It’s that time again, the time that most observers in the industry say will never happen. IBM is releasing the next generation of its z Systems mainframe products called the z14. IBM has seen an acceleration of sales across its z Systems business unit helped, in part, by the LinuxONE models. With z14, IBM will be expecting that sales pattern to continue and given the focus of the platform, there is ever likelihood that this will be the case.
Survival and growth Darwin style – continual evolution through adaptation
The z Systems group has been playing the evolution game for the last few releases. It started with z12 but it was the z13 and LinuxONE that brought the platform into line with rapidly changing customer workloads. IBM targeted cloud, mobile, data and security with all those releases and with z14 it is continuing to do so.
It is doing more than just evolving the platform. It has changed the image and perception of the z Systems platforms. This has been central to its success in this space. Without that image change it would have struggled to compete with other architectures.
Five years ago the mainframe would not have been seen as a cloud platform. However, the z13 and LinuxONE models have changed that. IBM has attracted a new generation of customers to the platform including a number of service providers who are offering z13-based cloud services.
Security, analytics and cloud head the key messages for z14
IBM has zeroed in on three key messages for z14. The first two of these are around analytics and cloud. They are:
Intelligence and Insight
This extends the use of the platform for analytics and transactional data. Earlier this year IBM brought the machine learning foundation from its Watson product to z Systems. With z14 it now becomes an integral part of the analytics and insight messaging. Much of the data on the mainframe has been left out of the existing generation of machine learning solutions. IBM is addressing that and providing customers with the tools to mine operational and transactional data.
Open and Connected
When IBM launched its Platform-as-a-Service (PaaS) solution, IBM Bluemix, it decided that it should treat z13 and LinuxONE as first class deployment platforms. It is now moving further down that line. It is delivering new Application Programming Interfaces (APIs) to its own services and applications to allow applications on the two platform to access data sources anywhere they exist. This also allows developers to write their own code to integrate with those platforms ensuring that they are at the centre not the edge of enterprise computing.
Nowhere is this more important than blockchain. IBM has invested heavily in blockchain with over 140 projects currently in place. All of these sit on LinuxONE and IBM will be shortly be announcing the next generation of this platform which will be based on the z14.
Perhaps the biggest step change for cloud and z14 is the density of workload that will be supported. With z13 IBM focused on Virtual Machines (VMs), supporting up to 8,000 on a single box. When it launched Docker Enterprise Edition for z13 it said it was able to run up to 1 million containers on a single platform. With z14 IBM is doubling that number to 2 million containers. This density of containers on a single z14 is the highest capacity of any compute platform. It means that customers running very large container driven environments will be able to do so at very low cost per container.
Pervasive Encryption for the Digital Enterprise
Encryption is the third key message for z14. The mainframe has always been a secure platform and IBM has continued to invest in the encryption capabilities of the platform over the last decade. With z14 IBM is targeting the increasing demand from customers and regulators for encryption. Encryption is challenging especially from a computational standpoint. Applications do not work with encrypted data they need it to be decrypted so that they can perform operations on the data.
With z14, IBM is offering customers a platform that will encrypt and decrypt in real-time across all workloads. More importantly, IBM is saying that the computational power required to do this will be under 5% of the capability of the z14. It is achieving this through the use of the next generations of plug-in boards that do encryption on data as it passes through the system. There will be no need for customers to change applications either commercially acquired ones or those written in-house.
There are several things that will appeal to customers. The very low computational requirement means that customers will see no impact to their SLAs. With no need to rewrite or rearchitect applications customers get the benefit without having to change anything. It is, effectively, just there in the platform. More importantly, in a world where companies will have a data breach, any stolen data will be encrypted. This makes it useless to hackers and cyber criminals and significantly adds to the security stance of the enterprise. IBM is calling this “Data as the new perimeter.”
This is not just about data at rest. IBM is looking to encrypt all data in-flight and more importantly APIs. This is a major step change in the amount of data encrypted around organisations. The work is carried out by the CryptoExpress card and IBM has delivered a new version of the hardware with the launch of the z14.
One of the weaknesses of all encryption systems is the key mechanism. To protect keys IBM has release a new full-lifecycle encryption key management solution. It is also promising that the encryption keys will be protected at the hardware level with tamper-responding cryptographic hardware. That hardware meets the requirements of the FIPS 140-2 Level 4 which is the highest level defined by NIST. This is the highest level of physical security defined by NIST.
CIC Analysis: Actions that speak louder than words
Encryption is costly, especially in terms of computational cycles. Even with a z Systems platform with a lot of processing capacity, to do real-time encryption of everything is a major hit. IBM is telling everyone that it will take less than 5% of the processing capability of the platform to meet this goal. When asked if this number relates to real-world workloads the company says yes. The testing has apparently been carried out by a third-party but the details of what workloads, under what conditions and the results are not yet public. Only when that arrives can the figure of less than 5% be validated.
What is important here is that IBM is going substantially beyond other offerings in the market. Short of deploying a fully homomorphic encryption that would ensure data is encrypted from creation to destruction, this is the next best thing.
The protection for encryption keys is also important irrespective of whom the customer is. Cloud Service Providers (CSPs) have been seeing an increase in customers who want to bring their own encryption keys. With the growth of CSPs looking to buy and deploy z Systems platforms, this will be a feature that they will want to offer customers. They will be wary of the cycles required to encrypt and decrypt but they will see it as a differentiator that they can offer as an added service.
IBM has not disappointed since it revamped the z Systems division. More importantly, its actions on enabling pervasive encryption, demonstrates how the company is speaking loudly on its words of placing “trust” at the heart of its technology, portfolio and services. With the accessibility of these new features, we expect customers to move quickly to take advantage of what is now on offer.
Ian Murphy is a Principal Analyst at Creative Intellect Consulting. He has worked as an analyst for more than 25 years. He is editor of Enterprise Times in addition to his role as an industry analyst at CIC. Ian has been a guest speaker at a number of vendor conferences.
Creative Intellect Consulting is an analyst research, advisory and consulting firm founded by Bola Rotibi, an experienced and renowned expert analyst in the field of software development, delivery and lifecycle management processes, technologies and tools.
The blog was first published by Creative Intellect Consulting and is reused here with permission.
