Archive for June, 2008

Federal Reserve and Mainframes

Over on the Mainframe Executive blog, there is an open letter to the US Federal Reserve Bank, questioning the Fed’s apparent desire to move or switch their systems away from mainframes to distributed systems. Well you would expect less from the Mainframe Executive blog. I have a different take on why the Fed should not only keep their mainframe, but why they might want to move more work to it.

I worked on many of the early mainframe Internet applications. I did the high level design and oversaw the implementation of an Internet Banking Solution that the bank, Sun Microsystems and Microsoft had all failed to get to scale. Our design went from 3k users to I believe at the end of 2-years in production, close to 990k users without an upgrade, and without a system outage. It was built off two mainframe systems outside the firewall, running as a Sysplex. I also did a design review for a bank that had lost close to $60k from four accounts, the back end on the mainframe the mid-tiers and Internet servers distributed.

The point of this post though isn’t to gloat about my success, isn’t being a ‘mainframe bigot’ or even saying the Fed should use the mainframe. In the Mainframe Executive they raise the usual specter of security, yes security is a big deal for banks, even more so for the Fed. So yes, make a big deal of it.

However, the single most important thing to understand about building trusted computing systems, isn’t that you provide a 100% secure environment, in which applications aka business transactions, run. It is that you can show who did what, when, and how. Auditing is much more important than security. If you believe you have a 100% secure system and you lose some money but can’t audit it, what do you do, shrug your shoulders and say “oh well never mind”?

Auditing isn’t about just seeing that you have procedures in place. It is the ability to pick apart a debit transaction on a system that was executed at 4:05pm along with 30,000 others, show how that transaction was invoked, where from, under what security context, what ID, and the originating network address and more. That might require looging through logs of 7-10 distributed systems.

If like the bank I did the design review for, you can’t show the correlation of events leading up to the execution of the transaction, and you don’t know for certain where the user eneterd the network, what ID they used, and how that security context was passed from one system to another, then you don’t have security, no matter what they say.

When you are looking after the nation’s money, and despite the obvious current finicial position of the US, budgets not withstanding, I’d say that was pretty important. What does the Fed say?

I say “Show me the audit, show me the audit, show me the audit…” (repeat ad infinitum)

Power Systems and SOA Synergy

One of the things I pushed for when I first joined Power Systems(then System p) was for the IBM redbooks to focus more on software stacks, and to relate how the Power Systems hardware can be exploited to deliver a more extensive, and easier to use and more efficient hardware stack than many scale out solutions.

Scott Vetter, ITSO Austin project lead, who I first worked with back in probably 1992 in Poughkeepsie, and the Austin based ITSO team, including Monte Poppe from our System Test team, who has recently been focusing on SAP configurations, have just published a new IBM Redbook.

The Redbook, Power Systems and SOA Synergy, SG24-7607, is available free for download from the redbooks abstract page here.

The book was written by systems people, and will be useful to systems people. It contains as useful summary and overview of SOA applications, ESB’s, WebSphere etc. as well as some examples of how and what you can use Power Systems for, including things like WPARs in AIX.

Power VM configurability, Virtual Service Partitions and I/O virtualization

I must admit I’ve been a bit pre-occupied lately to post much in the way of meaningful content. For a frame of reference, I’m off looking at I/O Virtualization, NIC, FBA, Switch integration and optimization, as well as next generation data center fabrics. It’s a fascinating area, ripe for some invention and there are some great ideas out there. Hopefully more on this later.

I’ve also been looking at why we’d want to create a set of extensible interfaces that would allow virtual partitions to be used to extend the Power platform function, I have to say, the more I think about this the more interesting it is. I’d be interested in your feedback on the idea of creating a set of published interfaces to Power VM to allow you to add function running in a logical partition, or a virtual service partition to add or replace function that we provide. So, for example, maybe you want to add a monitor or accounting agent to function where we do not provide source code. We’d document the interface, provide a standard calling mechanism, a shared memory interface and so on. Then, you’d implement your function in an LPAR, probably using Linux on Power, or any other way you want.

Then, based on an event in an OS, Middleware, business application running in an LPAR under AIX, IBM i or Linux on Power generates a call to the OS, Hypervisor, or VIOS, instead of us providing the function, the hypervisor or VIOS would check to see if a Virtual Service Partition had been registered for that function, if so the call and event handling would be directed there instead of to the normal destination.

In this way we could also provide a structured way to extend the platform, where we currently would like to provide function, or customers have asked for it, but it hasn’t made our development list. Any comments? Good idea, bad idea, something else ?

CV as a cloud tag

@epredator came up with a great idea, to create a tag cloud from your CV using wordle. The output wasn’t perfect the first run as it didn’t match Mainframe with mainframe, or IBM with IBM’s, but after doing a few global changes, here is what I got. Pretty good summary.

Click the thumbnail for a larger version, or try your own via

About & Contact

I'm Mark Cathcart, formaly a Senior Distinguished Engineer, in Dells Software Group; before that Director of Systems Engineering in the Enterprise Solutions Group at Dell. Prior to that, I was IBM Distinguished Engineer and member of the IBM Academy of Technology. I'm an information technology optimist.

Blog Stats

  • 82,840 hits

Subscribe to updates via rss:

Feed Icon

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 586 other followers

Top Clicks

  • None