Cutting-Edge IBM Z Innovations
Red Hat OpenShift, IBM Cloud Paks and more facilitate digital transformation.
By Shirley S. Savage01/02/2020
Open-source innovations are advancing cloud solutions on IBM Z* while preserving the data privacy and protection inherent in the system. These innovations include Red Hat OpenShift*, an enterprise containers and Kubernetes platform that provides a common environment for cloud-native workloads, and IBM Cloud Paks*, complete solutions that provide a common, consistent and integrated environment for cloud-native workloads. Cloud Paks run on top of Red Hat’s OpenShift container platform.
In addition, the recently introduced IBM Hyper Protect Virtual Servers are the first customer-managed, IBM Z and LinuxONE* architecture-based virtual servers offered for use in hybrid clouds.
These technologies benefit from the IBM Z platform’s scalability, encryption everywhere and cloud-native development.
Red Hat OpenShift on IBM Z and LinuxONE
Red Hat OpenShift, which Red Hat and IBM announced as a statement of direction for IBM Z clients late last year with planned availability in early first quarter 2020, is a container-orchestration platform built on Kubernetes. It enables enterprises to harness cutting edge open-source technologies to boost current application deployment and support next generation applications.
OpenShift uniquely enables Containers as a Service (CaaS) as well as Platform as a Service (PaaS). “The combination of CaaS and PaaS gives IBM Z clients an enterprise-ready solution and has full exposure to existing and next generation open-source applications,” says Mike Barrett, senior director of product management for Kubernetes Investments at Red Hat. OpenShift gives IBM Z and LinuxONE users the maximum flexibility and agility to build CaaS and PaaS and deploy them in the cloud on IBM Z or LinuxONE.
OpenShift has evolved to serve clients’ needs. Red Hat built a CaaS and PaaS experience to satisfy platform owners and code owners. OpenShift also has simplified upgrades to reduce downtime between the OS and Kubernetes. The combination of Linux* containers and Kubernetes is like an engine that OpenShift operates in the enterprise’s technology stack to create an agnostic cloud layer. As a result, OpenShift handles more use cases than default Kubernetes including multitenancy, edge routing, authorization, pod security, container lifecycling and continuous integration/continuous delivery (CI/CD).
Clients receive many benefits from running OpenShift, including faster time to market, better experience for end users, portability, cloud access and Agile development practices.
With more than 1,000 clients, OpenShift has assisted a variety of industries. Any client involved in digital transformation needs OpenShift’s ability to quickly deliver new services to keep market share.
For IBM Z users, OpenShift enhances development and takes advantage of the IBM Z platform’s data protection, privacy and reliability capabilities. Cloud-native applications that were built on x86 can be enhanced and deployed on IBM Z and remain close to where the data lives, reducing latency and improving protection, privacy and availability. Users gain processing efficiencies, yielding the most cost-effective way to meet data protection and industry-specific regulatory requirements.
“OpenShift on IBM Z results in an ability to reap those benefits in faster application development in a common developer experience,” Barrett notes. “The combination of OpenShift and IBM Z gives users the keys to unlock brand new markets or new experiences for their customers more rapidly,” he says.
“The combination of OpenShift and IBM Z gives users the keys to unlock brand new markets or new experiences for their customers more rapidly.”
IBM Cloud Paks for Digital Transformation
Red Hat OpenShift is a strategic enterprise hybrid multicloud platform. With OpenShift available on IBM Z in early 2020, IBM has launched a new IBM Cloud Paks offering that integrates both IBM and Red Hat OpenShift technologies. Cloud Paks give developers, data managers and administrators an open environment for building cloud-native applications, modernizing and extending existing applications as well as the deployment of applications and middleware across multiple clouds. The family is comprised of IBM Cloud Pak for Applications, IBM Cloud Pak for Data, IBM Cloud Pak for Integration, IBM Cloud Pak for Multicloud Management and IBM Cloud Pak for Automation.
Cloud Paks provide a complete solution and are designed to include containerized IBM software, middleware, tooling, runtimes and open-source components. Cloud Paks have added capabilities for workload deployment, lifecycle management and production quality of services. All of the Cloud Paks include the Red Hat OpenShift container platform and are certified to meet enterprises client requirements. The Cloud Paks have an integrated set of core operational services including metering, monitoring, identity and access management.
“IBM looked at areas where we could help enterprise clients run containerized workloads in a consistent, integrated environment across their IT infrastructure,” says Kavita Sehgal, offering manager, IBM Hybrid Cloud Platform on IBM Z and LinuxONE. “There are specific bundled packages to meet these client requirements,” she notes.
Cloud Paks on IBM Z gain all of the benefits of the platform—data encryption, scalability and cloud integration.
Cloud Paks offer a unified user experience with consumption-based pricing on a pay-as-you-go model. If clients want to just pay for what they consume, they can do that. They can purchase a license if that’s preferred. Further, clients can pick and choose what software and tools they want to use within the Cloud Paks.
Users can manage Cloud Paks using a single display through the Red Hat OpenShift platform, providing flexibility and simplification. “You don’t have to go to different management tools or a different environment to see what’s happening,” Sehgal notes. “It brings everything together into a highly consistent and integrated environment,” she says.
Because Cloud Paks run on Red Hat OpenShift, clients benefit from a complete hybrid multicloud model. They can run the workloads anywhere OpenShift can run including on-premises or off-premises, in the IBM Cloud* as well as Microsoft* Azure Cloud, Google Cloud and Amazon Web Services.
Cloud Paks can help clients modernize and extend the mainframe to new workloads and applications while keeping the secure and resilient environment that supports their mission-critical workloads. Enterprises don’t need to worry about specialized skill sets either because IBM Z and Cloud Paks technologies offer a common experience. If IT developers and admins understand x86, they will understand the tooling and applications on IBM Z, Cloud Paks and OpenShift. “We have created a common, consistent and agile platform without staff needing specialized skills to run it,” Sehgal says.
“IBM Z continues to re-invent itself, aligning its strengths and building new capabilities to meet the business needs for today's clients and industries.”
Secure and Versatile
Data protection and privacy are built into everything the IBM Z platform offers. This is especially important for cloud, where potential threats to data security are numerous. Threats can surface during an application’s development and production cycle. Encryption is needed to protect an application in production as insiders may pose a threat.
Organizations need to incorporate secure design practices in their development operations and embrace DevSecOps to protect the applications from vulnerabilities and threats that can compromise data and impact the business. “To ensure that data and application are protected, IBM is delivering capabilities that clients can deploy on-premises and off-premises in the cloud configuration of their choice,” says Diana Henderson, offering manager, IBM Z and LinuxONE.
To address security concerns like these during the development process, IBM introduced a secure service container-based technology called Hyper Protect Virtual Server available on-premises (IBM Hyper Protect Virtual Servers) and off-premises (IBM Cloud Hyper Protect Virtual Servers). This offering set protects containerized Linux workloads deployed to IBM Z or LinuxONE throughout their lifecycle. The solution is designed to protect mission-critical applications in a hybrid multicloud environment.
With Hyper Protect Virtual Server (both on-premises and off-premises), clients can:
- Enable developers to build their applications securely and with integrity around the application
- Protect workloads from any individual accessing the workload or data that’s running on a virtual server
- Validate that application users are accessing an application that’s securely built and deployed, and originates from a trusted source. The client can introduce a validation mechanism into their auditing processes.
“IBM wants chief information security officers to be confident that their data is protected and held private from any threats throughout the application’s lifecycle,” Henderson says. IBM enables a secure build flow for applications using a CI/CD process as well as signing and encrypting the application.
Highly regulated industries, enterprises that want to protect mission-critical data and cloud providers will benefit from Hyper Protect Virtual Servers. Financial services, especially the evolving fintech organizations and digital asset exchanges, are interested in services that assist with tokenization and digitization of assets. “The Hyper Protect Virtual Server solution is resonating with this sector,” Henderson notes.
IBM Cloud Hyper Protect Virtual Server is part of a four-service portfolio. The other three family members are:
- IBM Cloud Hyper Protect Crypto Services—A key management and cloud hardware security module, enabling clients to bring their own cryptographic keys and store them securely in the IBM Cloud
- IBM Cloud Hyper Protect DBaaS—A DBaaS offering that builds on the IBM Z data serving platform and focuses on open-source databases like MongoDB and PostgreSQL, covering both SQL and non-SQL data sets
- IBM Cloud Hyper Protect Container Services—to manage the Kubernetes layer for container-based workloads
“IBM is working to ensure that the security, data protection and privacy capabilities of IBM Z are available in the public cloud as well as on-premises,” notes Henderson. IBM Hyper Protect Virtual Servers is available for on-premises deployment and IBM Cloud Hyper Protect Virtual Server is available in the IBM Cloud.
The Hybrid Multicloud Journey
“IBM Z continues to re-invent itself, aligning its strengths and building new capabilities to meet the business needs for today’s clients and industries,” says Henderson. It uses modern tooling and modern technology so that developers working in a public cloud instance don’t have to know IBM Z to consume its services.
As enterprises look to place their mission-critical workloads in their hybrid multicloud, IBM Z is supporting clients to make their cloud journey exciting, innovative and successful.
z/OS / Linux on IBM Z / z/VM / z/VSE / Article / Cloud security / Cloud strategy / Hybrid cloud / IBM Z / Public cloud / Data security / Open source on IBM Z / Multicloud / LinuxONE / Automation / High availability
Shirley S. Savage is a writer and communications strategist. She's fascinated by tech, science, finance, energy and the way innovative people think.