z/VM Platform Update and Support for z15 and LinuxONE III · z/VM Platform Update and Support for...
Transcript of z/VM Platform Update and Support for z15 and LinuxONE III · z/VM Platform Update and Support for...
z/VM Platform Update and Support for z15 and LinuxONE III
Dr Malcolm BeattieLinux and IBM Z Technical Consultant, IBM UK Systems Lab Services
November 2019Session CJ
Last update: 1 Nov 2019
3
IBM Z
z/VM Platform Update: Ever Onward● A tweaked subset of Bill Bitner's presentation, version 17
● For the latest version see http://www.vm.ibm.com/library/presentations/index.htm
© 2018, 2019 IBM Corporation
5
IBM Z
Agenda New delivery strategy
– Two year cadence– Continuous delivery– Communication
Overview of z/VM Version 7 Release 1
Survey of enhancements in various areas– Scaling and TCO– Managing diverse workloads– Security – Resiliency and RAS– System Management improvements
Other Highlights and News
© 2018, 2019 IBM Corporation
6
IBM Z
Release Cadence and Continuous Delivery
© 2018, 2019 IBM Corporation
7
IBM Z
Greater Predictability for Release Schedules and Function z/VM has gone to a two-year cadence on new releases.
– Every two years in 3rd quarter of even years– Releases remain orderable for approximately 18 months after GA of the next release– Releases stay in service for approximately 4.5 years – Last 6 months of a release life cycle overlaps with the next two releases– Releases will be primarily a roll up of function released in the service stream as new function APARs
(Small Programming Enhancements)
Continuous Delivery Strategy– Most new function will be delivered as a new function APAR to the most current release of z/VM– Heavy dependence on the sponsor user program– A set of new function APARs will likely be grouped together and released within a few weeks of each other
to help facilitate IBM and client testing– Plans for new function will be published on the z/VM home page
© 2018, 2019 IBM Corporation
8
IBM Z
z/VM Release Cycle Cadence
New Function, RSUs, Corrective Service
Orderable
RSUs & Corrective Service+ CPU Compatibility Support
z/VM V7 R1.0
New Function, RSUs, Corrective Service
Orderable
RSUs & Corrective Service+ CPU Compatibility Support
z/VM V7 R2.0
FB C D E
1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q 2Q 3Q 4Q
2018 2019 2020 2021 2022 2023
1Q 2Q
2024
3Q1Q 4Q
GA Sept 21, 2018 Announce EoM Announce EoS
EoS
EoM
Orderable
RSUs & Corrective Service + CPU
Announce EoSAnnounce EoM
z/VM V6.4
EoS
EoM
A RSUs & Corrective Service + CPU Compatibility
X = Potential New Function bundle delivered in service stream
= New function in release base
• z/VM Release GAs: Every two years in 3rd Quarter of even years• Releases remain orderable 18 months after GA of next release• Last 6 months of release life cycle overlaps next two releases• In service, roughly 4.5 years.
G
LH I KJ M
All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Dates are shown here for illustrative purposes.
© 2018, 2019 IBM Corporation
GA
9
IBM Z
z/VM Continuous Delivery Page
Gives an overview of new function that is under consideration. Allows clients to:
Express interest in being a sponsor user for an item.
Plan for new support coming out in the future.
Understand the value, benefit, and impact of new enhancements.
http://www.vm.ibm.com/newfunction/
Subscribe for updates via “Notify me” link on left navigation bar.
© 2018, 2019 IBM Corporation
10
IBM Z
z/VM Continuous Delivery Page
Each item has information as seen in this example.
The “Target availability” may also be listed as TBD or less granular such as a quarter or month.
Since this is work in progress, the target availability dates can move multiple times and in different directions.
© 2018, 2019 IBM Corporation
12
IBM Z
z/VM Version 7 Release 1 Overview
© 2018, 2019 IBM Corporation
13
IBM Z
z/VM 7.1 GA announce August 7, 2018
– Preview announce April 10, 2018– GA September 21, 2018
Single System Image and Live Guest Relocation included in the base– In z/VM 6.4 was the VMSSI priced feature
New Architecture Level Set of zEC12, zBC12, or newer processor families
Includes SPEs shipped for z/VM 6.4, including:– Virtual Switch Enhanced Load Balancing, DS8K z-Thin Provisioning, Encrypted Paging, etc.
Additionally, includes:– Dump scalability improvements– Foundation work for future SPEs
© 2018, 2019 IBM Corporation
14
IBM Z
z/VM Release Status Summary
© 2018, 2019 IBM Corporation
z/VM Level GAEnd of Service
End of Marketing
MinimumProcessor
Level
Maximum Processor
LevelSecurity
Level
7.1 9/2018 zEC12 & zBC12
6.4 11/2016 z196 & z114® -
Common Criteria
Complete
FIPS 140-2Complete
15
IBM Z
z/VM 7.1 References z/VM 7.1 Introduction Video
– https://www.youtube.com/watch?v=drhhFFyyja4&feature=youtu.be
Videos explaining two-year cadence and continuous delivery– MP4 version http://www.vm.ibm.com/devpages/bitner/presentations/intro71.mp4– WMV version http://www.vm.ibm.com/devpages/bitner/presentations/intro71.wmv
z/VM 7.1 Resources Page– http://www.vm.ibm.com/zvm710/
z/VM 7.1 General Information Manual– http://www.vm.ibm.com/library/hcpa0_v7.pdf
Client agility improved with continuous delivery & IBM z/VM – https://www.ibm.com/blogs/systems/client-agility-improved-continuous-delivery-ibm-zvm/
© 2018, 2019 IBM Corporation
16
IBM Z
Focused Value Areas of Enhancements
© 2018, 2019 IBM Corporation
17
IBM Z
Focused Value Areas Improved Scaling and TCO
– More virtual machines in a single z/VM system– Lower costs of running a system
Improved resource management for large diverse workloads– Fair and accurate resource control– Guest exploitation of z Systems and LinuxONE hardware
Enhanced Security– Protecting data– Policy management
Improved Resiliency and RAS – Scripting and automation frameworks– Problem determination
Improved System Management– Including things that make a system programmer happy
© 2018, 2019 IBM Corporation
18
IBM Z
Improved Scaling and TCO
© 2018, 2019 IBM Corporation
19
IBM Z
IBM z14 ZR1 and LinuxONE Rockhopper II Available May 29, 2018
– See http://www.vm.ibm.com/service/vmreqz14.html for background.• Besides the previous z14 service, you’ll need at least VM65639• Page includes a file (VMREQMR1 SERVICE) you can down load to check for valid
service with command:– SERVICE ALL STATUS LIST VMREQMR1 SERVICE
– See also 3907/ZVM subset of the 3907DEVICE PSP bucket.
Just like the larger z14 and LinuxONE machines, please remember to rebuild stand alone utilities (Formerly ESA/390-based will not work on z14 and new LinuxONE).
– See http://www.vm.ibm.com/service/redalert/index.html#SAPLZ14
As with the other z14 machines, Security performance enhancements:– Crypto Express6S feature – CPACF no-charge feature
Up to 30 configurable cores and 8TB
19-inch frame
© 2018, 2019 IBM Corporation
May 2018
20
IBM Z
IBM z15 and LinuxONE III Support availability September 23, 2019 with z/VM 6.4 and z/VM 7.1
– See http://www.vm.ibm.com/service/vmreqz15.html for details
z/VM 6.4 and 7.1 PTFs include support for:– Synchronous execution support for on-chip data compression – Enhanced Vector and Vector packed decimal– Crypto Express7S adapter and cryptographic enhancements– OSA-Express7S– FICON Express16SA adapter
z/VM 7.1 PTF support for System Recovery Boost– General purpose processors running at subcapacity can be
boosted to full capacity for a limited time during z/VM system initialization, system shutdown processing, and system abend processing.
– Primarily benefits z/VSE and z/TPF guest environments
© 2018, 2019 IBM Corporation
21
IBM Z
80 Logical Processor Support Increases the number of logical processors that z/VM will support to from 64 to 80 logical processors
Benefits:– Allows for greater scalability– Increases number of cores that SMT-1 can have from 32 to 40
Requirements– z13 and newer processor families for greater than 32 logical processors– z14 and newer processor families for greater than 64 logical processors
© 2018, 2019 IBM Corporation
August 2019
Component APAR PTF RSU
CP VM66265 z/VM 7.1 UM35474 TBD
Stand Alone Dump VM66296 z/VM 7.1 UM35499 TBD
Performance Toolkit VM66292 z/VM 7.1 UM35501 TBD
22
IBM Z
EAV Paging Support Support for Extended Address Volumes (EAV) for z/VM paging space.
Allows use of ECKD (3390) paging volumes to be up to ~812GB with EAV– Previous limit was ~45 GB
Benefits:– Can use fewer volumes to meet the page space requirements– Increases the total page space possible when using ECKD paging space– Will be helpful when increasing the amount of virtual memory used in conjunction with future increases in real memory
supported
© 2018, 2019 IBM Corporation
June 2019
Component APAR PTF RSU
CP VM66263 z/VM 7.1 UM35475 1902
CMS (CPFMTXA) VM66297 z/VM 7.1 UM35483 1902
Performance Toolkit VM66293 z/VM 7.1 UM35484 1902
23
IBM Z
Resource Pool Member Limit Removed The limit of 1000 members of an individual resource pool (RESPOOL or CPUPOOL) is removed.
– New limit is the logged on user limit (MAXUSERS setting)
Benefits:– As systems get larger, more virtual machines per z/VM system, can continue to use resource pools to the
full advantage.– Having a large pool, all virtual machines, you have another way to control resource access.
© 2018, 2019 IBM Corporation
June 2019
Component APAR PTF RSU
CP VM65786 z/VM 6.4 UM35384z/VM 7.1 UM35385 TBD
24
IBM Z
Improved Resource Management of Diverse Workloads
© 2018, 2019 IBM Corporation
25
IBM Z
Virtual Switch Priority Queuing Introduces multiple priority levels for transmissions on a Virtual Switch
Allows virtual switch management communication (IVL) to operate at highest priority to ensure better management
Three optional user priority levels allow:– Different SLAs for different groups of guests– Combining different priority workloads onto fewer, or a single, VSwitch– Eliminating need for separate heartbeat network in some clustering solutions
© 2018, 2019 IBM Corporation
May 2019
Component APAR PTF RSU
CP VM66219 z/VM 7.1 UM35465 1902
TCP/IP PH04703 z/VM 7.1 UI62768 1902
DirMaint VM66223 z/VM 7.1 UV99352 1902
26
IBM Z
Dynamic Memory Downgrade Allows for real memory to be removed from a running z/VM system
Complements the existing ability to add memory to a system
Benefits:– Add and remove memory for workload shifts and other load balancing– Assist in DR scenarios
Requires z14, LinuxONE Emperor II, or LinuxONE Rockhopper II
© 2018, 2019 IBM Corporation
Target TBD
Component APAR PTF RSU
CP VM66173 TBD TBD
27
IBM Z
Enhanced Security
© 2018, 2019 IBM Corporation
28
IBM Z
Security Enhancements Improvements
– Ability to use an ESM to control who can use which Systems Management APIs (SMAPI) against which targets (VM66167)
– Many virtual machines now configured to better match common security policies.• Set up to be autolog only or logon-by only• Affects new installs
– Accessing CP disks (CPACCESS) subset of commands that ignored Link controls in ESM have been corrected
Benefits:– Focus security policy coming from the ESM– Better positioned to meet security policy– Fewer surprises based on security policy
© 2018, 2019 IBM Corporation
Base z/VM 7.1
29
IBM Z
Elliptic Curve Cryptography Support z/VM TLS/SSL Server enhanced with enablement of Elliptic Curve Cryptography (ECC) cipher suites
ECC Ciphers provide a more secure mechanism for asymmetric encryption than standard RSA or DSS algorithms.
Performance Report available – http://www.vm.ibm.com/perf/reports/zvm/html/4q8qk.html
© 2018, 2019 IBM Corporation
December 2018
Component APAR PTF RSU
TCP/IP PI99184 z/VM 7.1 UI60128 1901
30
IBM Z
Improved Resiliency and RAS
© 2018, 2019 IBM Corporation
31
IBM Z
Enhanced Dump Processing Improvements
– Reduce size of both snap dump and hard abend dumps– Reduce time to take and process dumps
No longer dump Frame Table and Page Tables by default unless it is an abend code where those are helpful for problem determination
New options to override defaults on what data is dumped
Dump size reduction varies, examples often show 20% the size of the former dumps
© 2018, 2019 IBM Corporation
Base z/VM 7.1
32
IBM Z
Reduce CPU Required for Dump Processing
Further improves performance of dump processing from a processor requirement perspective.– Applies to snap dump and hard abend processing
© 2018, 2019 IBM Corporation
September 2018
Component APAR PTF RSU
CP VM66176 z/VM 7.1 UM35352 1901
33
IBM Z
RSCS Query Service Levels
New command option that shows the service level for each of the RSCS parts– Highest level PTF that is applied to each part
© 2018, 2019 IBM Corporation
November 2018
Component APAR PTF RSU
RSCS VM66174 z/VM 7.1 UV99342 1901
34
IBM Z
Dynamic Crypto Enables dynamic changes to AP Cryptographic environments
– Addition and removal of crypto hardware– Maintenance and repair when needed– Less disruption to the z/VM guests
Additional information via QUERY commands
© 2018, 2019 IBM Corporation
September 2019
Component APAR PTF RSU
CP VM66266 z/VM 7.1 UM35531 TBD
CP1 VM66206 z/VM 6.4 UM35448z/VM 7.1 UM35449 TBD
1 – This PTF needs to be on all members in an SSI cluster regardless of whether the dynamic crypto PTF is on that member.
35
IBM Z
RACF for z/VM 7.1 FixPack 1 – Usability Enhancements
© 2018, 2019 IBM Corporation
# Description of the functional enhancement
1 Query RACF Database Template LevelSo sysprog or security admin can determine if a forthcoming APAR will require a database update or RACFCONV.
2 Halt RACFVM initialization when server detects a down-level databaseMore immediate presentation of problem details, to enable sysprog to fix with minimum fuss
3 Remove contradictory information from RACFPERMCorrection to bring help text in line with functional behavior.
4 Improve error messages when A-disk can’t be written by RAC EXECCheck A-disk accessibility before executing RACF commands, so an environment error isn’t mistaken for a security problem.
5 Improve consistency of SETROPTS error messagesAddition of warning messages around invalid parameter use.
6 Enable RACFVM to accept SMSG from the current system operatorEliminate assumptions that OPERATOR is always the current OPERATOR
7 Message fixes for ROAUDITCorrection to bring certain RACF messages in-line with functional behavior.
June 2019
Component APAR PTF RSU
RACF VM66278 z/VM 7.1 UV99353 TBD
36
IBM Z
Improved System Management
© 2018, 2019 IBM Corporation
37
IBM Z
Automatic Standby Memory for Guests Allow for easier management of virtual machine memory
– When the maximum memory of a virtual machine is increased, no longer need to issue a new DEFINE STORAGE command in order to increase “Standby” memory
Does require new option on the original DEFINE STORAGE command
© 2018, 2019 IBM Corporation
TBD
Component APAR PTF RSU
CP VM66173 TBD TBD
38
IBM Z
z/VM and Dynamic Partition Manager Dynamic Partition Manager (DPM)
– z/VM 6.4 and z/VM 7.1 Supported – I/O configuration much easier than older IOCDS approach– FICON ECKD Support – available September 2018– FICON CTCA Support – known requirement.
• Required to permit Single System Image cluster and Live Guest Relocation
© 2018, 2019 IBM Corporation
September 2018
43
IBM Z
Extending VMware to manage z/VM
z/VM Development is exploring this enhancement candidate
Use only documented VMware vCenter extension interfaces– VMware is designed to be extended– NO code changes to VMware– Shipped with z/VM, dynamically invoked by VMware as normal for VMware– Supported/Serviced/Upgraded via normal z/VM processes independent of VMware development (i.e. on IBM’s schedule
and discretion)
Flexibility of extension interfaces– Allows ability to provide support for most IBM Z and z/VM capabilities to a VMware environment– Allows ability to support other VMware solutions– Requires explicitly deciding what to implement from all the possibilities
© 2018, 2019 IBM Corporation
TBD
44
IBM Z
z/VM Library Web Page Updates - http://www.vm.ibm.com/library/
© 2018, 2019 IBM Corporation
6 Horizontal Tabs Overview z/VM Version 6 z/VM Version 7 Related Indexed PDFs Presentations
45
IBM Z
z/VM Library Web Page Updates - Overview Includes following categories of links:
– z/VM product information• Knowledge Center links
– Linux on IBM Z documentation– White papers, consultant results,
performance reports– Data sheets, brochures– Reference guides
© 2018, 2019 IBM Corporation
46
IBM Z
z/VM Library Web Page Updates – z/VM PDF Files
© 2018, 2019 IBM Corporation
Designed based on sponsor user feedback.
51
IBM Z
z/VM Cloud Strategy Futures
Allow customers to enjoy a broader set of features, collectively provided by IBM and partner-based solutions as part of their vertically integrated Cloud offerings than we have been able to provide via the z/VM Cloud Management Appliance (CMA)
Switch from an IBM-provided OpenStack and xCAT solution (CMA) to supporting partner-provided cloud
solutions via the new z/VM Cloud Connector
The new code will be serviced as part of z/VM but will be installed on a customer-provided Linux on z guest
The code is being developed in open source and is enabled for 3rd party contributions
Available as open source or from IBM Fix Central
See http://www.vm.ibm.com/sysman/cloudcon.html for a lot more details on Cloud Connector
CMA‒ No additional new function‒ Will continue to supply defect and security fixes to the z/VM 6.4 release
© 2018, 2019 IBM Corporation
February 2018
53
IBM Z
Other Highlights
© 2018, 2019 IBM Corporation
54
IBM Z
z/VM RSU News z/VM 7.1 RSU 1902 available on September 26, 2019
z/VM 6.4 RSU 1901 available on June 28, 2019– Includes a RACF template change– Please remember to validate your RACF database prior to applying (and afterwards)
• White paper on validating and repairing the database is available: https://www.ibm.com/downloads/cas/LVOL5P8Q
For additional planning information, see http://www.vm.ibm.com/service/rsu/rsuplan.html
© 2018, 2019 IBM Corporation
55
IBM Z
New Support Community IBM Service Request Tool replaced July 27, 2019
– Summer 2019 – IBM Z software products– Future date – IBM Z hardware
What happened– Existing service requests will automatically be moved to the new Support Community– Existing SRs/PMRs will be converted to “Cases”
• Case numbers in format of TS123456789
What to do– Familiarize yourself with the new environment
• http://ibm.biz/Zsupport
© 2018, 2019 IBM Corporation
56
IBM Z
z/VM Service Changes with GDPR Global Data Privacy Regulation (GDPR) has far reaching implications including on how you send
documentation for z/VM problem records and how we retrieve, use, and control them.
Date for complete enforcement has been extended, but we are encouraging everyone to not wait until it is enforced.
z/VM-centric information: http://www.vm.ibm.com/service/vmgdpr.html
In addition to general information, if you are going to send data from z/VM itself, you’ll need to:– Install and configure the z/VM SSL server using the TCP/IP Planning and Customization book, SC24-
6238, Chapter 16: Configuring the SSL Server– Get the required ECuRep DigiCert Certificates into GSKKYMAN and test connection.
http://www.vm.ibm.com/related/tcpip/tcpipdig.html– Customer firewall changes may be required. Consult with firewall administrators to identify any changes.
© 2018, 2019 IBM Corporation
57
IBM Z
z/VM Sponsor Users Customers input and feedback on individual enhancements
Examples of value add:– Feedback on how to handle IPL when dynamic memory downgrade configuration settings do not make
sense with real memory on the system– Testing of EAV minidisk support with non-IBM DASD– Feedback on NICDEF Security Enhancements switch to go back to old default behavior– Feedback on VSwitch load balancing enhancement:
• Urgency• Degree of wasted bandwidth at the time and improvement required
http://www.vm.ibm.com/sponsor_user/
© 2018, 2019 IBM Corporation
“I helped build z/VM” – Sponsor User
58
IBM Z
Become a Sponsor User Look for items that interest you and you’d work to make a reality with IBM
– New web page to subscribe to:• http://www.vm.ibm.com/newfunction/
– Request For Enhancements (RFE) that you submit– Other dialogues with IBM
Express interest in being a sponsor user for an item– Link on the continuous delivery page– Email to Kerry Wilson ([email protected])
Requirements– Program is free– Must have an IBMID– Must sign Feedback Program Agreement (FPA)– Commit to work with IBM on the candidate items
© 2018, 2019 IBM Corporation
59
IBM Z
Design-Heavy
Paperwork (really online web-work) for approval
Initial meeting to discuss the pain points / opportunity
Follow up meetings to discuss design and feedback on externals
– ~Monthly
Demo of early code on IBM systems
Delivery of drivers for client testing
Testing-Heavy
Paperwork (really online web-work) for approval
Initial meeting to discuss the pain points / opportunity
Follow up meetings to discuss design and feedback (no externals)
– 1 or 2
Delivery of drivers for client testing– Various hardware– Various ISV products
Life of a Sponsor User
© 2018, 2019 IBM Corporation
DesignTest
60
IBM Z
Specifically looking for sponsor users for:
4TB Main Memory Evaluation
Active Drain for Page Volumes
Fast Minidisk Erase
Group Memory Limiting
MSS Multi-Target PPRC Exploitation
Multifactor Auththentication
Sponsor Users Wanted:
© 2018, 2019 IBM Corporation
61
IBM Z
z/VM Council – Client Communication and Collaboration z/VM-centric community started in June 2018
– Meeting about once a month via telephone and web conferencing– User research– Propose, define, and prioritize new project proposals– Sponsor User Recruitment and Playbacks– Other collaboration done via membership web site
Membership Requirements– IBM Z Feedback Program Agreement (FPA)– Regular participation– Sponsor User for at least one project per year– Homework assignments
Additional details:– http://www.vm.ibm.com/sponsor_user/zvm_council.html– Contact: Kerry Wilson – [email protected]
© 2018, 2019 IBM Corporation
z/VM Council
User Research
Project Introduction
Sponsor User Recruitment
Prioritization
Client Playbacks
Project Proposals
79
IBM Z
Leveraging the Newest Capability in z/VM 7.1
© 2017, 2019 IBM Corporation
● A tweaked extract of version 7.1.e of John Franciscovich's presentation, dated September 2019
● For the most current version of this presentation, please seehttp://www.vm.ibm.com/library/presentations/
81
IBM Z
z/VM 7.1 Dump Scalability Improvements
Reduce size of both snap dumps and hard abend dumps
Reduce time to create and process dumps
No longer dump the Frame Table and Page Tables by default –Unless it is an abend code where they are helpful for problem determination–Dump size reduction varies
• Lab testing showed often 20% of the size of former dumps
New options to override defaults on what data is dumped–SET DUMP and SNAPDUMP commands
We still calculate the maximum size needed when doing the reserve space in spool for dumps
No longer support dumping to tape devices© 2017, 2019 IBM Corporation
82
IBM Z
Single System Image (SSI) Function
SSI (including Live Guest Relocation) is included in the base of z/VM 7.1
A PRODUCT statement for the VMSSI feature is no longer necessary in the z/VM 7.1 system config file –If specified, it will be displayed by the QUERY PRODUCT command–If your software audit people use QUERY PRODUCT to determine the software that you purchased, be ready to explain to them that it is free or remove from the system config file.
If an SSI statement is included in the system config file, the following will be displayed during IPL:
© 2017, 2019 IBM Corporation
83
IBM Z
z/VM 7.1 Memory Management Changes
Some changes were introduced in z/VM 7.1 for upcoming New Function APARs
Minimum memory size for a second level z/VM is now 128MB (previously 32MB)–First level z/VM minimum is unchanged (256MB)
SET STORAGE command changes–New PERMANENT keyword–Remove AS keyword–No more rounding up to the increment boundary
© 2017, 2019 IBM Corporation
84
IBM Z
z/VM 7.1 User Directory Modifications
Changes to IBM supplied directory to make more consistent with recommended security policies
–IBM-provided virtual machines changed to be either:• Autolog Only (AUTOONLY)• Logon By (LBYONLY)
Changes to other IBM-provided virtual machines–Deleted those that are no longer used–New virtual machines
• Some as infrastructure/placeholders for upcoming new function–Release-specific userids renamed
• e.g. MAINT640 -> MAINT710–Specifications changed for some
See z/VM Enhancements Guide –Chapter 2, section [V7.1] User Directory Modifications
© 2017, 2019 IBM Corporation
85
IBM Z
z/VM 7.1 Security Modes
z/VM 6.4–January 8, 2018 APAR VM65396 (PTF UM34851) introduced the CP SET SPECEX command–March 23, 2018 APAR VM65414 (PTF UM34853) introduced the CP SET CPPROTECT command
• CP SET SPECEX still recognized but recommended adopting syntax used with CP SET CPPROTECT
z/VM 7.1 Base–CP SET SPECEX is no longer supported or recognized–CP SET CPPROTECT is supported with same defaults and syntax as previously supported
If you’re using SET SPECEX, please convert to SET CPPROTECT prior to going to z/VM 7.1
© 2017, 2019 IBM Corporation
86
IBM Z
Other z/VM 7.1 Changes
No longer install to 3390-3 Volumes–z/VM does support 3390-3, just not for install–Install can be done on
• 3390 with minimum size of 10016 cylinders• SCSI volumes with minimum size of 6 GB
Kanji is no longer supported as a system default language
OSA/SF is no longer shipped with z/VM
No longer support dedicating logical processors to individual virtual machines.
© 2017, 2019 IBM Corporation
87
IBM Z
z/VM 7.1 New Function APARs
© 2017, 2019 IBM Corporation
88
IBM Z
80 Logical Processor Support
Increases the number of logical processors that z/VM supports to from 64 to 80
Processor requirements –z14 and newer processor families for greater than 64 logical processors–z13 and newer processor families for greater than 32 logical processors–Is your Disaster Recovery system the same?
Maximum of 40 cores with both SMT-1 and SMT-2–(80 logical processors = 80 threads = 40 cores * 2 threads)
Share settings are a percentage of the system, so increasing the number of processors, typically increases the share entitlement
Performance Toolkit enhanced to display processor ids in hex–OMEGAMON XE for z/VM and Linux 4.3.0 support in Fixpack 5 –If you install either the Perfkit or OMEGAMON update, you must also install the other
© 2017, 2019 IBM Corporation
89
IBM Z
How to Get 80 Logical Processor Support
Available August 6, 2019 for z/VM 7.1
If you apply OMEGAMON XE Fixpack 5 on z/VM 6.4–Perfkit APAR VM65863 (UM35472) must also be applied
• Toleration only, does not support increased number of logical processors
© 2017, 2019 IBM Corporation
Component APAR PTF RSU
CP VM66265(pre-req VM66301)1
UM35474(pre-req UM35496)1 TBD
Stand Alone Dump VM66296 UM35499 TBD
Perfkit VM66292 UM35501 TBD
1VM66301 was found in error, PE fix is VM66319 (PTF UM35530) affects those using: EDEVs for paging or spool, EDEVs for guest MAPMDISK, or PAGING63 IPL parameter
z/VM Spotlight:http://www.vm.ibm.com/news/spotlight/80pro.html
z/VM Performance Report article:http://www.vm.ibm.com/perf/reports/zvm/html/2q9r2.html
90
IBM Z
EAV Paging: Overview
Allows use of ECKD paging volumes larger than 65520 cylinders (~45 GB )–Up to 1,182,006 cylinders
Benefits:–Can use fewer volumes to meet the page space requirements–Increases the total page space possible when using ECKD paging space–Will be helpful when increasing the amount of virtual memory used in conjunction with future
increases in real memory supported
CPFMTXA is enhanced to allow paging space to be allocated on cylinders 65520 and above–For an EAV the range is 0-1,182,005
© 2017, 2019 IBM Corporation
EAV
65520 (previous limit)
1182006 (new limit)
91
IBM Z
EAV Paging
Maximum ECKD paging volume sizes
Example: 2 TB real memory with 3:1 overcommit–Before EAV paging, requires 100 paging volumes–With EAV paging, requires 7 paging volumes
Consider enabling HyperPAV and High Performance FICON (HPF) to increase paging I/O rates if you are paging to EAVs.
© 2017, 2019 IBM Corporation
Number of Cylinders Usable Space (approx.)
Before EAV paging 65520 45 GB
With EAV paging 1,182,006 812 GB
92
IBM Z
How to Get EAV Paging Support
Available June 20, 2019 for z/VM 7.1
z/VM Spotlight: http://www.vm.ibm.com/news/spotlight/eavp.html
© 2017, 2019 IBM Corporation
Component APAR PTF RSU
CP VM66263 UM35475 1902
CMS VM66297 UM35483 1902
Perfkit VM66293 UM35484 1902
93
IBM Z
Virtual Switch Priority Queuing
Allows multiple priority levels for transmissions on a Virtual Switch
Allows VSwitch management communication (IVL) to operate at highest priority to ensure better management
Three optional user priority levels allow:–Different SLAs for different groups of guests–Combining different priority workloads onto fewer, or a single, VSwitch–Eliminating need for separate heartbeat network in some clustering solutions
© 2017, 2019 IBM Corporation
94
IBM Z
Virtual Switch Priority Assignments
© 2017, 2019 IBM Corporation
z/VM Transmissions (IVL communications)
High Priority Guest Transmissions
Normal Priority Guest Transmissions
Low Priority Guest Transmissions
0
1
2
3
95
IBM Z
Enabling VSwitch Priority Queuing
Priority Queuing is enabled in OSA-Express hardware by default –IOCP or dynamic I/O change is required to disable
IVL VSwitches always exploit priority queuing if not disabled
Exploitation must be enabled for non-IVL VSwitches –DEFINE VSWITCH command/config statement
Set guest priority (default is NORMAL)–NICDEF directory statement–Can be changed dynamically with MODIFY VSWITCH command
If you want to relocate a guest that is using priority other than NORMAL, then the VSwitch on the target system must also be enabled for priority queuing
–Or set guest priority to NORMAL before relocating guest
© 2017, 2019 IBM Corporation
96
IBM Z
How to get VSwitch Priority Queuing
Available May 22, 2019 for z/VM 7.1
z/VM Spotlight: http://www.vm.ibm.com/news/spotlight/vspq.html
© 2017, 2019 IBM Corporation
Component APAR PTF RSU
CPTCP/IPDirMaint
VM66219PH04703VM66223
UM35465UI62768UV99352
190219021902
97
IBM Z
DEFINE HYPERPAVALIAS/PAVALIAS Enhancements
A range of virtual alias devices may now be defined with a single command–DEFINE HYPERPAVALIAS–DEFINE PAVALIAS
Especially useful if the COMMAND directory statement is used to define aliases–Fewer statements are now needed to define the same number of aliases
• Helps avoid limits on COMMAND statements for each guest
Available February 8, 2019 for z/VM 7.1
© 2017, 2019 IBM Corporation
Component APAR PTF RSU
CP VM66249 UM35427 TBD
98
IBM Z
Elliptic Curve Cryptography Support z/VM TLS/SSL Server enhanced with enablement of Elliptic Curve Cryptography (ECC) cipher suites
– New suites have been added to Table 39 in z/VM TCP/IP Planning and Customization● Includes strength and symmetric key length
– Available December 6, 2018 for z/VM by APAR PI99184 (PTF60128) for component TCP/IP (on RSU1901)
ECC ciphers provide a more secure mechanism for asymmetric encryption than standard RSA or DSS algorithms. –Smaller key sizes for same levels of encryption
Specific cipher suites can be enabled or disabled by name–:parms tag in DTCPARMS
Output from the following commands shows information about the new cipher suites and TLS version:–SSLADMIN QUERY SESSIONS–SSLADMIN QUERY STATUS DETAILS–NETSTAT IDENTIFY SSL
z/VM Performance Reporthttp://www.vm.ibm.com/perf/reports/zvm/html/4q8qk.html
© 2017, 2019 IBM Corporation
99
IBM Z
New RSCS QUERY Command
New command option that shows the service level for each of the RSCS parts–Highest level PTF that is applied to each part
QUERY SYSTEM SERVICE –"BASE" is displayed if no APARs are applied–User updates may be displayed in place of the above
14:11:11 * MSG FROM RSCS : RSCS Service Level14:11:11 * MSG FROM RSCS : ---- ------- -----...14:11:11 * MSG FROM RSCS : SLVL DMTCMX BASE14:11:11 * MSG FROM RSCS : SLVL DMTCMY BASE14:11:11 * MSG FROM RSCS : SLVL DMTCMZ VM6617414:11:11 * MSG FROM RSCS : SLVL DMTCMA BASE14:11:11 * MSG FROM RSCS : SLVL DMTCMB BASE14:11:11 * MSG FROM RSCS : SLVL DMTCMQ INTEST114:11:11 * MSG FROM RSCS : SLVL DMTCQX BASE14:11:11 * MSG FROM RSCS : SLVL DMTCQY BASE...
© 2017, 2019 IBM Corporation
100
IBM Z
QUERY SYSTEM SERVICE Command
Available November 29, 2018 for RSCS 7.1
© 2017, 2019 IBM Corporation
Component APAR PTF RSU
RSCS VM66174 UV99342 1901
101
IBM Z
IBM Adapter for NVMe Support for NVMe (non-volatile memory express)-attached SSD drives
Available on LinuxONE III and on LinuxONE Emperor II and Rockhopper II with driver D36–Not available on the corresponding z15 or z14 servers - this is specifically LinuxONE-only–Client must procure the SSD device
SSD device directly connected though an IBM PCIe adapter–Ability to have embedded storage for some applications
High I/O throughput and extremely low latency can help with various workloads–Memory intensive–Real-time analytics–Fast storage workloads–Relational and non-relational databases
Multiple differences with normal (FCP or FICON-attached) storage–Cannot share between LPARs or virtual machines - can be online to only one at a time–Cannot carve into extents and hand to different virtual machines–No built-in RAID; use Linux md or LVM across multiple NVMe SSDs for redundancy–No direct (e.g. SAN) connectivity to the SSD from outside the CEC
● only the Linux in the owning LPAR or virtual machine can directly access it so the most direct forms of external access would be via iSCSI or NFS export from that Linux
© 2017, 2019 IBM Corporation
I/O Card
NVMe 2.5” SSD (OEM) FRU NVMe Carrier Card
102
IBM Z
Using the IBM Adapter for NVMe on z/VM
Requires system configuration file changes and a system IPL–Enable PCI support
•FEATURES ENABLE PCI –Configure memory for PCIe functions
•STORAGE IOAT –See z/VM CP Planning and Administration, Chapter 16: "Using PCIe Functions for z/VM Guests"
Guest enablement–Create PCI function dynamically and attach to guest
•DEFINE PCIFUNCTION / ATTACH commands
–Ensure setting on SET IO_OPT UID allows for guest to define options•QUERY IO_OPT
© 2017, 2019 IBM Corporation
103
IBM Z
IBM Adapter for NVMe – z/VM Support
Available October 31, 2018 for z/VM 6.4 and 7.1
© 2017, 2019 IBM Corporation
Component APAR PTF RSU
CP VM66180 UM35381 (6.4)UM35382 (7.1)
19011901
104
IBM Z
Dynamic Crypto Support - Overview
Enables changes to the z/VM crypto environment without requiring an IPL of z/VM or its guests
This allows:–Less disruptive addition or removal of Crypto Express hardware to/from a z/VM system and its guests–Less disruptive maintenance and repair of Crypto Express hardware attached and in-use by a z/VM system–Reassignment and allocation of crypto resources without requiring a system IPL or user logoff/logon–Greater flexibility to change crypto resources between shared and dedicated use.
Additionally, there are RAS benefits for shared-use crypto resources–Better detection of Crypto Express hardware errors with "silent" retrying of shared pool requests to alternative resources–Ability to recover failed Crypto Express adapters–Improved internal diagnostics for IBM service–Improved logoff and live guest relocation latency for shared crypto users.
© 2017, 2019 IBM Corporation
105
IBM Z
Dynamic Crypto – New Commands
VARY ONLINE/OFFLINE CRYPTO–Bring a Crypto Express adapter online and make it available–Take a Crypto Express adapter offline and make it unavailable
ATTACH CRYPTO –Connect crypto resource(s) to
• A guest for dedicated use (APDED)• The system for shared use (APVIRT)
DETACH CRYPTO –Remove
• Dedicated crypto resource(s) from a guest• Crypto resources from the shared crypto pool• Guest access to the shared crypto pool
DEFINE CRYPTO APVIRTUAL–Assign (or re-assign) a shared crypto resource to a guest
• Guest must be enabled for access in their directory entry
QUERY CRYPTO and QUERY VIRTUAL CRYPTO–Enhanced to report online/offline status of crypto resources
© 2017, 2019 IBM Corporation
111
IBM Z
How to get Dynamic Crypto Support
Available September 2019 –z/VM 7.1
–Pre-req VM66206 is also available on z/VM 6.4• In an SSI cluster, must be applied to all members (z/VM 6.4 and 7.1) before applying
Dynamic Crypto APAR to any member
© 2017, 2019 IBM Corporation
APAR PTF RSU
CP VM66266(pre-req VM66206)
UM35531(pre-req UM35448) TBD
113
IBM Z
Upgrade Installation
Easier upgrade to a new z/VM release from existing systems –Avoids a full and fresh install–Especially helpful in a Single-System-Image (SSI) environment
• All members of your SSI cluster must be on the same release
Supports upgrades to–z/VM 7.1 from z/VM 6.4– (also z/VM 6.4 from z/VM 6.2 and 6.3)
Requires appropriate service on the old z/VM release
Support for vendor products, local mods, and backing out if necessary
See the z/VM Installation Guide for details
© 2017, 2019 IBM Corporation
114
IBM Z
Verify That You Have Required Service for z15, z14, etc.
z15, LinuxONE III–http://www.vm.ibm.com/service/vmreqz15.html–If running SSI, make sure VM66206 is applied to all members before IPLing any member on a z15
● z/VM 6.4 and 7.1
z14 (including model ZR1), LinuxONE Emperor II, LinuxONE Rockhopper II–http://www.vm.ibm.com/service/vmreqz14.html–If running SSI, make sure VM65976 is applied to all z/VM 6.4 members before IPLing any member on a z14
Pages above have service lists which can be downloaded to verify you have correct service, e.g.–For z14 and LinuxONE models running driver D36, get file VM640D36 SERVICE and issueSERVICE ALL STATUS LIST VM640D36 SERVICE
© 2017, 2019 IBM Corporation
115
IBM Z
Migrating z/VM from z13 or earlier to an IBM z15 or z14/etc.The Stand Alone Program Loader (SAPL) must be rewritten with the z/VM 6.4 or 7.1 SALIPL utility
– Otherwise you will not be able to IPL– Look for current release number in upper right corner of SAPL
Upgrade installation does not rewrite SAPL–Must be done manually
See red alert http://www.vm.ibm.com/service/redalert/index.html#SAPLZ14
© 2017, 2019 IBM Corporation
Other stand alone utilities also need to be updated in order to IPL on z14– Standalone Dump, DDR, etc.
116
IBM Z
Stay Informed about New-Function PTFs
Off z/VM service page http://www.vm.ibm.com/service/ is new page for new-function APARs– http://www.vm.ibm.com/service/vmnfapar.html
Applies to z/VM operating system and related products:– Operations Manager for z/VM– Backup and Restore Manager for z/VM– OMEGAMON XE on z/VM and Linux– Etc.
Subscribe to receive notifications automatically when new-function APARs become available
Obtain lists of previously shipped new-function APARs
© 2017, 2019 IBM Corporation
117
IBM Z
z/VM RSU News
z/VM 6.4 RSU 1901 - June 28, 2019–Includes a RACF template change
Remember to validate your RACF database prior to applying (and afterwards)–RACUT200 utility checks database integrity
Database best practices–Have a procedure for database backups–Integrity-check your back-up databases–Automate around RACF initialization
White paper on validating and repairing the database is available: https://www.ibm.com/downloads/cas/LVOL5P8Q
© 2017, 2019 IBM Corporation
640 Db (YourDb)200 Disk
RACUT200 Clean DatabaseConfirmed
Clean DatabaseConfirmed
Thank you!
Malcolm Beattie
Linux and IBM Z Technical Consultant,IBM UK Systems Lab Services
© Copyright IBM Corporation 2019118
Please submit your session feedback!
• Do it online at http://conferences.gse.org.uk/2019/feedback/CJ
• This session is CJ