Print Email

Z Architecture Improves Database Security, Storage and Performance

5/15/2019 9:03:35 AM |

In this second article of a two-part series, I explore three topics that have a direct impact of applications that run on IBM Z. The three topics focus on security, space savings and speed of execution specifically:  

1.     Features supporting workloads requiring data encryption

2.     Compression for databases and its impact on storage requirements

3.     Impact of low latency I/O for acceleration of transaction processing for Db2 on z/OS 


Pervasive Encryption Fits the Need


It’s generally understood that an effective way to secure applications and data is to encrypt everything. In the past, there have been barriers to do this because encryption, implemented at the software-level only, dramatically slows down the transactions. In some commercial solutions, for example web hosting, hardware encryption/decryption cards were added to support the application but they contributed significant cost to the solution.

 

The encryption solution in z14 strikes a balance, enhanced by purposeful engineering, that makes ubiquitous encryption commercially practical. Pervasive encryption on IBM Z considers the business aspects of engineering, as its goal is to reduce risk as well as auditing effort and cost. The solution is also comprehensive as it pervasively encrypts data in flight and at rest with no application changes and no impact to service level agreements. How is this possible?

 

In z14, the engineers created a system-wide design that is optimized through silicon, firmware, OS and the middleware stack. Regarding the crypto engines, they were redesigned for 4-7x bandwidth as compared to the design for z13. The revised pipeline processing includes parallelized advanced encryption standard (AES) and hash operations involving galois/counter mode processing. Additional powerful engineering enhancements were implemented. For example, the processor can execute two AES rounds in three cycles, overlap multiple rounds where possible (for example, non-cipher block chaining encryption) and push the limits of cycle time involving low vt cells.  

 

There’s more to the engineering story as the faster z14 engines required redesign of interfaces to and from cache including a new firmware instruction to copy significantly larger amounts of data at a time to the co-processor, branch avoidance to not slow down data delivery and optimized prefetching for source and destination to keep the crypto engine fully engaged. In his presentation on IBM z14 microprocessor chip set and architectural enhancements, IBM Z Senior Engineer Jonathan Bradbury reports 13.2GB/sec per core in the OpenSSL AES-256-XTS speed test with 4KB blocks. As you can read in this section, z14 engineers created a comprehensive security strategy by mixing and layering many powerful techniques, elements and standards.

 

Significant Database Compression Improvements

 

In the paper “New Database Compression Assists in the IBM z14 Processor,” the authors describe how the IBM z14 processor, together with Db2 for z/OS Version 12, can improve data compression rates, resulting in reduced data storage requirements and costs for large databases. 

 

The new processor improves the compression hardware accelerator available in earlier generations of IBM Z by adding new hardware algorithms that increase the compression ratio and extend the applicability to additional data structures in Db2 for z/OS databases. The implementation uses a new entropy-coding step employed after Ziv–Lempel compression. What’s the impact?

 

The result is a reduction in the size of data compressed with the prior algorithms by an average of 30%. Also enabled is database index compression, reducing index sizes by roughly 30%. The bottom line is an overall improvement of 30% of the database size for many applications. There are also benefits in storage requirements, input/output bandwidth and buffer pool efficiency.

 

Implementing Low Latency I/O With zHyperLink

 

Peter Kimmel writes that “IBM zHyperLink is the result of an IBM research project which was created to provide links between a mainframe host and storage, which have an extremely low latency. It's a completely new and different paradigm of doing I/O. Especially with flash becoming a general standard for the storage backend, it's the overhead of dispatching and handling the I/O as such, that generates a considerable add-on.”

 

How big is the opportunity to save? IBMers Anna Shugol and Martin Packer include the SAP/DB2 z/OS transaction elapsed-time breakdown seen in Figure 1.

 
Picture1.png

Figure 1: An SAP/DB2 z/OS transaction elapsed-time breakdown

 

As you can see, a huge amount of the transaction time is shown in the blue colored items. The savings come in multiple areas. Time is saved on z/OS dispatching the I/O, on interrupt handling, on CPU queuing time and on cache operations that are no longer needed.

 

This is significant when it comes to tuning Db2 databases. Tim Hogan reminds us that Db2 system administrators often spend time and effort tuning to maintain acceptable I/O latency for applications. In spite of this, hardware limitations can sometimes cause intolerable performance despite the Db2 system administrator's best efforts. Even in a well-tuned environment, database I/O delays can cause application response times that exceed the requirements of service-level agreements. This is principally true when the application requires random access to large databases. But how is it implemented?

 

Administrators control the level of Db2's use of zHyperLink using the ZHYPERLINK subsystem parameter. Also, there are trace records to track Db2's use of the zHyperLink technology, as well as the results of zHyperLink requests. It’s important to enable the capability and monitor to make sure that you are getting the desired results.

 

6 Reasons Are Just the Beginning

 

In my first article and this second one, I have written about six specific improvements coming from z14 that relate specifically to applications:

 

1.     Performance improvements for COBOL and other enterprise system development products through vector decimal instructions  

2.     Single-instruction, multiple data enhancements providing performance improvements for Java, PL/1, COBOL and C/C++

3.     IBM Z architectural enhancements that improve the performance of the garbage collection process for Java

4.     Features supporting workloads requiring data encryption

5.     Compression for databases and its impact on storage requirements

6.     Impact of low latency I/O for acceleration of transaction processing for Db2 on z/OS

 

These features alone are compelling enough to require 2,000 words to explain however they represent a fraction of the exciting functionality employed in z14. Review this presentation from IBM Z Client Technical Specialist Kenneth Stine to see how these six features fit in with the dozens of other aspects of z14 design and implementation. 

Join Now!
Spark's Interactive Scala Shell

Spark's Interactive Scala Shell

Access DB2 data using DB2 Connect JDBC driver and Spark's new DataFrames API.

Read more »

Checklists Bring Order Out of Chaos and Enhance Reliability

Checklists Bring Order Out of Chaos and Enhance Reliability

Systematic procedures help avoid and solve problems.

Read more »