03 Oct IBM Galvanizes Its Place In Secure And Private Workloads With New z15 Platform

IBM Z
 IBM

In the world of computers, one of the oldest and best-known in the industry is the IBM mainframe, which has existed since the 1960s. This week IBM unveiled the latest addition to its Z mainframe portfolio, a new platform called the “z15”, which was designed with data privacy, security and hybrid multicloud in mind. Let’s take a closer look at the offering, and what it means for IBM’s play for a seat at the secured hybrid cloud table.  

First, some mainframe background and the current z14 

For the unfamiliar, a mainframe is a huge server for environments that require the highest uptime, highest security, and the largest and fastest transaction volumes. Since the 1960s, many of these environments have come to depend on IBM’s mainframe offerings. Obviously, IBM’s mainframe offerings and strategy have evolved over the years to keep up with the times technologically, and the pricing and bundling methodologies have, too. 

Impressive z mainframe stats
 IBM

Technologically, the IBM mainframe is no slouch. The z14, introduced in 2017, uses up to 170 giant CPU application cores operating at 5.2GHz., packaged in drawers with huge amounts of L1 to L4 cache designed for scale-up applications. IBM ships Z mainframes with “dark silicon” that can be enabled on the fly during peak needs and even comes with two “spare cores” if one fails. The 32TB of RAIM memory can be damaged and removed and workloads will automagically move to good memory without a work stoppage. Systems can share memory using 10Gbe switches over RoCE using PCIe Gen3 adapters in x16 slots. Fiber and 1000BASE-T ethernet over standard RJ45 connectivity is also supported. The z14 introduced security acceleration through custom ASICs and I/O acceleration using POWER-based cores which is very much cutting edge. Four of the z14 models can be water-cooled and the z14 ZR1 come in a standard, 19” rack. The z14 runs IBM’s proprietary z/OS but also many flavors on Red Hat, Canonical and SUSE Linux. The technology is very much purpose-built for throughput, security, and availability. 

IBM has evolved its pricing and bundling strategies as well.  From 1970-1999, IBM catered to its clients with simple, full capacity plans. From the turn of the century until recently, IBM adopted sub-capacity, R4HA models that gave clients more variability to pay only for what they used. This past May, IBM introduced a new consumption model—the Tailor Fit Pricing Program (read my take here). Tailor Fit Pricing is designed to give clients a cloud-like consumption model in which pricing adjust with usage, with the scale necessary for mainframe workloads. No more capping, and no more needing to micromanage infrastructure to minimize costs. In an increasingly complex IT world, more and more enterprises seek to move applications to the cloud, while keeping certain mission-critical applications on the mainframe. Tailor Fit Pricing is part of IBM’s play to straddle the middle during this transition and secure its spot in this hybrid future.  

Now onto the new z15. 

z15: Data privacy on lockdown across and outside the enterprise 

IBM looks to further solidify its position in security and now privacy with z15. While I know it’s easy to lump privacy and security into one thought, the two are related but different. Security is all about keeping the bad guys out of your systems and data. Privacy is all about protecting corporate data that could lead to that data becoming public, like health records, which costs enterprises millions in fines. Privacy is becoming as important as security as global, government entities are adding regulation after regulation onto companies. The FTC and EU are on the prowl dishing out huge fines since January 2019 to Equifax ($575M), Facebook ($5B), British Airways ($230M), Google ($57M), and Marriott ($123M). Enterprises need to account for all their data and how it’s used or feel the wrath of regulators. 

The biggest differentiator for z15 is in its data privacy capabilities. While IBM did a great job with on-mainframe security in z14 by encrypting literally everything without performance penalty, that’s only half the battle. The locus for data breaches is more often the movement of data between partners and third parties. As hybrid cloud strategies become more popular, this vulnerability is further exacerbated. When moving data back and forth between infrastructure and cloud, data security has to be a primary consideration. And the z15 offers just that- encryption across the enterprise.  

IBM z keeps client data protected, private and the proof to show regulators
 IBM

IBM’s z15 platform includes a whole host of data-centric privacy controls, under the umbrella of IBM’s Data Privacy Passports solution. These include new Trusted Data Objects (TDO), which provides protections that move with data wherever it goes- to an x86 server, a PC, tablet, phone, or IoT mid-point. This is important given the fact that that traditional data protection solutions are often fragmented or siloed, creating blind spots when data migrates from place to place. Another key feature of Data Privacy Passports is its ability to create and enforce an organization-wide data privacy policy. Users are given different views of data on a need-to-know basis, and the TDOs mentioned earlier can be utilized to stop collusion between data owners. Data Privacy Passports also gives enterprises a way to track data consumption, via a centralized access point for auditing and compliance. Lastly, Data Privacy Passports delivers all the necessary key management for TDOs, purportedly simplifying the implementation and management of these solutions. 

IBM Z mainframe unparalleled security and now privacy
 IBM

The interesting part of this is that today so much data is created on the mainframe but most of the data leaves it to be reprocessed, never going back to the mainframe. With Data Privacy Passports, the Z mainframe becomes the gatekeeper of all protected data. What an opportunity for IBM to grow.  

Cloud-native app and cloud development

The cloud is an interesting phenomenon. Five years ago, pundits incorrectly said if you didn’t move everything to the cloud now, you are doomed. 20% of IaaS, PaaS, and SaaS do operate in the public cloud, but 80% does not. Hybrid and multi-cloud are where the puck is going. These aren’t just the on-prem stalwarts headed here, these are the public cloud giants AWS and Azure. Everything is going hybrid and right now, containers and Kubernetes appears to be the leading vehicle for enterprises to start moving those mission-critical workloads. Many of these mission-critical workloads haven’t moved to any cloud because those workloads require transaction performance and must comply with certain regulations, much of this which dictates an on-prem location. Hence, the need for a hybrid cloud.  

IBM’s cloud stack on one slide
 IBM

IBM recently announced its plans to bring Red Hat OpenShift’s integrated tooling and feature set to IBM z Systems and LinuxONE. This will allow cloud developers to deploy z/OS apps on OpenShift without requiring specialized z/OS skills. Additionally, IBM announced it will provide IBM Cloud Pak to Linux on IBM Z and LinuxONE offerings. Taken all together, these offerings should help build out a richer software ecosystem for enterprises looking to take the hybrid multicloud plunge, and could give them a leg up with competitors in how they construct new cloud-native apps, modernize old apps in place, and integrate mission-critical workloads across clouds. 

IBM Cloud Paks are coming to z
 IBM

As the IBM Z operates on what’s called “big-endian” data structure, I think it will be very important for IBM and Red Hat to provide “adapters” to talk to the X86 world of “little endian.” This way, IBM clients who code for Z containers can truly transport them to x86 worlds, and vice versa. The company told me that it understands this and is working on a solution. 

Net-net, I believe IBM is telling a very compelling hybrid cloud story that spans mission-critical to user applications and it is now up to the company to flawlessly execute on that story. 

Other details and capabilities 

While the IBM Z is a “solution sell”, it’s also important to point out some of the cool technology bits and bytes. Anyone who questions the importance of hardware has their head in the sand. Hardware is sexy again and this is reinforced monthly with CEOs of Microsoft, Google, Huawei, Amazon AWS and Apple fawning on-stage over their first-part hardware. Ironic, right?  

Here are some of the z15 highlights: 

  • configurable processor core count increased from 170 to 190 
  • 14% single-thread performance improvement and 25% increase in maximum system processing capacity. (IBM didn’t disclose details on how) 
  • 25% more RAIM memory to 40TB  
  • Up to 17X compression throughput increase 
  • 20% more I/O channels 
  • Up to four 19” racks (IBM calls them frames) 

Another differentiator worth mentioning is IBM’s new Instant Recovery function, which minimizes the impact of downtime in two ways: it engages the full system capacity to quickly shut down and restart IBM Z, and then juices the capacity temporarily to more quickly make up for lost time (purportedly by as much as 2.5 times faster than what was previously possible). 

IBM also introduced today what Moor Insights & Strategy storage analyst Steve McDowell said could be the fastest storage array in the world, the IBM DS8900F. His insightful writeup is here.

Wrapping up 

All in all, I believe the new z15 offering could very positively impact IBM’s secure hybrid cloud value proposition. With Data Privacy Passports, it puts data privacy out front and center— and I believe this will appeal to enterprises feeling increased trepidation about their cloud transformation and the associated potential security vulnerabilities. I love that Data Privacy Passports extends mainframe-grade security to any app, anywhere. Z mainframes have always been great transaction engines and with Data Privacy Passports it becomes the enterprise’s data and security transaction engine. The IBM security and privacy value proposition is incredibly strong.  

While IBM has to prove to me it can execute for me to fully get behind its cloud capabilities, I applaud its efforts to enable cloud-native development on the platform. It’s on the right track and now it needs to deliver. I think it’s vital that enterprises can write once and deploy anywhere.  

IBM’s Z mainframes are no doubt an important part of industry history—with z15, IBM has a good chance for extending its relevance into the secure hybrid cloud future.  

Note: Moor Insights & Strategy writers and editors may have contributed to this article.