MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically with MongoDB on LinuxONE

Keep your Business Safe
and Scaling Holistically with
MongoDB on LinuxONE
Marcel Mitran
IBM Distinguished Engineer, CTO IBM LinuxONE
mmitran@ca.ibm.com
Systems / LinuxONE / Copyright 2019 IBM Corp.

IBM Cloud Z - Hyper Protect Services | © 2019 IBM Corporation
trust
transitive verb
ˈtrəst
1a: to rely on the truthfulness or
accuracy of
b: to place confidence in
c: to hope or expect confidently
soon
2a: to commit or place in one's care
or keeping
b: to permit to stay or go or to do
something without fear or misgiving
https://www.merriam-webster.com/dictionary/trust
In whom or what
do you trust?
What is most
important to you?

Your EnterpriseThird Party
Agents in an Cloud Environment: Who do you trust?
Mr. Malicious
Cloud SRE
Application Admin
Government Agent
Network Admin
Application User
Database Admin
Developer
Hardware Vendor Software Vendor Storage
Admin
Доверяй, но проверяй; Doveryai, no proveryai)

The only people you can truly trust…
…are those who do not have your best interests at heart. People make mistakes, people can be corrupted.
Your EnterpriseThird Party
Mr. Malicious
IBM Cloud SRE
Application Admin
Government Agent
Network Admin
Application User
Database Admin
Developer
Hardware Vendor Software Vendor Storage
Admin
How do you establish trust in an untrusting ecosystem?

Significant breaches…
Who is next?
IBM LinuxONE / Secure Cloud / © 2019 IBM Corporation
Late 2016
57 million driver and rider
accounts compromised
$100,00 ransom to hackers
Paid $148M to settle claims
July 2017
Website breach
145.5 million people affected
Feb 2018
Kubernetes Container
Management console not
password protected
June 2018
Disgruntled Employee with
“higher system privileges than
necessary”
https://www.equifaxsecurity2017.com/
https://www.eweek.com/cloud/tesla-cloud-account-data-breach-revealed-in-redlock-security-report
https://www.securityweek.com/tesla-breach-malicious-insider-revenge-or-whistleblowing
https://www.nytimes.com/2017/11/21/technology/uber-hack.htm
http://news.marriott.com/2018/11/marriott-announces-starwood-guest-reservation-database-security-incident/
https://www.newsweek.com/amazon-capital-one-hack-data-leak-breach-paige-thompson-cybercrime-1451665
5
NSA 2013
Copied and leaked classified information
leveraging SysAdmin privileges
Capital One
July 2019
PI of ~106 million customers and
applicants exposed
1 million Canadian Social
Insurance Numbers
140,00 social security numbers
80,000 linked bank account
numbers

6
Bithumb (Jun 18), 32
Bitpoint (Jul 19), 32
Youbit (Dec 17), 35
Coinrail (Jun 18), 40
Binance (May 19), 41
Zaif (Sep 18), 50
Bitfinex (Aug 16), 72
BitGrail (Feb 18), 170
Mt Gox (Feb 14), 450
Coincheck (Jan 18), 535
0 100 200 300 400 500
Losses in Millions USD
Digital asset custody breaches

Digital assets are
cryptographically secured with
a public and private key pair.
A public key is like a mailbox, everyone can see it and
anyone can send digital assets to it.
The private key is like the key to that mailbox, the owner
can open it and access what’s inside.
If you hold the private key, you own the digital assets at
the corresponding public key address.
7

trading
trading
Alice‘s
account
Bob’s
account
NEM
accounts
Attacker
NEM blockchain
network
hot wallet
XEM
Coincheck
NEM
Private Key
NEM
Wallets
Used stolen private
key to send 535M USD
XEM to attacker wallet
Problem 1:
all NEM/XEM stored
in single hot wallet
Problem 2:
lack of multi-signature
authorization
Problem 3:
Private keys not protected
Coincheck hack
8

9
App C
Bins/Libs Bins/Libs
Docker
Linux Host OS
X86 Infrastructure
Docker Container
AttackerDocker Group
Hot Wallet
1
Access the Docker Group to which the user is a
member (many Docker Groups have hardcoded
credentials for ease of use)
Obtain root level system access and, as a
superuser, run this command:
2
3
4 Trade funds from the exchange’s hot wallet to
attacker’s wallet
$ docker run -v /home/${USER}:/h_docs ubuntu bash
-c "cp /bin/bash /h_docs/rootshell && chmod 4777
/h_docs/rootshell;" && ~/rootshell -p
Obtain a system administrator’s account credentials:
• Social Engineering / Credential Reuse
• Account Takeover of Cloud Hosting
• Application Vulnerability
Permission Exploit

How do you trust hardware & infrastructure?

You need a Big Trusted Execution Environment
11
16 TB Intel Software Guard Extensions (SGX)
0.00012 TB
IBM Secure Service
Container (SSC)

12
Hardware Security Modules (HSM)s are physical computing devices
that safeguard and manage digital keys for strong authentication and
provides cryptoprocessing.
Come in the form of a plug-in card or an external device that attaches
directly to a computer or network server
Provide onboard secure true random number cryptographic key
generation (TRNG), storage, digital signature and management.
LinuxONE III now supports two HSMs per card
IBM invented royalty free commercial
cryptography. Since 1977 global payment card
networks, ATM operators, and central bank
clearing systems have secured tens of trillions
of dollars of wealth using IBM HSMs
And a way to protect your private keys

We secure applications in the Secure Service Container
13
IBM Secure Service Container (SSC)
Evil
Admin
REST
API
MongoDB running in
protected memory
Isolated Hyper
Protect Runtime
MongoDB running in
protected memory
Isolated Hyper
Protect Runtime
Secure Key FIPS 197 AES-256 encryption
Administrators and applications
must use white labeled Rest API
No command line
$ docker run –v…
Secure
Shell (SSH)
Encrypted
communications
Encrypted
IBM Flash
Storage
Firmware
Tamper-proof
SSC Secure Boot

And protect our keys with an HSM that instantly destroys the master keys upon
tamper detection, guaranteeing against loss to attackers
15
Tamper-evident physical
security features (seals)
on enclosed card
FIPS 140-2
Level 2
FIPS 140-2
Level 3
FIPS 140-2
Level 4
Level 2 + Tamper detection
and response for covers and
doors*
Complete 360 degree envelope of protection
and response by destroying keys
IBM Crypto Express 6S
Unique to IBM:100 Nano second response &
error-code correcting (prevents key loss due to
CPU processing faults)* Some Level 3 vendors include key destruction, Level 3+

16
IBM Secure Service Container
Secure Key FIPS 197 AES-256 encryption
Secure Service Container
Secure Key 2
HSM Master Key
Storage Secure Key 1
Docker Container Secure Key 3
Layers of
Encryption
Isolated Hyper
Protect Runtime
IBM Crypto
Express 6s HSM
Trusted
Key Entry
0110101..
True RNG
1. Master Key wrapped AES-256
bit key for storage and backups
bit key for Secure Service
Container encryption
bit key for Individual Docker
container applications.
Encrypted
IBM Flash
Storage
Encrypted
Communications
Encrypted IBM Cloud
Object Store Backup
Encrypted
Communications
MongoDB
MongoDB
Reporting
Protected by
LinuxONE
Secure Private Cloud Platform
Security
Policy
Wallets
No key export. Master keys are
simultaneously generated in
multiple HSMs
Isolated Hyper
Protect Runtime

Secure Private Cloud Platform
17
IBM Crypto
Express 6s
FIPS 140-2
Level 4
IBM Secure
Service
Container
(SSC)
Trusted Key Entry (TKE)
8-16 Biometric
Smart Cards
(EAL 7 certified)
Same Master Key deployed in multiple HSMs simultaneously
(no need to export/import)
Encrypted flash storage replication (optional)
Encrypted Cloud
Object Store SSC &
Storage Backup
Wallets & Other
apps/db
EP11 HSM API
Digital Assets Protected by
LinuxONE
Storage
Wallets & Other
apps/db
EP11 HSM API
Storage
Production Back-up
Digital Assets Protected by
LinuxONE

LinuxONE - Super-Scalable and Elastic System
Extreme Virtualization and Scale
• Hypervisor partitioning built into firmware
Complete isolation – EAL5+
• 85 hypervisors– z/VM or KVM
1k Linux guests/hypervisor
+2 million docker containers
17TB MongoDB
• Hypervisor communication is via fast, in-memory sockets
Hipersockets or Shared-OSA
3x less latency than discrete servers
• Massive dedicated I/O – 768 power pc co-processors
• 960 MB L4 cache, 5.2Ghz core, dual-TLBs, crypto acceleration
Super Elastic System
• add/remove resources from Linux guest
• Non-disruptively add/remove Linux guests
Compose high-performance, secure and scalable applications.
Dynamically and seamlessly re-allocate resources.
Scale-up data-serving + scale-out app-serving + right-time analytics for powerful engagement
LinuxONE Hardware
HiperSocket LAN / Shared OSA
Linux guest
Docker Docker Docker Docker
…
LPAR1 LPAR2 / KVM
Scale-out
Scale-up
Linux
guest
LPAR3 / zVM
Linux
guest
© 2019 IBM Corporation

Scaling-up with MongoDB on LinuxONE
MongoDB node on LinuxONE scales up to 17TBs with
sustained throughput and response time <5ms,
while supporting +4 Billion documents, 460,000
reads+writes/second, with no sharding required!
“We are committed to make MongoDB available on all major
platforms and are excited to add support for IBM LinuxONE
Enterprise Grade Linux and LinuxONE Platform. This
announcement is a leap forward for customers who want to
deploy modern, mission-critical applications built with
MongoDB and take advantage of the performance, scalability
and security of IBM’s LinuxONE platform hardware
products.”
--- Eliot Horowitz CTO & Founder, MongoDB
© 2019 IBM Corporation

MongoDB Scale-up on LinuxONE III vs. Scale-out on x86
21
Systems / LinuxONE / © 2019 IBM Corporation
Disclaimer: Performance results based on IBM internal tests running YCSB 0.10.0 benchmark (read-mostly) on MongoDB
Enterprise Release 4.0.6 with 3-node replication. On LinuxONE III MongoDB was setup without sharding. On x86 MongoDB
was setup with four shards. Results may vary. x86 config: 5 Intel® Xeon® Gold 6140 CPU @ 2.30GHz with Hyperthreading
turned on, 128 GB memory, 2 TB local RAID5 SSD storage, SLES12 SP4 running MongoDB, driven remotely by YCSB using 5
x86 server with total 512 threads LinuxONE III configuration: LPAR with 4 dedicated cores and 2 LPARs with each 1 core, each
with SMT and 128 GB memory, 5 TB FlashSystem 900 storage, SLES 12 SP4 (SMT mode) running MongoDB, driven remotely
by YCSB using 4 x86 servers with total 512 threads.
Run the Yahoo Cloud Serving Benchmark
(YCSB) on MongoDB without sharding on
IBM LinuxONE III with 6 cores in total
and achieve the same throughput as on
MongoDB with 4 shards on compared
x86 systems with 60 cores in total, which
provides a 10:1 core consolidation ratio
in favor of LinuxONE III
Preliminary results, final results may vary

22
IBM LinuxONE III with up to 3.7x better
read latency and 2.4x better write
latency than on MongoDB with four
shards on compared x86 systems
2.4x
3.7x

Hyper Protect Services

• Data owner maintains complete control over data
o Industry-leading data confidentiality through
built-in workload isolation, restricted administrator
access, tamper protection against internal threats
o Not even IBM cloud admins have access to your
customer data
• Easily provision secure data stores for sensitive data
without specialized skills
o Standard APIs to provision, manage, maintain and
monitor multiple database types
o Integrates with IBM Cloud services for access
management, logging and monitoring
• High availability and reliability for mission critical
applications
• Industry & Compliance Certifications *
o GDPR, ISO 27001, 27017, 27018, HIPAA
IBM Cloud
Hyper Protect DBaaS
Provision and manage highly
secure, high volume databases*
for your sensitive data
* MongoDB EE and PostgreSQL
Complete data confidentiality for your
sensitive data
Available in Dallas, Frankfurt
Built On
secure enclaves

IBM Cloud Hyper Protect DBaaS © 2019 IBM Corporation
IBM LinuxONE Secure Service Container (SSC) provides
workload isolation, restricted administrator access and
tamper protection against internal threats
No system admin access
• Once the appliance image is built, OS access (ssh) is not
possible
• Only remote API access available
Signed docker images
• Docker-base stack inherits security without any code
changes
• Trusted and attested images prevent access to data
Pervasive encryption
• Encryption at rest: Encrypted disk, database, transaction log
files, associated backups *
• Runtime encryption: Debug data (dumps) encrypted
Highest level of protection
for customer data in the
industry
Secure
Service
Container
IBM Z/LinuxONE platform
Secure
Service
Container
DBaaSManager
Container
DBaaSManager
Container
Isolated Container
Runtime Environment
MongoDB
Container
PostgreSQL
Container
<Other>
Container
Secure Service Container

• 3 replicas by default
• IBM Cloud Service Level Agreement (SLA) of at least
99.95% availability
• Automatic daily backups stored in the local storage
• Recovery via cloud tracking request
• Integration with IBM Monitoring for IBM SREs to monitor the
health of the system
High Availability
Hyper Protect Pod (one per Availability Zone)
IBM LinuxONE Rockhopper II systems with:
• 30 processor cores
• 4 TB of RAM (expandable to 8)
• IBM FlashSystem 9150 NVMe-storage systems with at least 100TB
Each IBM Cloud Region
• Consists of three Hyper Protect pods, each installed in an unique
Availability Zone
• Results in a clustered topology with high resilience and low latency
Local Storage
FollowerLeaderFollower
Customer 2 Namespace
Customer 3
Namespace
Within an IBM Cloud Region
Availability Zone B Availability Zone CAvailability Zone A
Daily backups
Customer 1 Namespace
Multi Zone Regions supported
• Dallas and Frankfurt
• Additional MZRs in plan for 2019
Default HA configuration:

Fully Managed Solution
• 24x7x365 support from IBM Cloud
• Non disruptive version upgrades
• Host, storage and network monitored by IBM SRE team
Reliability for
mission critical
applications
Performance
• Performance roughly 2x to
x86 based clouds
Scalability
• Vertical scalability up to
machine limits
• Very large memory sizes (up to
16 TB RAM with z14) allow for
large single instance in-memory
DBs
• Ability to scale large databases
with no sharding

Example opportunity from the automotive industry ...
DataRuntime
More detailed information about this case can be found at
https://w3-03.ibm.com/services/lighthouse/documents/134286
Storage of classified data in
the cloud is an important
threat for our customers
-> HPDBaaS provides the
answer to customers needs
and unlocks their path to
cloud
Having a place to store the
highly sensitive datasets
allows the entire application
to move to the cloud as well
Classified
data
Non-classified
data

IBM, Bank of America Team Up on Public Cloud Aimed at Banks
Service is designed to meet the sector’s regulatory and compliance requirements
29
IBM has designed the world’s first financial
services-ready public cloud to address FSS
institutions’ requirements for regulatory
compliance, security and resiliency. IBM will
welcome financial services institutions, and
their suppliers, to join the financial services-
ready public cloud. As its first collaborator,
Bank of America will use the platform built on
IBM’s public cloud to host key apps and
workloads.
Hyper Protect
Crypto Services
Keep your own keys for
cloud data encryption
protected by a dedicated
cloud HSM*
Hyper Protect
DBaaS
Complete data
confidentiality for your
sensitive data
Hyper Protect
Virtual Servers
Instantiate Linux VMs with
own public ssh key to
maintain exclusive access
to code and data
Hyper Protect
Containers
Build and deploy micro
services within a hyper
secure environment
IBM Cloud Hyper Protect Services
Industry-leading security for Cloud data, digital assets and workloads
Built On LinuxONE secure enclaves
https://www.wsj.com/articles/ibm-bank-of-america-team-up-on-public-cloud-aimed-at-banks-11573016461
https://www.bizjournals.com/newyork/news/2019/11/08/ibm-wields-red-hat-tech-teams-with-bank-of-america.html
“Even people at IBM with deep access to the
cloud will not have access to the key” to unlock
a bank’s encrypted data”
-- Arvind Krishna, SVP IBM Cloud.
“The financial services-ready public cloud platform
taps into IBM's longstanding security and privacy
expertise — from its leading team of cryptographic
researchers, and its Hyper Protect capabilities which
provide the highest level of security with FIPS 140-2
Level 4 certification” -- Hillery Hunter, CTO IBM Cloud

LinuxONE III + MongoDB
Data Serving Data Security MongoDB Enterprise
Standardized & Flexible for the Cloud Datacenter
Delivering modular, scalable, and proven, cloud-ready infrastructure
Systems / LinuxONE / © Copyright 2019 IBM Corp.

Notices and Disclaimers
33
© 2019 International Business Machines Corporation. No part of this document may
be reproduced or transmitted in any form without written permission from IBM.
U.S. Government Users Restricted Rights — use, duplication or disclosure
restricted by GSA ADP Schedule Contract with IBM.
Information in these presentations (including information relating to products that
have not yet been announced by IBM) has been reviewed for accuracy as of the date
of initial publication and could include unintentional technical or typographical
errors. IBM shall have no responsibility to update this information. This document is
distributed “as is” without any warranty, either express or implied. In no event,
shall IBM be liable for any damage arising from the use of this information,
including but not limited to, loss of data, business interruption, loss of profit or loss
of opportunity. IBM products and services are warranted per the terms and
conditions of the agreements under which they are provided.
IBM products are manufactured from new parts or new and used parts.
In some cases, a product may not be new and may have been previously installed.
Regardless, our warranty terms apply.”
Any statements regarding IBM's future direction, intent or product plans
are subject to change or withdrawal without notice.
Performance data contained herein was generally obtained in a controlled,
isolated environments. Customer examples are presented as illustrations of how those
customers have used IBM products and the results they may have achieved. Actual
performance, cost, savings or other results in other operating environments may vary.
References in this document to IBM products, programs, or services does not imply that
IBM intends to make such products, programs or services available in all countries in
which IBM operates or does business.
Workshops, sessions and associated materials may have been prepared by independent
session speakers, and do not necessarily reflect the views of IBM. All materials and
discussions are provided for informational purposes only, and are neither intended to,
nor shall constitute legal or other guidance or advice to any individual participant or their
specific situation.
It is the customer’s responsibility to insure its own compliance with legal requirements
and to obtain advice of competent legal counsel as to the identification and
interpretation of any relevant laws and regulatory requirements that may affect the
customer’s business and any actions the customer may need to take to comply with such
laws. IBM does not provide legal advice or represent or warrant that its services or
products will ensure that the customer follows any law.

Notices and Disclaimers continued
34
Information concerning non-IBM products was obtained from the suppliers of those
products, their published announcements or other publicly available sources. IBM
has not tested those products about this publication and cannot confirm the accuracy
of performance, compatibility or any other claims related to non-IBM
products. Questions on the capabilities of non-IBM products should be addressed to
the suppliers of those products. IBM does not warrant the quality of any third-party
products, or the ability of any such third-party products to interoperate with IBM’s
products. IBM expressly disclaims all warranties, expressed or implied, including
but not limited to, the implied warranties of merchantability and fitness for a
purpose.
The provision of the information contained herein is not intended to, and does not,
grant any right or license under any IBM patents, copyrights, trademarks or other
intellectual property right.
IBM, the IBM logo, ibm.com and [names of other referenced IBM products and services
used in the presentation] are trademarks of International Business Machines
Corporation, registered in many jurisdictions worldwide. Other product and service
names might be trademarks of IBM or other companies. A current list of IBM trademarks
is available on the Web at "Copyright and trademark information" at:
www.ibm.com/legal/copytrade.shtml.

Pricing - IBM Cloud Hyper Protect DBaaS for MongoDB
NoSQL – MongoDB Enterprise Advanced v3.6.4
IBM Cloud Hyper Protect DBaaS for MongoDB
Size Memory Disk Price
MongoDB Free
(Free trial – by request only)
1 GB 2 GB $0.00/Month
MongoDB Small 32 GB 160 GB $2,950.00/Month
MongoDB Medium 64 GB 320 GB $5,790.00/Month
MongoDB Large 128 GB 640 GB $10,100.00/Month
Core Metrics
Topic Comment
Setup There is no setup fee
Free trial A no-charge trial is available for 30 days – Available by request only
Replicas Pricing includes 3 replicas by default for HA - supported by the clustered topology for each
database instance
Additional Packaging Information
• Fully supported by IBM, IBM will coordinate with
MongoDB for support
• Enhanced functionality when compared to MongoDB
CE
o Auditing (for compliance)
o Encryption
o Commercial License, Warranty, and Indemnification

• Data model
• Application integration
• Encryption key management*
• Query performance
• Resource allocation
• Access to DB logs
IBM Responsibilities Customer Responsibilities
• Networking
• Version upgrades
• Backups
• Host monitoring
• Disk encryption
• Infrastructure
• Instance Uptime
* As soon as BYOK support is given for HP DBaaS
Hyper Protect DBaaS
Operational Model

MongoDB Scale-Up on
LinuxONE III
37
• MongoDB scale-up on LinuxONE III vs. scale-
out on x86 cluster with replication

Setup on LinuxONE III
• 1TB aggregated database size
• 3-node replica set
• Journaling turned on
• Database to memory ratio 4:1
• No sharding on LinuxONE III
• 2 OSA cards
• 1 primary + 2 secondaries in 3 LinuxONE LPARs
• Flashsystem900 storage on LinuxONE III
Benchmark Setup
– 3x LinuxONE III LPARs, 4 cores for the primary and 1 or 2
cores per secondary, 128 GB memory per LPAR, FlashSystem
900 storage
• 1 shard (1 TB)
• 2 replica (each 1 TB)
– YCSB Benchmark read-mostly
– MongoDB 4.0.6 on SLES 12 SP4, write concern “majority”
– 2 driving blades with each 4 YCSB instances each with 64
threads, in total 512 threads
LinuxONE III Setup
LinuxONE III LPAR
MongoDB
Shard #0
Primary
FlashSystem
900
10 Gbit/s
LinuxONE III LPAR
LinuxONE III LPAR
MongoDB
Shard #0
Secondary #0
MongoDB
Shard #0
Secondary #1
x86 blade 0
YCSB 1
64 threads
YCSB 0
64 threads
YCSB 2
64 threads
YCSB 3
64 threads
x86 blade 1
YCSB 1
64 threads
YCSB 0
64 threads
YCSB 2
64 threads
YCSB 3
64 threads

39
39
Setup on x86
• 1TB aggregated database size
• 3-node replica set
• Database to memory ratio 6:1
• Sharding on x86
• 4 shards + 8 secondaries on 4
x86 server
• Local SSD storage on x86
Benchmark Setup
– 5 x86 Skylake each with 12 cores, 128 GB memory, local
SSDs (~ 1TB)
• Each server hosting 1 shard (256 GB) and 2 replica (2x
256 GB)
– YCSB Benchmark read-mostly
– MongoDB 4.0.6 (or newer) on SLES 12 SP4, write concern
“majority”
– 2 driving blades with each 4 YCSB instances each with 64
threads, in total 512 threads
x86 Cluster Configuration
x86 Server #0
(local SSDs)
x86 Server #1
(local SSDs)
x86 Server #2
(local SSDs)
x86 Server #3
(local SSDs)
x86 Server # 5
(local SSDs)
Router
(Mongos)
x86 blade 0
YCSB 1
64 threads
YCSB 0
64 threads
YCSB 2
64 threads
YCSB 3
64 threads
x86 blade 1
YCSB 1
64 threads
YCSB 0
64 threads
YCSB 2
64 threads
YCSB 3
64 threads
Shard #0
Primary
Shard #3
Secondar
y #0
Shard #1
Primary
Shard #0
Secondar
y #0
Shard #2
Primary
Shard #1
Secondar
y #0
Shard #3
Primary
Shard #2
Secondar
y #0
Shard #0
Secondar
y #1
Shard #1
Secondar
y #1
Shard #2
Secondar
y #1
Shard #3
Secondar
y #1

40
IBM LinuxONE III with 6 cores in total
and achieve the same throughput as on
MongoDB with 4 shards on compared
x86 systems with 60 cores in total, which
provides a 10:1 core consolidation ratio
in favor of LinuxONE III

41
IBM LinuxONE III with up to 3.7x better
read latency and 2.4x better write
latency than on MongoDB with four
shards on compared x86 systems
2.4x
3.7x

MongoDB Backup and
Encryption
42
• MongoDB backup performance on encrypted btrfs
volume on LinuxONE III

MongoDB Dump (Backup) and Restore
43
Disaster Recovery via
remote dump and restore
procedure
Database dumps are taken
periodically and are
usually compressed
Restore process can take a
long time if:
• Single large collection
• Backup is compressed
DatabaseDatabase
Dump (Backup)
Restore
libz.so
zip
gzip
libz.so
unzip
gunzip
zEDC
Compressed DB:
Low storage
Quick transfer
High complexity
Less robust

Compressing Data with Integrated Accelerator for zEDC
before Encryption
44
MongoDB MongoDB
IBM System
Storage DS8000
IBM System
Storage DS8000
• Benchmark Setup
• Ran mongodump
• with software compression (pigz -1) on x86
• with gzip exploiting the Integrated Accelerator for z
Enterprise Data Compression on LinuxONE III
• MongoDB database size 355 GB
• System Stack
• LinuxONE III
• LPAR with 1-8 dedicated cores
• s and 1.5 TB memory running RHEL 7.6 with SMT
enabled
• Database located on IBM DS8000 storage
• MongoDB 4.0.6
• gzip based on source code level
https://git.savannah.gnu.org/git/gzip.git commit
7a6f9c9c3267185a299ad178607ac5e3716ab4a5
• x86
• 1-8 Intel® Xeon® Gold 6140 CPU @ 2.30GHz
w/ Hyperthreading turned on, 1.5 TB of memory
running RHEL 7.6
• Database located on IBM DS8000 storage
• MongoDB 4.0.6
• pigz
pigz -1
Int. Acc.
for zEDC
x86 Skylake LinuxONE III

Compressing Data with Integrated Accelerator for zEDC
before Encryption
45
Perform a MongoDB database dump on an encrypted and compressed Btrfs volume on LinuxONE
III using the Integrated Accelerator for z Enterprise Data Compression up to 3.2x faster and with
up to 3.6x less CPU time versus a compared x86 platform using software compression
Disclaimer: Performance results based on IBM internal tests running database dump with compression on MongoDB 4.0.6 on a database of size 355 GB using pigz -1 on x86 and gzip -1 (gzip based on source code level https://git.savannah.gnu.org/git/gzip.git commit
7a6f9c9c3267185a299ad178607ac5e3716ab4a5) on LinuxONE III. The database dump file size on LinuxONE III is 20% bigger than on x86. Results may vary. LinuxONE III configuration: LPAR with 2 dedicated cores, 1.5 TB memory, RHEL 7.6 in SMT mode, database located on
IBM DS8000 storage. x86 configuration: 2 Intel® Xeon® Gold 6140 CPU @ 2.30GHz with Hyperthreading turned on, 1.5 TB memory, RHEL 7.6, database located on IBM DS8000 storage.
3.2x 2.2x 1.9x
3.6x 2.8x 3.0x

LinuxONE TCO Studies
46
• Use case I
• Use case II

Consolidation
– From: 42 Dell R730, 1,512 cores
– To: 2 LinuxONE Emperor II, 135 cores
TCO comparison summary
– 11:1 core consolidation ratio
from Dell to IBM LinuxONE
– 41% lower TCO, saving $12M
over 5 years
– Savings begin Year 1
– The difference in annual run rate
is ~$2.5M
Customer case 1:
IBM LinuxONE Emperor II
47
Source: IBM IT Economics team

Consolidation
– From: 30 HP ProLiant, 300 cores
– To: 1 IBM LinuxONE Rockhopper II, 15
cores
TCO Comparison Summary
– 20:1 core consolidation ratio from HP
Intel servers to IBM LinuxONE
Rockhopper
– 55.6% lower TCO, saving $3.28M over 5
years
– Savings begin Year 1
Customer case 2:
IBM LinuxONE Rockhopper II
Source: IBM IT Economics team
48

MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically with MongoDB on LinuxONE

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically with MongoDB on LinuxONE

Similar to MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically with MongoDB on LinuxONE (20)

More from MongoDB

More from MongoDB (20)

Recently uploaded

Recently uploaded (20)

MongoDB .local Toronto 2019: Keep your Business Safe and Scaling Holistically with MongoDB on LinuxONE