Technical Highlights for
Red Hat Enterprise Linux 6.4 on System z
Filipe Miranda
fmiranda@redhat.com
Global Lead for Linux on System z




                                       1
Agenda
Newest Supported Hardware

RHEL 6.4 Highlights




                            2
IBM zEnterprise certified
for Red Hat Enterprise Linux




                               3
Red Hat Enterprise Linux High Level Roadmap

2010               2011                 2012                     2013

       4.8                      End of Life: February 29, 2012


 5.5         5.6          5.7           5.8            5.9            5.x EOF: 2017


 6.0         6.1          6.2            6.3           6.4             6.x EOF: 2020


   RHEL                                                      7.0 under development




                                                                                       4
Red Hat Enterprise Linux 6.4
GA: Feb 21 2013


New features for System z
General New Features
Bugfixes




                               5
Support of new crypto hardware

This feature provides support for new crypto hardware:
CryptoExpress4

 The z90crypt device driver has been updated to support the new Crypto
 Express 4 (CEX4) adapter card.




Data Routing for FCP
Enable FCP to pass data directly from memory to SAN (data routing) when memory on
the adapter card is blocked by large and slow I/O requests.

Improved performance by increasing the I/O rate and throughput for short and fast I/O
requests when memory on the adapter is blocked by large and slow I/O requests will
satisfy customer expectations regarding performance


The zfcp device driver has been updated to add data structures and error
handling to support the enhanced mode of the System z Fibre Channel
Protocol (FCP) adapter card. In this mode, the adapter passes data directly
from memory to the SAN (data routing) when memory on the adapter
card is blocked by large and slow I/O requests.


                                                                                        6
Fibre Channel Protocol End-To-End data consistency checking
Data integrity between a host adapter and a storage server has been improved implementing the
zFCP-specific part of The T10 Technical Committee introduced an enhancement to the SCSI standard
(SPC-4, SBC-3) to protect against errors in user data blocks.

This RAS item provides improved service and control of data flow between adapter and storage
device by introducing the zFCP specific part of the enhanced SCSI standard for E2E data consistency
checking




Optimization of, and Support for, the zlib Compression Library for System z
Optimize the existing compression library zlib for System z by using dedicated SSE instructions and
optimized compile options. The compression library zlib is used by Java (decompression of class files),
Cognos (PDF generation), TSM (backup) and for Linux installations (binaries compressed in RPMs)

This feature significantly improves performance for applications using the compression library zlib.




                                                                                                         7
libICA Enhancements
The libica library has been modified to allow usage of new algorithms that support the
Message Security Assist Extension 4 instructions in the Central Processor Assist for
Cryptographic Function (CPACF) feature. For the DES and 3DES block ciphers, the new
feature supports the following modes of operation:
  ◦ Cipher Block Chaining with Ciphertext Stealing (CBC-CS)
  ◦ Cipher-based Message Authentication Code (CMAC)
For the AES block cipher, this feature supports the following modes of operation:
  ◦ Cipher Block Chaining with Ciphertext Stealing (CBC-CS)
  ◦ Counter with Cipher Block Chaining Message Authentication Code (CCM)
  ◦ Galois/Counter (GCM)
With this acceleration of complex cryptographic algorithms, performance of IBM System z
machines significantly improves.
All users of libica are advised to upgrade to these updated packages, which add this
enhancement.



                                                            The libica library contains a set of functions and
                                                            utilities for accessing the IBM eServer
                                                            Cryptographic Accelerator (ICA) hardware on
                                                            IBM System z.



                                                                                                                 8
Storage Drivers
The Direct Access Storage Devices (DASD) device driver has been updated to detect path
configuration errors that cannot be detected by hardware or microcode. Upon successful
detection, the device driver does not use such paths. With this feature, for example, the
DASD device driver detects paths that are assigned to a specific subchannel but lead to
different storage servers.



Flash Express Support for IBM System z
Storage-Class Memory (SCM) for IBM System z is a class of data storage devices that combine
properties of both storage and memory. SCM for System z now supports Flash Express memory.
SCM increments can be accessed through Extended Asynchronous Data Mover (EADM)
subchannels. Each increment is represented by a block device. This feature improves the paging
rate and access performance for temporary storage, for example for data warehousing.




                                                                                                 9
Support of the Transactional Execution Facility
Support of the Transactional-Execution Facility (available with IBM zEnterprise EC12) in the
Linux kernel helps eliminate software locking overhead that can impact performance and
offer increased scalability and parallelism to drive higher transaction throughput.

Support of Runtime Instrumentation Facility

Support of the Runtime Instrumentation Facility (available with IBM zEnterprise EC12)
provides an advanced mechanism to profile program code for improved analysis and
optimization of the code generated by the new IBM JVM.


kdump and kexec Kernel Dumping Mechanism for IBM System z
Fully Supported

The kdump/kexec kernel dumping mechanism is enabled for IBM System z systems as a
fully supported feature, in addition to the IBM System z stand-alone and hypervisor
dumping mechanism. The auto-reserve threshold is set at 4 GB; therefore, any IBM System
z system with more than 4 GB of memory has the kdump/kexec mechanism enabled.
Sufficient memory must be available because kdump reserves approximately 128 MB by
default. This is especially important when performing an upgrade to Red Hat Enterprise
Linux 6.4. Sufficient disk space must also be available for storing the dump in case of a
system crash.

                                                                                               10
Enhancements to the s390-tools
BZ#847087
This update adds the necessary user space tools to allow Linux to access Storage Class
Memory (SCM) as a block device on IBM System z systems using sub-channels of the
Extended Asynchronous Data Mover (EADM) Facility.

BZ#847088
The lszcrypt utility has been modified to support the IBM Crypto Express 4 feature.




                                                                                         11
Identity Management
System Security Services Daemon (SSSD) enhancements extend the interoperability experience
with Microsoft Active Directory by providing centralized identity access control for Linux/Unix
clients in a heterogeneous environment.

Administrators can now manage Secure Shell (SSH) keys across multiple systems from a single
server.

It is now possible to map user records to their associated SELinux records, making it easier to
manage user access across platforms.


Administrators can assign priorities to servers so that identity lookup occurs in the defined order
which can reduce network traffic. This provides IT with another tool to help meet Quality of
Service (QoS) commitments or performance expectations.




                                                                                                     12
Networking
Red Hat Enterprise Linux 6.4 introduces the Precision Time Protocol (PTP) as a feature in
Technology Preview. This feature is hardware dependent and applies to a set of new devices. PTP is
known for CPU efficiency, network bandwidth, and low administration effort. It provides clock
synchronization across the network in the sub-microsecond range by eliminating network and
equipment timing variability or “jitter.”


The Stream Control Transmission Protocol (SCTP) provides support for multi-homing
communication. Multi-homing allows a single SCTP endpoint to support multiple IP addresses, which
means that a session is more likely to survive a network failure. Red Hat Enterprise 6.4 implements
the protocol’s “Quick Failover Algorithm” to reduce the amount of time it takes to migrate from a
failed connection to an active connection.


NetworkManager now has a standard, easy-to-use graphical user interface (GUI) for configuring and
managing network interface controller (NIC) bonding and network bridges.




                                                                                                      13
Storage
New system log features identify the mapping from logical block device name to physical device identifier
– allowing an administrator to easily identify specific physical devices as needed.


New support for scalable snapshots and thinly-provisioned volumes in the Logical Volume Manager (LVM)
allows storage pool capacity to be used as efficiently as possible. Thinly provisioned volumes consume
storage space only when data has been written to them - and only as long as that data is still in use. Thin
snapshot volumes allow many virtual devices to share the data blocks they hold in common.


The number of supported virtual tape drives has increased from 100 to 512.



 File System
 Red Hat has taken a lead role with its partners and the upstream community on the parallel
 Network File System (pNFS) industry standard, driving the addition of capabilities that allow
 database workloads to benefit from the advantages of pNFS. This functionality offers performance
 gains for I/O intensive workloads like database access. Using the first-to-market, fully supported
 pNFS (file layout) client -- delivered in Red Hat Enterprise Linux 6.4 -- customers can begin to plan
 and design next-generation, scalable file system solutions based on pNFS.


                                                                                                              14
Security
Red Hat Enterprise Linux 6.4 complies with Transport Layer Security (TLS) 1.1. The 1.1 version of
TLS increases communication security and integrity. It has the ability to protect against cipher block
chaining (CBC) attacks. Other enhancements to TLS include improved error handling and operations
between networked nodes.

The Security Content Automation Protocol (SCAP) is a standardized suite of specifications used in
facilitating security auditing for enterprise-class systems. Red Hat Enterprise Linux 6.4 now supports
SCAP 1.2.

System administrators can now define the amount of time that must lapse before an account is
considered inactive. This automates locking inactive accounts and closes the gap during which these
accounts can be exploited.




                                                                                                         15
Thank you
Gracias
Danke
Grazie
Obrigado


            16
Red Hat Enterprise Linux 5.9
GA: Dec 11 2012


Mostly Bugfix release
One big feature for System z
Enable HyperPAV for parallel I/O to ECKD
DASD




                                           17
Hyper PAV enablement - Licensed feature in z/VM

HyperPAV enables parallel I/O to ECKD DASDs increasing data
access performance

Hyper-Parallel-Access-Volume support for Linux on System z. This is a
very flexible concept to massively improve device performance by
using a set of sub channels as an ALIAS-pool.



Kernel VDSO Support
Virtual Dynamically-linked Shared Object (VDSO) is a shared library provided by the kernel. This
allows normal programs to do certain system calls without the usual overhead of system calls like
switching address spaces.

For Linux on System z there are tree functions at the moment that are accelerated in this way:
gettimeofday, clock_getres, and clock_gettime. The most important one is probably gettimeofday.

Some user space application, for example the Java virtual machine, tend to call gettimeofday very often. 
By use of a vdso this operation can be accelerated by an factor of 4 thereby increasing the
performance of the user space application.

                                                                                                            18
JAVA 7

Due to EOL of Oracle JDK6 in November, Oracle Java 7 and IBM counterpart will be available to
Red Hat Enterprise Linux 5




                                                                                                19

Red hat Enterprise Linux 6.4 for IBM System z Technical Highlights

  • 1.
    Technical Highlights for RedHat Enterprise Linux 6.4 on System z Filipe Miranda fmiranda@redhat.com Global Lead for Linux on System z 1
  • 2.
  • 3.
    IBM zEnterprise certified forRed Hat Enterprise Linux 3
  • 4.
    Red Hat EnterpriseLinux High Level Roadmap 2010 2011 2012 2013 4.8 End of Life: February 29, 2012 5.5 5.6 5.7 5.8 5.9 5.x EOF: 2017 6.0 6.1 6.2 6.3 6.4 6.x EOF: 2020 RHEL 7.0 under development 4
  • 5.
    Red Hat EnterpriseLinux 6.4 GA: Feb 21 2013 New features for System z General New Features Bugfixes 5
  • 6.
    Support of newcrypto hardware This feature provides support for new crypto hardware: CryptoExpress4 The z90crypt device driver has been updated to support the new Crypto Express 4 (CEX4) adapter card. Data Routing for FCP Enable FCP to pass data directly from memory to SAN (data routing) when memory on the adapter card is blocked by large and slow I/O requests. Improved performance by increasing the I/O rate and throughput for short and fast I/O requests when memory on the adapter is blocked by large and slow I/O requests will satisfy customer expectations regarding performance The zfcp device driver has been updated to add data structures and error handling to support the enhanced mode of the System z Fibre Channel Protocol (FCP) adapter card. In this mode, the adapter passes data directly from memory to the SAN (data routing) when memory on the adapter card is blocked by large and slow I/O requests. 6
  • 7.
    Fibre Channel ProtocolEnd-To-End data consistency checking Data integrity between a host adapter and a storage server has been improved implementing the zFCP-specific part of The T10 Technical Committee introduced an enhancement to the SCSI standard (SPC-4, SBC-3) to protect against errors in user data blocks. This RAS item provides improved service and control of data flow between adapter and storage device by introducing the zFCP specific part of the enhanced SCSI standard for E2E data consistency checking Optimization of, and Support for, the zlib Compression Library for System z Optimize the existing compression library zlib for System z by using dedicated SSE instructions and optimized compile options. The compression library zlib is used by Java (decompression of class files), Cognos (PDF generation), TSM (backup) and for Linux installations (binaries compressed in RPMs) This feature significantly improves performance for applications using the compression library zlib. 7
  • 8.
    libICA Enhancements The libicalibrary has been modified to allow usage of new algorithms that support the Message Security Assist Extension 4 instructions in the Central Processor Assist for Cryptographic Function (CPACF) feature. For the DES and 3DES block ciphers, the new feature supports the following modes of operation: ◦ Cipher Block Chaining with Ciphertext Stealing (CBC-CS) ◦ Cipher-based Message Authentication Code (CMAC) For the AES block cipher, this feature supports the following modes of operation: ◦ Cipher Block Chaining with Ciphertext Stealing (CBC-CS) ◦ Counter with Cipher Block Chaining Message Authentication Code (CCM) ◦ Galois/Counter (GCM) With this acceleration of complex cryptographic algorithms, performance of IBM System z machines significantly improves. All users of libica are advised to upgrade to these updated packages, which add this enhancement. The libica library contains a set of functions and utilities for accessing the IBM eServer Cryptographic Accelerator (ICA) hardware on IBM System z. 8
  • 9.
    Storage Drivers The DirectAccess Storage Devices (DASD) device driver has been updated to detect path configuration errors that cannot be detected by hardware or microcode. Upon successful detection, the device driver does not use such paths. With this feature, for example, the DASD device driver detects paths that are assigned to a specific subchannel but lead to different storage servers. Flash Express Support for IBM System z Storage-Class Memory (SCM) for IBM System z is a class of data storage devices that combine properties of both storage and memory. SCM for System z now supports Flash Express memory. SCM increments can be accessed through Extended Asynchronous Data Mover (EADM) subchannels. Each increment is represented by a block device. This feature improves the paging rate and access performance for temporary storage, for example for data warehousing. 9
  • 10.
    Support of theTransactional Execution Facility Support of the Transactional-Execution Facility (available with IBM zEnterprise EC12) in the Linux kernel helps eliminate software locking overhead that can impact performance and offer increased scalability and parallelism to drive higher transaction throughput. Support of Runtime Instrumentation Facility Support of the Runtime Instrumentation Facility (available with IBM zEnterprise EC12) provides an advanced mechanism to profile program code for improved analysis and optimization of the code generated by the new IBM JVM. kdump and kexec Kernel Dumping Mechanism for IBM System z Fully Supported The kdump/kexec kernel dumping mechanism is enabled for IBM System z systems as a fully supported feature, in addition to the IBM System z stand-alone and hypervisor dumping mechanism. The auto-reserve threshold is set at 4 GB; therefore, any IBM System z system with more than 4 GB of memory has the kdump/kexec mechanism enabled. Sufficient memory must be available because kdump reserves approximately 128 MB by default. This is especially important when performing an upgrade to Red Hat Enterprise Linux 6.4. Sufficient disk space must also be available for storing the dump in case of a system crash. 10
  • 11.
    Enhancements to thes390-tools BZ#847087 This update adds the necessary user space tools to allow Linux to access Storage Class Memory (SCM) as a block device on IBM System z systems using sub-channels of the Extended Asynchronous Data Mover (EADM) Facility. BZ#847088 The lszcrypt utility has been modified to support the IBM Crypto Express 4 feature. 11
  • 12.
    Identity Management System SecurityServices Daemon (SSSD) enhancements extend the interoperability experience with Microsoft Active Directory by providing centralized identity access control for Linux/Unix clients in a heterogeneous environment. Administrators can now manage Secure Shell (SSH) keys across multiple systems from a single server. It is now possible to map user records to their associated SELinux records, making it easier to manage user access across platforms. Administrators can assign priorities to servers so that identity lookup occurs in the defined order which can reduce network traffic. This provides IT with another tool to help meet Quality of Service (QoS) commitments or performance expectations. 12
  • 13.
    Networking Red Hat EnterpriseLinux 6.4 introduces the Precision Time Protocol (PTP) as a feature in Technology Preview. This feature is hardware dependent and applies to a set of new devices. PTP is known for CPU efficiency, network bandwidth, and low administration effort. It provides clock synchronization across the network in the sub-microsecond range by eliminating network and equipment timing variability or “jitter.” The Stream Control Transmission Protocol (SCTP) provides support for multi-homing communication. Multi-homing allows a single SCTP endpoint to support multiple IP addresses, which means that a session is more likely to survive a network failure. Red Hat Enterprise 6.4 implements the protocol’s “Quick Failover Algorithm” to reduce the amount of time it takes to migrate from a failed connection to an active connection. NetworkManager now has a standard, easy-to-use graphical user interface (GUI) for configuring and managing network interface controller (NIC) bonding and network bridges. 13
  • 14.
    Storage New system logfeatures identify the mapping from logical block device name to physical device identifier – allowing an administrator to easily identify specific physical devices as needed. New support for scalable snapshots and thinly-provisioned volumes in the Logical Volume Manager (LVM) allows storage pool capacity to be used as efficiently as possible. Thinly provisioned volumes consume storage space only when data has been written to them - and only as long as that data is still in use. Thin snapshot volumes allow many virtual devices to share the data blocks they hold in common. The number of supported virtual tape drives has increased from 100 to 512. File System Red Hat has taken a lead role with its partners and the upstream community on the parallel Network File System (pNFS) industry standard, driving the addition of capabilities that allow database workloads to benefit from the advantages of pNFS. This functionality offers performance gains for I/O intensive workloads like database access. Using the first-to-market, fully supported pNFS (file layout) client -- delivered in Red Hat Enterprise Linux 6.4 -- customers can begin to plan and design next-generation, scalable file system solutions based on pNFS. 14
  • 15.
    Security Red Hat EnterpriseLinux 6.4 complies with Transport Layer Security (TLS) 1.1. The 1.1 version of TLS increases communication security and integrity. It has the ability to protect against cipher block chaining (CBC) attacks. Other enhancements to TLS include improved error handling and operations between networked nodes. The Security Content Automation Protocol (SCAP) is a standardized suite of specifications used in facilitating security auditing for enterprise-class systems. Red Hat Enterprise Linux 6.4 now supports SCAP 1.2. System administrators can now define the amount of time that must lapse before an account is considered inactive. This automates locking inactive accounts and closes the gap during which these accounts can be exploited. 15
  • 16.
  • 17.
    Red Hat EnterpriseLinux 5.9 GA: Dec 11 2012 Mostly Bugfix release One big feature for System z Enable HyperPAV for parallel I/O to ECKD DASD 17
  • 18.
    Hyper PAV enablement- Licensed feature in z/VM HyperPAV enables parallel I/O to ECKD DASDs increasing data access performance Hyper-Parallel-Access-Volume support for Linux on System z. This is a very flexible concept to massively improve device performance by using a set of sub channels as an ALIAS-pool. Kernel VDSO Support Virtual Dynamically-linked Shared Object (VDSO) is a shared library provided by the kernel. This allows normal programs to do certain system calls without the usual overhead of system calls like switching address spaces. For Linux on System z there are tree functions at the moment that are accelerated in this way: gettimeofday, clock_getres, and clock_gettime. The most important one is probably gettimeofday. Some user space application, for example the Java virtual machine, tend to call gettimeofday very often.  By use of a vdso this operation can be accelerated by an factor of 4 thereby increasing the performance of the user space application. 18
  • 19.
    JAVA 7 Due toEOL of Oracle JDK6 in November, Oracle Java 7 and IBM counterpart will be available to Red Hat Enterprise Linux 5 19