Real Linux, Real Mainframe, Real Virtual

Since the very early days of open source in 1998, IBM® and Linux® have had a close synergistic relationship, which has accelerated the introduction of new technologies for all Linux users and simplified Linux deployment for IBM customers. Today, hundreds of Linux kernel developers work at IBM Linux Technology Centers around the world. Two of their key focal points center on the technologies of virtualization and mainframe computing.

The first commercial virtualization offering dates back to the introduction of IBM’s VM/370 operating system on August 2, 1972. That mainframe technology experience provided a solid foundation on which to virtualize multiple operating system environments, including the difficult aspects of virtualized I/O and network devices. So it should come as no surprise that IBM has been a major contributor to the Xen (link resides outside of ibm.com) open source project for virtualization of certain PowerPC and x86 architectures, developed at the University of Cambridge.

With the Xen virtual machine monitor (VMM), independent Linux operating systems can be executing on the same machine with close to native performance, while they share hardware resources for optimal efficiency. For a machine to support the concurrent execution of multiple operating systems, however, the virtual machines must be securely isolated from one another. Execution of a program on one virtual machine cannot adversely affect performance on another.

Shades of Virtualization
This can be achieved in one of two ways. The traditional way starts with a VMM, such as z/VM on IBM’s System z mainframe which exposes virtual hardware that is functionally identical to the underlying machine. This traditional way, however, opens up a number of problems with X86 machines, especially when it comes to I/O.

Xen presents a virtual machine abstraction that is similar but not identical to the underlying hardware, which is dubbed "paravirtualization." This approach requires changes to the guest operating system: In other words, a special Xen Linux microkernel is required with Xen-aware device drivers. The advantage of such a specialized version of the OS is that it dramatically cuts virtualization overhead.

The Zen of Xen
In the Xen scheme of things, the Xen microkernel sits just above the hardware layer and presents each guest OS with an abstraction of that hardware. In this role, Xen is dubbed the hypervisor—meaning beyond supervisor—since it is responsible for managing multiple ‘supervisor’ kernels at a higher privilege level than any of the guest operating systems. As a result, the guest operating systems need to be modified at the device driver level to deal with the Xen version of reality concerning hardware. Alternatively, new chip technologies from Intel and AMD— Intel® Virtualization Technology (Intel® VT) (link resides outside of ibm.com) and AMD Virtualization™ (AMD-V™) (link resides outside of ibm.com) —provide a means that can be exploited by Xen to run a guest OS that has not been modified.

Xen is currently distributed in SUSE Linux Enterprise Server (SLES) 10 and will also be included as a component of Red Hat Enterprise Linux (RHEL) 5. Xen virtualization is supported by IBM through the IBM Systems Director family, by offerings such as IBM® Director and its Virtualization Manager extension, which provide IT managers with the ability to manage virtual systems within the context of the physical environment. This context is essential for the future delivery of advanced virtualization features, such as the automatic migration of virtual machines for load balancing and availability with respect to Service Level Agreements.

“Underlying the advantages provided by virtualization technology are the qualities of strong isolation, mediated resource sharing and intercommunications between virtual machines.”

Underlying the advantages provided by virtualization technology are the qualities of strong isolation, mediated resource sharing, and intercommunication between virtual machines. Seeking to improve those capabilities in an operating system independent hypervisor, IBM research has pursued a project dubbed sHype, a secure hypervisor for trusted virtualized systems. IBM has contributed code to the Xen project from sHype.

Rebirth of a Mainframe
The mainframe origin of virtualization is not the only connection between mainframes, virtualization, and Linux. As businesses address the need to reduce the complexity of their IT infrastructure, many are realizing that a mainframe, like the IBM System z9™ Business Class, can play a key role in streamlining and taking back control of their infrastructure through consolidation.

Thanks to the advanced virtualization capabilities of IBM z/VM® operating system, IT can run either the SLES or RHEL versions of Linux for IBM System z on the z/VM hypervisor within a logical partition (LPAR). As a result, the System z platform running Linux can be utilized to consolidate many typical application workloads that are frequently run on farms of X86-based servers.

The business benefits from consolidating these applications on a mainframe go far beyond just the cost savings associated with decommissioning a large number of X86-based servers. The ability to meet Service Level Agreements for these applications is significantly enhanced by the historic mainframe strengths of reliability, availability, and scalability (RAS), as well as a very strong security model. In particular, composite applications, especially when they are implemented in a Service Oriented Architecture (SOA), benefit from a highly efficient and security-rich network, dubbed HiperSockets™, on System z servers.

With a very mature virtualization environment as a foundation, virtual Linux servers residing on a System z server can share data and applications, and be dynamically managed from a central point to reduce complexity. More importantly, backup servers, hot standby servers and other servers, which would normally require physical resources to be present, require only minimal resources when implemented virtually and are not in use. With dynamic partitioning on the mainframe, resources can be reclaimed quickly when no longer needed and new servers can be deployed in minutes.

Nonetheless, synergy is a two-way street. Running Linux in a z/VM LPAR can enhance the business value of applications running in z/OS® and z/VSE® LPARs. Linux applications can provide important low-cost services that are easy to get up and working. That’s exactly what the Linux Utilities for IBM System z package suite is intended to do. The idea is to leverage the quick deployment and easy installation of Linux utilities, while minimizing any need for specific z/OS skills. Included in the suite are the StoneGate™ Firewall by Stonesoft and IBM Tivoli® Access Manager WebSEAL for building single sign-on into Web-based z/OS transactions.

Whether it is being used to bring the RAS capabilities of a mainframe to Linux applications or Linux ease-of-deployment to a mainframe environment, virtualization is the key technology in all cases. Without solid virtualization, none of these advanced capabilities, whether fundamental features or simplified resource management, are possible.