If you’re running (or plan to run) Red Hat Enterprise Linux (RHEL) for LinuxONE or for IBM Z, Red Hat offers compelling reasons to upgrade at least some of your Linux guests to RHEL 7.5, announced and available this week. Here are some highlights.

Red Hat now supports RHEL running under the KVM hypervisor for LinuxONE and Z, and of course you can still run RHEL under z/VM and “natively” within LPARs. To operate in a Red Hat supported way you must run your RHEL 7.5 KVM guests using the kernel-alt packages, a.k.a. “Structure A,” which updates the kernel to 4.14. Stefan Raspl explains a bit more here.

Also, with the 7.5 “Structure A” release, RHEL supports the new Guarded Storage Facility (GSF) instructions in the IBM z14 (including ZR1 model), LinuxONE Emperor II, and LinuxONE Rockhopper II machines. This support within the Linux operating system is a prerequisite for Pause-less Garbage Collection in Java Virtual Machines (JVMs) for Linux, presumably coming soon in a 64-bit JVM releases for Linux on LinuxONE/Z. Pause-less GC apparently won’t be relevant to 31-bit JVMs because their heap sizes cannot be “too large” for these purposes.

RHEL 7.5 Structure A also provides the ingredients required for pervasive encryption with protected keys.

There’s more, of course. You can check out the full 7.5 release notes for details.

IBM is unveiling its newest mainframes today, the single frame IBM z14 ZR1 and IBM LinuxONE Rockhopper II (LR1). I’d like to spend a few words explaining how uniquely interesting these machines are for industry solutions. These models are literally open. IBM’s partners and customers can now embed their own equipment within the single frame in order to craft a cohesive, physically (and of course logically) integrated solution for practically any use cases.

IBM z14 ZR1 and IBM Rockhopper II machines are based on a new, smaller 19 inch frame design, similar to the IBM DS8880 series of storage units. If you order an IBM z14 ZR1 or IBM Rockhopper II with Feature Code 0617, then IBM reserves 16U of rack space within the machine frame. You can then place just about anything you like inside that reserved space using industry standard size components. If you order IBM’s 1U (rack mountable) Hardware Management Console (HMC) and/or Trusted Key Entry (TKE) Workstation, IBM’s installation team can install that equipment inside the 16U of reserved space if you wish. Just tell the IBM installation team if you want to consume a little bit of that space with the HMC and/or TKE Workstation, as you prefer. Then it’s up to you and your imagination to spend the rest.

I recommend you fill that space with equipment that has two characteristics. First, it should be equipment that has a close, vital affinity with the IBM Z or LinuxONE machine itself from an industry solution point of view. Second, there should be some real solution value in achieving a smaller footprint. For example, you might create an IBM Z or LinuxONE “trading platform in a box” that is physically co-located in a data center near a financial trading exchange, where that frame is enclosed in its own security cage and where there’s some cost savings if you can reduce the number of frames and footprints.

IBM’s installation documentation explains the various rules in engineering terms, but I’ll highlight the not-so-surprising basics. Whatever equipment you install in that 16U of “fun space” should meet reasonable engineering standards. It shouldn’t be too heavy, and you should ordinarily install equipment from the bottom up (and the heaviest equipment at the bottom), to reduce the risk that the machine will tip over. Don’t install something that generates too much heat, or that incorporates liquids that could interfere with the machine’s humidity sensors, or that generates dust. No, despite the entertainment value, you shouldn’t install a coffee maker, microwave oven, or beer tap inside your IBM Z or Rockhopper II. Install your equipment such that the cooling airflow points in the same direction as the rest of the machine, and keep your cabling nice and tidy (and well labeled) along the sides so that airflow isn’t blocked. The concepts of “front” and “back” are important, especially if you expect a human operator to do something with the equipment you install, such as insert a USB flash drive into a USB socket. And you should give some consideration to any service interactions, putting the human accessed equipment lower rather than higher, weight and balance permitting. IBM installs several power outlets when you order Feature Code 0617, but you’ll want to check power consumption requirements to make sure you don’t exceed limits. And please respect the “boundaries” of your IBM Z or LinuxONE machine. Don’t try to plug equipment into IBM’s internal machine connectors. Stick with the public, published connections that IBM describes: OSA-Express (network), FICON Express (storage network), and (to a limited degree, such as for NTP-based external time reference) the HMC.

Now, let your imagination run wild! In no particular order, here are some examples of equipment that should be eligible to install inside your IBM z14 ZR1 or IBM Rockhopper II:

  • z/OS compatible disk and flash storage, such as Visara’s FICON-attached Vi-8810L or IBM’s forthcoming/planned “mini” FICON-attached flash storage
  • Other disk and flash storage, such as the IBM Storwize V5030 and IBM FlashSystem 900
  • Optical storage, such as the PrimeArray ArrayStor
  • Rack mounted tape drives, small tape libraries, and small virtual tape libraries, from IBM and other vendors
  • Intel/AMD X86 servers, such as the Lenovo ThinkSystem SR630
  • IBM Power servers, such as the IBM Power AC922, S922, and S812 servers, optionally with NVIDIA GPUs and other features
  • Apple Mac mini (macOS) machines via Sonnet’s RackMac mini
  • Dust/ink free logging printers, such as iSys’s V8.5e
  • Equipment that provides various I/O ports, such as USB-A, USB-C, Thunderbolt, serial, analog to digital interfaces, etc.
  • Equipment that provides “legacy” I/O connections, such as the Optica PRIZM (for ESCON, and for Bus/Tag with the ESBT option) and SecureAgent’s IDG9074 (for coax)
  • Specialized security devices, such as hardware security modules (HSMs) from Thales and others (but note that IBM’s CryptoExpress HSMs are installed in the I/O drawers and do not occupy any rack space), IBM Guardium, and IBM QRadar appliances
  • Network Time Protocol (NTP) servers and other time synchronization equipment
  • Network infrastructure (load balancers, firewalls, routers, switches, telecommunications and satellite interfaces, DWDM, etc.)
  • “Exotic” processing elements such as GPUs, FPGAs, ASICs, and ARM CPUs
  • Various appliances, such as the IBM MessageSight appliance
  • Batteries for power protection (although be careful about this, since some battery technologies would be inappropriate)
  • Horns, sirens, and LED message panels (!)

Keep in mind that 16U isn’t a tremendous amount of physical space, so spend it wisely. In general, if the IBM Z (or LinuxONE) parts of the machine can handle particular tasks without adding equipment within that 16U of space, then do so. And even if you can’t quite shrink your industry solution down to one frame, that 16U of space might still help you reduce the number of physical frames from three to two — for example, if you’re pairing an IBM z14 ZR1 with a full frame IBM DS8880. Also please be aware that, for the time being anyway, Feature Code 0617 is irrevocable. That means your IBM z14 ZR1 or Rockhopper II with Feature Code 0617 will support up to 32 feature adapters, not up to 64. That’s still a great deal of expandability, with room for lots of I/O ports and CryptoExpress features, but please be aware of that difference.

I hope you’re as excited as I am about all these new, physically smaller IBM Z and LinuxONE solution possibilities, whether you’re designing a “bank in a box,” a highly secure cryptocurrency exchange platform, a cloud “outpost,” a secure DevOps environment for a remote development team (complete with build support for the Apple ecosystem!), an industrial control system (for factories, power plants, transport hubs, traffic control, emergency services, etc.), some super spooky national security apparatus, or any other interesting industry solutions. Now you can build unique, highly secure solutions, literally within a single frame, and with the very best qualities of service (QoS). Give IBM a holler if you need help designing your fun-frame.