Security is provided in z/VM by the control program and RACF. Essential z/VM resources such as login passwords, mdisk linkage by rules-based authorization, and vswitch and vlan membership are protected by RACF. Linux security is provided by hardening, authentication extensions with the Pluggable Authentication Modules, and by periodic ethical hacking attempts. An outside security firm we engaged has been unable to hack or crack into our Linux virtual machines. Success!
The architecture addressed a key concern of the architecture board: client isolation. Client isolation was proved to all levels of the staff by training sessions emphasizing the inherent abilities of z/VM and the IBM mainframes architecture of storage, CPU, I/O, and network isolation. Through this training, the board was sold on the strengths of the platform. Safe, isolated, and secure rules the day. IBM, with z/VM and hardware facilities, has been doing virtualization and isolation for 35 years.
DGTIC was paying for Oracle licenses on many servers in the midrange platform. In addition, maintenance costs for upkeep of all these servers was quite high. A strategic alternative was needed. As an existing large z/OS shop, DGTIC was a logical candidate for using Linux on z/VM.
“The DGTIC was already a mainframe shop with mature staff and processes,” says Jocelyn Hamel, advisory project manager from IBM who serves as the project manager for the proof of concept and mentor for the subsequent phases of the project. “A proof of concept of Linux on the z/VM platform was a calculated risk. Down the road, we saw that the risk was low and the financial gain high.”
The proof of concept found a home on a z/800 mainframe that was available due to another project being cancelled. IBM and the business partner responsible for the DGTIC, Novipro, agreed to extend the floor life of the z/800 at no cost, along with providing a free license of the z/VM operating system for several months.
The proof of concept was conducted using z/VM 5.1 along with SUSE SLES 8 in 2004. The goal of the proof of concept was to determine usability and the stability of the platform.
The proof of concept was positive. The systems and applications tested successfully without the need for recompiling or reinstallation. Performance factors weren’t a determining success factor; the business case was more important. It focused primarily on reducing the number of Oracle licenses. In addition, there were other clients successfully running Oracle on the mainframe, and based on DGTIC’s experience in the proof of concept phase, unloading and reloading data was relatively easy. Oracle proved to be the suitable application.
“The business case identified the potential applications for the client,” says Hamel, the project manager. “Areas included Oracle, WebSphere Application Server (WAS), TAM/LDAP, firewalls, and the portal. The first phase of the project with the most gain and least risk was Oracle. There was an existing customer base.”
The business case included a cost structure showing a reduction of TCO (software, hardware, and man power costs) of 30 percent per year. The z/VM-Linux project is scheduled to break even within three years after migrating 80 WAS implementations, which will be the second payback project in addition to the Oracle database savings. The entire z9 EC mainframe complex will be repaid within two years during the Oracle database phase with the Oracle instances migrated or created on the Z9-EC.