Z Enterprise.Optimization And Security

866 views

Published on

System z provides a multi platform optimization and security capability that goes far beyond what is available for other managed platforms.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
866
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
21
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • During this session we will briefly discuss the changes to business applications and workloads, some of the specific values that can be gained with zEnterprise and then review several client examples built by the teams over the course of the last year.
  • Around the world, all industries are re-shaping their business models. They are facing enormous pressure to enhance their business functions to meet the demands of a highly sophisticated consumer, whether it is the increased use of the web and internet or the desire to command life from mobile devices such as a Blackberry, the iPhone or even an iPad. As the consumer becomes “Smarter” businesses will have to respond. In the Retail industry the move from ‘brick & motor’ has pressured companies to make sure the on-line experience is profitable and efficient. They are doing this with predictive selling, proposing products to the consumer based on previous purchases, or by providing an enhanced function like being able to save for college while you shop. In Healthcare and across industries, it has become imperative that the provider has the most current and detailed information about a patient or consumer. We, the consumer, demand that there be safe, consolidated records of our health, finances and travel preferences.
  • These new business models are driving requirements for complex changes into the components of a traditional workload or application, they are driving IT further into the need for heterogeneous computing and towards what can be called a hybrid transaction. A hybrid transaction is the idea that a transaction requires multiple types of architectures for the highest level of efficient execution and in order to attain SLA requirements. Let’s use a real world example of such an application. You call your wireless carrier to ask them about a charge to your bill. They do a traditional query of your account and answer your question. At the same time they do the traditional query, they do an analysis of your account, which is considered business intelligence and they suggest that if you change your plan to Plan XYZ, you can save $20 a month. In that one transaction they’ve combined to types of processing. One is the query is traditional OLTP and the second is a complex query against the operation DB, which is CPU intensive, and in the past typically done on different platform against a Data Warehouse DB. This is one example, and I’m sure you can come up with others that you encounter in your everyday life. The assertion is that transactions will benefit more and more from integrated or offboard accelerators for its processing. This is seen in the enterprise today with the proliferation of appliance accelerators such as WebServices, ESBs, and Encryption. Therefore the IT will need to evolve to complete application integration to address these future business requirements.
  • Unfortunately, while IT needs to evolve quickly and become highly responsive, flexible to astonishing degrees, while maintaining security and being cost competitive, it is naive to think this can be done effectively and efficiently utilizing a single platform architecture. As the example of the ‘hybrid’ transactions shows, all platforms have a role to play, each having their own strengths (and weaknesses). System z excels in many areas however we are known for leading edge data serving and the highest of security, resilience and scalability for on-line transaction application components. Power systems are best at handling the need for high performance demands such as numerically or video intense components. And clearly System x has the broadest portfolio of vendor and industry specific applications, serving very well the needs of critical niche applications or application components. What we are seeing, is that more and more applications require the interaction and integration of multiple platforms to achieve end-to- end business success.
  • We all see these workloads everyday, across industries. In Banking there are components across retail and wholesale banking that rely on several architectures to execute, but the core of most banking relies on System z and z/OS. Insurance typically maintains Claims processing on z but reaches out to the internet for interaction with consumers, utilizing Linux, Unix and Intel. Public Sector is relying more and more on the web based capability to reach out to consumers and improve the rate of return for taxes, accurate payment of social benefits and even Census based reporting.
  • Over the last several months, working with customers and to deeply understand the complexion of their business applications, challenges, issues and goals for the future; we have been able to see that these workloads fall into one of several recognizable patterns. The first pattern is Core Applications, these are System z based applications that have all data and business logic based on z (z/OS and/or Linux on z). Most other patterns tend to build off Core Applications as a base, such as Multi-Tier Web Serving or Data Warehouse & Analytics where the workload is heterogeneous in hardware infrastructure and software componentry, but begins with data and often business logic on System z. In addition, zEnterprise provides an infrastructure that ideally supports many configurations of SAP. Data resides in DB2 on z/OS for security, consistency and availability but Application Serving can be hosted on zLinux, AIX or Linux on Intel, providing flexibility in cost and complexity.
  • IBM CONFIDENTIAL UNTIL ANNOUNCEMENT NOTE Talk to Penny re connections proof point
  • During this session we will briefly discuss the changes to business applications and workloads and then review several client examples built by the teams over the course of the last year.
  • This chart shows the relative performance of WebSphere Version 7 for z/OS running the DayTrader 2.0 benchmark (JPA 2.0) on zEnterprise hardware compared to z10. The chart has 2 bars which shows the cumulative effect of both the hardware and software performance improvements possible for applications running on zEnterprise and that exploit the caching capabilities of WebSphere Version 7 and the WebSphere Version 7 Feature Pack.. The first bar is the DayTrader application running without any data caching on Version 7 on z10 hardware. This is the baseline. The second bar shows the performance improvement due to the software and hardware. It is the DayTrader application running with data caching on Version 7 and the JPA Feature Pack. This improves performance by about 35%. With the addition of zEnterprise hardware, the performance improves another 43% giving a cumulative effect of 93% performance improvement over the baseline. Note also that previously, the combined hardware and software performance gains when moving from a base of WebSphere Version 6.1 on z9 hardware to WebSphere Version 7 on z10 hardware yields another 120% improvement in performance. So, for some applications, migrating from z9 to zEnterprise hardware, coupled upgraded software could produce performance improvements as large as 4x! JPA is the Java EE standard for object-relational persistence and was first introduced as part of Java EE 5. JPA 2.0 (JSR-317) updates object-relational capabilities with important developer capabilities and enhancements. The WebSphere Application Server JPA implementation is based on Apache OpenJPA, a leading open source Java persistence framework. OpenJPA offers a powerful caching infrastructure. Applications that can exploit JPA caching can realize significant performance improvements. Caching optimizations are found in both the base WebSphere Version 7 releases as well as the Version 7 JPA Feature Pack. As is frequently the case, the degree of improvement depends on the application’s data reference patterns. In DayTrader case, about 30% of the software performance increase is due to performance improvements in the base V7 WebSphere release (i.e. V7.0.0.9), and another 5% is due to performance improvements in the JPA Feature Pack. Running the exact same WebSphere application and middleware on zEnterprise hardware alone yielded a 43% increase in performance.
  • While we have expanded the options available for deploying Linux workloads, utilizing Linux on z can drive significant financial benefits, particularly for larger scale deployments. With the new zEnterprise, each IFL delivers significantly more performance and capacity for a substantially lower price than System z10. With the ability to consolidate the workloads of thousands of distributed servers on to a single z196, the TCA of System z is now lower than some Intel environments for certain workloads. What’s more, with this scale of consolidation you can reduce physical floor space requirements and energy consumption by up to 90 and 80% respectively. Finally, the introduction of the Unified Resource manager brings improved workload management to a Linux on System z environment, further improving its ability to deliver great service to the business.
  • This chart represents the business components of a large North American Bank. Each one of the ovals represents a machine. A bunch of them in the top right are running websphere, for example. Using vMotion to move a virtual machine from one server to another is a small part of the puzzle. All the other issues of multiple interconnects with the security issues they present, still remain. As does the “silo” management approach. VMWare propagates the “fit for politics” approach. Transition: let’s see what happens if we virtualize most of this on a zEnterprise….
  • In this chart, everything, except the end user devices, has been moved into a zEnterprise. Some of it might be on zOS, some on Linux on z, some on AIX on blades, some on x86 Linux on blades, whatever makes sense. But it’s all managed centrally, with the benefits outlines at the bottom of the chart. Note that there are no more physical LANs connecting all these distributed systems. They have been replaced with virtual LANs on a private data network, for greater security and fewer points of failure. Key is that the business applications, and the programming model, are unchanged. We just moved them onto a superior infrastructure.
  • During this session we will briefly discuss the changes to business applications and workloads and then review several client examples built by the teams over the course of the last year.
  • During this session we will briefly discuss the changes to business applications and workloads and then review several client examples built by the teams over the course of the last year.
  • Today the internet banking for a large European bank is structured across System z, Power and Intel within a complex Parallel Sysplex. There are multiple sites and the application supports banking in over 22 countries. The environment is extremely complex and has several, single points of failure. During the course of mapping the application the client also discovered majority of thier maintenance is applied manually. Each of these challenges contributes to demanding requirements for staff, and has made it difficult for the bank to address the application backlog and enhance their customer service across the banks represented. Client desires modernize and move aggressively forward to a more service oriented approach to application development. Complexity and maintaining multiple infrastructures has made this difficult.
  • The proposed zEnterprise environment provides this client to initially simplify and standardize their infrastructure. Lowering cost by instituting a single management and policy framework. There is also strong believe that zEnterprise will provide flexibility in platform choice as the choose how to move forward with Service Oriented Architecture. The ability to ‘right fit’ application service components, choosing platforms as appropriate to gain performance but be cost efficient, is attractive and believed to be an exclusive of this offering. They feel this will provide them the ability to put greater focus on delivering new business function and enhancing the ‘local bank’ experience across multiple European countries. As the client has progressed further with the activity, exploring more of the options and benefits of zEnterprise, they have now also embarked on an investigation of their IT organization, believing that restructure my allow them to derive even higher benefits.
  • A large healthcare claims provider has begun to investigate choices for expanding their implementation of Master Data Management. Today the client has begun with the MDM server on AIX on Power, front ending multiple data stores across DB2 and IMS. The project needs to expand to consolidate data and systems, this has been difficult due to numerous acquisitions. There is also tremendous pressure to support new industry standards while streamlining development/test and promotion to production. A desire to have end-to-end visibility of the application was also given as a requirement.
  • The zEnterprise environment would provide the client the opportunity to evaluate several choices (z/OS, Linux for z, AIX) for placement of the MDM server, including the freedom to choose multiple platforms while gaining the ability to manage and monitor all platforms as if they were logically one system. The client feels this will increase their ability to respond and competitiveness in a very challenging industry. There is an ability to co-locate data and application in a better fashion, taking advantage of the high speed private network. Possibly there is an opportunity to reduce firewalls and encryption. Enhanced virtualization across architectures will allow them to consolidate and simplify. In addition, the client is located in a large metropolitan area and has noted the integration of the zBX in the zEnterprise will provide significant savings in facilities and energy costs.
  • Company information: With 35 years of experience, Payment Business Services (PBS) is a leading developer and supplier of payment solutions for banks, private organizations and public institutions in Denmark. Jointly owned by Danish banks, PBS handles payment transactions of all kinds -- from point-of-sale (POS) terminal networks to its local-brand debit card, Dankort, to international credit cards. PBS also offers a wide range of products and services designed to help simplify administration and operations for its clients, including direct debit service, e-invoicing and supplier services. Business need: PBS won the contract for implementing and running a digital signature (PKI) infrastructure for the national danID in Denmark. This solution was unique in that nowhere else in the world was there a national digital identity card project implemented on a country-wide scale. Solution: IBM proposed the operational platform for the digital signature infrastructure and established the IBM System z9 Enterprise Class server running z/OS platform for development, test and production. IBM then developed cryptographic security based on mandated security regulations. This solution allows all Danish citizens to sign-on and perform digital signatures in both banking and public systems using a single shared one-time password (OTP) device. It is an innovative solution combining a general purpose engine, specialty engines and hybrid-accelerators, used together to improve the price/performance ratio for the Java and crypto workloads. To meet the needs of the client, PBS had to be able to accommodate the following: Same userid and logon-id procedure for both the public and the banking infrastructure. Access from any computer. Improved security of a two-factor-authentication with a one-time password. Solution: IBM proposed the operational platform for the digital signature infrastructure and established the IBM System z9 Enterprise Class server running z/OS platform for development, test and production. IBM then developed cryptographic security based on mandated security regulations. This solution allows all Danish citizens to sign-on and perform digital signatures in both banking and public systems using a single shared one-time password (OTP) device. It is an innovative solution combining a general purpose engine, specialty engines and hybrid-accelerators, used together to improve the price/performance ratio for the Java and crypto workloads.
  • You must show this TM chart and acknowledge those of other companies
  • Z Enterprise.Optimization And Security

    1. 1. IBM zEnterprise Value for Business Workloads and Applications Becoming Responsive, Flexible and Competitive
    2. 2. Agenda <ul><li>Recognizing the Workloads </li></ul><ul><ul><li>The evolution of the consumer transaction </li></ul></ul><ul><li>The Value of IBM zEnterprise ™ </li></ul><ul><ul><li>What the computer does vs. what the computer is </li></ul></ul><ul><li>Real Customers – Real Value </li></ul><ul><ul><li>Our initial learning from studies done with clients like you </li></ul></ul><ul><li>Discussion and Questions </li></ul><ul><ul><li>A few thoughts about a way forward </li></ul></ul>
    3. 3. Around the world, industries are re-shaping business models to meet the demands of a sophisticated consumer and fiercely competitive economy Smart Work for a Smarter Planet ..Insights, risk reduction, reduced time to market, responsive, efficient Smarter Cloud: Conserve energy. Consolidate resources. With mandates like these, we have to be smarter about accessing, processing and storing data. Smarter Healthcare: Smarter healthcare starts with the individual. Changing the way patient information is used to treat the “whole” person, not parts at a time. Smart Thinking: Taking advantage of a new wealth of information to be able to make more intelligent decisions and rise to the top. Smarter Shopping: Information exchange and collaboration, offer a tremendous opportunity to strengthen customer loyalty . Smarter Money: Using advanced analytics to turn a numerical ocean into actionable insight and intelligence. Upromise ® : Providing the ability to shop online at over 100 Web sites, stores, restaurants while earning and accumulating savings for college education Medical Home: Primary care physicians act as &quot;coaches,&quot; leading a team that manages a patient's wellness, preventive and chronic care needs Mobile Banking: Having the ability to check balances, move money across accounts and initiate payment to a vendor, all from your cellular phone ‘ Single Moments of Truth’: Insurance, Banking, Retail, Travel & transportation are all industries that want a single view of all information for Customer Care & Insight Online Universities: Providing millions the ability to remotely take courses from several colleges and universities simultaneously, consolidating resources and skills
    4. 4. These new business models are driving requirements for complex changes into the components of a traditional workload or application Future requirements include complete application integration in an optimal fashion Special Purpose systems and optimizers General Purpose Enterprise systems Evolving & Emerging Workload Components Networking Optimized for a specific set of applications or components Optimized for a broad set of applications or components Traditional Workload Components XML Java ™ Analytics Data Protection SOA Sensors Events Search Digital Media Encryption <ul><li>What is a workload? </li></ul><ul><ul><li>The relationship between a group applications and/or systems related across several business </li></ul></ul><ul><ul><li>functions to satisfy one or more business processes. e.g. Retail Merchandising, On-line Banking </li></ul></ul>
    5. 5. The competition says run it all on one platform – ONE SIZE FITS ALL <ul><li>While in theory, all workloads could run on a single platform, the reality is all platforms have a role to play </li></ul><ul><li>You need the data serving strengths of the mainframe, the security, the resiliency, the scalability </li></ul><ul><li>You need the computational strength of Power Systems ™ , for HPC and large scale application serving </li></ul><ul><li>You need the breadth of IBM System x ® , for front end applications , special function servers and a myriad of niche applications </li></ul>Creating a single platform infrastructure can be highly inefficient, ineffective and unsustainable in the long term Collaboration is the key to success
    6. 6. Applications that are competitive targets … Patterns of OLTP, web browsing, business analytics, work flow processing Banking Insurance Retail Healthcare Telco Public Sector Core Banking Internet Rate Quotes On-line Catalog Patient Care Systems Business Support Systems (BSS) Electronic Tax Reporting Wholesale Banking – Payments Policy Sales & Management (e.g. Life, Annuity, Auto) Supply Chain Management On– line Claims Submission & Payments Operation Support System (OSS) Web based Social Security Customer Care & Insight Claims Processing Customer Analysis
    7. 7. These workloads have recognizable patterns Multi-Tier Web Serving <ul><li>Database (z) </li></ul><ul><li>DB2 for z/OS or IMS </li></ul><ul><li>Application (Power /UNIX) </li></ul><ul><li>WebSphere </li></ul><ul><li>JBoss </li></ul><ul><li>Presentation (x86) </li></ul><ul><li>WebSphere </li></ul><ul><li>Apache / Tomcat </li></ul><ul><li>Database (z) </li></ul><ul><li>DB2 for z/OS </li></ul><ul><li>Application (Power / UNIX) </li></ul><ul><li>WebSphere </li></ul><ul><li>JBoss </li></ul><ul><li>Database (z) </li></ul><ul><li>DB2 for z/OS </li></ul><ul><li>Application (z) </li></ul><ul><li>WebSphere </li></ul><ul><li>Application (x86) </li></ul><ul><li>WebSphere </li></ul><ul><li>Apache / Tomcat </li></ul><ul><li>Database (z) </li></ul><ul><li>DB2 for z/OS, IMS </li></ul><ul><li>Transaction Processing (z) </li></ul><ul><li>CICS, MQ </li></ul><ul><li>Application (Power /UNIX) </li></ul><ul><li>WebSphere </li></ul><ul><li>JBoss </li></ul><ul><li>WebLogic </li></ul><ul><li>Presentation (x86) </li></ul><ul><li>WebSphere </li></ul><ul><li>Windows </li></ul>Data Warehouse & Analytics <ul><li>Master Data Management </li></ul><ul><ul><li>Database (z) </li></ul></ul><ul><ul><ul><li>DB2 for z/OS </li></ul></ul></ul><ul><ul><li>Application (z) </li></ul></ul><ul><ul><ul><li>WebSphere MDM (AIX, Linux on z) </li></ul></ul></ul>SAP <ul><li>Database (z) </li></ul><ul><li>DB2 for z/OS </li></ul><ul><li>Application (z) </li></ul><ul><li>Linux ® for z </li></ul><ul><li>Database (z) </li></ul><ul><li>DB2 for z/OS </li></ul><ul><li>Application (Power) </li></ul><ul><li>AIX ® </li></ul><ul><li>Database (z) </li></ul><ul><li>DB2 for z/OS </li></ul><ul><li>Application (x86) </li></ul><ul><li>Linux for x86 </li></ul><ul><li>Analytics </li></ul><ul><ul><li>System z/OS </li></ul></ul><ul><ul><ul><li>DB2 </li></ul></ul></ul><ul><ul><ul><li>Cognos ® (Soon!) </li></ul></ul></ul><ul><ul><ul><li>SAS </li></ul></ul></ul><ul><ul><li>Linux for System z </li></ul></ul><ul><ul><ul><li>Cognos </li></ul></ul></ul><ul><ul><ul><li>SPSS </li></ul></ul></ul><ul><ul><ul><li>InfoSphere ™ Warehouse </li></ul></ul></ul>Core Applications <ul><li>Database (z) </li></ul><ul><li>DB2 ® for z/OS ® , IMS ™ </li></ul><ul><li>Application (z) </li></ul><ul><li>CICS ® </li></ul><ul><li>COBOL </li></ul><ul><li>WebSphere ® </li></ul><ul><li>Database (z) </li></ul><ul><li>DB2 for z/OS </li></ul><ul><li>Oracle on Linux for z </li></ul><ul><li>Application (z) </li></ul><ul><li>WebSphere </li></ul>
    8. 8. There are patterns for security as well Professional Services Managed Services Hardware & Software Authentication Access Control Data Privacy Audit/Compliance Registration/Enrollment Incident and Event Management Strategy: zEnterprise as a control point for the Enterprise Common Policy, Event Handling and Reporting The IBM Security Framework Security Governance, Risk Management and Compliance Security Governance, Risk Management and Compliance People and Identity Data and Information Application and Process Network, Server, and End-point Physical Infrastructure
    9. 9. zEnterprise: Full Value for Your IT Infrastructure Virtualization Centralize Management of virtual servers across a heterogeneous pool > 100,000 virtual servers in a single zEnterprise System Efficiency Economies of scale for Labor, software and environmental costs Reduce labor, energy, and development costs, by up to 70%, 90%, and 20% (respectively) Availability Resiliency management and fewer points of failure Fault tolerant and fault avoiding servers Centralized workload management aligned to business priorities Scalability Ability to meet massive demands from users and data Process up to a Trillion instructions per second with a single zEnterprise System Security industry leading security at the core of an integrated infrastructure Identifies potential fraud in Real Time
    10. 10. Agenda <ul><li>The Value of zEnterprise </li></ul><ul><ul><li>What the computer does vs. what the computer is </li></ul></ul>
    11. 11. Continued WebSphere optimizations for z/OS From then to now <ul><li>Continued investment to optimize WebSphere software for z/OS environment </li></ul><ul><ul><li>1.35 times performance improvement for JPA 2.0 applications that exploit the caching features available in WebSphere Version 7, and the WebSphere Version 7 JPA Feature Pack </li></ul></ul><ul><ul><li>Uplevel to zEnterprise hardware produces 1.43 times performance improvement </li></ul></ul><ul><ul><li>From then to now – 1.93 times performance improvement </li></ul></ul>System z10 Announce zEnterprise Hardware Then Now WebSphere Version 7 Announce DayTrader 2.0 No Caching WebSphere Version 7.0.0.9 JPA Feature Pack DayTrader 2.0 Data Caching System z10 EC zEnterprise
    12. 12. The Most Efficient Platform for Large Scale Consolidation: Linux on zEnterprise <ul><li>Lower acquisition costs of hardware and software vs distributed servers* </li></ul><ul><li>Less than $1.00/day per virtual server (TCA)* </li></ul><ul><li>Reduce floor space by up to 90% compared to distributed servers* </li></ul><ul><li>Reduce energy consumption by up to 80% compared to distributed servers* </li></ul><ul><li>Consolidate 40 Oracle server cores to 2 Linux Cores on zEnterprise </li></ul>* Distributed server comparison is based on IBM cost modeling of Linux on zEnterprise vs. alternative distributed servers. Given there are multiple factors in this analysis such as utilization rates, application type and local pricing, etc.; savings may vary by user 74% less than Nehalem 39% less than Nehalem
    13. 13. Imagine the possibilities….. An operational advantage you can turn into a business advantage <ul><li>Business Problem </li></ul><ul><ul><li>Data warehouse can detect trends, but not necessarily prevent fraud or upgrade transactions in real time because data is copied in bulk or batch mode </li></ul></ul><ul><li>Insight instead of Hindsight </li></ul><ul><ul><li>Opens up opportunities for real time analytics </li></ul></ul><ul><ul><ul><li>Preventing fraud </li></ul></ul></ul><ul><ul><ul><li>Making business analytic decisions faster </li></ul></ul></ul><ul><ul><li>Improved performance and lowers cost </li></ul></ul><ul><ul><li>Uses blade-based specialty processors, storage for warehouse workloads </li></ul></ul><ul><ul><li>Boosts overall query performance up to 80x </li></ul></ul><ul><ul><li>Customers could see a 40% reduction in storage utilization </li></ul></ul><ul><ul><li>Supports in-memory column store for parallel star schema queries </li></ul></ul><ul><ul><li>Uses column-based compression to minimize storage needs </li></ul></ul><ul><ul><li>Unchanged interfaces to DB2 for z/OS and thus no changes to the BI/DW applications </li></ul></ul><ul><ul><li>Provides capability to perform both transactional (OLTP) and warehousing (OLAP) type of queries in the same database management system </li></ul></ul>Blades zEnterprise ISAO or Decision Support Transform Z196 Claims POS Credit/Debit DB Cognos On Linux
    14. 14. Application Architecture: The Complexity of Distributed <ul><li>Business Objectives </li></ul><ul><li>A bank has four basic transactions </li></ul><ul><ul><li>Credit, Debit, Transfer, Inquiry </li></ul></ul><ul><li>And they have a variety of choices for front end interface </li></ul><ul><ul><li>ATM, Branch Terminal, Kiosk, Web browser, PDA, Cellphone </li></ul></ul><ul><li>Customer uses a Bladecenter to drive multi channel transformation </li></ul><ul><li>The back end processing remains the same regardless of the presentation device </li></ul><ul><li>Fully Distributed Model (if deployed) </li></ul><ul><li>Each application becomes a cluster of server images and must be individually authenticated and managed </li></ul><ul><li>Each line is a separate network connection, requiring high bandwidth and protection </li></ul><ul><li>Data is replicated across enterprise to meet scalability </li></ul><ul><li>Customer deploys/builds automation processes to facilitate system recovery with additional software – this is not trivial and requires additional software and unique development </li></ul><ul><li>High environmental needs and full time employees to manage infrastructure </li></ul>Application Servers WebSphere ® Service Platform Database Connectors SQLJ Service Message Servlet Loan Applic. Bank Teller General Ledger Credit Card Processing Risk Analysis Service Service Connectors/Appliances Current Accounts Batch Programs Bill Payment Database SQLJ Currency Exchange Temp data to Electronic Data Warehouse Batch Process RMI/IIOP EJB WAS Bill Payment EJBs Authentication Server Mgt Mgt Mgt Mgt Mgt Mgt Mgt Mgt Mgt Mgt Mgt Mgt Mgt Management Considerations for an enterprise Authentication Alert processing Firewalls Virtual Private Networks Network Bandwidth Encryption of data Audit Records/Reports Provisioning Users/Work Disaster Recovery plans Storage Management Data Transformations Application Deployment How does the Virtualization Manager improve these?
    15. 15. Application Architecture: A Large Enterprise <ul><li>zEnterprise Combinations – reducing control points </li></ul><ul><li>Assumes the Bladecenter for the multi channel transformation </li></ul><ul><li>Can leverage Websphere on either Linux for System z or z/OS </li></ul><ul><li>The Bladecenter functionality can be migrated to zBX in the future </li></ul><ul><li>TCA and TCO advantages over distributed </li></ul><ul><li>It’s the very same programming model in a different container that provides a superior operations model </li></ul>End User – Hosted Client Application Server Service Platform Desktop Framework Devices Websphere Service Platform Database Connectors SQLJ Service Message Servlet Loan Applic. Bank Teller General Ledger Credit Card Processing Risk Analysis Service Service Connectors Current Accounts Banking Portal Device Apps. XML over HTTP(S) Middleware Services Batch Programs Bill Payment Database SQLJ Desktop Framework Services Personalization Service Systems & Databases MQ Currency Exchange Temp data to Electronic Data Warehouse Batch Process RMI/IIOP EJB WAS Bill Payment EJBs Authentication Server System zEnterprise Potential advantages of consolidating your application and data serving <ul><li>Security Fewer points of intrusion </li></ul><ul><li>Resilience Fewer Points of Failure </li></ul><ul><li>Performance Avoid Network Latency </li></ul><ul><li>Operations Fewer parts to manage </li></ul><ul><li>Environmentals Less Hardware </li></ul><ul><li>Capacity Management On Demand additions/deletions </li></ul>With IFL With zAAP & zIIP <ul><li>Utilization Efficient use of resources </li></ul><ul><li>Scalability Batch and Transaction Processing </li></ul><ul><li>Auditability Consistent identity </li></ul><ul><li>Simplification Problem Determination/diagnosis </li></ul><ul><li>Transaction Integrity Automatic recovery/rollback </li></ul><ul><li>Security Fewer points of intrusion </li></ul><ul><li>Connectivity Improved throughput </li></ul><ul><li>Simplification Problem Determination/Monitoring </li></ul><ul><li>Development Consistent, cross platform tools </li></ul>With zBX
    16. 16. Agenda <ul><li>What happens when there isn’t collaboration? </li></ul><ul><ul><li>How computing silo’s create operational risk </li></ul></ul>
    17. 17. Customer Problem Wireless Store Infrastructure HQ Regional Data center <ul><li>Branch uses WEP for LAN activity </li></ul><ul><li>Processes cards with banks </li></ul><ul><li>Hacker plugs in and gets copies of all transactions </li></ul><ul><li>Problem detected and branch systems get fixed </li></ul><ul><li>Mainframe doesn’t appear affected by distributed leaks </li></ul><ul><li>Hypothesis: Mainframe could help secure end users if they use good procedures </li></ul><ul><li>Branch managers run inventory transactions to mainframe </li></ul><ul><li>No encryption on sign in </li></ul><ul><li>No audit records analyzed </li></ul>? ? ? ? ? ? ? ? ? Bank Hacker Branch Manager Point of Sale Point of Sale
    18. 18. Real World Customer Problems <ul><li>That problem could never happen at my business </li></ul><ul><ul><li>Wrong – this problem can occur anywhere there is a change in security administrative control </li></ul></ul><ul><li>The weakest link in an enterprise is typically the end user interface </li></ul><ul><ul><li>Virus, worms, Trojan Horses enable someone to hijack the end user interface </li></ul></ul><ul><ul><li>In turn, that hijacked desktop can be used to log into any other server </li></ul></ul><ul><ul><ul><li>Is it “really the authorized end user”? Perhaps not. </li></ul></ul></ul><ul><ul><ul><ul><li>That’s a large risk to a business. </li></ul></ul></ul></ul><ul><li>Outsourcers and mainframe IT operations have SLA’s that protect the data they host on their systems. </li></ul><ul><li>Do their customers and end users have SLA’s that specify minimum desktop security? Do they manage Desktops and mainframes together? </li></ul><ul><ul><li>Typically not – as a result, there is a major risk that a compromised end user interface can result in compromised mainframe access. </li></ul></ul><ul><li>Our Goal is to look at security management across these domains </li></ul>
    19. 19. Examples of End to End Security Wireless Business Infrastructure HQ Outsourcer <ul><li>Mainframe Userid and Password Encryption via Host on Demand </li></ul><ul><li>Virtual Private Network encryption (which exploits the zIIP) </li></ul><ul><li>Audit and anomaly detection via TCIM </li></ul><ul><li>Fraud Forensics, Analysis and Prevention via Intellinx (which exploits the zAAP) </li></ul><ul><li>LAN encryption via WPA which exploits z/OS PKI </li></ul><ul><li>z/OS PKI deployment with Global Services </li></ul><ul><li>PKI management via Venafi </li></ul>zIIP ? ? ? ? ? ? ? ? ? zAAP z/OS PKI Services Bank Regional Data center Branch Manager Point of Sale Point of Sale Hacker Or Insider Compliance Insight Manager Global Services: Security & Privacy Consulting
    20. 20. Agenda <ul><li>Real Customers – Real Value </li></ul><ul><ul><li>Our initial learning from studies done with clients like you </li></ul></ul>
    21. 21. Large European Bank – Internet Banking (today) <ul><li>Today’s Environment </li></ul><ul><li>System z with CICS, IMS and DB2 for data serving and core business logic, using WebSphere on Power for additional business logic and presentation capability; Web servers on System x Blades running Linux </li></ul><ul><li>Challenges/Issues </li></ul><ul><li>Extremely complex environment </li></ul><ul><li>Majority of maintenance applied to systems manually </li></ul><ul><li>Several single points of failure </li></ul><ul><li>Bank presence in multiple countries across Europe and are maintaining different infrastructures based on acquisitions </li></ul>
    22. 22. Large European Bank – Internet Banking (tomorrow) The Environment with zEnterprise Integrate core business logic and data serving on System z (IMS/CICS/DB2) with IBM Blades; POWER 7 Blades running WebSphere and System x Blades as virtualized Linux based Web Servers, all managed in a zBX. Business Advantage Simplification and standardization of the environment will allow bank to be more flexible responsive to local country banks adding functionality and growing banking revenue . Operational Advantage A single management and policy framework across Web serving, transactions and database to lower the cost of enterprise computing Mainframe Quality of Service characteristics will be extended to application servers to manage risks The dynamic resource management of the mainframe is extended to all devices within a multi-tier architecture to improve quality of services Organizational Advantage Reduce level of manual coordination , freeing up staff to train and focus on backlog of business application function development HMC – Unified Resource Manager PR/SM PR/SM zEnterprise Blade Extension PowerVM ™ x86 Power SE SE Virtual Machine z/OS Virtual Machine z/OS Virtual Machine z/OS Virtual Machine z/OS AIX AIX AIX xHyp Linux Linux Linux AMM Virtual Machine z/OS
    23. 23. US Healthcare Provider – Information Hubs (today) ASP ASP z/OS IMS SOAP Gateway MQ IMS TM IMS DB .net Windows z/OS IMS SOAP Gateway MQ IMS TM IMS DB Power - AIX MDM WebSphere Member Hub Provider Hub Product Hub Service Layer z/OS <ul><li>Today’s Environment </li></ul><ul><li>Master Data Management Server is running on AIX today on Power servers front ending multiple data stores on DB2 on z/OS and IMS </li></ul><ul><li>Challenges/Issues </li></ul><ul><li>Client grew through acquisitions and has multiple systems – looking to consolidate data and systems to reduce complexity and the number of systems to update </li></ul><ul><li>Challenged to support new industry mandates </li></ul><ul><li>Need to standardize on platforms to reduce complexity for dev/test/prod </li></ul><ul><li>Need to reduce the time required to configure a new dev/test environment </li></ul><ul><li>Need ability to monitor the end-to-end transaction flow to determine bottlenecks </li></ul><ul><li>New Application – Some architectural choices still being investigated </li></ul>
    24. 24. US Healthcare Provider – Information Hubs (tomorrow) The Environment with zEnterprise Consolidate information into ‘information hubs’ that will be used by all aspects of the business. Two options being considered for Master Data Management using DB2 on z/OS for consolidated data store, with WebSphere on either AIX or Linux for System z. <ul><li>Operational Advantage </li></ul><ul><li>Application and Data Proximity </li></ul><ul><li>Flexibility of architectural choices as designs are selected for performance and cost </li></ul><ul><li>Network –high speed, private, possible opportunity for reduced requirements for firewalls and encryption </li></ul><ul><li>Allows for virtualization across multiple tier workloads </li></ul><ul><li>Consistency /Standardization of OS/middleware/application reduces variations in test </li></ul><ul><li>Consolidate floor space, reduced energy costs </li></ul><ul><li>Business Advantage </li></ul><ul><li>Consolidation and Simplification will provide client agility to better compete in the highly volatile and competitive healthcare industry. </li></ul>zOS/WGS IMS SOAP Gateway MQ IMS TM IMS DB P7 - AIX MDM WebSphere Member Hub Provider Hub Product Hub Service Layer zOS Option B zEnterprise with POWER7 Blades zBX zOS/WGS IMS SOAP Gateway MQ IMS TM IMS DB MDM WebSphere Member Hub Provider Hub Product Hub Service Layer zOS Option A zEnterprise with MDM on Linux for System z System z z/VM RHEL 5 for System z ASP ASP z/OS IMS SOAP Gateway MQ IMS TM IMS DB .net Windows ASP ASP z/OS IMS SOAP Gateway MQ IMS TM IMS DB .net Windows
    25. 25. Payment Services IBM Confidential until Announcement A unique national digital identity card project implemented on a country-wide scale <ul><li>Business Need: </li></ul><ul><li>Payment Business Services (PBS) won the contract for implementing and running a digital </li></ul><ul><li>signature (PKI) infrastructure for the national danID in Denmark. </li></ul><ul><li>To meet the needs of the client, PBS had to be able to accommodate the following: </li></ul><ul><ul><li>Same userid and logon-id procedure for both the public and the banking infrastructure. </li></ul></ul><ul><ul><li>Access from any computer. </li></ul></ul><ul><ul><li>Improved security of a two-factor-authentication with a one-time password. </li></ul></ul>Benefit: This solution allows all Danish citizens to sign-on and perform digital signatures banking and public systems using a single shared one-time password (OTP) device. It is an innovative solution combining a general purpose engine, specialty engines and hybrid-accelerators, used together to improve the price/performance ratio. IBM provides the operational platform for the digital signature infrastructure. The IBM System z9 Enterprise Class server running z/OS is the platform for development, test and production. IBM developed cryptographic security based on mandated security regulations.
    26. 26. <ul><ul><li>A few thoughts about a way forward </li></ul></ul><ul><li>Collaboration is a key to success. It provides: </li></ul><ul><ul><li>Business advantage </li></ul></ul><ul><ul><li>Operational advantage </li></ul></ul><ul><ul><li>Organizational advantage </li></ul></ul><ul><ul><li>a more secure environment </li></ul></ul><ul><ul><ul><li>… thanks for joining us today </li></ul></ul></ul>
    27. 27. Questions?
    28. 28. Trademarks The following are trademarks of the International Business Machines Corporation in the United States and/or other countries. The following are trademarks or registered trademarks of other companies. * Registered trademarks of IBM Corporation * All other products may be trademarks or registered trademarks of their respective companies. Intel is a trademark of Intel Corporation in the United States, other countries, or both. Upromise is a registered trademark of Sallie Mae, Inc. Java and all Java-related trademarks and logos are trademarks of Sun Microsystems, Inc., in the United States and other countries Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Microsoft, Windows and Windows NT are registered trademarks of Microsoft Corporation. Red Hat, the Red Hat &quot;Shadow Man&quot; logo, and all Red Hat-based trademarks and logos are trademarks or registered trademarks of Red Hat, Inc., in the United States and other countries. Notes : All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions. This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area. All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography. AIX* CICS* Cognos* DataPower* DB2* e-business logo* IBM* IBM logo* IMS InfoSphere POWER7 Power Systems PowerVM System z System x WebSphere* zEnterprise z/OS* z/VM* ZSP03409-USEN-00

    ×