Measuring the Compute Cost of Encryption on Z with zBNA

SHARE Email_Blog Images (600x400) (16).png

By Joe Gentile, IBM Z Performance

With IBM’s pervasive encryption technology on their z14 and z15 mainframes, you can transparently encrypt data sets and Coupling Facility (CF) structures at low cost on z/OS. While this is an attractive feature, exploiting pervasive encryption is not as simple as flipping a switch. Mainframe shops should estimate the system resources needed to enable this support; this takes a detailed analysis of the systems’ SMF data. Fortunately, much of the process is automated by IBM Z Batch Network Analyzer (zBNA), a free download provided by IBM.

zBNA is a Java-based Windows application which analyzes SMF data and estimates effects of several IBM technologies, such as pervasive encryption, zEDC compression, and zHyperLink on your workloads.

Using sortable, spreadsheet-style panels with filtering capability, zBNA shows the top candidate data sets and CF structures for pervasive encryption and how CPU would change for a given candidate. With the filtering options provided, you can focus the analysis on a subset of candidates or select "encrypt everything" to play out different scenarios and see the effects on your workloads. For data sets, zEDC compression effects are also shown. Further, zBNA shows a graph of total system MIPS and I/O rates over time, allowing you to see the projected effects on total system CPU and I/O.

What are these effects? As you would expect, encryption can increase CPU time because it requires additional CPU instructions to perform its function. Generally, zEDC compression can reduce elapsed time because of a reduction in bytes being transferred by I/O. Direct-access storage device (DASD) space can also be reduced according to the compression ratio achieved. But, some effects are less intuitive. For example, zEDC compression can actually reduce CPU time. Depending on how well the data compresses, the added CPU needed to efficiently compress the data with zEDC can be more than offset by the savings in CPU time for I/O processing that comes from the reduction in data size. In addition, if files are both compressed and encrypted — compression is done before encryption — that can reduce the CPU time needed for encryption and the number of bytes, too. In fact, depending on how compressible your data is, reading and writing data sets that are compressed and encrypted can actually require less CPU than reading and writing data sets that are neither compressed nor encrypted. As always, results are workload dependent.

Because all of these effects are in play, zBNA uses a model that takes into account the performance effects of both encryption and compression. This allows zBNA to project the net cost of both. The key metric is CPU time per byte, which comes from internal lab measurements. In order to determine the eligible bytes, zBNA leverages fields that have been recently introduced in SMF Type 42 Subtype 6 (Data Set I/O Statistics) and Type 74 Subtype 4 (Coupling Facility Statistics) records to capture the number of bytes read, written, and eligible for encryption or compression.

Further, zBNA supports other useful features. Some highlights include:

  • zBNA can assist with processor migrations. You can compare the cost of encrypting your data on your current processor against another model processor such as z14 vs. z15 (this is called defining an alternate processor in zBNA)
  • Using SMF Type 113 (CPU Measurement Facility) records, zBNA can account for your system's LSPR Workload type (low, average, or high) in CPU time estimations
  • zBNA reports Four Hour Rolling Average data, and more recently, added Tailored Fit Pricing
  • zBNA maps batch job dependencies using a Gantt chart and breaks down the elapsed time of each job in terms of CPU, I/O, and queuing delay

Using the insights from zBNA, you can estimate costs, prioritize candidate data sets and CF structures in your mainframe shop, and plan your pervasive encryption migration. Check out the IBM zBNA TechDoc to get started.

Recent Stories
Modern Mentoring in Master the Mainframe

Message from SHARE: Ch-Ch-Ch-Changes

Eclipse Che4z: Opening the Mainframe to More Developers