hasn’t be altered either by accident or maliciously. PowerSC Solution: Trusted Boot forms the core Applications root of trust for the image, i.e. a foundation for trust. Each stage of the boot process measures the O/S next, starting at the firmware. Kernel BIOS • PowerSC offers the only solution on the market How PowerSC works: to form a chain of trust for VMs all the way from 1.Measure the boot process and securely store boot to application! the results in a Virtual Trusted Platform Module(vTPM) • Improve QoS by reducing the risk of accidental or malicious image tampering 2.Provide a sealed set of measurements to the requestor • Reduce the time it takes to ensure that every 3.Verify these measurements against a reference VM in your datacenter is running authorized and manifest trusted software.15 Power is Performance Redefined © 2012 IBM Corporation
  15. 15. IBM Power Systems PowerSC Moves to “Known Good Model” Only Allow Known Trusted Software to Run Security Vulnerability Detection tends to work on a “Known Bad Model” This reactive model blocks intrusions based on historical break-ins . PowerSC Trusted Boot employs a more efficient “Known Good Model” which only allows trusted images to run. Power Systems are “hermetically sealed” with tight interlocks between the hardware, virtualization and software.16 Power is Performance Redefined © 2012 IBM Corporation
  16. 16. IBM Power Systems “But I’ve already written Scripts to check Security and Compliance” A: Home Grown scripts are expensive to maintain and error prone: Who certifies to auditors that these scripts match security standards? Are scripts secure to modification or tampering? What is the cost of maintenance of scripts? Who monitors data security standards and ensures that the scripts are updated? Is there a standard set of scripts in the company or does every group roll their own? What happens when the author of the scripts leave the company? Do all administrators understand what the scripts do and what are the expected results?17 Power is Performance Redefined © 2012 IBM Corporation
  17. 17. IBM Power Systems PowerSC – Security Compliance Automation Challenge: Demonstrate compliance to Regulatory standards by setting security configurations on systems in a uniform manner. PowerSC solution: Compare settings across all of the systems in the datacenter against prebuilt profiles, e.g. Payment Card Industry (PCI), DoD STIG and COBIT. • Lower Administration costs by setting security How PowerSC works: configs in a repeatable manner •A single dashboard monitors compliance and generates audit reports. • Lower Admin costs by automating compliance reporting •Sets and checks compliance for systems based on prebuilt security profiles • Automatic remediation of servers that are out of compliance18 Power is Performance Redefined © 2012 IBM Corporation
  18. 18. IBM Power Systems PowerSC – Trusted Network Connect Challenge: Ensure that images are trusted and at the proper patch level when they connect to the network. PowerSC Solution: Trusted Network Connect and Patch Management detects noncompliant virtual machines during activation and alerts Out of administrators immediately. compliance • Reduce business risk by active notification of How PowerSC works: down level systems via email and SMS. •An image that does not meet trusted • Lower admin costs by automatically spotting non measurements and patch levels will trigger an alert to the administrator. compliant systems within the virtual data center and cloud environments • Lower costs of demonstrating compliance. Monitoring at virtual machine activation proves compliance to patch policy19 Power is Performance Redefined © 2012 IBM Corporation
  19. 19. IBM Power Systems PowerSC – Trusted Logging Challenge: Prevent malicious users from “covering their tracks.” Power SC Solution: Move log events to a secure external VM via the hypervisor. Centralized logging ensures that even when virtual machines are discarded the audit logs remain on the central location for audit purposes. How PowerSC works: •Trusted Logging provides tamperproof secure centralized protection for AIX audit and system • Discourage malicious activity by ensuring logs and is integrated with PowerVM individual accountability; trace actions to virtualization. authenticated individuals. •Limited access to the Secure VM to a few privileged super users • Reduce the time it takes to identify tampering •Guest VM logs can be managed and backed up and/or unauthorized changes from a single location within each physical server. • Reduce the time it takes to demonstrate •Log scraping agents and reporting agents can be Security Compliance by maintaining strict removed from guest OS. control over audit logs.20 Power is Performance Redefined © 2012 IBM Corporation
  20. 20. IBM Power SystemsPowerSC EditionsSecurity and Compliance Options PowerSC Express PowerSC Editions Express Standard – Basic compliance for AIX Security and Compliance Automation PowerSC Standard Trusted Logging – Security and compliance for virtual * Trusted Boot** & cloud environments Trusted Network Connect and Patch Management ** Requires POWER7 System with eFW7.422 Power is Performance Redefined © 2012 IBM Corporation
  21. 21. IBM Power Systems Learn more about PowerSC on the Web http://www.ibm.com/systems/power/software/security/ Put Page here23 Power is Performance Redefined © 2012 IBM Corporation
  22. 22. Performance Advisors © 2009 IBM Corporation
  23. 23. Performance Advisors Run advisors on test or production systems. Advisors will evaluate the environment for performance optimization opportunities – Gives guidance on how to make the necessary changes. Three advisors available…. – Java, – VIOS & Virtual Ethernet – Virtualization. “Built in Smarts” to detect some of the most common problems that are encountered Available on Developer Works – FREE OF CHARGE Link: https://www.ibm.com/developerworks/wikis/display/WikiPtype/Other+ Performance+Tools © 2009 IBM Corporation
  24. 24. Introducing the VIOS Advisor What is it? The VIOS advisor is a standalone application that polls key performance metrics for minutes or hours, before analyzing the results to produce a report that summarizes the health of the environment and proposes potential actions that can be taken to address performance inhibitors. • How does it work?STEP 1) Download VIOS Advisor STEP 2) Run Executable STEP 3) View XML File VIOS Advisor VIOS Partition VIOS Partition Only a single executable is The VIOS Advisor can monitor from Open up .xml file using your favorite web-browser required to run within the VIOS 5min and up to 24hours to get an easy to interpret report summarizing your VIOS status. https://www.ibm.com/developerworks/wikis/display/WikiPtype/VIOS+Advisor © 2009 IBM Corporation
  25. 25. Screenshot: 1 OverviewGet a comprehensive summary of your VIOS’ health on a single page. https://www.ibm.com/developerworks/wikis/display/WikiPtype/VIOS+Advisor © 2009 IBM Corporation
  26. 26. Components Monitored by VIOS Advisor Component: CPU Monitors Addresses these common issues: CPU Capacity VIOS undersized due to insufficient CPU allocation. Shared Processing Capacity VIOS Shared processing pool is over utilized. –Uncapped Processor Weight Capacity –Virtual Processor Count –SMT (simultaneous multithreading) Mode –Shared Pool Utilization Component: Processing Capacity Dedicated VIOS Memory Monitors –Dedicated Processor Donation Addresses these common issues: Memory Sizing Informs when memory allocated to the VIOS could contribute or is VMM Paging Rate causing negative performance impacts. Swap Space Pinned Memory Component: FC Adapters Monitors Addresses these common issues: Adapter Saturation Detects oversaturation of fibre-channel adapters, Idle adapters especially in NPIV (N-Port ID Virtualization) environments Port Speeds Component: Drive Performance Monitors Addresses these common issues: Latencies Identifies overstressed drives. Drive Saturation © 2009 IBM Corporation
  27. 27. IBM Power Systems END29 Power is Performance Redefined © 2012 IBM Corporation

×