Traditionally, IBM i utilized internal disk storage due to its Single Level Storage (SLS) architecture. However, as SAN storage performance has increased and latency has decreased, it has become a viable external storage solution for this data-intensive environment. By coupling an IBM Power server running IBM i and an IBM FlashSystem, additional capabilities that previously did not exist become available.

Encryption

The IBM FlashSystem family of SAN devices provides AES-256 bit data-at-rest encryption. The encryption is hardware-based, so there is zero performance degradation. Data is encrypted upon write and decrypted upon read within the FlashSystem, so there are no changes required to the IBM i operating system functions – it is not even aware that encryption is taking place. In fact, the version of the operating system does not matter for encryption. All data written on the FlashSystem will be encrypted, regardless of the Auxiliary Storage Pool (ASP). Encryption keys for the FlashSystem can be managed either on USB thumb drives or by using an external key manager, such as IBM Security Guardium Key Lifecycle Manager (GKLM).

IBM i includes AES-256 encryption as well, but there are some restrictions to consider.   Prior to IBM i 7.6, ASP1 could not be encrypted. Only secondary ASPs could be encrypted by the OS. With the latest release of IBM i 7.6, ASP1 can now be encrypted; however, IBM i 7.6 only supports Power 10 and Power 11 hardware. Additionally, the encryption is software-based, so the CPUs must do the processing, which can result in overhead of up to 20%.

Snapshots

The FlashSystem can create scheduled or ad-hoc snapshots of the storage volumes. Snapshots are a point-in-time copy of a storage volume (or group of volumes). They are space efficient and take only seconds to create. Businesses can benefit from snapshots in a variety of ways.

Safeguarded Copy (SGC) is the name for immutable snapshots, which is a cyber resiliency feature. Immutable snapshots are snapshots that cannot be changed. If a bad actor manages to infect the volume with malware, the SGC cannot be changed or infected. The SGC can then be used to very quickly restore the infected volume to a previous uninfected point-in-time. This can reduce the time to recover from such an event from days or weeks to mere minutes or hours. IBM Technology Expert Labs offers tools to automate this recovery process.

IBM’s Full System Flash Copy (FSFC) toolkit is a separate product that uses the FlashSystem to drastically reduce backup times. In a typical backup, the database is shut down for the duration of the backup process, which can last several hours depending on the size of the libraries. Once the backup is completed, the database is restarted, and productive use can resume. This FSFC toolkit orchestrates several steps to facilitate much less downtime for the backup. In just a few moments, it quiesces the database, performs a snapshot, and restarts the database. Once the database is back in productive use, the snapshot is mounted to an alternate logical partition (LPAR) and is used as the source of the backup. The backup can now run, taking up to several hours, without impacting the business.

Clones can be created from snapshots for testing or creating development instances of an entire host.

Please contact LRS for more information about how we can help your business by incorporating IBM FlashSystem into your IBM i environment.