A new IBM for a secure open cloud
Download
Report
Transcript A new IBM for a secure open cloud
A new IBM
for a secure open cloud
Simone Bonetti, PhD LinuxONE/
zSystems Technical Specialist, IBM Italy
@simonebonetti88
#redhatosd
1888
1891
1911
1924
1947
1956
Evolution in progress…
More than 100 years of
#cognitive #AI #cloud #IoT #security
#redhatosd
1972
#redhatosd
Five Emerging Technologies
Will start to change the world
Within Five Years
The Top Emerging Technologies To Watch: 2017 To
2021
#IoT
#AI #Cognitive
#Cloud
Source: Forrester Research, Inc.
#redhatosd
#redhatosd
Internet of Things
Digital/Physical Interaction
In the near future devices, humans
and corporations could be able to
share information and value.
#redhatosd
Internet of Things
Digital/Physical Interaction
In the near future devices, humans
and corporations could be able to
share information and value.
AS - IS
#B2B
#B2C
#redhatosd
Internet of Things
Digital/Physical Interaction
In the near future devices, humans
and corporations could be able to
share information and value.
AS - IS
#B2B
#B2C
TO - BE
#Business2Individuals
#redhatosd
Internet of Things
Digital/Physical Interaction
In the near future devices, humans
and corporations could be able to
share information and value.
AS - IS
#B2B
#B2C
TO - BE
#Business2Individuals
#Automated
#Peer2Peer
#Trustless
#redhatosd
Blockchain
Technology
A type of distributed register that takes a number of
records and puts them in a block (rather like collating
them on to a single sheet of paper). Each block is
then ‘chained’ to the next block, using a
cryptographic signature. This allows block chains to
be used like a ledger, which can be shared and
corroborated by anyone with the appropriate
permissions.
DISTRIBUTED LEDGER TECHNOLOGY: BEYOND BLOCKCHAIN
A report by the UK Government Chief Scientific Adviser
Hyperledger
Project
#redhatosd
addressing important features for a cross-industry
open standard for distributed ledgers.
Hyperledger Project
100+ 81
contributors
members
170%
Hyperledger Project
@Hyperledger
hyperledger.org
growth rate in 6 months
#Business-Ready
#Flexible
#Extensible
#Interoperable
Hyperledger Whitepaper
#redhatosd
1999
All IBM servers support Linux
100 million USD/Year
10.000+ IBMers involved
500+ IBM’s patent donated
10.000+ IBMers i
500+ IBM’s patent donated
500+ IBM software products on Linux
150+ open source project and communities
Hyperledger
Hyperledger
Project
#redhatosd
Impossibile visualizzare l'immagine. La memoria
del computer potrebbe essere insufficiente per
aprire l'immagine oppure l'immagine potrebbe
essere danneggiata. Riavviare il computer e aprire
di nuovo il file. Se viene visualizzata di nuovo la x
rossa, potrebbe essere necessario eliminare
l'immagine e inserirla di nuovo.
#performance
App
1
#security
App
2
...
#availability
App
n
Integrated connection to existing business
processes
API Layer
Chaincode
aka Smart Contracts
Elliptical Curve Digital Signatures
Cryptographic Protocols
Global Security Compliance
Consesus Algorithm
Shared Replicated Ledger
© 2016 IBM
Corporation
#redhatosd
Impossibile visualizzare l'immagine. La memoria
del computer potrebbe essere insufficiente per
aprire l'immagine oppure l'immagine potrebbe
essere danneggiata. Riavviare il computer e aprire
di nuovo il file. Se viene visualizzata di nuovo la x
rossa, potrebbe essere necessario eliminare
l'immagine e inserirla di nuovo.
IBM LinuxONE
Bringing Linux to new hights
Bringing Linux to new hights
© 2016 IBM Corporation
#redhatosd
IBM LinuxONE TM
Bringing Linux to new hights
Linux your way. Without limits. Without risks.
Impossibile visualizzare
l'immagine. La memoria del
computer potrebbe essere
insufficiente per aprire
l'immagine oppure
l'immagine potrebbe essere
danneggiata. Riavviare il
computer e aprire di nuovo il
file. Se viene visualizzata di
nuovo la x rossa, potrebbe
essere necessario eliminare
l'immagine e inserirla di
nuovo.
LinuxONETM
Rockhopper
Up to 20 IFLs
4.3 GHz
From 64 GB to 4 TB RAM
Up to 40 LPARs
LinuxONETM
Emperor
Up to 141 IFLs
5.0 GHz
From 64 GB to10 TB RAM
Up to 85 LPARs
© 2016 IBM Corporation
#redhatosd
IBM High Security Business Network distinctive value:
Secure Service Container
IBM LinuxONETM
Secure Service
Container
High-Security
Plan User
Impossibile visualizzare l'immagine. La
Other User
Public Internet
Hyperledger
Bluemix
The High Security Business Network is deployed as an appliance (operating systems, Docker, middleware, and
software components) into an IBM Secure Service Container, which provides the base infrastructure for hosting
blockchain core services and infrastructure with optimized security.
© 2016 IBM Corporation
#redhatosd
IBM High Security Business Network distinctive value:
Why Containers?
IBM LinuxONETM
App
1
App
2
...
App
n
API Layer
Chaincode
aka Smart Contracts
Cryptographic Protocols
Consesus Algorithm
App
App
Bin/Lib
Bin/Lib
App
App
Bin/Lib
Bin/Lib
Guest
OS
Guest
OS
Hypervisor
Host OS
Host OS
Server HW
Server HW
Containers
Traditional
Shared Replicated Ledger
© 2016 IBM Corporation
#redhatosd
IBM High Security Business Network distinctive value:
Secure Service Container
IBM LinuxONETM
High Security Business Network
Secure Service Container ensures…
No system admin access, ever
• Once the appliance image is built,
OS access (ssh) is not possible
• Only Remote APIs available
• Memory access disabled
• Encrypted disk
• Debug data (dumps) encrypted
How the Secure Service Container boot sequence works…
Boot sequence
1. Firmware bootloader is loaded in memory
2. Firmware loads the software bootloader from disk
1. Check integrity of software bootloader
2. Decrypt software bootloader
3. Software bootloader activate encrypted disks
1. Key stored in software bootloader (encrypted)
2. Encryption/decryption done on the flight when accessing
appliance code&data
18
4. Appliance designed to be managed by remote APIs only
1. REST APIs to configure Linux and apps
2. No ssh (allowed in dev mode)
© 2016 IBM Corporation
#redhatosd
IBM High Security Business Network distinctive value:
Secure Service Container
IBM LinuxONETM
Cloud
+
Load
Balancer
Proxy
Proxy
Chaincodej
Chaincode1
+
LPAR isolation
Peer0
... Peer3
48GBRAM
48GB
Memory
High-Security
Plan User
Linux
Chaincode0
SecurityLayer3
Internet
SecurityLayer2
Internet
SecurityLayer1
Internet
Linux
SoftLayer
48GB
Memory
Hipersockets
410GBOSA
SecureServiceContainer
PR/SM
2CryptoCards
8FICONPCHIDs
1HiperSockets
+
Integrated Cryptography
II
^
Bluemix
Secure Service
Container
Technology
Run multiple, separate
independent Blockchain
networks within the same
IBM LinuxONE box
© 2016 IBM Corporation
#redhatosd
Systems
IBM
Cloud Platform
#redhatosd
Systems
IBM
Cloud Platform
OPEN
Collaborative Innovation
The focal point for
Deployment and
Use
of Linux on the
Mainframe
Hyperledger
Project
OpenPOWER
#redhatosd
Systems
IBM
Cloud Platform
OPEN
Collaborative Innovation
The focal point for
Deployment and
Use
of Linux on the
Mainframe
Hyperledger
Project
Cognitive Business
#redhatosd
OpenPOWER
Systems
IBM
Cloud Platform
OPEN
Collaborative Innovation
Cognitive Business
(x)
Input
Variables
(i.e. your data)
#redhatosd
The focal point for
Deployment and
Use
of Linux on the
Mainframe
Hyperledger
Project
OpenPOWER
Systems
IBM
Cloud Platform
Prediction
Function
Collaborative Innovation
Cognitive Business
f (x)
Input
Variables
(i.e. your data)
#redhatosd
OPEN
The focal point for
Deployment and
Use
of Linux on the
Mainframe
Hyperledger
Project
OpenPOWER
Systems
IBM
Cloud Platform
Prediction
Function
Collaborative Innovation
Cognitive Business
#redhatosd
y = f (x)
Predictive
Outcome
Input
Variables
(i.e. your data)
OPEN
The focal point for
Deployment and
Use
of Linux on the
Mainframe
Hyperledger
Project
OpenPOWER
The world is changing,
SO IS
.
© 2016 IBM Corporation
26
#redhatosd
Grazie
Simone Bonetti LinuxONE/
zSystems Technical Specialist, IBM Italy
@simonebonetti88
#redhatosd