• Flexibility: In its simplest state of virtualization, a System z is a single Logical Partition (LPAR). In the next step of virtualization, the system can be expanded into 60 LPARs, each a separate virtual machine running a separate operating system.
• Cost reduction: Numerous small Linux and PC servers can be combined onto one mainframe, providing all the benefits of centralization, but still keeping a multitude of specialized servers (thanks to virtualization support). In addition, the physical “footprint” of a single mainframe is much smaller than that of a distributed server farm, and therefore is less expensive from an environmental perspective.
• System z security: Linux for System z can leverage the hardware cryptographic feature provided by the Peripheral Component Interconnect (PCI) card for Secure Sockets Layer (SSL) acceleration, providing support for e-business applications that use enhanced hardware security.
• Greater efficiency and reduced complexity: The Linux on System z solution enables dynamic sharing of physical resources and resource pools, resulting in higher resource utilization. Also, it eliminates the complexity inherent in adding new resources to the infrastructure.
• Improved Quality-of-Service (QoS): Linux on System z leverages advanced mainframe QoS capabilities, most notably the System z reliability and security features, to support continuous business operations, including transparent use of redundant processor execution steps, integrity checking, and “hot” processor replacement.
Maintaining IT Security in a Virtualized World
While virtualization can consolidate services, promote organized IT standards and optimize business processes, the challenge to secure data in a mainframe- based enterprise takes on new, different forms.
Deploying virtualization using Linux and the IBM System z lets IT managers take advantage of several strong security hardware capabilities. However, the new, varied ways in which data is stored, accessed, and transferred in a virtual environment requires that IT managers keep security a top priority. Their best bet is to follow several time-proven security principles:
• Robust encryption: Encrypting data or files in transit in a virtual environment is equally or more important than in a “traditional” environment given the expanded points of access to sensitive mainframe data. Securing files and data transmissions from the server to all workstations, and from the workstations back to the server, is essential.
• Multi-platform support: IBM System z servers can run mixed workloads, including numerous operating systems in addition to Linux, through virtualization. In addition, given that many organizations utilize a variety of computing platforms, including Windows, UNIX, Linux, and IBM mainframe systems, the enterprise security solution selected must be able to integrate data communications across all types of heterogeneous IT environments.
• User authentication: With increased remote access to mainframe data, user authentication becomes increasingly critical. When organizations implement virtualization using Linux on System z, they must take the proper steps to authenticate the host and client machines in addition to authenticating the user through ID, password, or other means.
• Auditing/logging capabilities: If an existing mainframe system lacks logging functionality, it’s imperative for the IT manager to acquire this capability before transitioning into a virtual computing system.
• Continued compliancy: Existing and emerging privacy, security, auditing, and risk management regulations and standards can help enterprises protect their data from more frequent, highly developed security threats or attacks, regardless of the computing environment or platform. So, IT managers must maintain compliance with such measures as the Sarbanes-Oxley Act (SOX), the Payment Card Industry (PCI) Data Security Standard (DSS), and the Federal Information Security Management Act (FISMA), as necessary, before, during, and after the virtual environment is established.
Time Will Tell
There’s little doubt IT virtualization is becoming an increasingly popular, viable solution for many efficiency-minded organizations. The cost savings and efficiencies alone may be enough to tip the scales in favor of virtualization.
It remains to be seen if the Linux/ IBM System z combination will become the dominant virtualization platform. However, migration to a virtualized IT enterprise can be a complicated, time-consuming process, particularly for heterogeneous enterprise IT environments with mainframe and client/server systems running scores of complex applications. A host of new security threats face those bold enough to charge ahead into the new virtualized world. The biggest mistake any IT manager could make would be to move forward without a parallel data security migration path and roadmap. They should carefully weigh the benefits and impending security threats before committing to IT virtualization. Once they decide to proceed, they should identify and deploy a robust, iron-clad IT security solution that’s powerful and flexible enough to continuously protect all company, customer, and partner data, no matter how the IT infrastructure ultimately evolves.