Contact us for Pricing or Questions:      (888) 682-5335          *We Ship Worldwide

Used IBM Servers | New Power9 Systems | QRadar SIEM Security

POWER9 in 2020: What’s Coming Ahead


POWER9, IBM’s latest family of scale-up servers, has been around since August 2018. Since it’s debut, they received several new members, along with other hardware upgrades. In this post, we offer a quick recap of the new IBM releases in 2019, along with the outlook for 2020. 

Before we dive into the updates, here’s a quick refresher on POWER9:

Continue reading

IBM POWER8 vs. POWER9 Comparison for 2020

IBM POWER8 vs. POWER9 Comparison for 2020
IBM POWER8 vs. POWER9 - A Comparative Analysis for 2020

Hardware upgrades – always a tough call. Should you invest in a new POWER server if your workloads are running just fine on an earlier model? Perhaps, as the new POWER9 servers received a major performance boost thanks to improved hardware, memory, and enhanced on-chip acceleration. In this post, we’ll show exactly how POWER9 compares to POWER8 in terms of memory, CPU, TCO and overall performance. Let’s dive in!

POWER8 vs POWER9: Tech Specifications and Main Improvements

POWER9 with comes loads of new hardware. Some are enterprise-grade, other are more focused on small to mid-range applications. The latter include Power9 models S922, S914, and S924 as well as Linux and SAP Hana specialized variants, the L922, L924, H922, and H924. Every new model comes equipped with robust POWER9 processors:

Continue reading

IBM Power Solid State Drives SSD

How to increase IBM POWER System application performance running on IBM i, AIX and Linux DB2 Database
Every IBM POWER System application performs significantly faster running on SSD (microsecond and nanosecond response times, compared to millisecond and seconds). Application performance on IBM POWER Systems experiencing slow query responses times, have intensive I/O requirements or are experiencing latency as a result of accessing data on hard disk drives, can improve performance using various database and query approaches. However, the most effective and usually quickest approach is to replace traditional HHDs with IBM Solid State Drives (SSD) using either Enterprise or Mainstream SSDs, depending on read and write requirements. Solid state drives have been available for IBM POWER Systems since IBM released the first POWER5 models, although the initial SSDs were cost prohibitive for most companies. Since their initial release, time and the refurbished market has made IBM SSDs cost effective for any company needing a quick and simple performance upgrade.
In comparison to hard disk drives, SSDs run at the speed of memory capable of delivering tens of thousands more I/O operations per second for any IBM POWER System, providing queries, I/O intensive applications and aging IBM i, Linux and AIX Power servers a massive performance boost. As a result, IBM POWER Systems can typically be configured to replace HDDs with a lot less SSDs and still achieve huge I/O performance boost and reduce related hardware costs of expansion units and IBM hardware maintenance. IBM Enterprise SSDs with eMLC (for write intensive database applications) and Mainstream SSDs (for read intensive with no more than 1 write per day) do not have the seek time performance bottlenecks of hard disk drives. IBM i POWER systems have a built in storage manager for the DB2 database that simplify and automate how data is used between ASPs, Libraries, DB2 database and physical storage types available utilizing preferences and calculations for maximum response times and performance costs that impact CPU and I/O.
IBM SSDs provide users with almost instantaneous access to DB2 data, removing latency and I/O performance bottlenecks HDD spinning platters and arms cause. What are you waiting for? Get IBM SSD prices for your IBM POWER System today and see for yourself how affordable an upgrade can be.
IBM SSD Options by IBM POWER System Generation
IBM Enterprise SSD with eMLC 3D NAND flash memory for write intensive workloads. The 2.5-inch solid-state drives (SSD) are available in 387 GB, 775 GB, and 1.55 TB sizes, and can be formatted to 4k or to 528 (5xx) byte sectors. The Enterprise SSD for IBM POWER8 and POWER9 systems can be installed in SFF-3 system unit slots and use the integrated SAS controller or in SFF-2 slots of a EXP24S 5887 or EXP24SX ESLS expansion drawer which require one of the following PCIe3 or PCIe2 SAS RAID controllers:
EJ14 PCIe3 12 GB Cache RAID+ SAS Adapter Quad-port 6 Gb (01DH742)
EJ10 EJ0J EJ0M PCIe3 RAID SAS Adapter Quad-port 6 Gb x8 (00FX846)
EJ0L PCIe3 12 GB Cache RAID SAS Adapter Quad-port 6 Gb x8 (00FX840)
EJ0P PCIe3 x8 Cache SAS RAID Adapter 6 Gb (00MA025)
EJ0N EJ0S EL3V PCIe3 x8 SAS RAID Adapter 6 Gb (00MH906 00MH908)
EL65 EL3B EL59 PCIe3 RAID SAS Adapter Quad-port 6Gb x8 (00FX846)
ESA3 PCIe2 1.8GB Cache RAID SAS Adapter Tri-port 6Gb CR (74Y7131)
5913 PCIe2 1.8GB Cache RAID SAS Adapter Tri-port 6Gb (00J0596)
IBM Mainstream SSDs are for read intensive workloads, with no more than 1 write per day. These 2.5-inch solid-state drives (SSD) are available in 931 GB, 1.86 TB, 3.72 TB and 7.45 TB sizes, and are formatted to use 4k byte sectors. These IBM mainstream SSDs can be installed in SFF-3 system unit slots and use the integrated SAS controller or in SFF-2 slots of a EXP24SX expansion drawer which require a EJ0L, EJ14, EJ0J, EJ0M, EL3B, or EL59 PCIe3 SAS RAID adapter. Customers installing these IBM Mainstream 2.5-inch SAS SSDs in the EXP24SX expansion drawer get an extra 18% IOPS per disk slot, providing 160k IOPS for 4KiB reads versus 130k.
IBM POWER8 and POWER9 SSD - Size | Description | CCIN | Part Numbers
387 GB IBM Enterprise SSD 4k 5B13 00LY333 00LY603
387 GB IBM Enterprise SSD 4k 5B10 00LY336 00LY621
387 GB IBM Enterprise SSD 5xx 5B16 00LY327 00LY589
387 GB IBM Enterprise SSD 5xx 5B19 00LY577 00LY324
775 GB IBM Enterprise SSD 4k 5B14 00LY334 00LY604
775 GB IBM Enterprise SSD 4k 5B11 00LY337 00LY622 
775 GB IBM Enterprise SSD 5xx 5B17 00LY328 01LU623
775 GB IBM Enterprise SSD 5xx 5B1A 00LY325 00LY578
1.55 TB IBM Enterprise SSD 4k 5B15 00LY335 00LY605
1.55 TB IBM Enterprise SSD 4k 5B12 00LY338 00LY623
931 GB IBM Mainstream SSD 4k 5B2B 00LY559 01LU805
931 GB IBM Mainstream SSD 4k 5B29 00LY553
1.86 TB IBM Mainstream SSD 4k 5B20 00LY374 00LY560
1.86 TB IBM Mainstream SSD 4k 5B21 00LY373 00LY554
3.72 TB IBM Mainstream SSD 4k 5B2C 00LY558
3.72 TB IBM Mainstream SSD 4k 5B2D 00LY555
3.72 TB IBM Mainstream SSD 4k 5B2C 00LY558
7.45 TB IBM Mainstream SSD 4k 5B2E 01LU807
7.45 TB IBM Mainstream SSD 4k 5B2F 01LU804
IBM Enterprise SSD with eMLC4 flash memory for write intensive workloads. The 2.5-inch solid-state drives (SSD) are available in 387 GB, 775 GB and 1.55 TB sizes, and can be formatted to 4k or to 528 (5xx) byte sectors. The Enterprise SSD for IBM POWER7 and POWER8 systems can be installed in SFF-3 system unit slots and use the integrated SAS controller or in SFF-2 slots of a EXP24S 5887 or EXP24SX ESLS I/O expansion drawer, which require a EJ0L, EJ14, EJ0J, EJ0M, EL3B, and EL59 PCIe3 SAS RAID adapter.
IBM Mainstream SSDs are for read intensive workloads, with no more than 1 write per day. These 2.5-inch solid-state drives (SSD) are available in 931 GB, 1.86 TB and 3.72 TB sizes, and are formatted to use 4k byte or 528 (5xx) byte sectors. These mainstream SSD can be installed in SFF-3 system unit slots and use the integrated SAS controller or in SFF-2 slots of a EXP24SX expansion drawer which require a EJ0L, EJ14, EJ0J, EJ0M, EL3B, or EL59 PCIe3 SAS RAID adapter. Customers installing these IBM Mainstream 2.5-inch SAS SSDs in the EXP24SX expansion drawer get an extra 18% IOPS per disk slot, providing 160k IOPS for 4KiB reads versus 130k.
IBM i, iSeries AS400 POWER7 and POWER8 SSD - Size | Description | CCIN | Part Numbers
387 GB IBM Enterprise SSD eMLC4 4k 5B13 00LY333 00LY603
387 GB IBM Enterprise SSD eMLC4 5xx 5B19 00LY577 00LY324
387 GB IBM Enterprise SSD eMLC4 4K 5B10 00LY336 00LY621 
387 GB IBM Enterprise SSD eMLC4 5xx 5B16 00LY327 00LY589
387 GB IBM Enterprise SSD eMLC3 5xx 59E6 00E8670
387 GB IBM Enterprise SSD eMLC3 4k 59E9 00LY161
387 GB IBM Enterprise SSD eMLC3 58B8 74Y9524
387 GB IBM Enterprise SSD eMLC3 58B9 00E8673 00LY195 74Y9526
387 GB IBM Enterprise SSD 5xx 59BE 00E8692
387 GB IBM Enterprise SSD eMLC2 58BB 00V5433
775 GB IBM Enterprise SSD eMLC3 59C0 00E8702
775 GB IBM Enterprise SSD eMLC3 5xx 59C2 00E8709 00LY199
775 GB IBM Enterprise SSD eMLC3  5xx 59EA 00E8671
775 GB IBM Enterprise SSD eMLC4 4k 5B14 00LY334 00LY604
775 GB IBM Enterprise SSD eMLC4 4k 59EB 00LY162
775 GB IBM Enterprise SSD eMLC4 5xx 5B1A 00LY325 00LY578
775 GB IBM Enterprise SSD eMLC4 4k 5B11 00LY337 00LY622
775 GB IBM Enterprise SSD eMLC4 5xx 5B17 00LY328 01LU623
931 GB IBM Mainstream SSD 4k 5B29 00LY553
1.9 TB IBM Mainstream SSD 4k 5B20 00LY374 00LY560
3.72 TB IBM Mainstream SSD 4k 5B2C 00LY558
3.72 TB IBM Mainstream SSD 4k 5B2D 00LY555
IBM only made Enterprise (eMLC) SSD in the first generation for IBM Power6 and Power5 system models. IBM Power6 and Power5 SSDs can be installed in standard SAS disk slots. These IBM SSD’s are available in two form factors; 2.5-inch which are installed in the system unit CEC and controlled by the internal RAID controller or a IBM 5904, 5906 or 5908 PCI-X 1.5 GB Cache controller, the 3.5-inch can be installed in the system unit that has a split backplane or in a 5802 or 5803 12X I/O Drawer, feature 5886 EXP12S Disk Expansion Drawer, controlled by the internal RAID controller, a 5902, 5903, 5904, 5906 or 5908 SAS Adapter or RAID controllers.
IBM i, iSeries AS400
177 GB IBM Enterprise SSD eMLC 528 byte SAS SFF-2 1794 58B4
69 GB IBM Enterprise SSD eMLC 2.5-inch 528 byte SAS SFF 1909
POWER AIX and Linux
177 GB IBM Enterprise SSD eMLC 528 byte SAS SFF-2 1793 58B4
69 GB IBM Enterprise SSD eMLC 2.5-inch 528 byte SAS SFF 1890
69 GB IBM Enterprise SSD eMLC 3.5-inch 528 byte SAS SFF 3586
69 GB IBM Enterprise SSD eMLC 3.5-inch 528 byte SAS SFF 3587
Important SSD Considerations and Rules for IBM POWER Systems
  • IBM SSDs can be intermixed with existing older SSDs, but should be of same or similar capacity, and be of same type, class and format. i.e. All enterprise 528 byte, all mainstream 528 byte, all enterprise 4k or all 4k mainstream.
  • Some SAS controllers or RAID adapters do not support 4k drives. RAID arrays cannot mix read intensive (RI) SSD with write many enterprise SSD.
    SAS controllers or RAID adapters can run both 4k and 5xx drives at the same time when in separate arrays.
  • Some RAID adapters or SAS controllers support mixing HDD and SSD in the same array when using Easy Tier array (RAID-5TS, -6T2 or -10T2).
  • It is highly recommended to have hot-spare replacement on hand when using arrays of SSDs.
  • Although SSDs can be used in a RAID 0 disk array, it is preferred that SSDs to be protected by RAID levels 5, 6, 10, 5T2, 6T2, or 10T2.
  • Identify specific configuration and placement requirements related to the SSD devices. Sometimes optimal placement can provide better performance.
  • Adapter caching usually improves overall performance with solid state drives, but in some configurations and workloads, the adapter caching may not improve performance of the arrays, in which the adapter caching can be disabled.

IBM HMC Model Specifications and Comparisons

The IBM Hardware Management Console (HMC) is a virtual hardware appliance used to manage and monitor IBM i, AIX and Linux workloads running on Power9, Power8, Power7, Power6 and Power5 Systems. The IBM HMC uses built in terminal emulation software to connect and control Power system resources, services, virtualization features and order Capacity Upgrade on Demand. The IBM HMC can consolidate the monitoring and management of all Power systems in a company’s infrastructure that is supported by the HCM code. Every HCM model supports different Power system models based on the version of HMC code. For instance, the latest HCM models 7063-CR1, 7042-CR9, CR8, CR7, OE1 and OE2 all support Power9, Power8 and Power7 systems when running V9R1 HMC code, but not do not support IBM Power6 system models. If same the HMC has V8.8.7 code installed (which does not support Power9 system models), the HCM can also connect and manage Power6 systems.

Similar to the HMC virtual hardware appliance, customers may choose to use HMC functions on a PowerVM-based environment running on a PowerLinux LPAR and using PowerVM NovaLink software. The IBM HMC hardware appliance and the PowerVM NovaLink features function the same as the HMC appliance. The PowerVM NovaLink uses a cloud architecture, that provides a direct OpenStack connection to a PowerVM server running on a PowerLinux partition.

Continue reading

IBM i Encryption for Data Protection and Privacy Compliance

ibm-i-data-protection IBM i Encryption Data Protection
It has only been a year, and the new data protection and privacy regulations have already hit a few companies with multi-million dollar fines. Every company with sensitive data on an IBM i (iSeries AS400) and has data protection and privacy requirements, should have implemented DB2 encryption already. Some of the companies seen in the news recently not only failed to secure personal data properly, could not accurately assess how much data was compromised, had a lax incident response plan and were slow to notify authorities. These factors all led to heavier fines, causing the total financial penalties to exceed 100s of millions dollars.
The latest data security and privacy regulations like GDPR, PCI and NYCRR 500 extend globally, and have some pretty sharp teeth. GDPR’s data protection and privacy safeguards have garnered such high praise, most federal, state and local governments like California are modeling their new laws after it. These new data protection and privacy laws have put a lot of overdue responsibility on companies to take better care of our personal data. There are several aspects of the new data security and privacy laws that will affect how much a company will be fined, and will vary on the compliance regulation. So far, GDPR appears to be the strictest and has the costliest consequences with a maximum fine equal to 4% of a company’s revenue. The number of records exposed will be a significant factor when determining a fine, but even more importantly will be the extent and measure of data protections the company implemented to protect personal data. Put simply, companies better due their due diligence to secure personal data.
The company fines that incurred the heaviest fines thus far, were incidents that involved unencrypted records. On the IBM i, DB2 database encryption is the most important data protection mechanism for data security and privacy compliance. Here is why. Regardless of how the data is accessed, used or where the data ends up, DB2 database encryption for IBM i provides data security and privacy protection from both internal and external threats. No other security access control mechanism provides this all-encompassing protection. To monitor and control user access for all the IBM i exit points, a company would need to implement many exit programs to cover all the OS400 application servers, open database protocols, commands, legacy SNA exit points and all the ports that do not use an exit point. A more efficient and secure way to protect personal data would be to implement IBM i DB2 encryption.
The IBM i does not support self-encrypting drives SED, and the only ways to implement disk encryption is either by migrating to SAN storage or using ASP encryption (which is free with OS400 V7R3 and higher). However, neither of these encryption solutions would suffice as adequate data security methods for most data protection laws like GDPR, PCI NYCRR 500. These encryption technologies only protect data in the event the disk drives end up in the hands of an unauthorized individual and during specific data transmission operations. Disk encryption does not protect data in any other scenario.
The premise of the data protection laws is to protect data at rest and in motion. Whereas data privacy laws involve responsible management practices of personal data and honoring user requests and permissions they provided to collect, store and share their personal data. Companies subject to data privacy laws are also subject to data security, but not the other way around. Personal data a company collects may be stored and protected properly, but did the company have the user’s permission to store it in the first place? Did the company have proper access controls in place to prevent employee misuse of their data? Was the personal data shared outside the scope of the user’s explicit permissions? Was all the user’s data removed from the company assets and in their control when requested? Encryption cannot protect a company from data privacy infractions, but it can minimize financial penalties if or when an infraction occurs. Data privacy regulations will be addressed in a future articled explaining the importance of strict data privacy governance, incident response processes and proactive approaches to maintaining a good compliance posture. The remainder of this article will focus on IBM i data protection methods with DB2 database encryption.
Since ancient times, encryption has been used to protect sensitive information. Today, encryption is used to protect our data from every connection on a network, as every workstation, server, access point and device can be used to access sensitive data on the IBM i. If you run the NETSTAT command, you can view all the connections being made to and from your IBM i. You are likely familiar with many of these connection types, but there are likely even more you are unfamiliar with. All these different ports in use are examples of how users are accessing your IBM i, and probably have no or few access controls in place to control how users access and use personal data stored on the system.
Insiders are the biggest threats to companies with data protection requirements, and are the number one reason companies so often have to pay fines. Insiders make up all unintentional improper handling of data incidents, and IT rarely has implemented proper access controls (IBM i exit programs) to properly protect data. At every company, users copy data to their workstation, upload to Cloud services, download to a thumb drive, copy to a development environment and store reports in unsecure unmonitored locations. Everyone of these scenarios will cause the company a costly reportable data breach. It is a common misconception that native IBM i object or menu level security will stop these events from happening. To monitor and control user access to and from the IBM i, companies would need to implement many exit programs to cover all the OS400 application servers, open database protocols, commands, legacy SNA exit points and other ports that do not use an exit point.
Some OS400 Security Basics:
  • Users with *ALLOBJ authority or which can adopt this All Object authority through an OS400 group profile or supplemental group can access any sensitive data on the IBM i.
  • Users with *USE authority can download sensitive data to their workstation
  • Users with Limited Capability can run CL commands
  • Applications that use adopted authority or perform a profile swap typically use *SECOFR authority

A more efficient and effective way to secure personal data for data protection compliance requirements would be to implement IBM i DB2 encryption. In addition, companies may choose to anonymize, mask or scramble personal data as a compensating control for specific use cases. Encryption does not negate the need to implement security access controls, it only safeguards the data from unauthorized access. Companies must still control how their users use the data. If an employee has authorization to read data in plain text view, access controls must also be in place to prevent the employee from downloading or running a report over the data, where the personal data would then exist without any auditing or controls in place.

Implementing IBM i encryption really only involves three primary steps: Defining User Access Permissions, Creating Encryption Keys and Executing Encryption Policies. Where to begin? Identify all the locations where sensitive and private date is stored on the system. At most companies, it has been a wild west atmosphere for far too long. If your company has not already done so, this would be a good time to educate employees on the proper procedures for handling data. In fact, educating and reminding employees about the dos and don’ts should be an ongoing process.

Continue reading

Why Nutanix HCI is the ideal VM platform for Splunk SIEM

Most SIEM environments rely on a plethora of different servers, storage arrays, hypervisors and network interconnects to support their rapidly growing SOC environments. Likewise, most SIEMs also all have the same issues and concerns about performance, costs and time required to provision and manage storage growth. The primary problem is, the entire infrastructure the SIEM relies on is not integrated or even truly virtualized under a single unified architecture. As a result, administrators are stuck in a never ending battle of upgrading and adding more traditional technology for the same problems, and security analysts are constantly waiting for searches to complete until more resources are made available. The definition of “crazy” comes to mind.
The solution? A hyperconverged infrastructure! You should consider and investigate all players in the HCI market place, but this article will be focusing on the proven leader, Nutanix. The Nutanix HCI for Enterprise Cloud can provide SIEM security analysts many times faster search results and administrators with a more scalable and economical infrastructure to grow a SIEM with minimal capex expenses. All SIEM deployments have three key bottlenecks to constantly monitor that affect event log ingestion, searching and retention. This article will explain the advantages of using Nutanix HCI Enterprise Cloud for Splunk, and addresses the common performance and cost issues that affect all SIEMs.
Nutanix virtualizes all aspects of the hardware, delivering the most efficient use of all system resources that other VM solutions cannot provide for Splunk SIEM environments. The Nutanix HCI solution has a distributed architecture that shares all infrastructure resources and prevents any workload from depleting another node’s resources. It does not need or rely on expensive SAN, NAS storage, RAID groups or network switches. Nutanix Distributed Storage Fabric enables SIEM indexers and collectors to process data locally, monitors data access paths and places data in the optimal location and automatically moves hot, warm, cold and frozen data to the appropriate internal and external storage resources. The most frequently used data is access from the local node of VM memory and flash, providing maximum performance. Unlike other storage systems that will experience significant I/O bottlenecks, Nutanix’s Distributed Storage Fabric prevents the I/O blender effect from affecting the SIEM’s performance.
A small 4-node, 2U Nutanix cluster can deliver 3 GB/s throughput, capable of ingesting 500,000 events per second and store terabytes of event logs every day. This small SIEM deployment running on Nutanix can effortless and dynamically scale existing clusters or add new clusters in minutes simply by adding more nodes when event logs and network flows exceed your SIEM’s threshold. Every node running on Nutanix provides predictable performance for the SIEM collectors, indexers, analytics and other shared workloads.
In this entry 4 node Nutanix example, a company can deploy a small SIEM very affordably with only 20 TB, and have the ability to add up to 240 TB (on the fly), add up to 176 cores in eight Intel CPUs, and 2 TB of memory. An entry Nutanix HCI server can provide 250,000 or more random read IOPS and up to 5 GB per second of sequential throughput. Factor in data archiving and compression, a Nutanix HCI solution can reduce a SIEM hardware footprint by up to 400 percent.
Nutanix HCI solutions use radical compression policies that extend beyond the LUN level used by most storage solutions, going deeper into the VM and file levels which significantly increases efficiency and performance on a sub-block level. By using both inline and post-process compression, Nutanix maximizes performance and efficiency of event log storage. Even more importantly, Nutanix HCI solutions also allow both NAS and cloud-based storage targets to be used in conjunction with the local server storage for colder event logs and archiving frozen event logs. Nutanix HCI will use the same automatic tiering logic for network attached storage and cloud-based storage resources as the internal SSD and HDD.
Data protection and availability is provided by erasure coding replication, which requires additional storage capacity to keep a full copy of data on different nodes. By replicating the data using EC-X, Nutanix customers enjoy the highest degree of protection and availability. If any failure were to occur, Nutanix could use the parity to restore the data blocks and workloads would be automatically restored and restarted without operator intervention. The number of data and parity blocks can be configured to adjust for the number of failures deemed acceptable.
Nasdaq is a Enterprise Splunk customer that relied on bare metal and traditional VM technology to host their SIEM, and decided it was time for a change and do a POC with Nutanix. Here is the assessment from Nasdaq:
“Our test results we very impressive,” Yang reported. “We were extremely happy with the performance gains we received. All types of queries ran at least two times faster on Nutanix versus our traditional systems. From an operational perspective, we really liked the deployment agility—how quickly and easily Nutanix scales. By moving to a Nutanix-based solution, we have improved our service delivery for compute, memory, and storage.”
“Our IT infrastructure team (which is my team that manages all of our hardware systems and OS), our security team (the biggest user of Splunk, with very high data retention and performance requirements), and our tools team that manages the actual Splunk deployment, all weighed in on the decision,” noted Yang. “There was unanimous agreement among all three groups that Nutanix Enterprise Cloud Platform was the best solution for our needs.”
“We wanted to virtualize Splunk, but our existing technology wasn’t scalable or fast enough. We went from a five physical node platform with Splunk, to a three-node POC on Nutanix. Our new systems are outperforming our previous platform, even with just three nodes. We are now increasing that environment from three to ten nodes of Nutanix, knowing it will far outperform our non-virtual production platform.”

Jake Yang
Senior Director of Global Systems and Storage

Nutanix HCI Enterprise Cloud solution enables Splunk Enterprise SIEM customers to deploy and manage a SIEM with minimal requirements, provide very flexible scaling options for event log ingestion and retention growth, and ensure optimal performance for security analysts to search and analyze incidents. Nutanix Enterprise Cloud is a hyper converged infrastructure with native web-scale capabilities and designed specifically for VM and cloud environments. The Nutanix Enterprise Cloud Platform for SIEM includes Nutanix Acropolis, Prism and Calm. The Acropolis manages the virtualization of data services and include the following components: the Distributed Storage Fabric, the App Mobility Fabric, and Nutanix hypervisor (which also supports ESXi, Hyper-V and XenServer hypervisors). Prism enables single click infrastructure management of the virtual machines.


IBM i 7.4 Hardware Enhancements for POWER9 and POWER8 Systems

IBM i 7.4 Hardware Enhancements for POWER9 and POWER8 Systems

Details of each POWER9 and POWER8 hardware enhancement provided by the release of IBM 7.4 (V7R4) are below the initial summary, organized by IBM Power generation and topic. The new IBM POWER9 and POWER8 hardware features provided for OS400 V7R4 are now all available for ordering as of June 21, 2019. Read about IBM i 7.4 (V7R4) announcement details here.

IBM V7R4 announcement provides the following I/O enhancements for Power9 scale-out and scale-up system models:

Continue reading

IBM i 7.4 (V7R4) Details: Everything you need to know

IBM i 7.4 (V7R4) Details: Everything you need to know

IBM i V7R4 (7.4) OS400 enhancements and additions improve Power9 and Power8 system and DB2 database performance, security and availability. Details of OS400 V7R4 features and specifications for IBM i Power Systems are explained below in detail, and arranged by the following topics: Security, System Management, Networking, Availability, Application development, Miscellaneous features. IBM i V7R4 (7.1) release date is June 21, 2019. OS400 V7R4 is supported on IBM Power9 and Power8 processor systems, and is not supported on earlier IBM Power system processor generations. All IBM i customers should read the IBM 7.4 memo before upgrading to ensure compatibility and verify if discontinued support of any software, hardware products or features affects your system. IBM V7R4 hardware enhancement details can be read about here.

IBM i Security
IBM i Authority Collection

A significant advancement for IBM i security is the new Authority Collection service feature, capable of analyzing object authorities of users and applications to ensure only the minimum required authorities are granted to run applications. By securing objects in an application with minimum authority required, security administrators can now safely remove unnecessary user authorities to objects used by an application.

Most IBM i applications have excessive authorities granted to objects within the application. For instance, when an application gives *PUBLIC *CHANGE or *ALL authority for objects within an application, and accessing a DB2 file, when it only requires *USE authority to the data. Applications with unnecessary authorities creates security vulnerabilities by allowing users and other applications to make changes to data outside the application.

Continue reading

Power8 vs Power9 Performance Facts for IBM Model S924

ibm-power9-s924-9009-42a IBM Power9 S924 9009-42A Specifications
This specification breakdown of the IBM Power9 9009-42A model S924 will explain the key performance features that sets it apart from its Power8 predecessor.
In comparison to the 8286-42A model S824, the IBM Power9 S924 delivers 40-50% better performance for data intensive database and analytics workloads, with over twice the memory footprint (accelerated by Coherent Accelerator Processor Interface CAPI) running at speeds up to 344 GB/s (172 GB/s per socket), has over 60-70% more CPW for IBM i workloads and 2X the I/O bandwidth (Gen4 PCIe slots). IBM Power9 with CAPI 2.0 increased I/O bandwidth over 4X Power8 ability, clocked at 192 GB/s. The Power9 S924 also has PowerVM virtualization is built into the Power9 processor chip, which increases performance, server utilization and cloud enables your data.
Power9 Processors – 2 socket server with up to 24 active cores
EP1E 8-core (18,188-145,500 CPW)
EP1F 10-core (17,450-174,500 CPW)
EP1G 12-core (15,446-370,700 CPW)
Memory - up to 4TB of DDR4 direct attached memory, 16 DIMM slots per socket
EM62 – 16GB DIMM (Qty. 2-8 per socket = 2666 MHz / Qty. 10-16 per socket = 2133 MHz)
EM63 – 32GB DIMM (Qty. 2-8 per socket = 2400 MHz / Qty. 10-16 per socket = 2133 MHz)
EM64 – 64GB DIMM (Qty. 2-8 per socket = 2400 MHz / Qty. 10-16 per socket = 2133 MHz)
EM65 – 128GB DIMM (Qty. 2-8 per socket = 2400 MHz / Qty. 10-16 per socket = 2133 MHz)
L2 to L3 cache - 7 TB/s on chip
Per core - 512 KB L2 | 10 MB L3 | 128 MB L4
PCIe Slots - Hot-plug, 4 CAPI 2.0 enabled

Two Gen4 and Six Gen3 (single socket)
Five Gen4 and Six Gen3 (two socket)
Storage backplane options (hot-swappable disk bays)
EJ1C - 12 SFF-3 Bays + 1 RDX Bay
EJ1D - Expanded Function 18 SFF-3 Bays + Dual IOA with Write Cache and optional external SAS port Expanded Function
EJ1E - Split feature to 6+6 SFF Bays + 1 RDX bax with ability to add a second SAS Controller
EJ1M - 12 SFF-3 Bays + RDX Bay and optional external SAS port.
SSD and HDD options
600GB, 1200GB, 1800GB - 10K RPM SFF HDD
300GB, 600GB - 15K RPM SFF HDD
387GB, 775GB, 1551GB - 10 DWPD SFF SSD
931GB, 1860GB, 3720GB - 1 DWPD
External storage attachment options
ESLL - EXP12SX 19-inch Disk Expansion Drawer with 12 large form factor LFF Gen2-Carrier Bays
ESLS - EXP24SX 19-inch Disk Expansion Drawer 24 small form factor SFF Gen2-Carrier Bays
5887 - EXP24S 19-inch Disk Expansion Drawer 24 small form factor SFF Gen2-Carrier Bays
EC59 - PCIe3 2x4 NVMe M.2 internal carrier PCIe3 adapter for ES14 400GB Flash
EU00 - RDX Docking Station for EU01 1TB Disk Cartridge or EU2T 2TB Disk Cartridge
Maximum storage attachments is 28
Other standard features
3 USB 3.0
2 HMC 1GbE RJ45
1 system with RJ45 connector
Redundant hot plug power supplies
Redundant hot-plug cooling
Power requirements: 200 V to 240 V
Physical Dimensions
Width: 441.5 mm (17.4 in.)
Depth: 822 mm (32.4 in.)
Height: 86 mm (3.4 in.)
Weight: 30 kg (65 lbs.)

POWER9: Main changes and updates Vs POWER8 (2019)

POWER9: Main changes and updates Vs POWER8 (2019)
A newer Article is now available to read: IBM POWER8 vs. POWER9 - A Comparative Analysis for 2020 POWER9 is here , and with it comes loads of new hardware. With the second batch of released hardware there are several new systems that are focused on small and mid-range applications. These include Power9 models  S922 , S914 , and S924 as well as...
Continue reading

QRadar IBM i iSeries AS400 Log Forwarding

qradar-ibm-i-iseries-leef-gid-offense-risk-score QRadar IBM i Offense

Configuring the IBM i to forward security and system event logs to QRadar SIEM can be done a few different ways, but in order to do it correctly; in LEEF format, in real-time, with GID and enriched event log information, you need an IBM i event log forwarding tool designed for the QRadar SIEM. There are IBM i security event log forwarding tools that can be used for QRadar that will send event logs in real-time and in CEF SYSLOG format, and even a couple that support LEEF, but only one includes QRadar QID for mapping, log enrichment and is on DSM support list. These features are important for QRadar's automatic log source discovery, parsing IBM i event logs properly for offenses, alerts and reports, and so that SOC operators can make sense of the logs. Similarly, all the IBM z Mainframe event log sources also require a forwarding tool that is able to format all the unique event log types and designed specifically for IBM QRadar.

The IBM i has many different event log sources, of which most SYSLOG and SIEM forwarding tools can only format and send System Audit (QAUDJRN) and Message Queues like QHST. However, most companies will also need to forward other event log types for compliance and audit requirements, like sensitive database access logs for File Integrity Monitoring (FIM), Network, SQL Statements, Open Source protocols, Privileged Access Management (PAM) events, Port usage, and Commands issued from a workstation. Other logs sources that companies also sometimes forward are web application logs, third party application and performance data, but these log sources are not typically required.

Continue reading

IBM i Privileged Access Management (PAM) Specifications

IBM i Privileged Access Management (PAM) Specifications

IBM i Privileged Access Management (PAM) solutions have various levels of flexibility for implementation and integration with existing applications and ticketing systems that need to be considered before purchasing. Assessing your IBM i Security requirements for implementation will be key to ensuring the IBM i PAM solution you choose meets your all your use cases, as well as environmental and compliance requirements.

First note, Privileged Access Management (PAM) terminology used by most technology sectors and compliance regulations refer to processes more commonly known on the IBM i (iSeries AS400) platform as Profile Swapping and Adopted Authority procedures. Terminology aside, the goal of PAM is to limit the number of powerful profiles (user IDs with excessive special authorities, powerful user classes and users with no or partial capability limits) on the IBM i to a bare minimum, and only temporarily grant elevated authorities (privileges) to user profiles with a specific need (use case) to complete a task or provide access to sensitive data which is outside their normal duties in a controlled, permissions based manner. Other companies start using PAM simply because they want to stop wasting time giving out passwords for powerful profiles on a regular basis. There are a number of ways to grant privileged access authority for IBM i users which are much more granular than Open platforms, and each PAM solution has different capabilities that will determine the success of your implementation.

In general, all IBM i PAM solutions should be able to control which menus and commands users can access, as well as which actions they can take for specific objects or files. When a user is performing a profile swap or adopted authority, an extensive audit trail should be captured in the system journal, as well as possibly screen captures in some instances. Ideally, Privileged Access Management functions should be automated, seamlessly integrate with both internal and external applications, and without disrupting to existing processes.

Continue reading

IBM i Power9 System Pricing by Model Specification

IBM i Power9 System Pricing by Model Specification

IBM i customers upgrading to a new IBM Power9 scale-out system from an older Power system have three models to compare specifications; the 9009-41A S914, 9009-42A S924 or 9009-22A S922. Before jumping to any conclusions about which Power9 system is right for you, consider the specifications and resources of your current IBM i and performance during peak times. The new Power9 systems are so powerful, many companies are finding they can drop a software tier without any question. Dropping an IBM P-Group in itself is a significant cost savings, and the total cost of ownership price tag adds up after factoring in third-party, IBM software licenses, maintenance and support fees.
First step to a Power9 upgrade and comparison, is knowing your current Power system’s capabilities and identifying the amount of system resources (CPW, Memory, HDD/SSD and I/O 'RAID Controller' requirements) needed for peak workloads. Contact us if you need any assistance getting the performance information off your IBM i. Once you have a baseline for current performance requirements and a grasp on your growth rates, we can then determine your Power9 System Upgrade options.
All Power9 systems include a 3 year 9X5 warranty, with an option to upgrade to 24X7. The base Power9 warranty will contribute to the cost savings by comparing the estimated life expectancy of the Power9 to your current maintenance and support costs. Companies will vary in the number of years for this life cycle calculation, but most companies anticipate 3-5 years for a new Power system.
All Power9 system models support PCIe Gen 4 and earlier PCIe generation feature cards. If I/O performance, response times and throughput are contributing factors for upgrading your IBM i, you should purchase new RAID Controllers and other SAS adapters, as the newer generation PCIe adapters provide significant performance gains. The Power9 systems all support 220V power, and the 9009-41A S914 can run on 110V. The Power9 models have three backplane options, a 12 SFF-3 Bays, a 18 SFF-3 bays with write cache or a 12 SFF-3 bays with dual IOA and write cache. IBM i workloads require 4k byte block hard disk drives or SSD. If you need to boot more than one Virtual IO server from internal disks, your Power9 system needs to the split backplane feature and a minimum of four disks (two per Virtual IO Server). With the exception of the one Power9 in the P05 software tier, all other processor models support adding 28 EXP24SX I/O expansion drawers and the EMX0 PCIe adapter drawers (28 is the maximum combined quantity).
IBM Power9 S914 Model 9009-41A
The 9009-41A is a single socket, 4U system that can be configured with 4, 6 and 8-cores that have a 2.3 to 3.8 GHz chip speed range. Both the 6 and 8-core processors support up to 1TB of memory via 16 DDR4 DIMM slots, but the 4-core S914 processor has a 64 GB maximum. The amount of internal and external storage is determined by various configuration factors. Other than the CPW and main storage, the primary Power9 model differences are expandability as explained below.
The 9009-41A EP10 4-Core Processor has seven PCIe Gen3 slots, however one slot is allocated to a 4-port 1 Gb Ethernet adapter, and another PCIe slot is lost if you use the expanded function backplane. The IBM S914 4-core processor model is the only Power9 system in the P05 software tier, and the only Power9 that cannot be expanded by attaching an EXP24SX I/O expansion drawer or a EMX0 PCIe adapter drawer. The EP10 4-core processor has a maximum of 10 disk drives or SSDs in the system unit (combinations are supported). The expansion limitation is a deal breaker for many customers, but a SAN can be attached for additional storage. The 9009-41A 4-Core has many cost advantages for smaller companies that do not have foreseeable growth factors that exceed its maximum capacity limits provided in the base system.
The 9009-41A EP11 6-Core and 9009-41A EP12 8-Core systems are both in the P10 software tier, have two Gen4 and six Gen3 slots (one slot is allocated to a 4-port 1 Gb Ethernet adapter).
IBM S914 9009-41A CPW by Number of Processors Activated (for IBM i OS)
EP10 X4=52500 | X3=39375 | X2=26250 | 1=13125
EP11 X6=78500 | X5=65417 | 4X=52333 | 3X=39250 | 2X=26166 | 1=13083
EP12 X8=122500 | 7X=107188 | X6=91875 | X5=76563 | 4X=61250 | 3X=45938 | 2X=30625 | 1=15313
IBM Power9 S924 Model 9009-42A
The 9009-42A is a 2 socket, 4U system that can be configured with 8, 16, 10, 20 or 24 cores, up to 4TB of memory and are all in a P20 software tier. The S924 Power9 chip core speeds have different ranges; the 8-core is 3.8 to 4.0 GHz, 10 core is 3.5 to 3.9 GHz and the 12 core is 3.4 to 3.9 GHz. The single socket S924 processors have two Gen4 and 6 Gen3 slots, and the two socket version has five Gen4 and six Gen3 slots, however some slots are dedicated for mandatory an Ethernet adapter and attachment requirements.
IBM S924 9009-42A CPW by Number of Processors Activated (for IBM i OS)
EP1E X8=145500 | 7X=127313 | X6=109125 | X5=90938 | 4X=72750 | 3X=54563 | 2X=36375 | 1=18188
EP1F 10X=174500 | X9=157050 | X8=139600 | 7X=122150 | X6=104700 | X5=87250 | 4X=69800 | 3X=52350 | 2X=34900 | 1=17450
EP1G 12X=370700 | 11X=338404 | 10X=306108 | X9=273812 | X8=241517 | 7X=209221 | X6=176925 | X5=144629 | 4X=112333 | 3X=80038 | 2X=47742 | 1=15446
IBM Power9 S922 Model 9009-22A
The S922 can have 1 or 2 sockets that can be configured with 4, 8, 16 (2 x 8), 10 or 20 (2 x 10) cores and up to 4TB of memory. The S922 Power9 chip core speeds for the 4 core range from 2.8 to 3.8GHz, on the 8 core range from 3.4 to 3.9 GHz and 2.9 to 3.8 GHz on the 10 core. The single socket 9009-22A can have up to 6 PCIe (2X Gen4 and 4 x Gen3) slots and the two socket models have up to 9 slots (5X Gen4 and 4X G3slots). One slot is used by a mandatory Ethernet adapter. Depending on what is attached, up to three of those slots may be reserved for other purposes. IBM i is only supported on the 6 cores and 8 core processors and is limited to 4 cores of IBM i with a software tier of P10.
IBM S922 9009-22A CPW by Number of Processors Activated (for IBM i OS)
EP16 X8=68,000 | 7X=60,714 | X6=53,429 | X5=46,143 | 4X=38,857 | 3X=31,571 | 2X=24,286 | 1=17,000
EP18 10X=60,000 | X9=55,000 | X8=50,000 | 7X=45,000 | X6=40,000 | X5=35,000 | 4X=30,000 | 3X=25,000| 2X=20,000 | 1=15,000
EP19 X2 16X=272,000 | 15X=255,000 | 14X=238,000 | 13X=221,000 | 12X=204,000 | 11X=187,000 | 10X=170,000 |X9=153,000 | X8=136,000 | 7X=119,000 | X6=102,000 | X5=85,000 | 4X=68,000 | 3X=51,000 | 2X=34,000 | 1=17,000
Power9 Memory
IBM Power9 Memory is available in 8GB (324D), 16GB (324E), 32GB (324F), 64GB (325Aand 128GB (324Cincrements for 32 DDR4 slots, providing a maximum of 4TB main storage for two processor sockets systems, and 2TB for single processor socket systems using 16 memory slots. The IBM 9009-41A Model S914 is the only system that is limited to only 1TB of main storage. 
Power9 Storage and Expansion Options
Although most companies will not attach a SAN to their IBM i, it is supported. The EXP24SX SAS Storage Enclosure (ESLS feature code) has twenty-four 2.5-inch SFF-2 SAS bays for HDDs or SSDs, and a total of 28 can be attached to any Power9 model, except for the 9009-41A EP10 4-Core Processor model. The EXP24SX requires a EJ14 PCIe3 12 GB Cache RAID Plus SAS or one of the 6 GB PCIe3 RAID SAS Adapters (EJ0J, EJ0M, EL3B, or EL59).
  • Although both 4k and 5XX byte sector HDD and SSD are supported on Power9 systems, they cannot be mixed in the same array.
  • PowerVM Enterprise Edition is provided free of charge on all Power9 systems, and if your upgrading from a Power7 or Power8, IBM provides a 60-day activation at no charge for data migrations.
  • If your Power9 will be operating PowerVM want concurrent firmware maintenance, you will need a HMC or Virtual HMC (vHMC). You will need a 7063-CR1 or later (with code 8.8.7 or higher), or a vHMC. For a vHMC, the x86 Power based server will need 4 cores, at least 8GB memory and 500GB of disk space.
  • Power9 systems do not include an internal DVD drive, but an external USB DVD can be purchased separately.
  • Power9 systems all have the security patches for Meltdown and Spectre installed and enabled.

IBM i Performance Optimization: Improving Application Response Times

IBM i Performance Optimization: Improving Application Response Times
Keeping your IBM i optimized for optimal response times requires regular monitoring of system resources and identifying various elements that affect application performance. Poor response times of only two or three seconds delay can quickly get compounded over time when poorly written applications are involved or database maintenance has been neglected. Like most performance degradation issues on the IBM i, response time issues only get worse as the number of transactions multiply. Ignoring system performance issues affects productivity and frustrate customers, which in turn increases costs and affects revenue. Below are some ideas to consider if a major IBM i upgrade is not a viable budgetary option.
Consider the cost benefits of optimizing your IBM i system resources
The number one factor that affects response times is available processing power (CPU), and the most expensive resource in your IBM Power system. Even new Power9 systems can experience performance degradation. If your system is experiencing poor response times, keep an eye on capacity utilization throughout the day, and check how close CPU utilization gets to 100%, especially during peak periods of the day. If you spot a pattern, perhaps there are some jobs you can plan on running a different time of day when CPU is regularly underutilized. Any system administration and batch jobs that can be scheduled at lighter periods are good examples. Take note of the applications and types of jobs consuming the most CPU resources. If these jobs involve SQL, pay attention to the number of file opens they are performing. If this number is high for the system, the fix can be as simple as changing how the programs run queries to keep files open between calls. You also may consider using IBM i Workload Groups to control the amount of CPU, memory pools and sub-systems to ensure critical applications get the resources they need to run optimally, while restricting less important jobs from stealing their needed resources.
Most IBM i systems contain between 15-40% of obsolete and unnecessary data consuming disk space, which is often due to poor database and spool file maintenance. Bloated databases will definitely impact response times and application performance. Unnecessary data includes records that have been logically deleted, but has not been physically removed (files that need to be reorganized). Therefore, all this useless data is being brought into the buffers during read operations and consuming I/O resources. When programs or SQL operations determines the data is obsolete data and not indexed, they still must contend with this data to read and filter it out, which consumes valuable I/O operations. If the column is indexed, the obsolete data creates indexes that are larger than they should be.
To ensure optimal response times, examine the data occupying your disk space. Identify the applications consuming the most disk space, growth rates and for each object type and file. Do any objects appear to be obsolete? What percentage of disk space is consumed by logically deleted records that has not been physically deleted? Identify files bound by deleted records. Are there any database files that have become too burdensome to process because of the massive amount of embedded deleted records are continually being passed in and out of buffers? Can any of the data be archived or good candidates for compression?
It is a good idea to keep the versions of software programs in use, as well as the IBM i hardware features installed on your system up to date with recommended PTFs and fix levels applied. I know of many instances where the largest transaction volumes were all using older versions of software that caused all sorts of performance issues. In many instances it was due to an old version of Java being used, causing overly utilizing CPU, looping, synchronization, I/O contention and many other issues all at the same time. Furthermore, some system and application hangs and errors are due to your Power system hardware features that require microcode or firmware updates. IBM regularly makes hardware component updates available for customers to download for processors, memory, SSD and HDD, tape drives, SAS adapters (including RAID controllers) and just about every other IBM i feature, element and cable in your Power system.
If your company needs to retain historical data that is rarely or no longer used, consider archiving this data and remove it from production databases to keep optimal response times for users and customers. After records are archived, delete them logically and physically by doing a file reorganization using the RGZPFM (Reorganize Physical File Member) command. If your IBM i has very limited or non-existent maintenance windows, you may need to resort to using compression until the proper time arrives. Alternatively, if your applications support the re-use deleted records parameter, you may be able to use this option to reclaim the space when new records are created. Any new maintenance procedures on production systems should be well planned and thought out, especially if they may result in unplanned downtime or possible data loss.
Spool files are sometimes forgot about, especially on environments with minimal IT resources and no automated purging procedures are in place. If this is the case, deleting useless spool files can free up a lot of disk space. Some systems can go back many years and free up 20% or more of usable disk space. Likewise, any system or application logs should also be removed from the system if they are no longer relevant for solving current issues and trouble shooting. Most logs are only used to capture errors and solve problems happening at the moment or in very close proximity to today. Automating spool file archiving and purging of spool files and logs can very quickly be setup using system management tools.
Some systems can benefit from a not very well known IBM i feature called the Change Program (CHGPGM) command, which can clean up all programs written RPG, COBOL and C to run more efficiently. When the CHGPGM is used, it translates the programs during the compile process into W-code and then into machine instructions. This may be a great way to optimize old or poorly written programs ridden with redundant instructions and more efficient code structure. Performance improvement results can be significant and barely noticeable. The CHGPGM command has 3 different settings which will also affect the results, of which full optimization can take a considerable amount of time to use. Furthermore, if you are relying on a software vendor to provide new versions and fixes, using the CHGPGM as an optimization tool will be a never ending process unless you can convince your vendor to use it in its distribution. Most importantly, this optimization tool is not flawless for some programs, so read IBM documentation and test the results thoroughly.
Consider the cost benefits of optimizing your IBM i system resources, because the ramifications are greater than you may think. Using IBM i CPU efficiently is the most important factor, because it’s the most expensive component in the equation. Optimizing your applications, programs, database files, SQL queries and system updates is critical to managing your CPU usage and ongoing costs.
Not all performance issues affecting response times are simple to identify or fix, and some business systems are more susceptible to growth and modification variances than others, which will inevitably impact performance regardless of how optimized your system is. When achieving optimal response times with available resources is a dead end, you may need to consider a minor upgrade to stop the bleeding. Depending on the age of the system, some major upgrades even pay for themselves. Ask your account representative to show you the software and maintenance cost savings comparison when they send you your new or refurbished upgrade quote.

IBM Power System's Fastest RAID Controller

IBM EJ14 PCIe3 12 GB Cache RAID Plus SAS Adapter is the highest performing raid controller (SAS adapter) for IBM Power9 and Power8 systems that will significantly improve raid performance. The IBM EJ14 PCIe3 12 GB Cache RAID PLUS SAS Adapter has four 6 Gb connectors enabling the highest performance HDD or SSD SAS controller capabilities for IBM Power systems using PCIe Gen3 technology and IBM’s latest SAS RAID adapter technology. The EJ14 PCIe3 SAS adapter builds on the success of the EJ0L PCIe3 12 GB Cache RAID SAS Adapters, but delivers up to 100% more write IOPs than the older EJ0L SAS Adapter, and can support almost 2X more drives (72 SSDs and 96 HDDs). A pair of EJ14 PCIe3 12 GB Cache RAID PLUS SAS Adapters can deliver up to 1.6M read IOPS, or up to 360K write IOPS, or up to 878K IOPS using a 70/30 combination of write/reads.
In comparison, the older EJ0L PCIe3 12 GB Cache RAID SAS Adapter can only support 48 SSDs and 96 HDDs. A pair of EJ0L PCIe3 adapters running RAID 0 SSDs can only provide up to 750,000 read IOPS in a PCIe Gen1 slot, 800,000 read IOPS in a PCIe Gen2 slot, and about one million read IOPS in a PCIe Gen2 slot using RAID 0. For a very low cost, significant performance gains can be achieved by replacing the older EJ0L RAID SAS Adapter with the latest EJ14. In addition, you may even be able to shrink your hardware footprint and ongoing maintenance costs.
If your IBM Power system has any of these PCIe SAS adapters (EJ0J, EJ0M, EL3B, EJ0L, ESA1, ESA2, ESA3, and 5913), and you are noticing latency or performance degradation, consider replacing your existing RAID SAS Adapter with the EJ14 PCIe3 12 GB Cache RAID Plus SAS Adapter. Read detailed performance comparisons for IBM Power9 and Power8 Raid Controllers and SAS Adapters here.
Raid performance of the EJ14 PCIe3 12 GB RAID PLUS SAS Adapter using RAID5 and RAID6 parity is absolutely amazing. A pair of EJ14 Adapters can achieve 1.6M read IOPS using RAID 0 and random 4 KB of data, or 360,000 write IOPS using RAID5 and random 4 KB of data. Using RAID 5, data in 4 KB blocks and a mix of 70% reads and 30% writes, a pair of EJ14 PCIe3 12 GB RAID PLUS SAS Adapters can achieve 878,000 IOPS. These test results were done in a lab, and each customer’s performance results will vary based on their unique workload and environment. However, these performance results prove significant benefits can be achieved.
The EJ14 PCIe3 12 GB RAID PLUS SAS Adapter provides all the functions available on the PCIe3 12 GB RAID SAS Adapter, including Easy Tier function, and uses the same cables and connections for EXP24S 5887 and EL1S I/O drawers. The EJ14 PCIe3 12 GB RAID PLUS SAS Adapter is supported on IBM i, AIX, Linux and VIOS Power9 and Power8 servers, whereas the earlier PCIe3 12 GB RAID SAS Adapter is only supported on Power8 and Power7 servers.
A pair of adapters works together to deliver additional performance, redundancy, and write-cache protection. Patented active-active capability boosts performance for adapter pairs running at least two arrays. A single adapter configuration is not supported. The pairing must be with two PCIe3 12 GB RAID PLUS SAS Adapters. You cannot pair two different adapters.
Just like the older EJ0L PCIe3 12 GB RAID SAS Adapter, integrated flash memory provides protection of the PCIe3 12 GB RAID SAS Adapter write cache without batteries in case of power failure. Likewise, effectively up to 12 GB of write cache is provided using compression of 3 GB of physical cache. Compared to the ESA3 or 5913 PCIe Gen2 adapters, the EJ14 PCIe3 12 GB RAID PLUS SAS Adapter and EJ0L PCIe3 12 GB RAID SAS Adapter offer effectively about six times more cache.
When a EXP24S drawer is in mode 2, not all of the SAS bays on the I/O drawer can be accessed by the adapter pair unless a second set of ports is used to access the other half of the drawer, and if the second set of ports is used for the other half of the drawer, then the maximum number of drawers per adapter pair is reduced. Thus the PCIe3 12 GB RAID PLUS SAS Adapters maximums of 96 HDDs or 72 SSDs for four mode 1 drawers and is 48 HDDs or 48 SSDs with four mode 2 drawers.
If the EXP24S I/O drawer is in mode 2, then half of its SAS bays can be controlled by one pair of EJ14 SAS adapters and the other half can be controlled by a different EJ14 adapter pair or by zero-write-cache SAS adapters. The IBM e-config tool assumes the SAS bays of an individual I/O drawer are controlled by one type of SAS adapter, however customers can customize the EXP24S and adapter setup beyond the understanding of the e-config tool. For example, an EXP24S drawer in mode 2 could have a pair of PCIe3 12 GB RAID PLUS SAS Adapters controlling half its SAS bays and a pair of ESA3 adapters controlling the other half.
The quantity HDDs that can be controlled by an adapter pair depends on the number of I/O drawers and the mode setting. Below are some examples of how the EXP24S 5887 drawer can be customized to meet customer requirements:
Up to 96 HDDs by using four EXP24S drawers in mode 1
Up to 48 HDDs by using two or four EXP24S drawers in mode 2
Up to 72 HDDs by using two EXP24S drawers in mode 2 and two EXP24S drawers in mode 1
The SSD configuration options and maximums are different from HDD usage. A pair of EJ14 Adapters can support a maximum of 72 SSDs, of which all SSDs must be attached to the bottom one or two or three sets of ports. Although SSDs and HDDs can be mixed on the same adapter pair, SSDs and HDDs cannot be attached to the same set of adapter ports. The total number of SSDs and HDDs on an adapter pair is 96. If more than 48 SSDs are used on a pair of EJ14 adapters, then HDDs cannot be added to the pair. Furthermore, if 48 SSDs are used, there is a maximum of three EXP24S drawers supported.
The EJ14 PCIe3 12 GB RAID PLUS SAS Adapter supports RAID 0, 5, 6, 10 and Easy Tier function for RAID 5T2, 6T2, 10TR2 and operating system mirroring for AIX, Linux, and VIOS environments. For IBM i, the EJ14 supports RAID 5, 6, 10 and operating system mirroring, and hot spare is supported for all platform environments. The EJ14 allows for RAID sets for up to 32 devices depending on the environment.
For additional performance, pairs of SAS adapters support Active/Active protocols. This means that as long as there are at least two arrays configured per pair of adapters, additional I/O performance is gained by using the bandwidth of both adapters in the pair.
IBM Power9 and Power8 systems that support the EJ14 (CCIN 57B1):
9009-22A, 9009-41A, 9009-42A, 9223-22H, 9223-42H, 9040-MR9, 9080-M9S, 8284-22A, 8286-41A, 8286-42A, 8408-44E, 8408-E8E, 9080-MHE, 9080-MME, 9119-MHE, 9119-MME, 9008-22L, 8247-21L, 8247-22L, 8247-42L, 8284-22A, 8286-41A, 8286-42A, 8408-44E, 8408-E8E, 9080-MHE, 9080-MME, 9119-MHE, 9119-MME
IBM Power8 and Power7 systems that support the EJ0L (CCIN 57CE):
8202-E4D, 8205-E6D, 8231-E2D, 8247-21L, 8247-22L, 8247-42L, 8284-22A, 8286-41A, 8286-42A, 8408-44E, 8408-E8D, 8408-E8E, 9080-MHE, 9080-MME, 9109-RMD, 9117-MMC, 9117-MMD, 9119-FHB, 9119-MHE, 9119-MME, 9179-MHC, 9179-MHD
EJ14 OS Requirements:
AIX version 6.1 with the 6100-09 Technology Level and Service Pack 7, or later
AIX version 7.2 with the 7200-00 Technology Level and Service Pack 2, or later
AIX version 7.1 with the 7100-04 Technology Level and Service Pack 2, or later
IBM i 7.2 TR4, or later, or IBM i 7.3, or later
Red Hat Enterprise Linux 7.2 or later
SUSE Linux Enterprise Server 11, Service Pack 4, or later
SUSE Linux Enterprise Server 12, Service Pack 1, or later
Ubuntu 16.04, or later
VIOS, or later
PowerKVM - No support currently provided with PowerKVM

IBM i Backup Performance and Optimization

IBM i Backup Performance and Optimization
IBM i backup performance is affected by many variables, and many data transfer rate bottlenecks can be very easy to resolve. Some simple changes you can try to improve backup performance may only require using the correct media generation for your tape library/drive, minimize resource sharing, shortening the distance between the IBM i PCIe I/O adapter and tape library/drive, using backup optimization settings or restructuring your backup processes. These minor changes are virtually free to try and may have a significant impact on optimizing your IBM i backup transfer rates and without having to spend a lot of time analyzing the root cause. Other factors affecting your backup transfer rates may require a deeper analysis of interfaces involved in the backup and restore processes, including the capabilities of the tape library/drive, I/O SAS adapter and other IBM i hardware components, LPAR configuration, directory structure, types workloads and sizes of files being backed up.
Using general IBM i backup performance test results and some key assumptions, here are some ways that may have the most significant impact on optimizing backup and recovery performance:
  • Replace slow IBM i PCIe I/O adapters like the 5901 (57B3), EJ1P and EJ1N (57B3) 3 Gbps SAS Adapters with the faster EJ10 or EJ11 (57B4) 6 Gbps SAS Adapter, or ideally use a EN0A (577F) or EN0B 16GB Fiber Adapter or a 5735 8GB Fiber Adapter. Keep in mind, the length of the cable used to connect your tape library/device will also affect the data transfer rate performance.
  • Use a Virtual Tape Library (VTL) that ingests backup data at disk speed, versus tape drive and media speeds. The maximum backup data transfer rates on some VTLs can be up to a blazing 4.5 GB/s (14.4 TB/hr), compared to LTO-9 708 MB/s, LTO-8 360 MB/s, LTO-7 315 MB/s, LTO-6 160 MB/s and LTO-5 140 MB/s. Most VTL’s support running many parallel backup streams simultaneously which can also significantly speed up backups.
  • Other IBM i system resources that affect backup speeds include type and amount of HDD or SSD, memory, processing and PCI placement. For instance, if you have open bays available for adding more internal storage, this is a fairly cost effective solution.
  • Use Concurrent Saves and Restores or Parallel Saves and Restores. Read IBM’s documentation on these topics. System resources will be a major factor in determining if you can utilize these options, as significant memory, processing and DASD can have a great impact on the backup window.
    • Backup workloads with a mix of user or small to medium objects can benefit from concurrent saves, which allow multiple objects to be processed at the same time from different jobs, making better use of the backup devices and the system.
    • Backup workloads with a large quantity of smaller blocks of data and only a few very large database files (library or directory), a combination concurrent and parallel might be helpful. For instance, backing up all of the smaller libraries/directories to one backup device, running a parallel save of the larger files to multiple different backup devices.
    • Backup workloads with a significant amount of large files will likely need to use multiple backup devices in conjunction with the parallel save feature, while systems with only few very large files can be balanced over the backup devices and will likely be best served using concurrent saves.
    • Systems that have drastic swings in library and directory sizes likely should not use concurrent saves and may likely benefit from the parallel function (depending on the size and number of objects).
  • Save-while-active can be used with other backup jobs and will minimize downtime, however some save functions require no access or read only access to the objects as you are saving them.
  • Large IFS backup performance can be significantly improved by using Asynchronous (ASYNCBRING) feature. In environments where a large number of objects reside in a single directory, few objects qualify for the save or the system is memory constrained, performance may degrade using ASYNCBRING. ASYNCBRING enables objects to be asynchronously brought into memory early so they will not need to be paged when first accessed by the SAV processing. The performance gain seen is dependent on the directory structure, number and size of objects saved, amount of memory available, and the system configuration.
For maximum data protection, you should consider an IBM i HA or DR software solution.
It is important to understand; the root cause of poor backup performance involves identifying the slowest component in the very long chain of factors that contribute to the backup window. Your backups will only perform as fast as the slowest component. Tape backup performance is affected by many factors, some of which will be out of your control, like compressibility of data being backed up. You do however have control over some bottleneck factors that can considerably speed up backup transfer rates, such as the tape drive, tape media and interface type (IO adapter). For instance, using older generation LTO media than the LTO drive (LTO6 tapes with an LTO7 tape drive) will likely be slower for a combination of many reasons, including tape drive buffer, data compressibility and speed matching. A more common performance bottleneck is when a system is using a slower interface (IO adapter) such as 3 Gb or 6 Gb SAS, when 8 Gb or 16 Gb is capable of providing much faster throughput rates. The number of devices sharing the IO adapter may also be a significant factor impacting backup performance, as well as length of cable used (distance between IO adapter and tape drive) as stated in IBM’s documentation.
For more ideas and details on how to improve the performance of IBM i Backup & Recovery processes, read “IBM i V7R3 System Management Backing up your system”: https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/rzaiu/rzaiupdf.pdf


IBM i Power System Upgrade: Is it needed?

IBM i Power System Upgrade: Is it needed?

Is it time to upgrade your IBM i Power System? Or do you need to upgrade your IBM i Power System? Most companies upgrade their IBM Power systems on a scheduled interval, but there are instances when response times and throughput bottlenecks cause unacceptable performance levels, and a quick fix is needed. IBM i response times and throughput rely on common system resources and can have a similar effect on performance from an end user experience, but the variables that cause them are very different and are often difficult to figure out.


Continue reading

IBM i Performance Issues and Degradation

IBM i Performance Issues and Degradation
Sporadic IBM i performance issues and prolonged degradation that slowly creeps up over time can sometimes be abated by fine tuning memory pools, disk, database, applicatons, jobs and threads, but it’s not a task an untrained administrator should be attempting. IBM i response times and throughput performance issues can be due to numerous factors, and often requires a lot of man hours to pin point by a trained expert. If your IBM Power iSeries already has the Performance Adjuster enabled (view QPFRADJ system value) and other dynamic performance optimization features enabled, it often makes economic sense to simply add memory, disk drives or when appropriate, use enterprise IBM SSD with eMLC for write intensive workloads or mainstream solid state drives for applications that are performing less than 2 writes per day.

Upgrading the IBM i Power system main storage is a cheap and quick solution to stop high page faulting rates due to insufficient memory or when too many jobs or threads are fighting for memory resources. You can view the memory storage pools and to see if the faults per second is greater than 10. Adding more disk arms or upgrading HDD to IBM SSD for a particular workload type may be the solution when disk utilization is greater than 40% and system wait or service times are unacceptable. It is not even that uncommon for a company to experience performance issues on a brand new system or after performing an OS400 or application upgrade.

The IBM i has many tools you can use to analyze and monitor the performance of your iSeries Power system, including Job Watcher, Disk Watcher, Performance Tools, Navigator or even using WRKSYSSTS, WRKSHRPOOL, WRKDSKSTS and WRKACTJOB commands. For a quick and simple report, start a performance trace using STRPFRTRC command during peak hours or when the degradation is occurring, and view the system and components report to identify the bottlenecks in the trace table QPM_STRPFRTRC created.

Continue reading

Enterprise IBM SSD with eMLC Prices

Enterprise IBM SSD with eMLC Prices

IBM SSD Price Drop

IBM Solid State Drive SSD prices for iSeries, VIOS and Power AIX systems have dropped so much over the years, making the decision to replace those much slower HDDs very simple. Using Enterprise IBM SSD with eMLC will give queries, applications and other frequently accessed data a significant performance boost. The cost of replacing existing Power system hard disk drives with solid state drives is likely a fraction of what you originally paid for your current hard disk drives. Data you will not likely want to move to Enterprise class solid state drives include sequentially read and rarely accessed data. For read only data that has no more than 1 write per day, can use the much cheaper IBM Mainstream SSD. Refurbished solid state drives are eligible for IBM maintenance contracts, so there is no need to worry about support from IBM.

Save up to 90% on Enterprise IBM SSDs

Prices for IBM SSDs can be as much as 90% less than IBM list price. IBM’s 3rd generation enterprise solid state drives provide excellent price comparisons, like the ES0D 387GB SSD SFF-2 with eMLC. At the moment, the ES0D SSD is selling for over 85% off IBM list price with warranty. The ES0D Solid State Drive uses IBM’s third generation eMLC technology offering significant performance advantages, providing up to 2X more IOPS capacity and 40% better latency than the previous eMLC SSD generation technology.

IBM Enterprise SSD Drive vs Mainstream SSD

IBM’s eMLC Solid State Drives are what IBM now refers to as Enterprise SSDs, and should not to be confused with mainstream (designed for read intensive applications peforming less than 2 writes per day) SSDs. IBM's 2nd generation eMLC SSDs were also designed to deliver great sustained performance, reliability and longevity, but the enhancements with the 3rd generation eMLC Solid State Drives can provide 24x7x365 usage for 5 years, even while running write-intensive workloads. Actual customer workloads will likely never reach the usage levels IBM used to test their SSDs, so the life span of the SSD should be significantly much greater for every customer.

Continue reading

Database Clustering - Replication Solves Real-Time Data Access Requirements

Database Clustering - Replication Solves Real-Time Data Access Requirements

Database clustering involves database replication to achieve high availability (mirroring, redundancy and disaster recovery), workload balancing for performance or scaling (queries, reporting, business intelligence, analytics and data warehousing), maintenance (upgrades, migration, testing and development), database consolidation and other objectives for data access, efficiency and better decision making. It is use database clustering and replication services where the source and target databases are at different version levels and even different types of databases all together, such as PostgreSQl to Oracle replication, or DB2 to SQL. Database clustering can be implemented for a mix of on premise, virtual and cloud environments, using any of the following replication scenarios for various objectives:

  • from one database source to one target database (one way)
  • from one database source to multiple target databases (distributed)
  • from multiple database sources to one target database (consolidated)
  • from one database source to one or more target database cascaded to one or more targets again (cascaded)
  • one or more database sources to one or more target database (bi-directional)
  • one source database to two different databases or even a hybrid combination of any of these scenarios (hybrid)

Most database clustering solutions cannot meet complex business requirements when disparate platforms are a part of the equation or if complicated and long distance replication scenarios exist. Businesses with unique or complicated plans for database clustering should check out the advanced Database Replication software for clustering, with built-in conflict resolution and collision monitoring. It allows companies to replicate in real-time and transform data to and from the following databases: Microsoft SQL Server, Microsoft Azure SQL, IBM DB2, Oracle, Oracle RAC, MySQL, PostgreSQL, Teradata, IBM Informix and Sybase, of which the source and targets can be different combinations. Removing these technical barriers is key to real-time data sharing, which do not require abandoning existing investments and spending a lot of time and money on integration.

Continue reading