Adventures in systems land

Over on the Mainframe Executive blog, there is an open letter to the US Federal Reserve Bank, questioning the Fed’s apparent desire to move or switch their systems away from mainframes to distributed systems. Well you would expect less from the Mainframe Executive blog. I have a different take on why the Fed should not only keep their mainframe, but why they might want to move more work to it.

I worked on many of the early mainframe Internet applications. I did the high level design and oversaw the implementation of an Internet Banking Solution that the bank, Sun Microsystems and Microsoft had all failed to get to scale. Our design went from 3k users to I believe at the end of 2-years in production, close to 990k users without an upgrade, and without a system outage. It was built off two mainframe systems outside the firewall, running as a Sysplex. I also did a design review for a bank that had lost close to $60k from four accounts, the back end on the mainframe the mid-tiers and Internet servers distributed.

The point of this post though isn’t to gloat about my success, isn’t being a ‘mainframe bigot’ or even saying the Fed should use the mainframe. In the Mainframe Executive they raise the usual specter of security, yes security is a big deal for banks, even more so for the Fed. So yes, make a big deal of it.

However, the single most important thing to understand about building trusted computing systems, isn’t that you provide a 100% secure environment, in which applications aka business transactions, run. It is that you can show who did what, when, and how. Auditing is much more important than security. If you believe you have a 100% secure system and you lose some money but can’t audit it, what do you do, shrug your shoulders and say “oh well never mind”?

Auditing isn’t about just seeing that you have procedures in place. It is the ability to pick apart a debit transaction on a system that was executed at 4:05pm along with 30,000 others, show how that transaction was invoked, where from, under what security context, what ID, and the originating network address and more. That might require looging through logs of 7-10 distributed systems.

If like the bank I did the design review for, you can’t show the correlation of events leading up to the execution of the transaction, and you don’t know for certain where the user eneterd the network, what ID they used, and how that security context was passed from one system to another, then you don’t have security, no matter what they say.

When you are looking after the nation’s money, and despite the obvious current finicial position of the US, budgets not withstanding, I’d say that was pretty important. What does the Fed say?

I say “Show me the audit, show me the audit, show me the audit…” (repeat ad infinitum)

I got an email pointing out that I omitted a link to the youtube video of the IBM hydro-cluster. So, here it is.

Towards the end of the video, Jeff Gluck says “hot water can be moved off site”, “to heat your home or cook a family dinner”. In the famed Larry and Brin, “do no evil” context, I guess this is goodness. While I appreciate that there is a very serious side to the “greening” of the datacenter, I couldn’t help but laugh.

Back in the 1970’s on one of the first large scale computer servers, aka mainframes I worked on, we used to store takeaways inside the server for 4-5 hours to keep it warm on evening and night shift. The really scary thing, back in those days microwaves didn’t exist!

The IBM 370/145 was a T-shaped server, laying on its back, the whole back of the T was largely empty, ready in case you wanted to upgrade to a 370/148 or 155(I think). So it became common place to store stuff in there that you wanted to keep warm and dry. Ideal for takeaway and girlie magazines(so I’m told!).

IBM announced today our new Enterprise Data Center vision. There are lots of links from the new ibm.com/datacenter web page which split out into their various constituencies Virtualization, Energy Efficiency, Security, Business resiliency and IT service delivery.

To net it out from my perspective though, there is a lot of good technology behind this, and an interesting direction summarized nicely starting on page-10 on the POV paper linked from the new data center page or here.

What it lays out are the three main stages of adoption for the new data center, simplified, shared and dynamic. The Clabby analytics paper, also linked from the new data center page or here, puts the three stages in a more consumable practical tabular format.

They are really not new, many of our customers will have discussed these with us many times before. In fact, there’s no coincidence that the new Enterprise Data Center vision was launched the same day as the new IBM Z10 mainframe. We started discussing and talking about these these when I worked for Enterprise Systems in 1999, and we formally laid the groundwork in the on demand strategy in 2003. In fact, I see the Clabby paper has used the on demand operating environment block architecture to illustrate the service patterns. Who’d have guessed.

Simplify: reduce costs for infrastructure, operations and management

Share: for rapid deployment of infrastructure, at any scale

Dynamic: respond to new business requests across the company and beyond

However, the new Enterprise Data Center isn’t based on a mainframe, Z10 or otherwise. It’s about a style of computing, how to build, migrate and exploit a modern data center. Power Systems has some unique functions in both the Share and Dynamic stages, like partition mobility, with lots more to come.

For some further insight into the new data center vision, take a look at the presentation linked off my On a Clear day post from December.

Long time friend, and former IBM VM and LAN Systems Director, now fellow Austin resident, Art Olbert point me to this video. It’s the University of Manitoba holding a funeral procession for their mainframe system after some 47-years of service. Nothing on their web site says what they’ve replaced it with, I’ve emailed them and asked. Their web site is currently running on Apache on Linux after migrating from Solaris some time in 2005. As always, Slashdot covers this with comments that range from the helpful to the absolutely bizarre.

Art is familiar with this type of stunt, Art is lovingly remembered for blowing up an IBM mainframe at the announcement of the IBM LAN Server in the 1990’s. Sorry Art, couldn’t avoid mentioning it - Ahh the good old days.