Red Hat Enterprise Linux 6.4 on System z introduced numerous enhancements, including support for new hardware, performance improvements for existing features, and substantial updates to cryptographic libraries. Key updates include data routing for improved I/O performance, optimizations to the zlib compression library, enhancements to identity management with centralized access control, and new security features compliant with TLS 1.1. Additionally, the release supports advanced storage capabilities, networking improvements like the precision time protocol, and introduces changes to the kernel dumping mechanism.

1. Technical Highlights for
Red Hat Enterprise Linux 6.4 on System z
Filipe Miranda
fmiranda@redhat.com
Global Lead for Linux on System z
1

2. Agenda
Newest Supported Hardware
RHEL 6.4 Highlights
2

3. IBM zEnterprise certified
for Red Hat Enterprise Linux
3

4. Red Hat Enterprise Linux High Level Roadmap
2010 2011 2012 2013
4.8 End of Life: February 29, 2012
5.5 5.6 5.7 5.8 5.9 5.x EOF: 2017
6.0 6.1 6.2 6.3 6.4 6.x EOF: 2020
RHEL 7.0 under development
4

5. Red Hat Enterprise Linux 6.4
GA: Feb 21 2013
New features for System z
General New Features
Bugfixes
5

6. Support of new crypto hardware
This feature provides support for new crypto hardware:
CryptoExpress4
The z90crypt device driver has been updated to support the new Crypto
Express 4 (CEX4) adapter card.
Data Routing for FCP
Enable FCP to pass data directly from memory to SAN (data routing) when memory on
the adapter card is blocked by large and slow I/O requests.
Improved performance by increasing the I/O rate and throughput for short and fast I/O
requests when memory on the adapter is blocked by large and slow I/O requests will
satisfy customer expectations regarding performance
The zfcp device driver has been updated to add data structures and error
handling to support the enhanced mode of the System z Fibre Channel
Protocol (FCP) adapter card. In this mode, the adapter passes data directly
from memory to the SAN (data routing) when memory on the adapter
card is blocked by large and slow I/O requests.
6

7. Fibre Channel Protocol End-To-End data consistency checking
Data integrity between a host adapter and a storage server has been improved implementing the
zFCP-specific part of The T10 Technical Committee introduced an enhancement to the SCSI standard
(SPC-4, SBC-3) to protect against errors in user data blocks.
This RAS item provides improved service and control of data flow between adapter and storage
device by introducing the zFCP specific part of the enhanced SCSI standard for E2E data consistency
checking
Optimization of, and Support for, the zlib Compression Library for System z
Optimize the existing compression library zlib for System z by using dedicated SSE instructions and
optimized compile options. The compression library zlib is used by Java (decompression of class files),
Cognos (PDF generation), TSM (backup) and for Linux installations (binaries compressed in RPMs)
This feature significantly improves performance for applications using the compression library zlib.
7

8. libICA Enhancements
The libica library has been modified to allow usage of new algorithms that support the
Message Security Assist Extension 4 instructions in the Central Processor Assist for
Cryptographic Function (CPACF) feature. For the DES and 3DES block ciphers, the new
feature supports the following modes of operation:
◦ Cipher Block Chaining with Ciphertext Stealing (CBC-CS)
◦ Cipher-based Message Authentication Code (CMAC)
For the AES block cipher, this feature supports the following modes of operation:
◦ Cipher Block Chaining with Ciphertext Stealing (CBC-CS)
◦ Counter with Cipher Block Chaining Message Authentication Code (CCM)
◦ Galois/Counter (GCM)
With this acceleration of complex cryptographic algorithms, performance of IBM System z
machines significantly improves.
All users of libica are advised to upgrade to these updated packages, which add this
enhancement.
The libica library contains a set of functions and
utilities for accessing the IBM eServer
Cryptographic Accelerator (ICA) hardware on
IBM System z.
8

9. Storage Drivers
The Direct Access Storage Devices (DASD) device driver has been updated to detect path
configuration errors that cannot be detected by hardware or microcode. Upon successful
detection, the device driver does not use such paths. With this feature, for example, the
DASD device driver detects paths that are assigned to a specific subchannel but lead to
different storage servers.
Flash Express Support for IBM System z
Storage-Class Memory (SCM) for IBM System z is a class of data storage devices that combine
properties of both storage and memory. SCM for System z now supports Flash Express memory.
SCM increments can be accessed through Extended Asynchronous Data Mover (EADM)
subchannels. Each increment is represented by a block device. This feature improves the paging
rate and access performance for temporary storage, for example for data warehousing.
9

10. Support of the Transactional Execution Facility
Support of the Transactional-Execution Facility (available with IBM zEnterprise EC12) in the
Linux kernel helps eliminate software locking overhead that can impact performance and
offer increased scalability and parallelism to drive higher transaction throughput.
Support of Runtime Instrumentation Facility
Support of the Runtime Instrumentation Facility (available with IBM zEnterprise EC12)
provides an advanced mechanism to profile program code for improved analysis and
optimization of the code generated by the new IBM JVM.
kdump and kexec Kernel Dumping Mechanism for IBM System z
Fully Supported
The kdump/kexec kernel dumping mechanism is enabled for IBM System z systems as a
fully supported feature, in addition to the IBM System z stand-alone and hypervisor
dumping mechanism. The auto-reserve threshold is set at 4 GB; therefore, any IBM System
z system with more than 4 GB of memory has the kdump/kexec mechanism enabled.
Sufficient memory must be available because kdump reserves approximately 128 MB by
default. This is especially important when performing an upgrade to Red Hat Enterprise
Linux 6.4. Sufficient disk space must also be available for storing the dump in case of a
system crash.
10

11. Enhancements to the s390-tools
BZ#847087
This update adds the necessary user space tools to allow Linux to access Storage Class
Memory (SCM) as a block device on IBM System z systems using sub-channels of the
Extended Asynchronous Data Mover (EADM) Facility.
BZ#847088
The lszcrypt utility has been modified to support the IBM Crypto Express 4 feature.
11

12. Identity Management
System Security Services Daemon (SSSD) enhancements extend the interoperability experience
with Microsoft Active Directory by providing centralized identity access control for Linux/Unix
clients in a heterogeneous environment.
Administrators can now manage Secure Shell (SSH) keys across multiple systems from a single
server.
It is now possible to map user records to their associated SELinux records, making it easier to
manage user access across platforms.
Administrators can assign priorities to servers so that identity lookup occurs in the defined order
which can reduce network traffic. This provides IT with another tool to help meet Quality of
Service (QoS) commitments or performance expectations.
12

13. Networking
Red Hat Enterprise Linux 6.4 introduces the Precision Time Protocol (PTP) as a feature in
Technology Preview. This feature is hardware dependent and applies to a set of new devices. PTP is
known for CPU efficiency, network bandwidth, and low administration effort. It provides clock
synchronization across the network in the sub-microsecond range by eliminating network and
equipment timing variability or “jitter.”
The Stream Control Transmission Protocol (SCTP) provides support for multi-homing
communication. Multi-homing allows a single SCTP endpoint to support multiple IP addresses, which
means that a session is more likely to survive a network failure. Red Hat Enterprise 6.4 implements
the protocol’s “Quick Failover Algorithm” to reduce the amount of time it takes to migrate from a
failed connection to an active connection.
NetworkManager now has a standard, easy-to-use graphical user interface (GUI) for configuring and
managing network interface controller (NIC) bonding and network bridges.
13

14. Storage
New system log features identify the mapping from logical block device name to physical device identifier
– allowing an administrator to easily identify specific physical devices as needed.
New support for scalable snapshots and thinly-provisioned volumes in the Logical Volume Manager (LVM)
allows storage pool capacity to be used as efficiently as possible. Thinly provisioned volumes consume
storage space only when data has been written to them - and only as long as that data is still in use. Thin
snapshot volumes allow many virtual devices to share the data blocks they hold in common.
The number of supported virtual tape drives has increased from 100 to 512.
File System
Red Hat has taken a lead role with its partners and the upstream community on the parallel
Network File System (pNFS) industry standard, driving the addition of capabilities that allow
database workloads to benefit from the advantages of pNFS. This functionality offers performance
gains for I/O intensive workloads like database access. Using the first-to-market, fully supported
pNFS (file layout) client -- delivered in Red Hat Enterprise Linux 6.4 -- customers can begin to plan
and design next-generation, scalable file system solutions based on pNFS.
14

15. Security
Red Hat Enterprise Linux 6.4 complies with Transport Layer Security (TLS) 1.1. The 1.1 version of
TLS increases communication security and integrity. It has the ability to protect against cipher block
chaining (CBC) attacks. Other enhancements to TLS include improved error handling and operations
between networked nodes.
The Security Content Automation Protocol (SCAP) is a standardized suite of specifications used in
facilitating security auditing for enterprise-class systems. Red Hat Enterprise Linux 6.4 now supports
SCAP 1.2.
System administrators can now define the amount of time that must lapse before an account is
considered inactive. This automates locking inactive accounts and closes the gap during which these
accounts can be exploited.
15

16. Thank you
Gracias
Danke
Grazie
Obrigado
16

17. Red Hat Enterprise Linux 5.9
GA: Dec 11 2012
Mostly Bugfix release
One big feature for System z
Enable HyperPAV for parallel I/O to ECKD
DASD
17

18. Hyper PAV enablement - Licensed feature in z/VM
HyperPAV enables parallel I/O to ECKD DASDs increasing data
access performance
Hyper-Parallel-Access-Volume support for Linux on System z. This is a
very flexible concept to massively improve device performance by
using a set of sub channels as an ALIAS-pool.
Kernel VDSO Support
Virtual Dynamically-linked Shared Object (VDSO) is a shared library provided by the kernel. This
allows normal programs to do certain system calls without the usual overhead of system calls like
switching address spaces.
For Linux on System z there are tree functions at the moment that are accelerated in this way:
gettimeofday, clock_getres, and clock_gettime. The most important one is probably gettimeofday.
Some user space application, for example the Java virtual machine, tend to call gettimeofday very often.
By use of a vdso this operation can be accelerated by an factor of 4 thereby increasing the
performance of the user space application.
18

19. JAVA 7
Due to EOL of Oracle JDK6 in November, Oracle Java 7 and IBM counterpart will be available to
Red Hat Enterprise Linux 5
19