fbpx

Used IBM Servers | New Power9 Systems | QRadar SIEM Security

IBM Power Solid State Drives SSD

How to increase IBM POWER System application performance running on IBM i, AIX and Linux DB2 Database
Every IBM POWER System application performs significantly faster running on SSD (microsecond and nanosecond response times, compared to millisecond and seconds). Application performance on IBM POWER Systems experiencing slow query responses times, have intensive I/O requirements or are experiencing latency as a result of accessing data on hard disk drives, can improve performance using various database and query approaches. However, the most effective and usually quickest approach is to replace traditional HHDs with IBM Solid State Drives (SSD) using either Enterprise or Mainstream SSDs, depending on read and write requirements. Solid state drives have been available for IBM POWER Systems since IBM released the first POWER5 models, although the initial SSDs were cost prohibitive for most companies. Since their initial release, time and the refurbished market has made IBM SSDs cost effective for any company needing a quick and simple performance upgrade.
 
In comparison to hard disk drives, SSDs run at the speed of memory capable of delivering tens of thousands more I/O operations per second for any IBM POWER System, providing queries, I/O intensive applications and aging IBM i, Linux and AIX Power servers a massive performance boost. As a result, IBM POWER Systems can typically be configured to replace HDDs with a lot less SSDs and still achieve huge I/O performance boost and reduce related hardware costs of expansion units and IBM hardware maintenance. IBM Enterprise SSDs with eMLC (for write intensive database applications) and Mainstream SSDs (for read intensive with no more than 1 write per day) do not have the seek time performance bottlenecks of hard disk drives. IBM i POWER systems have a built in storage manager for the DB2 database that simplify and automate how data is used between ASPs, Libraries, DB2 database and physical storage types available utilizing preferences and calculations for maximum response times and performance costs that impact CPU and I/O.
 
IBM SSDs provide users with almost instantaneous access to DB2 data, removing latency and I/O performance bottlenecks HDD spinning platters and arms cause. What are you waiting for? Get IBM SSD prices for your IBM POWER System today and see for yourself how affordable an upgrade can be.
 
IBM SSD Options by IBM POWER System Generation
 
IBM POWER8 and POWER9
IBM Enterprise SSD with eMLC 3D NAND flash memory for write intensive workloads. The 2.5-inch solid-state drives (SSD) are available in 387 GB, 775 GB, and 1.55 TB sizes, and can be formatted to 4k or to 528 (5xx) byte sectors. The Enterprise SSD for IBM POWER8 and POWER9 systems can be installed in SFF-3 system unit slots and use the integrated SAS controller or in SFF-2 slots of a EXP24S 5887 or EXP24SX ESLS expansion drawer which require a EJ0L, EJ14, EJ0J, EJ0M, EL3B or EL59 PCIe3 SAS RAID adapter.
 
IBM Mainstream SSDs are for read intensive workloads, with no more than 1 write per day. These 2.5-inch solid-state drives (SSD) are available in 931 GB, 1.86 TB, 3.72 TB and 7.45 TB sizes, and are formatted to use 4k byte sectors. These IBM mainstream SSDs can be installed in SFF-3 system unit slots and use the integrated SAS controller or in SFF-2 slots of a EXP24SX expansion drawer which require a EJ0L, EJ14, EJ0J, EJ0M, EL3B, or EL59 PCIe3 SAS RAID adapter. Customers installing these IBM Mainstream 2.5-inch SAS SSDs in the EXP24SX expansion drawer get an extra 18% IOPS per disk slot, providing 160k IOPS for 4KiB reads versus 130k.
 
IBM i, iSeries AS400 POWER8 and POWER9 SSD
387 GB IBM Enterprise SSD SAS 4k SFF-3 ES91
387 GB IBM Enterprise SSD SAS 4k SFF-2 ES95
775 GB IBM Enterprise SAS 4k SFF-3 ESND
775 GB IBM Enterprise SAS 4k SFF-2 ESNB
1.55 TB IBM Enterprise SAS 4k SFF-3 ESNH
1.55 TB IBM Enterprise SAS 4k SFF-2 ESNF
931 GB IBM Mainstream SSD SAS 4k SFF-3 ESJ9
931 GB IBM Mainstream SSD SAS 4k SFF-2 ESJ1
1.86 TB IBM Mainstream SSD SAS 4k SFF-3 ESJB
1.86 TB IBM Mainstream SSD SAS 4k SFF-2 ESJ3
3.72 TB IBM Mainstream SSD SAS 4k SFF-3 ESJD
3.72 TB IBM Mainstream SSD SAS 4k SFF-2 ESJ5
7.45 TB IBM Mainstream SSD SAS 4k SFF-3 ESJF
7.45 TB IBM Mainstream SSD SAS 4k SFF-2 ESJ7
AIX and Linux POWER8 and POWER9 SSD
387 GB IBM Enterprise SSD SAS 4k SFF-3 ES90
387 GB IBM Enterprise SSD SAS 4k SFF-2 ES94
387 GB IBM Enterprise SSD SAS 5xx SFF-2 ESGV
775 GB IBM Enterprise SAS 4k SFF-3 ESNC
775 GB IBM Enterprise SAS 4k SFF-2 ESNA
775 GB IBM Enterprise SSD SAS 5xx SFF-2 ESGZ
1.55 TB IBM Enterprise SAS 4k SFF-3 ESNG
1.55 TB IBM Enterprise SAS 4k SFF-2 ESNE
931 GB IBM Mainstream SSD SAS 4k SFF-3 ESJ8
931 GB IBM Mainstream SSD SAS 4k SFF-2 931 GB ESJ0
1.86 TB IBM Mainstream SSD SAS 4k SFF-3 ESJA
1.86 TB IBM Mainstream SSD SAS 4k SFF-2 ESJ2
3.72 TB IBM Mainstream SSD SAS 4k SFF-3 ESJC
3.72 TB IBM Mainstream SSD SAS 4k SFF-2 ESJ4
7.45 TB IBM Mainstream SSD SAS 4k SFF-3 ESJE
 
IBM POWER7 and POWER8
IBM Enterprise SSD with eMLC4 flash memory for write intensive workloads. The 2.5-inch solid-state drives (SSD) are available in 387 GB, 775 GB and 1.55 TB sizes, and can be formatted to 4k or to 528 (5xx) byte sectors. The Enterprise SSD for IBM POWER7 and POWER8 systems can be installed in SFF-3 system unit slots and use the integrated SAS controller or in SFF-2 slots of a EXP24S 5887 or EXP24SX ESLS I/O expansion drawer, which require a EJ0L, EJ14, EJ0J, EJ0M, EL3B, and EL59 PCIe3 SAS RAID adapter.
 
IBM Mainstream SSDs are for read intensive workloads, with no more than 1 write per day. These 2.5-inch solid-state drives (SSD) are available in 931 GB, 1.86 TB and 3.72 TB sizes, and are formatted to use 4k byte or 528 (5xx) byte sectors. These mainstream SSD can be installed in SFF-3 system unit slots and use the integrated SAS controller or in SFF-2 slots of a EXP24SX expansion drawer which require a EJ0L, EJ14, EJ0J, EJ0M, EL3B, or EL59 PCIe3 SAS RAID adapter. Customers installing these IBM Mainstream 2.5-inch SAS SSDs in the EXP24SX expansion drawer get an extra 18% IOPS per disk slot, providing 160k IOPS for 4KiB reads versus 130k.
 
IBM i, iSeries AS400 POWER7 and POWER8 SSD
387 GB IBM Enterprise SSD eMLC4 4K SFF-3 ES8P
387 GB IBM Enterprise SSD eMLC4 5xx SFF-3 ES7L
387 GB IBM Enterprise SSD eMLC4 4K SFF-2 ES86
387 GB IBM Enterprise SSD eMLC4 5xx SFF-2 ES79
387 GB IBM Enterprise SSD eMLC3 SFF-1 ES11
387 GB IBM Enterprise SSD eMLC3 SFF-2 ES1A
387 GB IBM Enterprise SSD eMLC2 SFF-1 ES0B
387 GB IBM Enterprise SSD eMLC2 SFF-2 ES0D
775 GB IBM Enterprise SSD eMLC4 4K SFF-3 ES8R
775 GB IBM Enterprise SSD eMLC4 5xx SFF-3 ES7Q
775 GB IBM Enterprise SSD eMLC4 4K SFF-2 ES8D
775 GB IBM Enterprise SSD eMLC4 5xx SFF-2 ES7F
931 GB IBM Mainstream SSD SAS 4k SFF-3 ES84
931 GB IBM Mainstream SSD SAS 4k SFF-2 ES8Z
1.86 TB IBM Mainstream SSD SAS 4k SFF-3 ES93
1.86 TB IBM Mainstream SSD SAS 4k SFF-2 ES97
1.9 TB IBM Mainstream SSD SAS 4k SFF-3 ES8K
1.9 TB IBM Mainstream SSD SAS 4k SFF-3 ES81
3.72 TB IBM Mainstream SSD SAS 4k SFF-3 ESE2
3.72 TB IBM Mainstream SSD SAS 4k SFF-2 ESE8
AIX and Linux POWER7 and POWER8 SSD
387 GB IBM Enterprise SSD eMLC4 4K SFF-3 ES8N
387 GB IBM Enterprise SSD eMLC4 5xx SFF-3 ES7K
387 GB IBM Enterprise SSD eMLC4 4K SFF-2 ES85
387 GB IBM Enterprise SSD eMLC4 5xx SFF-2 ES78
387 GB IBM Enterprise SSD eMLC3 SFF-1 ES10
387 GB IBM Enterprise SSD eMLC3 SFF-2 ES19
387 GB IBM Enterprise SSD eMLC2 1.8-Inch ES02
387 GB IBM Enterprise SSD eMLC2 528 byte SFF-1 ES0A
387 GB IBM Enterprise SSD eMLC2 528 byte SFF-2 ES0C
775 GB IBM Enterprise SSD eMLC4 4K SFF-3 ES8Q
775 GB IBM Enterprise SSD eMLC4 5xx SFF-3 ES7P
775 GB IBM Enterprise SSD eMLC4 4K SFF-2 ES8C
775 GB IBM Enterprise SSD eMLC4 5xx SFF-2 ES7E
775 GB IBM Enterprise SSD eMLC3 SFF-1 ES0F
775 GB IBM Enterprise SSD eMLC3 SFF-2 ES0H
775 GB IBM Enterprise SSD eMLC3 SFF-2 ES0G
775 GB IBM Enterprise SSD eMLC3 SFF-1 ES0E
931 GB IBM Mainstream SSD SAS 4k SFF-3 ES83
931 GB IBM Mainstream SSD SAS 4k SFF-2 ES8Y
1.55 TB IBM Mainstream SSD SAS 4k SFF-3 ES8V
1.55 TB IBM Mainstream SSD SAS 4k SFF-2 ES8F
1.86 TB IBM Mainstream SSD SAS 4k SFF-3 ES92
1.86 TB IBM Mainstream SSD SAS 4k SFF-2 ES96
1.9 TB IBM Mainstream SSD SAS 4k SFF-3 ES8J
1.9 TB IBM Mainstream SSD SAS 4k SFF-2 ES80
1.9 TB IBM Mainstream SSD SAS 4k SFF-3 EL8J
1.9 TB IBM Mainstream SSD SAS 4k SFF-2 EL80
3.72 TB IBM Mainstream SSD SAS 4k SFF-3 ESE1
3.72 TB IBM Mainstream SSD SAS 4k SFF-2 ESE7
 
POWER6 and POWER5
IBM only made Enterprise (eMLC) SSD in the first generation for IBM Power6 and Power5 system models. IBM Power6 and Power5 SSDs can be installed in standard SAS disk slots. These IBM SSD’s are available in two form factors; 2.5-inch which are installed in the system unit CEC and controlled by the internal RAID controller or a IBM 5904, 5906 or 5908 PCI-X 1.5 GB Cache controller, the 3.5-inch can be installed in the system unit that has a split backplane or in a 5802 or 5803 12X I/O Drawer, feature 5886 EXP12S Disk Expansion Drawer, controlled by the internal RAID controller, a 5902, 5903, 5904, 5906 or 5908 SAS Adapter or RAID controllers.
 
IBM i, iSeries AS400
177 GB IBM Enterprise SSD eMLC 528 byte SAS SFF-2 1794 58B4
69 GB IBM Enterprise SSD eMLC 2.5-inch 528 byte SAS SFF 1909
POWER AIX and Linux
177 GB IBM Enterprise SSD eMLC 528 byte SAS SFF-2 1793 58B4
69 GB IBM Enterprise SSD eMLC 2.5-inch 528 byte SAS SFF 1890
69 GB IBM Enterprise SSD eMLC 3.5-inch 528 byte SAS SFF 3586
69 GB IBM Enterprise SSD eMLC 3.5-inch 528 byte SAS SFF 3587
 
Important SSD Considerations and Rules for IBM POWER Systems
  • IBM SSDs can be intermixed with existing older SSDs, but should be of same or similar capacity, and be of same type, class and format. i.e. All enterprise 528 byte, all mainstream 528 byte, all enterprise 4k or all 4k mainstream.
  • Some SAS controllers or RAID adapters do not support 4k drives. RAID arrays cannot mix read intensive (RI) SSD with write many enterprise SSD.
    SAS controllers or RAID adapters can run both 4k and 5xx drives at the same time when in separate arrays.
  • Some RAID adapters or SAS controllers support mixing HDD and SSD in the same array when using Easy Tier array (RAID-5TS, -6T2 or -10T2).
  • It is highly recommended to have hot-spare replacement on hand when using arrays of SSDs.
  • Although SSDs can be used in a RAID 0 disk array, it is preferred that SSDs to be protected by RAID levels 5, 6, 10, 5T2, 6T2, or 10T2.
  • Identify specific configuration and placement requirements related to the SSD devices. Sometimes optimal placement can provide better performance.
  • Adapter caching usually improves overall performance with solid state drives, but in some configurations and workloads, the adapter caching may not improve performance of the arrays, in which the adapter caching can be disabled.
  45 Views
  0 Comments
45 Views
0 Comments

IBM Power Systems: End of Summer Sale

The IBM Power Systems End of Summer Sale is here! All prices for refurbished IBM i, AIX and Linux Power8, Power7 and Power6 Systems, Processor upgrades, Enterprise SSD, Hard Disk Drives, Memory and Parts have been slashed from now until September 23rd. All purchases made after using our website “send pricing” feature will have the invoice number entered into a raffle drawing for an Amazon Echo Show 5. All IBM Power System hardware includes warranty, is gauranteed IBM manufactured and eligible for existing IBM maintence and support agreements. Below are some examples of IBM Power Systems, Disk Drives, Memory, Tape Drives, Storage and other features on sale starting today.
 
IBM Power8 Systems & Processor Upgrades
8286-41A - EPX6, EPX0, EPXK
8286-42A - EPXH, EPXF, EPXE
8247-21L - ELPD, ELP3
IBM Power7 Systems & Processor Upgrades
8202-E4B - 8352, 8351, 8350
8202-E4C - EPC7EPC6EPC5
8202-E4D - EPCMEPCLEPCK
8205-E6B - 8347, 8353, 8354, 8355
8205-E6C - EPC9, EPC8, EPCA, EPCB
8205-E6D - EPCP, EPCQ, EPCR
IBM Power6 Systems & Processor Upgrades
8203-E4A - 5633, 5634, 5635, 5577, 5587
 
IBM Enterprise SSD (EMLC4 - Fourth Generation)
387GB SFF-3 ES7L (5B19 00LY324)
387GB SFF-3 ES8P (5B13 00LY333)
775GB SFF-3 ES8R (5B14 00LY334)
IBM Enterprise SSD (EMLC3 - Third Generation)
387GB SFF-1 ES10 (58B8 74Y9524)
387GB SFF-1 ES17 (59BE 00E8692)
387GB SFF-2 ES19 (58B9 74Y9526)
387GB SFF-1 ES11 (58B8 74Y9524)
387GB SFF-2 ES1A (58B9 74Y9526)
775GB SFF-1 ES0E, ES0F (59C0 00E8702)
775GB SFF-2 ES0G, ES0H (59C2 00E8709)
IBM Enterprise SSD (EMLC2 - Second Generation)
387GB SFF-1 ES0A, ES0B (58B8 74Y9524)
387GB SFF-2 ES0C, ES0D (58B9 74Y9526)
IBM Mainstream SSD (Read Intensive)
1.9TB SFF-3 ES8K (5B20 00LY374)
15K Hard Disk Drives
600GB SFF-3 ELDF (59E4 00E9914)
283GB SFF-3 ESDA (59E0 00E9906)
300GB SFF-3 ESDB (59E0 00E9906)
571GB SFF-3 ESDE (59E4 00E9908)
600GB SFF-3 ESDF (59E5 00E9974)
571GB SFF-2 ESDN (59CF 00E8660)
283GB SFF-2 ESEY (59C9 00E8681)
283GB SFF-3 ESFA (59E1 00E9966)
571GB SFF-3 ESFE (59E5 00E9968)
10K Hard Disk Drives
1.14 TB SFF-1 ESD0 (59C8 00E8606 00E8605 00D5344)
1.2TB SFF-3 ESD8 (59C8 00E8614)
 
IBM Power8 Main Storage
16 GB DDR4 Memory EM91 (31EC 00VK252 00VK248)
32 GB DDR4 Memory EM92 (31ED 00VK296)
64 GB DDR4 Memory EM93 (31EE 00VK306)
128 GB DDR4 Memory EM94 (31EF 00VK351)
256 GB DDR4 Memory EM95 (31FC 00VK242 00VK243)
16 GB DDR4 Memory EM96 (31EC 00VK252 00VK248)
32 GB DDR4 Memory EM97 (31ED 00VK292)
64 GB DDR4 Memory EM98 (31EE 00VK306)
16 GB DDR3 Memory EM83 (31E8 00VK193)
32 GB DDR3 Memory EM84 (31E9 00VK195)
64 GB DDR3 Memory EM85 (31E2 00LP744)
128 GB DDR3 Memory EM8E (31EB 00VK198)
16 GB DDR3 Memory EM8B, EL3P (31E0 31E8 00VK192 00VK193 00LP781 00JA660)
32 GB DDR3 Memory EM8C (31E9 00VK195 00VK194)
64 GB DDR3 Memory EM8D (31EA 00VK196 00VK197)
128GB DDR3 Memory EM8E (31EB 00VK198)
IBM Power7 Main Storage
4 GB (2 x 2 GB) DDR3 Memory EM04 (31F8 78P1011)
8 GB (2 x 4 GB) DDR3 Memory EM08 (31F3 78P0554)
8 GB (2 x 4 GB) DDR3 Memory EM16 (4527 31F4 77P8632 78P0555)
32GB (2x 16GB) DDR3 Memory EM32 (31F5 78P0639)
16 GB (2 x 8 GB) DDR3 Memory EM4B (31FA 78P1914)
32 GB (2 x 16 GB) DDR3 Memory EM4C (31FB 78P1915)
64 GB (2 x 32 GB) DDR3 Memory EM4D (31F7 78P1539)
Memory Riser Card EM01 (2C1C 00E0638)
8 GB (2x4 GB) DDR3 Memory 4526 (31C5 77P8784)
16 GB (2x8 GB) DDR3 Memory 4527 (77P8632 31C8)
16 GB (2x8 GB) DDR3 Memory 4529 (31D2 31F4 77P8919)
32 GB (2x16 GB) DDR3 Memory 4528 (31C9 77P8633)
Memory Riser Card 5604 (51CC 46K7514)
IBM Power6 Main Storage
4 GB (2x2048MB) Memory 4532 (31AC 77P8030)
8 GB DDR2 4477 (313E 12R9616)
8 GB (2x4096MB) Memory 4523 (31A6 77P6500)
16 GB DDR1 Memory 4450 (30AC 12R9276 16R0711)
16 GB (2x8192MB) Memory 4524 (31A8 77P7504)
  187 Views
  0 Comments
187 Views
0 Comments

IBM HMC Model Specifications and Comparisons

The IBM Hardware Management Console (HMC) is a virtual hardware appliance used to manage and monitor IBM i, AIX and Linux workloads running on Power9, Power8, Power7, Power6 and Power5 Systems. The IBM HMC uses built in terminal emulation software to connect and control Power system resources, services, virtualization features and order Capacity Upgrade on Demand. The IBM HMC can consolidate the monitoring and management of all Power systems in a company’s infrastructure that is supported by the HCM code. Every HCM model supports different Power system models based on the version of HMC code. For instance, the latest HCM models 7063-CR1, 7042-CR9, CR8, CR7, OE1 and OE2 all support Power9, Power8 and Power7 systems when running V9R1 HMC code, but not do not support IBM Power6 system models. If same the HMC has V8.8.7 code installed (which does not support Power9 system models), the HCM can also connect and manage Power6 systems.

Similar to the HMC virtual hardware appliance, customers may choose to use HMC functions on a PowerVM-based environment running on a PowerLinux LPAR and using PowerVM NovaLink software. The IBM HMC hardware appliance and the PowerVM NovaLink features function the same as the HMC appliance. The PowerVM NovaLink uses a cloud architecture, that provides a direct OpenStack connection to a PowerVM server running on a PowerLinux partition.

Continue reading
  161 Views
  0 Comments
161 Views
0 Comments

IBM i Encryption for Data Protection and Privacy Compliance

ibm-i-data-protection IBM i Encryption Data Protection
It has only been a year, and the new data protection and privacy regulations have already hit a few companies with multi-million dollar fines. Every company with sensitive data on an IBM i (iSeries AS400) and has data protection and privacy requirements, should have implemented DB2 encryption already. Some of the companies seen in the news recently not only failed to secure personal data properly, could not accurately assess how much data was compromised, had a lax incident response plan and were slow to notify authorities. These factors all led to heavier fines, causing the total financial penalties to exceed 100s of millions dollars.
 
The latest data security and privacy regulations like GDPR, PCI and NYCRR 500 extend globally, and have some pretty sharp teeth. GDPR’s data protection and privacy safeguards have garnered such high praise, most federal, state and local governments like California are modeling their new laws after it. These new data protection and privacy laws have put a lot of overdue responsibility on companies to take better care of our personal data. There are several aspects of the new data security and privacy laws that will affect how much a company will be fined, and will vary on the compliance regulation. So far, GDPR appears to be the strictest and has the costliest consequences with a maximum fine equal to 4% of a company’s revenue. The number of records exposed will be a significant factor when determining a fine, but even more importantly will be the extent and measure of data protections the company implemented to protect personal data. Put simply, companies better due their due diligence to secure personal data.
 
The company fines that incurred the heaviest fines thus far, were incidents that involved unencrypted records. On the IBM i, DB2 database encryption is the most important data protection mechanism for data security and privacy compliance. Here is why. Regardless of how the data is accessed, used or where the data ends up, DB2 database encryption for IBM i provides data security and privacy protection from both internal and external threats. No other security access control mechanism provides this all-encompassing protection. To monitor and control user access for all the IBM i exit points, a company would need to implement many exit programs to cover all the OS400 application servers, open database protocols, commands, legacy SNA exit points and all the ports that do not use an exit point. A more efficient and secure way to protect personal data would be to implement IBM i DB2 encryption.
 
The IBM i does not support self-encrypting drives SED, and the only ways to implement disk encryption is either by migrating to SAN storage or using ASP encryption (which is free with OS400 V7R3 and higher). However, neither of these encryption solutions would suffice as adequate data security methods for most data protection laws like GDPR, PCI NYCRR 500. These encryption technologies only protect data in the event the disk drives end up in the hands of an unauthorized individual and during specific data transmission operations. Disk encryption does not protect data in any other scenario.
 
The premise of the data protection laws is to protect data at rest and in motion. Whereas data privacy laws involve responsible management practices of personal data and honoring user requests and permissions they provided to collect, store and share their personal data. Companies subject to data privacy laws are also subject to data security, but not the other way around. Personal data a company collects may be stored and protected properly, but did the company have the user’s permission to store it in the first place? Did the company have proper access controls in place to prevent employee misuse of their data? Was the personal data shared outside the scope of the user’s explicit permissions? Was all the user’s data removed from the company assets and in their control when requested? Encryption cannot protect a company from data privacy infractions, but it can minimize financial penalties if or when an infraction occurs. Data privacy regulations will be addressed in a future articled explaining the importance of strict data privacy governance, incident response processes and proactive approaches to maintaining a good compliance posture. The remainder of this article will focus on IBM i data protection methods with DB2 database encryption.
 
Since ancient times, encryption has been used to protect sensitive information. Today, encryption is used to protect our data from every connection on a network, as every workstation, server, access point and device can be used to access sensitive data on the IBM i. If you run the NETSTAT command, you can view all the connections being made to and from your IBM i. You are likely familiar with many of these connection types, but there are likely even more you are unfamiliar with. All these different ports in use are examples of how users are accessing your IBM i, and probably have no or few access controls in place to control how users access and use personal data stored on the system.
 
Insiders are the biggest threats to companies with data protection requirements, and are the number one reason companies so often have to pay fines. Insiders make up all unintentional improper handling of data incidents, and IT rarely has implemented proper access controls (IBM i exit programs) to properly protect data. At every company, users copy data to their workstation, upload to Cloud services, download to a thumb drive, copy to a development environment and store reports in unsecure unmonitored locations. Everyone of these scenarios will cause the company a costly reportable data breach. It is a common misconception that native IBM i object or menu level security will stop these events from happening. To monitor and control user access to and from the IBM i, companies would need to implement many exit programs to cover all the OS400 application servers, open database protocols, commands, legacy SNA exit points and other ports that do not use an exit point.
 
Some OS400 Security Basics:
  • Users with *ALLOBJ authority or which can adopt this All Object authority through an OS400 group profile or supplemental group can access any sensitive data on the IBM i.
  • Users with *USE authority can download sensitive data to their workstation
  • Users with Limited Capability can run CL commands
  • Applications that use adopted authority or perform a profile swap typically use *SECOFR authority

A more efficient and effective way to secure personal data for data protection compliance requirements would be to implement IBM i DB2 encryption. In addition, companies may choose to anonymize, mask or scramble personal data as a compensating control for specific use cases. Encryption does not negate the need to implement security access controls, it only safeguards the data from unauthorized access. Companies must still control how their users use the data. If an employee has authorization to read data in plain text view, access controls must also be in place to prevent the employee from downloading or running a report over the data, where the personal data would then exist without any auditing or controls in place.

Implementing IBM i encryption really only involves three primary steps: Defining User Access Permissions, Creating Encryption Keys and Executing Encryption Policies. Where to begin? Identify all the locations where sensitive and private date is stored on the system. At most companies, it has been a wild west atmosphere for far too long. If your company has not already done so, this would be a good time to educate employees on the proper procedures for handling data. In fact, educating and reminding employees about the dos and don’ts should be an ongoing process.

Continue reading
  178 Views
  0 Comments
178 Views
0 Comments

Why Nutanix HCI is the ideal VM platform for Splunk SIEM

Most SIEM environments rely on a plethora of different servers, storage arrays, hypervisors and network interconnects to support their rapidly growing SOC environments. Likewise, most SIEMs also all have the same issues and concerns about performance, costs and time required to provision and manage storage growth. The primary problem is, the entire infrastructure the SIEM relies on is not integrated or even truly virtualized under a single unified architecture. As a result, administrators are stuck in a never ending battle of upgrading and adding more traditional technology for the same problems, and security analysts are constantly waiting for searches to complete until more resources are made available. The definition of “crazy” comes to mind.
 
The solution? A hyperconverged infrastructure! You should consider and investigate all players in the HCI market place, but this article will be focusing on the proven leader, Nutanix. The Nutanix HCI for Enterprise Cloud can provide SIEM security analysts many times faster search results and administrators with a more scalable and economical infrastructure to grow a SIEM with minimal capex expenses. All SIEM deployments have three key bottlenecks to constantly monitor that affect event log ingestion, searching and retention. This article will explain the advantages of using Nutanix HCI Enterprise Cloud for Splunk, and addresses the common performance and cost issues that affect all SIEMs.
 
Nutanix virtualizes all aspects of the hardware, delivering the most efficient use of all system resources that other VM solutions cannot provide for Splunk SIEM environments. The Nutanix HCI solution has a distributed architecture that shares all infrastructure resources and prevents any workload from depleting another node’s resources. It does not need or rely on expensive SAN, NAS storage, RAID groups or network switches. Nutanix Distributed Storage Fabric enables SIEM indexers and collectors to process data locally, monitors data access paths and places data in the optimal location and automatically moves hot, warm, cold and frozen data to the appropriate internal and external storage resources. The most frequently used data is access from the local node of VM memory and flash, providing maximum performance. Unlike other storage systems that will experience significant I/O bottlenecks, Nutanix’s Distributed Storage Fabric prevents the I/O blender effect from affecting the SIEM’s performance.
 
A small 4-node, 2U Nutanix cluster can deliver 3 GB/s throughput, capable of ingesting 500,000 events per second and store terabytes of event logs every day. This small SIEM deployment running on Nutanix can effortless and dynamically scale existing clusters or add new clusters in minutes simply by adding more nodes when event logs and network flows exceed your SIEM’s threshold. Every node running on Nutanix provides predictable performance for the SIEM collectors, indexers, analytics and other shared workloads.
 
In this entry 4 node Nutanix example, a company can deploy a small SIEM very affordably with only 20 TB, and have the ability to add up to 240 TB (on the fly), add up to 176 cores in eight Intel CPUs, and 2 TB of memory. An entry Nutanix HCI server can provide 250,000 or more random read IOPS and up to 5 GB per second of sequential throughput. Factor in data archiving and compression, a Nutanix HCI solution can reduce a SIEM hardware footprint by up to 400 percent.
 
Nutanix HCI solutions use radical compression policies that extend beyond the LUN level used by most storage solutions, going deeper into the VM and file levels which significantly increases efficiency and performance on a sub-block level. By using both inline and post-process compression, Nutanix maximizes performance and efficiency of event log storage. Even more importantly, Nutanix HCI solutions also allow both NAS and cloud-based storage targets to be used in conjunction with the local server storage for colder event logs and archiving frozen event logs. Nutanix HCI will use the same automatic tiering logic for network attached storage and cloud-based storage resources as the internal SSD and HDD.
 
Data protection and availability is provided by erasure coding replication, which requires additional storage capacity to keep a full copy of data on different nodes. By replicating the data using EC-X, Nutanix customers enjoy the highest degree of protection and availability. If any failure were to occur, Nutanix could use the parity to restore the data blocks and workloads would be automatically restored and restarted without operator intervention. The number of data and parity blocks can be configured to adjust for the number of failures deemed acceptable.
 
Nasdaq is a Enterprise Splunk customer that relied on bare metal and traditional VM technology to host their SIEM, and decided it was time for a change and do a POC with Nutanix. Here is the assessment from Nasdaq:
 
“Our test results we very impressive,” Yang reported. “We were extremely happy with the performance gains we received. All types of queries ran at least two times faster on Nutanix versus our traditional systems. From an operational perspective, we really liked the deployment agility—how quickly and easily Nutanix scales. By moving to a Nutanix-based solution, we have improved our service delivery for compute, memory, and storage.”
 
“Our IT infrastructure team (which is my team that manages all of our hardware systems and OS), our security team (the biggest user of Splunk, with very high data retention and performance requirements), and our tools team that manages the actual Splunk deployment, all weighed in on the decision,” noted Yang. “There was unanimous agreement among all three groups that Nutanix Enterprise Cloud Platform was the best solution for our needs.”
 
“We wanted to virtualize Splunk, but our existing technology wasn’t scalable or fast enough. We went from a five physical node platform with Splunk, to a three-node POC on Nutanix. Our new systems are outperforming our previous platform, even with just three nodes. We are now increasing that environment from three to ten nodes of Nutanix, knowing it will far outperform our non-virtual production platform.”

Jake Yang
Senior Director of Global Systems and Storage
Nasdaq

Nutanix HCI Enterprise Cloud solution enables Splunk Enterprise SIEM customers to deploy and manage a SIEM with minimal requirements, provide very flexible scaling options for event log ingestion and retention growth, and ensure optimal performance for security analysts to search and analyze incidents. Nutanix Enterprise Cloud is a hyper converged infrastructure with native web-scale capabilities and designed specifically for VM and cloud environments. The Nutanix Enterprise Cloud Platform for SIEM includes Nutanix Acropolis, Prism and Calm. The Acropolis manages the virtualization of data services and include the following components: the Distributed Storage Fabric, the App Mobility Fabric, and Nutanix hypervisor (which also supports ESXi, Hyper-V and XenServer hypervisors). Prism enables single click infrastructure management of the virtual machines.

  145 Views
  0 Comments
145 Views
0 Comments

IBM i 7.4 (V7R4) Details: Everything you need to know

IBM i 7.4 (V7R4) Details: Everything you need to know

IBM i V7R4 (7.4) OS400 enhancements and additions improve Power9 and Power8 system and DB2 database performance, security and availability. Details of OS400 V7R4 features and specifications for IBM i Power Systems are explained below in detail, and arranged by the following topics: Security, System Management, Networking, Availability, Application development, Miscellaneous features. IBM i V7R4 (7.1) release date is June 21, 2019. OS400 V7R4 is supported on IBM Power9 and Power8 processor systems, and is not supported on earlier IBM Power system processor generations. All IBM i customers should read the IBM 7.4 memo before upgrading to ensure compatibility and verify if discontinued support of any software, hardware products or features affects your system. IBM V7R4 hardware enhancement details can be read about here.

IBM i Security
IBM i Authority Collection

A significant advancement for IBM i security is the new Authority Collection service feature, capable of analyzing object authorities of users and applications to ensure only the minimum required authorities are granted to run applications. By securing objects in an application with minimum authority required, security administrators can now safely remove unnecessary user authorities to objects used by an application.

Most IBM i applications have excessive authorities granted to objects within the application. For instance, when an application gives *PUBLIC *CHANGE or *ALL authority for objects within an application, and accessing a DB2 file, when it only requires *USE authority to the data. Applications with unnecessary authorities creates security vulnerabilities by allowing users and other applications to make changes to data outside the application.

Continue reading
  3925 Views
  0 Comments
3925 Views
0 Comments

Power8 vs Power9 Performance Facts for IBM Model S924

ibm-power9-s924-9009-42a IBM Power9 S924 9009-42A Specifications
This specification breakdown of the IBM Power9 9009-42A model S924 will explain the key performance features that sets it apart from its Power8 predecessor.
 
In comparison to the 8286-42A model S824, the IBM Power9 S924 delivers 40-50% better performance for data intensive database and analytics workloads, with over twice the memory footprint (accelerated by Coherent Accelerator Processor Interface CAPI) running at speeds up to 344 GB/s (172 GB/s per socket), has over 60-70% more CPW for IBM i workloads and 2X the I/O bandwidth (Gen4 PCIe slots). IBM Power9 with CAPI 2.0 increased I/O bandwidth over 4X Power8 ability, clocked at 192 GB/s. The Power9 S924 also has PowerVM virtualization is built into the Power9 processor chip, which increases performance, server utilization and cloud enables your data.
 
 
Power9 Processors – 2 socket server with up to 24 active cores
 
EP1E 8-core (18,188-145,500 CPW)
EP1F 10-core (17,450-174,500 CPW)
EP1G 12-core (15,446-370,700 CPW)
 
Memory - up to 4TB of DDR4 direct attached memory, 16 DIMM slots per socket
 
EM62 – 16GB DIMM (Qty. 2-8 per socket = 2666 MHz / Qty. 10-16 per socket = 2133 MHz)
EM63 – 32GB DIMM (Qty. 2-8 per socket = 2400 MHz / Qty. 10-16 per socket = 2133 MHz)
EM64 – 64GB DIMM (Qty. 2-8 per socket = 2400 MHz / Qty. 10-16 per socket = 2133 MHz)
EM65 – 128GB DIMM (Qty. 2-8 per socket = 2400 MHz / Qty. 10-16 per socket = 2133 MHz)
L2 to L3 cache - 7 TB/s on chip
Per core - 512 KB L2 | 10 MB L3 | 128 MB L4
 
PCIe Slots - Hot-plug, 4 CAPI 2.0 enabled

Two Gen4 and Six Gen3 (single socket)
Five Gen4 and Six Gen3 (two socket)
 
Storage backplane options (hot-swappable disk bays)
 
EJ1C - 12 SFF-3 Bays + 1 RDX Bay
EJ1D - Expanded Function 18 SFF-3 Bays + Dual IOA with Write Cache and optional external SAS port Expanded Function
EJ1E - Split feature to 6+6 SFF Bays + 1 RDX bax with ability to add a second SAS Controller
EJ1M - 12 SFF-3 Bays + RDX Bay and optional external SAS port.
 
SSD and HDD options
 
600GB, 1200GB, 1800GB - 10K RPM SFF HDD
300GB, 600GB - 15K RPM SFF HDD
387GB, 775GB, 1551GB - 10 DWPD SFF SSD
931GB, 1860GB, 3720GB - 1 DWPD
 
External storage attachment options
 
ESLL - EXP12SX 19-inch Disk Expansion Drawer with 12 large form factor LFF Gen2-Carrier Bays
ESLS - EXP24SX 19-inch Disk Expansion Drawer 24 small form factor SFF Gen2-Carrier Bays
5887 - EXP24S 19-inch Disk Expansion Drawer 24 small form factor SFF Gen2-Carrier Bays
EC59 - PCIe3 2x4 NVMe M.2 internal carrier PCIe3 adapter for ES14 400GB Flash
EU00 - RDX Docking Station for EU01 1TB Disk Cartridge or EU2T 2TB Disk Cartridge
Maximum storage attachments is 28
 
Other standard features
 
3 USB 3.0
2 HMC 1GbE RJ45
1 system with RJ45 connector
Redundant hot plug power supplies
Redundant hot-plug cooling
 
Power requirements: 200 V to 240 V
 
Physical Dimensions
 
Width: 441.5 mm (17.4 in.)
Depth: 822 mm (32.4 in.)
Height: 86 mm (3.4 in.)
Weight: 30 kg (65 lbs.)
  616 Views
  0 Comments
616 Views
0 Comments

Nutanix Hardware for Hyper Converged Infrastructure (HCI)

nutanix-hardware-lenovo-hc_20190427-171927_1 Nutanix Hardware for HCI Lenovo
A hyper converged infrastructure (HCI) uses software to virtualize all server and storage resources for streamlining, automating and maximizing IT resources and operations for a variety of complex, compute-intensive Databases, VDI, Microsoft, Business Applications, Cloud, Big Data, SIEM, SYSLOG and other x86 environments. HCI virtualization solutions significantly reduce operating and licensing costs, provide predictable performance, provide up to 2.8 times storage gains and enables long-term flexibility and scalability. The HCI software defined infrastructure model addresses almost every IT challenge facing companies today, including:
  • Improving IT staff productivity
  • Improving operational efficiency
  • Reducing capital expenses
  • Reducing operating expenses
  • Improving backup/recovery
  • Improving resource utilization
  • Data center consolidation
The value of hyper converged infrastructure solutions lies in moving away from a legacy hardware architecture consisting of multiple generations of servers, operating systems, hypervisors and storage devices from multiple vendors, to a more available, modernized solution that is software defined, cloud-like and an all-encompassing ecosystem.
 
Some hyper converged infrastructure solutions have partnered with hardware vendors to provide an out of the box, ready to deploy hyper converged infrastructure that can enable deployment up to 85% faster. The industry’s leading HCI vendor Nutanix, partnered with the enterprise server leader Lenovo as its key hardware vendor, which offers the Lenovo ThinkAgile HX Series, a best in breed, all-in-one HCI solution with preloaded software defined storage licenses, hypervisors, consolidated maintenance and support. ThinkAgile Software for HX pairs Nutanix HCI solutions, Prism and Acropolis, with Lenovo server management solutions XClarity and ThinkAgile Network Administrator, to deliver single click provisioning, upgrades, management, software and firmware updates, and centralized monitoring of entire infrastructure from a single pane of glass. Most importantly, Nutanix virtualizes all cluster resources to work as a single, optimized and efficient system, eliminating the challenges of managing multiple interfaces.
 
Every HCI system depends on reliable, performance capable, scalable servers to ensure critical business processes run smoothly and without interruption, which makes the Nutanix Lenovo marriage perfect. Lenovo Intel based x86 servers have been rated #1 for reliability for the last five years in a row, has the highest customer satisfaction rating and holds the world record for virtualization performance. Lenovo’s ThinkAgile HX Series servers harness many highly functional features for business continuity, including XClarity Dynamic Workload Evacuation that moves workloads from a node indicating a PFA to another node, Light Path Diagnostics that identifies failing components with LEDs, Hot-swappable parts which allow for easy replacement with no downtime, XClarity Pro Call Home that notifies support based on defined alerts before a part or node fails, as well as many other high availability features.
 
Together, these industry leader providers deliver the most advanced and reliable, turnkey HCI solutions on the market. Another great benefit to customers is no multi-tier support. Nutanix and Lenovo both provide industry leading single point of contact support, giving customers the choice of who they call for any type of help needed. Once a support case is opened, a dedicated Lenovo or Nutanix specialist owns your support case, providing end-to-end customer service, connecting customers directly with a dedicated technical specialist that provide on the spot troubleshooting.
 
The Nutanix Lenovo partnership is delivered in the Lenovo ThinkAgile HX Series product line, delivering an ideal HCI solution for any x86 Cloud, VDI or business application. Check out some of the Lenovo Nutanix hardware appliances with turnkey HCI solutions below and view details about each product:
HX7820 Lenovo ThinkAgile HX 7000 SAP Hana and HCI Appliance with
Two Intel C624 Xeon Silver, Gold or Platinum 2nd Gen Processors
Up to 6 TB of Memory (48 Slots)
Up to 48 TB HDDs or 92 TB SSDs
 
HX7520 Lenovo ThinkAgile HX 7000 HCI Appliance with
Two Intel C624 Xeon Silver, Gold or Platinum 2nd Gen Processors
Up to 3 TB of Memory (24 Slots)
Up to 48 TB HDDs or 92 TB SSDs
 
HX5520 Lenovo ThinkAgile HX 5000 HCI Appliance with
Two Intel C624 Xeon Silver, Gold or Platinum 2nd Gen Processors
Up to 3 TB of Memory (24 Slots)
Up to 80 TB HDDs or 53.76 TB SSDs
 
HX3720 Lenovo ThinkAgile HX 3000 HCI Appliance with
Two Intel C624 Xeon Silver, Gold or Platinum 2nd Gen Processors
Up to 768 GB of Memory (12 Slots)
Up to 9.6 TB HDDs or 23 TB SSDs
 
HX3520-G Lenovo ThinkAgile HX 3000 HCI Appliance with
Two Intel C624 Xeon Silver, Gold or Platinum 2nd Gen Processors
Up to 1.5 TB of Memory (24 Slots)
Up to 33.6 TB HDDs or 61.44 TB SSDs
 
HX3320 Lenovo ThinkAgile HX 3000 HCI Appliance with
Two Intel C624 Xeon Silver, Gold or Platinum 2nd Gen Processors
Up to 3 TB of Memory (24 Slots)
Up to 24 TB HDDs or 46 TB SSDs
 
HX2320 Lenovo ThinkAgile HX 2000 HCI Appliance with
One or Two Intel C624 Xeon Silver 2nd Gen Processors
Up to 512 GB of Memory (16 Slots)
Up to 14 TB HDDs or 15.36 TB SSDs
 
HX1320 Lenovo ThinkAgile HX 1000 HCI Appliance with
One Intel C624 Xeon Silver or Gold 2nd Gen Processor
Up to 384 GB of Memory (12 Slots)
Up to 20 TB HDDs or 15.36 TB SSDs
 
 
  544 Views
  0 Comments
544 Views
0 Comments

QRadar IBM i iSeries AS400 Log Forwarding

qradar-ibm-i-iseries-leef-gid-offense-risk-score QRadar IBM i Offense

Configuring the IBM i to forward security and system event logs to QRadar SIEM can be done a few different ways, but in order to do it correctly; in LEEF format, in real-time, with GID and enriched event log information, you need an IBM i event log forwarding tool designed for the QRadar SIEM. There are IBM i security event log forwarding tools that can be used for QRadar that will send event logs in real-time and in CEF SYSLOG format, and even a couple that support LEEF, but only one includes QRadar QID for mapping, log enrichment and is on DSM support list. These features are important for QRadar's automatic log source discovery, parsing IBM i event logs properly for offenses, alerts and reports, and so that SOC operators can make sense of the logs. Similarly, all the IBM z Mainframe event log sources also require a forwarding tool that is able to format all the unique event log types and designed specifically for IBM QRadar.

The IBM i has many different event log sources, of which most SYSLOG and SIEM forwarding tools can only format and send System Audit (QAUDJRN) and Message Queues like QHST. However, most companies will also need to forward other event log types for compliance and audit requirements, like sensitive database access logs for File Integrity Monitoring (FIM), Network, SQL Statements, Open Source protocols, Privileged Access Management (PAM) events, Port usage, and Commands issued from a workstation. Other logs sources that companies also sometimes forward are web application logs, third party application and performance data, but these log sources are not typically required.

Continue reading
  649 Views
  0 Comments
649 Views
0 Comments

Top IBM Power Systems myths: x86 is the industry standard and Power is becoming obsolete

Top IBM Power Systems myths: x86 is the industry standard and Power is becoming obsolete

Share this post:

There are many misconceptions about IBM Power Systems in the marketplace today, and this blog series will help to dispel some of the top myths. In my previous post, I put aside the myth that migrating from x86 to IBM Power Systems is costly, painful and risky. In this post, we’ll look at another myth suggesting that x86 architecture is the de-facto industry standard for all applications and that Power Systems will soon become obsolete.

Continue reading
  211 Views
  0 Comments

Copyright

© IBM

211 Views
0 Comments