Key Features
High performance and throughput with support for the latest technology advances in SIMD (Single Instruction, Multiple Data) and SMT (Simultaneous Multithreading) across the full range of IBM Z and LinuxONE systems. Performance improvements on IBM z14 and z15 machines include:
- Enhanced instruction set support in the toolchain
- Ability to use SIMD instructions in user space for analytics workloads and math libraries
- The LLVM compiler supports IBM z14 instructions for improved performance
- SMT (Symmetric Multi-Threading) support improves performance by managing the utilization of shared resources
- The perf tool offers a rich set of commands to collect and analyze performance and trace data
- Support for zEnterprise Data Compression (zEDC), a compression acceleration capability on IBM z Systems hardware provides improved performance for software applications using data compression.
- Ability to optimize performance tuning with the CPU-measurement counter facility that supports the MT-diagnostic counter set introduced with IBM z14 and z15 machines include:
Increased security and data protection by supporting the latest cryptographic acceleration for secure-key operations and new hardware assists for fast data encryption. Cryptographic support improvements on IBM z14 and z15 machines include:
- Support for the True Random Number Generator via CPACF (CP Assist for Cryptographic Functions), which improves the availability of random data in the kernel entropy pool
- OpenSSL, ibmca, and libica support for IBM z14 instructions for AES-GCM-based encryption of data in flight
- libica supports hardware acceleration for the SHA3 algorithm using CPACF hardware in IBM z14 machines
- To ensure protection for your workloads and data, SUSE offers connection with standard mainframe security through the Identity Manager Integration Module for Mainframes, which connects to RACF, ACF2 and Top Secret. SUSE also offers security features such as AppArmor security framework and SELinux
- Cryptographic technology supports the latest cryptographic adapters. openCryptoki provides capabilities such as dynamic tracking, enterprise PKCS#11 support, key migration, and key management for security and stability.
- Security certificates include FIPS 140-1/140-2 and Common Criteria (CC).
- Secure Execution enablement (kernel and userspace) providing a trusted execution environment designed to protect and isolate critical workloads better than a standard software environment, from both internal and external threats. Secure execution lets you:
- Scale up to thousands of workloads in full isolation protected from internal and external threats
- Address the security issue present in other Linux servers of running multiple containers in the same virtual machine
- Protect the context of containers in heterogeneous workloads without extensive software code changes
- Ensures confidentiality and integrity for sensitive data and workloads on IBM Z in the hybrid multicloud
- Secure boot to ensure that code launched by firmware is trusted. The chain of trust is verified from the hardware throughout the whole firmware up into the operating system.
Enhanced virtualization capabilities to boost resource utilization using KVM and z/VM, giving you the ability to create several virtual machines that run on a single processor and handle multiple workloads. This lets you reduce or eliminate the need to buy more hardware and lets you consolidate physical systems to shrink your data center footprint and simplify maintenance for your IT staff. Virtualization features include:
- Store Hypervisor Information (STHYI) from LPAR is available in KVM. Non-privileged user-space applications running on KVM can retrieve hypervisor capacity data through the LPAR if not provided by the Linux kernel
- Machine checks caused by failing KVM guest are now targeted at the KVM virtual server instead of the KVM hypervisor, thus making the hypervisor more resilient
- KVM guests can now use CPU features, including CPACF functions, that were introduced with IBM z14
- Multiple paths let you establish multiple connections between the same two z/VM guests resulting in better scalability for z/VM Linux data exchange and improved performance.
Advanced RAS capabilities increase reliability and reduce costs, providing extra dimensions of availability and ensuring the highest levels of security while reducing your planned and unplanned downtime and supporting the legendary RAS characteristics of IBM z Systems.
- Advanced high availability Linux services are included with every subscription. This offers you a clustered file system for Linux on z Systems, and delivers all the essential monitoring, messaging and cluster resource management features in an integrated suite of open source technologies.
- Disk mirroring with real-time enhancements for z Systems improves storage operation by enabling uninterrupted operation in case of disk storage or storage path issues, providing better service availability.
- The Linux support for concurrent Flash MCL updates feature ensures that concurrent hardware microcode level upgrades (MCL) can be applied without impacting I/O operations to the Flash storage media.
Improved operational efficiency with tools you won’t find anywhere else and by taking advantage of the networking and communications features for OpenFabrics Enterprise Distribution, shared memory communications and enhanced HiperSockets support. Our systems management tools dramatically reduce tedious, complicated and labor-intensive maintenance. Increased operational efficiency is also achieved with these features:
- dasdfmt – Improves the speed of DASD formatting processes, even if they run in parallel. In addition, you can specify the number of cylinders to be formatted in one step. This lowers administration time and effort, and supports growth with larger future DASDs.
- Support for transparent large pages provides performance improvements for applications that access large amounts of anonymous memory, such as heap space for Java programs or caching areas for databases.
- The Java SDK is included and is an ideal framework for secure server-side web programming. Java application servers also provide an application deployment environment for enterprise applications with capabilities for transaction management, security, clustering, performance availability, connectivity and scalability.
- OFED (OpenFabrics Enterprise Distribution) packages are enabled for IBM Z. This is open source software for Remote Direct Memory Access (RDMA) and kernel bypass applications. OpenFabrics Software (OFS) is used in business, research and scientific environments that require highly efficient networks, storage connectivity and parallel computing.
- ZYpp provides superior package management and is the fastest update stack available on any enterprise distribution. SUSE has optimized ZYpp for performance and accuracy.
- YaST (Yet another Setup Tool) framework offers the most powerful and extensive Linux environment available today for every aspect of installation, configuration and management of your system. By offering both a text mode and a user-friendly graphical mode, YaST helps you easily set-up and configure single machines.
- More automation with AutoYaST, designed for remote system configuration and mass-deployment. This tool enables a fully customizable, automatic and remote Linux installation process for a large number of systems sharing a similar environment, similar—but not necessarily identical—hardware and performing comparable tasks. Using AutoYaST you can install these systems in parallel and in a short time without user intervention.
- Centralized advanced system and configuration management as well as security monitoring and many other features can be done with SUSE Manager running on SUSE Linux Enterprise Server for IBM Z and LinuxOne.