DevOps Agility With IBM Cloud Provisioning and Management for z/OS
z/OS V2.3 delivers enhancements to the z/OS platform’s cloud capabilities that you can use to begin your transformation from an IT cost center to a value-generating service provider.
By Hiren Shah01/01/2018
z/OS V2.3 delivers enhancements to the z/OS platform’s cloud capabilities that you can use to begin your transformation from an IT cost center to a value-generating service provider, delivering world-class services internally over the intranet or externally over the internet. These enhancements, referred as IBM Cloud Provisioning and Management for z/OS, were also rolled back to z/OS V2.2 (with PTFs UI42847 and UI46543) and z/OS V2.1 (with PTF UI43814).
One of the key differentiators when discussing cloud for z/OS is the z/OS capability to support multiple cloud services from multiple users to share the same z/OS infrastructure. The approach for cloud on z/OS isn’t focusing on the provisioning of z/OS system instances but instead on providing the capability to support Platform as a Service and Software as a Service models. Application developers of z/OS System of Record (SoR) services demand agility to stay relevant with system of engagement cloud services. SoR cloud services are likely to access z/OS middleware (e.g., Db2, CICS, WebSphere, IMS, MQ, etc.).
Application developers need their own environments that consist of one or more middleware programs within the development lifecycle. Therefore, it’s critical that the appropriate middleware instances are quickly provisioned, on-demand and with consumer-driven provisioning capabilities. IBM Cloud Provisioning and Management for z/OS provides integrated infrastructure in z/OS to support automated and repeatable processes for middleware configuration and self-service provisioning of various IBM Middleware and Middleware Resources as a Service (MWaaS) either by system administrator or application developers in matter of minutes compared to the days it would take through a manual process.
Figure 1 describes the high-level architecture of IBM Cloud Provisioning and Management for z/OS.
An entire z/OS stack participated in building this new technology. IBM middleware teams have built fully tested, factory-provided services that provision middleware or middleware resources:
- The z/OS Management Facility (z/OSMF) component of z/OS already provides workflows to lay out and organize tasks performed by administrators. Often, system programmers refer to this as a desk procedures. For example, every installation has a series of steps to perform when adding a new TSO/E user. z/OSMF workflows can be used to consolidate existing desk procedures. z/OSMF workflow technology is leveraged to provide automation required for cloud provisioning.
- Middleware system administrators predefine middleware services based on “factory” workflows provided by IBM middleware. Besides middleware services, clients can provide their own SoR services. SoR services could be a CICS transaction within a MWaaS, which is CICS address space.
- Once the service (i.e., a template) is defined, it’s published in a secure catalog. A secure catalog locks down cloud service definition. All system administrators involved with specific middleware configuration sign off on the procedures performed on their behalf during service provisioning. Even though system administrators aren’t participating during service instance provisioning, by pre-authorizing the tasks that are performed on their behalf as part of automatic provisioning, they’re virtually present. Only canned sets of tasks that are identified in the service and approved by system administrators and locked down in a secure catalog are performed on their behalf during service instantiation.
- The tenant defines sharing scope and isolation scope. Cloud provisioning and management provides a robust multitenant environment that lets clients isolate services and resources for different lines of business (or tenants). At the same time, clients can identify resources and services that are shared within a single tenant or line of business context.
- A resource pool is predefined for the tenant and associated service. Resource pools represent z/OS network resources (e.g., TCP/IP, ports, security resources, Workload Manager resources, etc.). z/OS resource managers provide enhancements to support dynamically building resource pools, and interfaces are provided to allow obtaining resources from these predefined resource pools dynamically.
- There’s resource mapping orchestration, the new “secret sauce” put in place to identify which tenant can access what services and from which resource pools resources will be obtained during service instance creation. All of this setup is predefined before any provisioning takes place.
- z/OSMF provides REST APIs that can be exploited by external cloud service management portals (e.g., Bluemix). z/OS services or client-defined SoR services can be offered in the market place and authorized consumers can subscribe to these offerings. When consumers subscribe to the service (i.e., they request an instance of the service), provisioning REST API to z/OSMF is driven to provision a service instance. All of the pre-definitions that have been created on z/OS to support specific service provisioning will be driven at this point without any system administrator intervention. z/OSMF also provides a UI that supports provisioning of services published in z/OSMF catalog.
- Once the service instance is provisioned, it’s included in z/OSMF service instance registry. Registry provides details about when the service instance was provisioned and by whom. It also includes details regarding resources dynamically allocated to the service instance (e.g., IP address or port assigned to CICS region).
Easy to Use Services
z/OS Cloud services are administered using a browser-based z/OSMF UI. As shown in Figure 2, new navigation in the z/OSMF UI is provided to build a software configuration catalog.
The software configuration catalog is a repository of middleware services that the client/service provider creates after appropriate customization of factory-provided middleware services. Services in the software configuration catalog are preconfigured, tenant-independent definitions. They are pre-tested by service providers. After services are defined, they’re associated with the tenant (i.e., consumer group). A single middleware service can be assigned to multiple tenants. Only authorized consumers can access services in a software configuration catalog. The software configuration catalog also provides REST APIs that can be invoked from external portals to drive provisioning of middleware services.
Software instance registry as shown in Figure 3 is a registry of provisioned middleware service instances. The registry keeps track of details about middleware service configuration properties. Authorized users can obtain instance properties either using the registry UI or REST APIs. Service instance may have actions such as start/stop to start and stop the middleware instance. These actions can also be driven from the software instance registry UI or REST APIs.
Service instances can connect or bind with each other, driving actions available for specific instance to access another instance. For example, to access Db2 database, the JDBC data source needs to be defined in WebSphere Liberty. This processing is performed through a “bind” action. Once the service instance is no longer required, it can be deprovisioned by driving deprovisioning action from the software instance registry UI or REST APIs.
Highly flexible and scalable consumer-driven provisioning may result into chaos if not managed appropriately. Cloud on z/OS offers excellent flexibility and scalability as well as well-structured infrastructure management and best practices to avoid such chaos.
A key part of Cloud Provisioning and Management for z/OS infrastructure is a flexible resource pool definition and dynamic mapping of resource requests during instance provisioning to the appropriate resource pool. The system administrator predefines a resource pool for the service and assigns the pool to a specific tenant. The resource pool definition also specifies the entitlement policy for the tenant and infrastructure enforces resource allocation within the bounds of entitlement policy. There’s limited multitenancy administration and isolation that is provided by z/OS cloud provisioning infrastructure. Within a tenant, different consumers share resource pools, but across tenants, resource pools can be isolated, if desired by the system administrator. The z/OSMF UI provides intuitive interfaces to configure the resource pool and orchestration policy.
z/OS Cloud infrastructure provides capability to predefine everything, including service templates, resource pools, who can provision what services and more. These definitions provide holistic service context and ensure that components that make up the service are used as intended.
The system administrator takes responsibility for configuring environments using z/OS skills while the consumer requires a minimum z/OS skill level to use these services. In some cases, the consumer won’t even require an understanding that services are deployed on z/OS. z/OSMF service instance registry captures all necessary information about the service instance during provisioning of middleware service, provides closed-loop provisioning/deprovisioning of services and enables reliable reuse of the precious z/OS resources.
Cloud services are composed of multiplatform implementations. Industry-standard orchestration that composes the cloud service will be able to leverage new z/OSMF REST APIs to provision the z/OS SoR service component of hybrid cloud service. The z/OS service provider oversees defining SoR service and will be in complete control of their shared z/OS image by limiting access to z/OS to clients’ intranet. At the same time, this allows the SoR services to be part of a larger Hybrid Cloud service using exploitation of z/OS REST APIs. z/OS can host cloud services that clients will be able to bet their business on with high availability of these services.
The infrastructure provided with IBM Cloud Provisioning and Management for z/OS is more competitive with the current cloud industry and enables clients to build enterprise cloud services that will differentiate them from rest of the world, which is going with system of engagement services. Participation of z/OS in hybrid cloud environment doesn’t expose the integrity of the platform. IBM Z and z/OS clients have the same control of their system as before and they can offer SoR services that can be integrated with overall cloud services.
Be assured that the process of defining cloud structures on z/OS is robust. You can go ahead and stand up cloud services on z/OS and make it competitive first in the intranet and then take it to the next step to provide SoR services on the internet. IBM Cloud Provisioning and Management for z/OS is built to assist z/OS clients in seeing IT as “value vs. cost.” On-demand, consumer-driven provisioning and charge-back based on granular tenant-scoped metering data will help clients shift their perception of cloud from cost savings to value generation.
If you have any questions or comments about IBM Cloud Provisioning and Management on z/OS, please send me an email at email@example.com. Wishing you happy and agile cloud journey.
Barbara Neumann contributed to the technical and editorial review of this article.
Hiren Shah is a senior technical staff member, and the product owner and chief designer of IBM Cloud Provisioning and Management for z/OS.
Sponsored ContentAchieve Compliance Without Impacting Productivity
Post a Comment
Note: Comments are moderated and will not appear until approvedcomments powered by Disqus