IBM z15 mainframe, amps-up cloud, security features

IBM z15 mainframe, amps-up cloud, security features

IBM has rolled out a new generation of mainframes – the z15 – that not only bolsters the speed and power of the Big Iron but promises to integrate hybrid cloud, data privacy and security controls for modern workloads.

On the hardware side, the z15 mainframe systems ramp up performance and efficiency. For example IBM claims 14 percent more performance per core, 25 percent more system capacity, 25percent more memory, and 20 percent more I/O connectivity than the previous iteration, the z14 system.

IBM also says the system can save customers 50 percent of costs over operating x86-based servers and use 40 percent less power than a comparable x86 server farm. And the z15 has the capacity to handle scalable environments such as supporting 2.4 million Docker containers on a single system.

“We are all aware of the diminishing benefits of Moore’s law. That IBM was able to deliver 14 percent more processor performance – more than it did with prior two generations – is impressive and provides reassurance to the large enterprises/Fortune 500 type organizations who have significant investment in the mainframe that IBM is continuing to invest and innovate,” said Mike Chuba, managing vice president in the Infrastructure and Operations group  at Gartner.

While the hardware portion of the Big Iron is impressive, analysts say it is the cloud, data privacy and security features that make this system intriguing.

The z14 can encrypt every file and restrict who can access the keys, but the z15 takes this support a big step forward. It can run 19 billion encrypted web transactions per day over the z14’s 12 billion daily maximum.

Data Privacy Passport

For the z15 IBM introduced what it calls Data Privacy Passports that promise to let customers control privacy and security by defining how all data is accessed, stored and shared.

The idea is to let customers  protect and provision data and revoke access to that data at any time, not only within the z15 environment but across an enterprise’s hybrid multicloud environment, said Barry Baker, vice president of  IBM Z Software. The z15 can also encrypt data everywhere – across hybrid multicloud environments – grant and revoke access to it and securely maintain control of it – even as it moves off the system of record, Baker said.

Specifically the Data Privacy Passport technology envelopes data in a protective package – what IBM calls trusted data objects – that includes customer-set policies and security that defines who has access to that data or particular parts of the data and what specifically they can look at. The customer can revoke access to the data at any point.

“The idea here is that we know, especially in the multicloud/hybrid cloud environments customers are building today, data doesn’t just sit on one location. Passport provides enforced enterprise-wide security policy based on needs and provable consumption of data,” Baker said.

In the end the z15 is a gatekeeper that protects data access and privacy at a time when personal and business data is constantly under attack, experts said.

“The z15 enhancements continue to decrease – but not totally eliminate – the exposure of unprotected data across and going outside the enterprise,” Chuba said.

The movement of data between partners and third parties is often the root cause of data breaches. In fact, 60 percent of businesses reported they suffered a data breach caused by a vendor or third party in 2018, IBM said.  With the growing adoption of hybrid multicloud environments, the importance of maintaining data security and privacy only grows more acute and challenging, IBM stated.

“Our clients will be really excited about the Data Privacy Passport which means so long as the data enters the z15 environment, it doesn’t matter where it goes or comes back, it is now encrypted and protected,” said  R “Ray” Wang, principal analyst, founder, and chairman of Constellation Research. “They protect the data at the point of extraction and enforced at point of consumption. You get a single protected table to provide multiple views of data. This is a game changer in a world of constant cyber security threats.”

z15 integration with Red Hat

As for the cloud world, The z15 system will get tighter integration with IBM’s Red Hat technology. In July IBM finalized its $34 billion purchase of Red Hat and began building a large ecosystem of cloud development. That began with IBM bundling Red Hat’s Kubernetes-based OpenShift Container Platform with more than 100 IBM products in what it calls Cloud Paks. OpenShift lets enterprise customers deploy and manage containers on their infrastructure of choice, be it private or public clouds, including AWS, Microsoft Azure, Google Cloud Platform, Alibaba and IBM Cloud.

The prepackaged Cloud Paks include a secured Kubernetes container and containerized IBM middleware designed to let customers quickly spin-up enterprise-ready containers, the company said.

For the mainframe, IBM said it will deliver IBM z/OS Cloud Broker for the Red Hat OpenShift container platform. This offering will provide direct, self-service access of z/OS computing resources to users through connectivity to Kubernetes containers. IBM said it intends to deliver IBM Cloud Pak offerings to Linux on IBM z and LinuxONE offerings. LinuxONE is IBM’s highly successful mainframe system designed specifically to support Linux environments.

“For clients new to mainframe, they will want to start on the LinuxONE z15. This will allow them to easily design, test, and deploy new apps,” Wang said. “For existing mainframe clients, this is an exponential improvement in performance and security for the multi-cloud, hybrid-cloud world.”

Some of the goals here are to increase container density and help customers build containerized applications that can scale vertically and horizontally. The vision is for OpenShift-enabled IBM software to become the foundational building blocks customers use to transform their organizations, IBM said.

“Most of our customers want solutions that support hybrid-cloud workloads and the flexibility to run those workloads anywhere, and z/OS Cloud Broker for Red Hat will be the central point for how we enable cloud-native on the platform,” Baker said.

The big challenge for IBM is being sure it is part of the conversation when organizations are trying to reconcile  the right mix of public cloud, hosting, co-location or on-premises, said Gartner’s Chuba

In related news, IBM this week demonstrated its Cloud Foundry Enterprise Environment running on Red Hat’s OpenShift container platform.

Cloud Foundry technology is the underpinning for IBM Cloud services and with this support Cloud Foundry users could run applications on OpenShift, opening up new application-development options for users.

“Running those mission-critical applications that demand the highest qualities of service – availability, security, etc. – is IBM’s historical strength, but new workloads and applications where a cloud-like model that is built on speed and agility, with flexible pay-as-you-go models is where IBM has struggled,” Chuba said. “Those decision makers may not necessarily be the audience that IBM has historically carried sway with or even have knowledge of, but maybe the Red Hat OpenShift aspect helps.”

z15 resiliency

Another feature new to the z15 is the ability to stay up and running during planned and unplanned downtime. The Instant Recovery feature lets the z15 automatically bring up unused cores – a fully loaded z15 supports 190 cores – to back up workloads during downtime. Customers can shorten downtime and rapidly restore services and utilize that extra capacity to dynamically process any delayed transactions, Baker said.

Paired with the z15 is a new all-flash storage array. The IBM DS8900F family scales from 12TB to 5,898TB of flash storage, and the system creates what IBM calls “a trusted storage network across data centers that encrypts data both in flight and at rest without requiring application changes.”