Linux on Modern Mainframes
Key Points
- Linux runs on IBM Z mainframes just like on any server, supporting all major distributions (RHEL, SUSE, Ubuntu, Debian, Fedora) without proprietary tools for storage or networking.
- Modern mainframes are no longer massive cabinets; they fit into standard 19‑inch racks (and even rack‑mountable models exist), dispelling the myth that they require dedicated floor space.
- IBM Z hardware uses a custom chipset—often referenced as s390x, IBM Z, or Telum—that underpins the architecture and is specifically compiled for Linux.
- The processor includes CPACF (Cryptographic‑Assist Feature), which offloads and accelerates cryptographic operations (e.g., OpenSSL) directly in hardware, boosting security‑intensive big‑data workloads.
- Leveraging Linux on these compact, rack‑mountable mainframes provides enterprises of any size with high‑performance, secure infrastructure for big‑data processing without needing separate, specialized platforms.
Sections
- Linux on Mainframes: Myths Debunked - The speaker explains that any standard Linux distribution can run on modern mainframes, countering misconceptions about special OS requirements and the notion that mainframes are only massive, niche machines.
- Protecting Keys with Mainframe HSM - The speaker explains how a mainframe’s Crypto Express hardware security module safeguards cryptographic keys, enabling internal staff to use keys without exposing the underlying data and defending against both external and insider threats.
Full Transcript
# Linux on Modern Mainframes **Source:** [https://www.youtube.com/watch?v=BPUoK4XQaFE](https://www.youtube.com/watch?v=BPUoK4XQaFE) **Duration:** 00:05:51 ## Summary - Linux runs on IBM Z mainframes just like on any server, supporting all major distributions (RHEL, SUSE, Ubuntu, Debian, Fedora) without proprietary tools for storage or networking. - Modern mainframes are no longer massive cabinets; they fit into standard 19‑inch racks (and even rack‑mountable models exist), dispelling the myth that they require dedicated floor space. - IBM Z hardware uses a custom chipset—often referenced as s390x, IBM Z, or Telum—that underpins the architecture and is specifically compiled for Linux. - The processor includes CPACF (Cryptographic‑Assist Feature), which offloads and accelerates cryptographic operations (e.g., OpenSSL) directly in hardware, boosting security‑intensive big‑data workloads. - Leveraging Linux on these compact, rack‑mountable mainframes provides enterprises of any size with high‑performance, secure infrastructure for big‑data processing without needing separate, specialized platforms. ## Sections - [00:00:00](https://www.youtube.com/watch?v=BPUoK4XQaFE&t=0s) **Linux on Mainframes: Myths Debunked** - The speaker explains that any standard Linux distribution can run on modern mainframes, countering misconceptions about special OS requirements and the notion that mainframes are only massive, niche machines. - [00:03:40](https://www.youtube.com/watch?v=BPUoK4XQaFE&t=220s) **Protecting Keys with Mainframe HSM** - The speaker explains how a mainframe’s Crypto Express hardware security module safeguards cryptographic keys, enabling internal staff to use keys without exposing the underlying data and defending against both external and insider threats. ## Full Transcript
Did you know you can run Linux on a mainframe? Yes - Linux! You might think that mainframes are only
for big banks, airlines, insurance companies. And that may have been true years ago. But nowadays
everyone, including small and medium businesses, are into big data. And to play in the big data
playground, they need the infrastructure, tools and software to do that. So I want to explain how
Linux on the mainframe can help you deal with that big data from a hardware viewpoint. But first,
I need to dispel a couple of myths. So the first myth: Is there some sort of special kind of Linux
that you need to run on the mainframe? The truth is you can run any version of Linux that you're
familiar with. You can run your Red Hat Enterprise Linux, the SUSE Linux Enterprise server, Ubuntu,
Debian, Fedora. Yes, even all these little community distributions are possible to run
there. And additionally, even though the mainframe has very special components related to storage and
networking and lots and lots of different options, inside of Linux they all look like you'd expect.
There's no proprietary tooling in order to install on Linux to be able to see the block device. Your
network devices are just going to show up like regular network devices. The second myth is that
mainframes are huge. So you may have seen in movies, you know, they bring in the giant wall
of lights. Or if you're going back a little further, the mainframe rooms that are huge,
they have mainframe servers that look like furniture, basically, or those spinning disks.
It's not like that anymore. A standard mainframe these days fits into a 19 inch rack spot. In fact,
some of the latest ones are even rack mountable and so you can just put them in the existing
racks that you have. But that doesn't mean they're not special. I have gone to great lengths to say
that they are. So what does make these mainframes special? So the first thing that I want to point
out is that in order to make this all happen, we need a special chipset. This is a custom made for
the IBM Z mainframes. And I just mentioned another term, "IBM Z". So when you're looking into the
infrastructure and looking into mainframe, you may see a few different terms. You may see s390x, you
may see IBM Z, you may see Telum when referring to the processor. And these are all kind of the
same idea, it's a specific hardware architecture built around this chip. So if we were to draw a
little chip here with its processor cores, it's everything that that's built on top of this,
and Linux is is compiled for this, and it's got a few special things to it. So the first one is
that it's got this thing we call the CPACF, which is the "CP Assist for Cryptographic
Functions" and that allows you to do a lot of the cryptographic functions. Like in Linux,
you would think of something like OpenSSL. OpenSSL is used by everything, and that can be leveraged
by the CPU core built right in there. The next one I wanted to mention was the NXU, and that is
the "Nest Accelerator Unit" and that allows you to do the compression and decompression, again,
on the hardware itself. In Linux, you would think about that as something like when you're
using gzip in your applications or when you're compressing and decompressing data. And what
that does is it takes away from the amount of work that your general processors are doing. Finally,
you've got your AI accelerator. So the AI accelerator takes your AI workloads and processes
them on a specific chip and allows them access to the cache of the rest of your processors.
And that means that the work is prioritized to some degree, but it also is not taking away from
necessarily general computing power. I also wanted to mention something that is not on the CPU, but is
part of the rest of the system. So on a mainframe, you've got these big drawers full of cards that
do various things. They connect the mainframe to the rest of the infrastructure in the data center,
including storage and other networking devices. But one of the really important ones for us
is that it includes this thing called a Crypto Express card. And the Crypto Express card is a
hardware security module. The idea of a hardware security module (HSM) is you want to keep your
cryptographic keys really, really safe. And kind of the the example that a lot of organizations say
is like, "Oh, I've got this outsider threat, this bad guy who wants to get access to my data". Well,
that's not the only threat you've got. It turns out a lot of organizations are also
worried about the internal threat. So this could be people working on the infrastructure who need
to know about the keys and they need to know about the data, but they don't necessarily
need direct access to those things. So they can use and access a key inside of your HSM,
but they don't actually technically have access to using that key to decrypt data
and then having access to that customer data. So obviously I am a big fan of mainframe hardware,
but maybe you're not quite ready to go out and buy one today. So instead, what I'm going to suggest
to you is you join us over on the IBM Linux One Community Cloud. That allows you to get access to
a VM running Linux. Various distributions are available to you for 120 days to play around,
maybe with your application to load up, you know, a little website or something that you want to
play around with. I like to cat the processor CPU info and then show it to my friends like,
"Oh, I got to be on a mainframe". Whatever you'd like to do. I hope you'll join me and check it
out. Thanks for watching. Before you leave, please remember to hit like and subscribe.