A critical success factor was technical training. More than 200 person days of courseware, including lectures and labs, was delivered. These courses were delivered multiple times to DGTIC staff, including systems programmers, Unix and Linux administrators, network programmers, planners, security staff, architects, and analysts.
Management sponsorship was another critical success factor. At the DGTIC, our sponsor was the operations director for all platforms. Management and executives were given briefings on the high-level architecture and on what the IBM z9/EC and z/VM could achieve and provide. Having an early win and a big win with disaster recovery success was vindication for our sponsor, and management approvals and interest in the project increased.
Upon approval of the business case and the architecture, a z9 EC was purchased. This box is in place today with five Logical Partitions (LPARs) running z/VM and Linux. More than 35 production Linux virtual machines are running in one LPAR, providing database services to the government portal and other types of applications to a number of clients. There are another 100 Linux virtual machines running Oracle and providing services to development, test, lab, and other users.
An important part of the architecture was the design of the replication tool for the Linux virtual machines. The cloner at the DGTIC was written in-house and provides a 3270 interface that can create a live Linux machine within 10 minutes. The cloner does much more than disk copying; the interface lets the issuer choose a version of SUSE SLES, an Oracle release, vswitch and vlan membership, and an IP address.
In today’s production environment, our planned best practices are in place. Resource sharing is key. Besides the standard sharing provided by the hardware and CP (memory, CPU, minidisks, virtual networking), the DGTIC environment now allows for sharing the Linux /usr file system in all clones. This occurs through training the Linux virtual machine to CP LINK to the minidisk with /usr read-only, and by instructing Linux in the /etc/fstab to mount /usr read-only. This achieves the following three important goals:
• Reduces the amount of disk storage used
• Lets Linux machines share the same executables as much as possible
• Ensures that important programs and data files can’t be tampered with.
The DGTIC is a heavy user of OSA ports and vswitch networking. The DGTIC is using 13 OSA devices providing 26 OSA ports. It uses 40 separate networks. Each security zone is given its own OSA port and vswitch membership. Different clients can’t see each other’s network transmissions, yet memory and CPU resource sharing is maximized. Clients in the production zone have two OSA ports to allow network failover and redundancy.