AWS Partner Network (APN) Blog
How Cloud Backup for Mainframes Cuts Costs with Model9 and AWS
By Gil Peleg, CEO at Model9
Mainframe cold storage based on disks and tapes is typically expensive and rigid. Model9, an AWS Partner Network (APN) Advanced Technology Partner, improves the economics and flexibility by leveraging Amazon Web Services (AWS) storage for archival, backup, and recovery of mainframe data.
Without any additional hardware component, Model9 securely transfers mainframe backup or archive data from the mainframe to AWS Cloud storage over TCP/IP.
In this post, I will describe the Model9 solution along with customer use cases and benefits. Model9 enables mainframe customers to leverage modern cloud technologies and economics to reduce data recovery risks and improve application availability by providing a software-defined solution for archive, backup, and recovery directly from AWS.
We help customers dramatically cut mainframe data management costs by running on zIIP engines, using affordable cloud storage and simplifying daily operations via an easy-to-use user interface (UI).
Mainframe Customer Storage Challenges
Since the 1970s, due to costs and limited capacity of storage devices, physical tapes were the only practical solution for archiving and creating additional copies of data. As the years went by, virtual tapes were introduced, enabling automation, improving tape utilization, and faster backup times. These were still technically treated as a physical media, however.
For this reason, mainframe backup and archive architecture still suffers from limitations and inefficiencies and incurs high costs.
Relying on a proprietary FICON protocol and emulating proprietary devices, the mainframe virtual tape library (VTL) cannot be shared with other platforms. There’s only a small number of vendors offering mainframe VTLs, which limits your choice and flexibility in choosing a backup and archive solution. We continually hear from customers that they pay 3-5X more on their mainframe VTL storage compared to distributed storage systems.
Backup, archive, and space management software runs on Central Processor (CP) engines and significantly contributes to Million Service Units Per Hour (MSU) consumption. Our analysis of multiple logs from customer environments shows that backup and space management processes consume approximately 10 percent of the total MSU capacity, increasing both the backup software cost and all MLC-based software products cost on the mainframe.
Model9 Solution
The Model9 patented technology connects the mainframe directly over TCP/IP to AWS Cloud storage, allowing you to supplement or completely eliminate the need for VTLs and physical tapes.
Figure 1 – Model9 Backup and Recovery for z/OS storing data on AWS.
Model9 Backup and Recovery for z/OS performs backup, restore, archive (migrate), and automatic recall for all z/OS data sets and volume types. This including z/OS UNIX file-level backup and restore, space management, and stand-alone restore.
With Model9, you can take advantage of any AWS storage service from affordable long-term Amazon Glacier storage to highly-durable, scalable, geographically dispersed and flexible low-cost Amazon Simple Storage Service (Amazon S3) object storage. Amazon Elastic Block Store (Amazon EBS) and Amazon Elastic File System (Amazon EFS) are also supported.
Model9 consolidates the functionality of multiple backup and tape management products into a single solution that can reduce software costs by up to 60 percent, and provides either added capabilities such as archive to cloud, or a complete replacement of existing backup and tape management software. Model9 can coexist side-by-side legacy backup and tape management products for simplified migration.
The Model9 Management Server runs on a Linux Amazon Elastic Compute Cloud (Amazon EC2) instance and provides a single point of control for all your backup and archive operations. Its dashboard helps you quickly realize the system’s health and whether your data is protected. It also provides detailed reports and insights about your environment.
Users can leverage the web-based UI to quickly search for data sets and volumes and restore a required copy directly from AWS.
Model9 Use Cases
Customers leverage AWS Cloud storage with Model9 in different ways. Many use Model9 for archiving only, leaving backup functions on-premises. Others use Model9 to create an isolated and secured backup copy to protect from cyber threats. Some customers even use Model9 as a complete replacement for their existing legacy software and perform all their backup and archive functions with Model9.
In this next section, we describe the different use cases for Model9.
Archive to Cold Storage on AWS
To maximize your benefit of cloud economics, cold storage tiers such as Amazon Glacier Deep Archive are supported and, when combined, provide a software-only, cost-effective alternative backup and archive compared to on-premises tapes.
Model9 supports data set archive (migrate) directly to AWS Cloud storage, and provides an automatic recall function transparent to TSO/E and batch applications. The automatic recall function is integrated seamlessly with the system catalog and data sets appear as migrated to cloud.
Figure 2 – z/OS datasets archived to AWS by Model9 with volume M9ARCHC.
Archiving data sets directly to AWS reduces costs by reducing VTL storage capacity and throughput licenses, while maintaining durable data copies that are available for retrieval directly from the cloud, including in disaster recovery (DR) situations.
Cyber Threat Protection and Business Resumption
Model9 provides an industry-first solution for mainframe cyber threat protection and business resumption, enabling z/OS customers to create secured, off-platform backup copies in Amazon Glacier Vault Lock.
Amazon Glacier Vault Lock allows you to easily deploy and enforce compliance controls for individual Amazon Glacier vaults with a vault lock policy. You can specify controls such as Write Once Read Many (WORM) in a vault lock policy and lock the policy from future edits. Once locked, the policy can no longer be changed.
Backup and Disaster Recovery Directly from AWS
Model9 allows you to replace legacy backup (such as IBM DFHSM, CA-Disk, FDR/ABR), tape management (IBM RMM, CA-1, CA-TLMS, BMC Control-M/Tape), encryption, and reporting software products into a single modern backup solution. Store backups directly on AWS cloud storage, including Amazon S3, Amazon EBS, and Amazon EFS.
AWS is directly accessible from your mainframe and no additional hardware, disk, or tape emulation layers is required.
Figure 3 – Amazon S3 bucket showing datasets archived with Model9.
In DR situations, a stand-alone restore program is IPL’ed over the network and directly from the Model9 management server—using the HMC “Load from removable media or server” standard action. The stand-alone restore program is used to restore volumes and data sets without requiring the backup agent to be running in z/OS.
Model9 and AWS Technical Architecture
The Model9 Backup Agent runs on the mainframe, and Model9 can store data in object storage such as Amazon S3 or in block storage such as Amazon EBS or Amazon EFS. Figure 4 shows the architecture when storing data in Amazon S3 directly.
Figure 4 – Model 9 storing data in Amazon S3 object storage.
When storing data in Amazon EBS or Amazon EFS, Model9 uses a Proxy on Amazon EC2 to write the data to the mounted Amazon EBS or Amazon EFS.
Figure 5 – Model 9 storing data in Amazon EFS or EBS block storage.
The virtual private network (VPN) connection is typically configured between the on-premises router VPN client and the VPN gateway.
The Model9 Backup Agent is a zIIP-eligible Java application running on z/OS that performs its actions using standard z/OS data management services. The Backup Agent uses DFDSS as the underlying data mover to provide support for all z/OS data set and volume types. It’s also fully compliant with existing SMS policy, properly updates the system catalog and relies on RACF authorization controls (or other SAF-compliant security products) for security.
When available, Backup Agent utilizes the zEDC and CryptoExpress cards for compression and encryption. If the cards are not available, compression and encryption are performed on zIIP engines to reduce costs.
The Management Server provides management, audit, and reporting capabilities, and can drive site recovery in case your mainframe is down. It communicates with the agents running in z/OS over secured TCP/IP connection. The Management Server can run on regular Linux or Linux for IBM Z and provides APIs to easily integrate with monitoring and DevOps tools.
Quality of Service for Data Security and Durability
Amazon S3 provides a highly durable storage infrastructure designed for mission-critical and primary data storage with 99.999999999% durability and 99.99% availability of objects over a given year. Objects are redundantly stored on multiple devices across multiple facilities in an Amazon S3 region. Amazon S3 regularly verifies the integrity of data stored using checksums, and if data corruption is detected it’s repaired using redundant data.
To protect data in transit (as it travels from the mainframe to Amazon S3), Model9 supports SSL encryption. The SSL certificates can be managed by the z/OS security server.
To protect data at rest, users may choose to add data at rest encryption to the objects created by Model9. You can use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) or Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS). This is done using Amazon S3 settings, as described in this Add Object Encryption User Guide.
When storing data in Amazon EBS or Amazon EFS block storage, encryption is provided by the Amazon EC2 Model9 proxy when writing the data to disk.
For enhanced data protection, Model9 supports storage of data in Amazon Glacier Vault Lock, which provide WORM capabilities. When data is stored on WORM storage, it cannot be changed or deleted until its predefined retention policy has expired. This adds an additional protection layer from cyber threats, such as ransomware, or data corruption caused accidentally.
Moreover, Model9 is fully compatible with the new IBM Z14 Pervasive Encryption (PE) features. Customers leveraging PE can still benefit from Model9 backup and archive directly to AWS Cloud storage, while maintaining end-to-end data encryption controlled by z/OS.
From a performance perspective, Model9 heavily parallelizes data transfers and uploads multiple objects in parallel. For increased and consistent network bandwidth throughput with AWS, it’s recommended to establish a dedicated private network connection between AWS and the mainframe datacenter network using AWS Direct Connect.
Transition to Using Model9
To allow for gradual adoption of the solution, Model9 was designed to run side-by-side with the existing legacy data management products. For example, some mainframe organizations choose to migrate archives for certain applications only, and later add additional applications.
From analyzing our customers’ tape management catalog, we see that about 65 percent of their tape data naturally expires within 3-6 months. So, all this expiring tape data does not have to be migrated to the cloud. Rather, it’s recommended to let it expire on its own.
For data with a longer-term retention policy, Model9 provides a migration tool that automatically restores data from tape and writes it to the cloud, while keeping all its attributes and existing retention policy. Detailed reports are provided to estimate the migration process and to monitor it to completion.
Customer Success: Model9 Storage Cost Savings
The following storage sizing is based on a real business case from a medium European bank (12,000 MIPS).
The customer has 1.2 PB of storage in a Virtual Tape Server (VTS), backed by an ATL holding physical tapes. They purchased this VTS and ATL for $600 per TB, or $720,000 for three years, including maintenance fees.
Although the customer bought a 1.2 PB VTS, they are only using 850 TB today. Together with the customer, we analyzed their tape usage and found that 47 percent of their tape data is used for long-term archiving. Based on this analysis, the costs of 47 percent of 850 TBs in VTS and ATL is 399.5 TB * $600/TB = $239,700.
Amazon Glacier Deep Archive is well-suited for such a use case. With Amazon Glacier Deep Archive priced at $1.01 per TB per month, the cost for 399.5 TB of storage is only $403.5 per month, or $4,842 annually, or $14,526 to compare with a three-year contract for on-premises mainframe VTS and ATL storage.
With Model9 and Amazon Glacier Deep Archive, there is over 90 percent cost savings on the long-term archive storage by completely skipping the VTS tier, the automated tape library and the physical tapes.
Model9 Differentiators and Benefits
Model9 possesses unique characteristics that benefit customers:
- Software-only solution.
- Hardware agnostic, supporting any DASD storage (IBM, EMC, HDS, and others).
- Creates secured backup copies, directly to AWS Cloud storage.
- Recovers and restores data directly from AWS.
- Typically cuts backup and archive software costs by 50 percent or more by reducing MSU consumption, consolidating software licenses, and using cost-efficient AWS Cloud storage.
- Eliminates costly virtual tape hardware (VTS, VTL, etc.).
- Improves Recovery Point Objectives (RPO) by creating more and cheaper recovery points, without having to expand existing DASD or VTL capacity.
- Simplifies daily storage management operations and maintenance with no additional database or control data set to maintain in z/OS. All metadata required for restore and recall is stored with the data on the AWS Cloud.
Try Model9 For Free
At Model9, we believe copying mainframe data sets to and from the cloud should be as easy as copying mainframe data sets to disk or tape. Our free Model9 cloud copy tool lets you copy data sets to and from cloud storage using simple JCL, as easily as you would run an IEBCOPY.
The content and opinions in this blog are those of the third party author and AWS is not responsible for the content or accuracy of this post.
.
Model9 – APN Partner Spotlight
Model9 is an APN Advanced Technology Partner. Their patented software connects the mainframe directly over TCP/IP to cloud storage, allowing you to supplement or eliminate virtual tape libraries, physical tapes, and existing data management products.
Solution Overview | Free Trial
*Already worked with Model9? Rate this Partner
*To review an APN Partner, you must be an AWS customer that has worked with them directly on a project.