Linux on IBM Z and LinuxONE - Group home

Red Hat Enterprise Linux 8.3 for IBM Z and LinuxONE - with Secure Execution

  

On November 3, Red Hat released Red Hat Enterprise Linux – 8.3, pairing stability with innovation.

 Red Hat Enterprise Linux 8.3 is available for IBM Z and LinuxONE at the same time as for other platforms and includes support for new hardware capabilities of IBM z15 and LinuxONE III announced earlier this year.

 One of the top IBM Z features included in RHEL 8.3 is IBM Secure Execution for Linux which, using the hardware encryption features of IBM Z and LinuxONE, provides a trusted execution environment for running workloads such as sensitive databases and blockchain services.

 Previously, it was possible to protect data at rest and data in transit through the pervasive encryption capabilities of IBM Z. Secure Execution adds the ability to protect data in use.

 In addition, previously it was possible to isolate workloads at the Logical Partition (LPAR) level through the secure service container technology of IBM Z. Secure Execution adds the ability to isolate workloads at the virtual machine level.

 The net result is that individual workloads ,whether running on bare-metal, virtualized or in containers, can be isolated and protected at scale from external attacks and insider threats – increasing security and adding flexibility across the hybrid cloud. For example, you can

  • build a containerized workload with a trusted and maintained RHEL 8.3 base container UBI image for IBM Z and LinuxONE, then
  • secure the underlying container hosts using IBM's Secure Execution for Linux capabilities, then
  • scan the container host using RHEL tools such as OpenSCAP to meet your security compliance needs for example PCI or HIPAA. 

When running RHEL, you can also secure whatever is running within the container by using Multi-level security (https://www.redhat.com/en/blog/how-selinux-separates-containers-using-multi-level-security)

Find out more in the Technical Overview of Secure Execution for Linux on IBM Z.

Red Hat Enterprise Linux 8.3 for IBM Z and LinuxONE also adds the ability to boot the system from internal PCI NVMe flash storage – so enabling IBM Z and LinuxONE customers to deploy Linux without the cost of external storage.

In addition, the Shared Memory Communications over RDMA (SMC-R) had been enhanced, providing dynamic failover processing. In general SMC improves throughput, lowers latency and cost, and supports high availability as well.

Red Hat Enterprise Linux 8.3 adds enhanced container tools, additional systems roles, and new cloud admin tools. You can find out more in the Red Hat blog “What's new in Red Hat Enterprise Linux 8.3?”.

Security – Reliability – Hybrid Cloud – and Innovation. You can see why Red Hat Enterprise Linux 8.3 and IBM Z and LinuxONE appear to have been made for each other.

 

Adam Jollans

Program Director, IBM Z & LinuxONE Marketing