In recent years, cybersecurity emerged as a national security issue and an increasingly critical concern for CIOs and enterprise IT managers.
The IBM Power processor-based architecture always ranked highly in terms of end-to-end security, which is why it remains a platform of choice for mission-critical enterprise workloads.
28 IBM Power E1050: Technical Overview and Introduction
A key aspect of maintaining a secure IBM Power environment is ensuring that the HMC (or virtual HMC) is current and fully supported (including hardware, software, and IBM Power firmware updates).
Outdated or unsupported HMCs represent a technology risk that can quickly and easily be mitigated by upgrading to a current release.
1.9 IBM Power solutions
The Power E1050 server comes cloud-enabled with integrated PowerVM Enterprise capabilities.
1.9.1 IBM Power Private Cloud Solution with Dynamic Capacity
The IBM Power Private Cloud Solution with Dynamic Capacity is an infrastructure offering that enables you to take advantage of cloud agility and economics while getting the same business continuity and flexibility that you already enjoy from IBM Power servers.
The IBM Power Private Cloud Solution offers:
Ê Cost optimization with pay-for-use pricing
Ê Automated and consistent IT management with Red Hat Ansible for IBM Power
Ê IBM Proactive Support for IBM Power services
Ê IBM Systems Lab Services Assessment and implementation assistance
Both Elastic and Shared Utility Capacity options are available on all Power E1050 servers through the Virtual Capacity (4586-COD) MTM and the IBM ESS website.
Elastic Capacity on the Power E1050 server enables you to deploy pay-for-use consumption of processor, memory, and supported OSs.
Shared Utility Capacity on Power E1050 servers provides enhanced multisystem resource sharing and by-the-minute tracking and consumption of compute resources across a collection of systems within a Power Enterprise Pools 2.0 (PEP2). Shared Utility Capacity delivers a complete range of flexibility to tailor initial system configurations with the right mix of purchased and pay-for-use consumption of processor, memory, and software across a collection of Power E1050 and Power E950 servers.
Metered Capacity is the extra installed processor and memory resource above each system’s Base Capacity. It is activated and made available for immediate use when a pool is started, and then it is monitored by the minute by an IBM Cloud® Management Console (IBM CMC).
For more information, see IBM Power Enterprise Pools 2.0.
Metered resource usage is charged only for minutes that exceed the pool’s aggregate base resources, and usage charges are debited in real time against your purchased Capacity Credits (5819-CRD) on account.
IBM offers a Private Cloud Capacity Assessment and Implementation Service that is performed by IBM Systems Lab Services professionals, which can be preselected at time of purchase or requested for qualifying Power E1050 servers.
Chapter 1. IBM Power E1050 overview 29
1.9.2 IBM Private Cloud Edition 1.8
IBM Private Cloud Edition is a complete package that adds flexible licensing models in the cloud. It helps you to rapidly deploy multi-cloud infrastructures with a compelling set of cloud-enabled capabilities. The IBM Power Enterprise Cloud Edition primarily provides value for clients that use both AIX and Linux on Power, with simplified licensing models and advanced features.
The IBM Private Cloud Edition (5765-ECB) includes:
Ê IBM PowerSC 2.1
Ê IBM PowerSC Multi-Factor Authentication (MFA)
Ê IBM Cloud PowerVC for Private Cloud
Ê IBM VM Recovery Manager DR
Ê IBM Tivoli® Monitoring
If you use IBM AIX as the primary OS, there is a specific offering for it: IBM Private Cloud Edition with AIX 7 1.8.0 (5765-CBA). The offering includes:
Ê IBM AIX 7.3 or IBM AIX 7.2
Ê IBM PowerSC 2.1
Ê IBM PowerSC MFA
Ê IBM Cloud PowerVC for Private Cloud
Ê IBM VM Recovery Manager DR
Ê IBM Tivoli Monitoring
IBM PowerSC 2.1
IBM PowerSC 2.1 (5765-SC2) provides a security and compliance solution that is optimized for virtualized environments on IBM Power running IBM PowerVM and IBM AIX, or Linux on Power. Security control and compliance are some of the key components that are needed to defend virtualized data centers and a cloud infrastructure against evolving threats.
The PowerSC 2.1 product contains the following enhancements:
Ê A blacklisting antivirus feature to allow selective, on-demand hash searches across endpoints that are managed through PowerSC
Ê Linux on Intel support for PowerSC endpoints, including MFA on IBM Power Ê Single sign-on (SSO) support
Users can log in to PowerSC through SSO with their OpenID Connect (OIDC) Enterprise identity provider and MFA, enabling integration with any application user interface (UI).
Ê MFA support for Rivest-Shamir-Adleman (RSA) web API
User MFA includes RSA through the web API, and it no longer employs the access control entry (ACE) protocol.
Ê User-defined alt-disk for TL and SP updates
Users can specify alt-disk through Trusted Network Connect (TNC) for TL and SP updates on AIX endpoints.
For more information, see the PowerSC 2.1 sales manual.
30 IBM Power E1050: Technical Overview and Introduction
IBM PowerSC Multi-Factor Authentication
IBM PowerSC MFA provides alternative authentication mechanisms for systems that are used with RSA SecurID-based authentication systems, and certificate authentication options such as Common Access Card (CAC) and Personal Identification Verification (PIV) cards. IBM PowerSC MFA allows the use of alternative authentication mechanisms instead of the standard password.
You can use IBM PowerSC MFA with many applications, such as Remote Shell (rsh), Telnet, and Secure Shell (SSH).
IBM PowerSC MFA raises the level of assurance of your mission-critical systems with a flexible and tightly integrated MFA solution for IBM AIX and Linux on Power virtual workloads running on IBM Power servers.
For more information, see the PowerSC MFA sales manual.
IBM PowerVC for Private Cloud
IBM PowerVC for Private Cloud works with IBM Power Virtualization Center to provide an end-to-end cloud solution. PowerVC for Private Cloud allows you to provision workloads and manage virtual images.
With PowerVC for Private Cloud, you can perform several operations, depending on your role within a project.
Administrators can perform the following tasks:
Ê Creating projects and assigning images to projects to give team-specific access to images
Ê Setting policies on projects to specify default virtual machine (VM) expiration, and so on
Ê Authorizing users to projects
Ê Creating expiration policies to reduce abandoned VMs
Ê Specifying which actions require approvals and approving requests
Ê Creating, editing, and deleting deployment templates
Ê Deploying an image from a deployment template
Ê Dispositioning requests
Ê Performing lifecycle operations on VMs, such as capture, start, stop, delete, resume, and resize
Ê Monitoring usage (metering) data across the project or per user
Users can perform the following tasks on resources to which they are authorized. Some actions might require administrator approval. When a user tries to perform a task for which approval is required, the task moves to the request queue before it is performed (or rejected).
Ê Performing lifecycle operations on VMs, such as capture, start, stop, delete, resume, and resize
Ê Deploying an image from a deployment template
Ê Viewing and withdrawing outstanding requests
Ê Requesting VM expiration extension
Ê Viewing their usage data
Chapter 1. IBM Power E1050 overview 31
PowerVC 2.0 UI
IBM Power Virtualization Center 2.0 introduces a new UI that is based on the Carbon framework. Carbon is the IBM open-source design system for products and digital experiences. With the IBM Design Language as its foundation, the system consists of working code, design tools and resources, human interface guidelines, and a vibrant community of contributors.
IBM Power Virtualization Center 2.0 comes with a new UI, and many new features and enhancements.
Because IBM Power Virtualization Center is built on the OpenStack technology, you might see some terminology in messages or other text that is not the same as what you see elsewhere in PowerVC. There is also some terminology that might be different from what you are used to seeing in other IBM Power products.
Feature support for PowerVC editions
PowerVC offers different functions depending on the edition that you have installed and the hypervisor that are you are using to manage your systems.
IBM Cloud PowerVC Manager includes all the functions of the PowerVC Standard Edition plus the following features:
Ê A self-service portal that allows the provisioning of new VMs without direct system administrator intervention. An option is for policy approvals for the requests that are received from the self-service portal.
Ê Deploy templates that simplify cloud deployments.
Ê Cloud management policies that simplify management of cloud deployments.
Ê Metering data that can be used for chargeback.
For more information, see the PowerVC 2.0 sales manual.
IBM VM Recovery Manager DR
IBM VM Recovery Manager DR (5765-DRG) is an automated DR solution that enables
IBM Power users to achieve low recovery times for both planned and unplanned outages. It introduces support for more storage replication solutions and support for an extra guest OS, which broadens the offering’s applicability to a wider range of client requirements.
IBM VM Recovery Manager DR offers support for:
Ê IBM DS8000® Global Mirror
Ê IBM SAN Volume Controller (SVC), and IBM Storwize® Metro and Global Mirror
Ê Extended Memory Controller Symmetrix Remote Data Facility (SRDF) synchronous replication
Ê Boot device selection for IBM Power8 processor-based systems
For more information, see the VMRM-DR sales manual.
IBM Tivoli Monitoring
IBM Tivoli Monitoring products monitor the performance and availability of distributed OSs and applications. These products are based on a set of common service components that are collectively known as IBM Tivoli Management Services. Tivoli Management Services components provide security, data transfer and storage, notification mechanisms, UI presentation, and communication services in an agent-server-client architecture.