IBM z15: Next-Gen Security and Resiliency for Hybrid Multicloud
The IBM z15 provides the cloud you want with the privacy and security you need.
IBM Z Offering Manager Matt Whitbourne, IBM Z Product Manager Miao Zhang-Cohen and IBM Z Design Lead Kirsten McDonald pose with the new z15, Image by Matt Carr
By Angela Fresne11/01/2019
The IBM z15* was announced on Sept. 12. The mantra for this latest generation of the enterprise platform is “the cloud you want with the privacy and security you need,” announcing to the world that the IBM Z* platform is ready to help integrate sensitive workloads into the hybrid
IBM is rolling out major steps in three primary areas: data privacy and security, resiliency, and compression. All of these features align well with key needs for a hybrid multicloud world: flexibility, resiliency and security. With over 3,000 patents for innovation, IBM Z aficionados will want to discover many new features. Learn more about IBM z15 features and functions.
The Hybrid Multicloud
As organizations continue their business transformation and aim to move more critical workloads to the cloud, flexibility, security and compliance are top of mind. Organizations look for a system that will seamlessly integrate public cloud solutions with their on-premises infrastructure—that is, a hybrid multicloud, while leveraging cloud-native development capabilities. However, security and resiliency capabilities that exist today in public clouds have kept organizations from going “all in.” IBM expects that to change and is stepping up to the plate to show clients they can extend the IBM Z platform’s industry-leading service-level agreements (SLAs) into the cloud, making it mission-critical and ready for a hybrid multicloud world.
To meet these needs, cloud offerings have grown along with the IBM Z platform. In fact, over the last five years, significant changes have been made with the introduction of pervasive encryption, container orchestration, open tooling and development applications, and cloud services. In addition, IBM and Red Hat have announced their intention to support the Red Hat OpenShift Container Platform on IBM Z and IBM LinuxONE*, which is expected to bring greater portability and agility through integrated tooling and a feature-rich ecosystem for cloud-native development.
The most telling proof point of this evolution is how IBM Z clients are using their infrastructure to leverage the best of IBM Z while embracing the cloud. Emid, a core-banking solution cloud provider, requires an IT infrastructure capable of supporting numerous banks simultaneously, while offering exceptional performance, reliability, scalability, data protection and privacy. Emid has relied on the IBM Z platform for many years and their story is a favorite of Ross Mauri, general manager of IBM Z, because “Emid’s integration of hybrid cloud, digital transformation and mobile takes advantage of the strength of the IBM Z platform, demonstrating how to leverage the cloud to serve clients in the most secure, most protected way possible.”
Building Clouds With Flexibility
The whole point of cloud is agility and flexibility to quickly add new services. It’s now possible to both modernize and extend existing z/OS* applications as well as design new hybrid solutions using containers, Kubernetes and tools that cloud-native developers are familiar with. In addition, developers can integrate z/OS technology-based services and resources for modern cloud development, enabling the integration of z/OS services into hybrid applications.
That may not sound like a big deal if you’re not familiar with the levels of security, privacy, availability and resiliency that the IBM Z platform provides. But we’ll go ahead and clue you in: It means that you can now seamlessly integrate those z/OS services into the hybrid multicloud with consistent management and orchestration, and easily create new solutions, even cloud-based, that leverage those SLAs.
Form factor also impacts flexibility in the data center. Until launching the IBM z14* ZR1 in 2018, IBM Z servers all had an outsized form factor, requiring special accommodation. IBM z15 is the first top-of-line IBM Z server to slot into cloud data center racks with a 19-inch form factor. Mike Desens, vice president, Offering Management, also shared that the system is “expected to be 40% more energy efficient than 19-inch form factor x86 servers” due to the introduction of new power distribution options. The involvement of IBM Design in the product development cycle had a lot to do with that, and other features in this new generation of IBM Z. Read “IBM Z Meets IBM Design Thinking” on page 18 to learn about how IBM Design impacted IBM z15 development and how over 350 clients participated in that process.
Protecting the Future: Security and Privacy
Data security and compliance are some of the biggest barriers to moving workloads to the cloud. The IBM Z platform has long been known for having the highest commercially available server security features. Introduced in 2017, pervasive encryption on the system was a leap forward. With the new IBM z15, “encryption everywhere” extends this throughout the hybrid multicloud with IBM Data Privacy Passports, so that encryption is extended to data wherever it resides. It travels with the data and access can be managed or revoked no matter where the data is. So now, data that's in the cloud is protected at the same levels as data on-premises—and this new capability extends to data from all platforms, not just IBM Z.
IBM Z Meets IBM Design Thinking
IBM started applying Design Thinking in 2014, publicly releasing a formal framework aligning multidisciplinary teams around the real needs of users in 2016. The Design Thinking cycle involves observing what’s important to users and discerning client needs to come up with solutions, often times with them, that align with those needs. Adam Cutler, the first Distinguished Designer at IBM, says the team put in place around Design makes, “a conscious commitment to prioritize users over other, sometimes competing, business concerns.”
The IBM Z management team made that commitment at the start of the development cycle for the z15. Kirsten McDonald, design lead, IBM Z, began what she calls a “radical collaboration between Offering Management (reflecting the needs of the market and the business), Design (to understand what problems our users think are worth solving) and Engineering (to make sure it all works technically).” Clients and users, and their feedback, are at the center of the Design Thinking process. The z15 team worked with over 350 people in 103 enterprises, logging more than 450 interaction hours with clients. Their feedback led to some exciting changes in the z15 design.
There’s no doubt that form factor, or being able to easily slide IBM Z systems into the existing data center racks, is a priority for clients. Up to now, the top-of-line IBM Z servers had an outsized form factor. That changes with the z15 and the form factor is now 19 inches, the data center standard. Just what the client asked for.
Security is also top of mind, and clients told the Design team how critical it was to extend pervasive encryption capabilities to data outside the data center. But beyond security, they also wanted compliance policies to be applied to data wherever it goes. As a result, IBM Data Privacy Passports were created, enabling the IBM Z platform’s security and compliance rules to follow data wherever it travels, including into the cloud.
When the team was working on the System Boot Recovery, clients indicated that speed of reboot was not the only issue. Time to shut down was also costly. The team decided to focus on both, decreasing the end-to-end time by 50%.
Shani Sandy, IBM’s first IBM design executive, IBM Z, summarizes it best. Through the Design process, she says, “We’ve gained deep engagement, and analysis, surpassing best practices while improving the usability of our offerings for our customers. We’re working together to design the next generation of the IBM Z platform for a changing world.”
With quantum-safe digital signatures, we're starting to tackle the kind of future security challenges that clients haven't even considered yet.
It’s not just about data protection though; it’s also about data privacy. “IBM Data Privacy Passports technology enables you to set policies that travel with the data. More than that, you maintain control because if and when policies change, you can propagate that. Wherever the data has been sent, the policy will follow,” says Matt Whitbourne, IBM Z offering manager.
In addition, with the new IBM Z Data Privacy for Diagnostics feature, pervasive encryption is now applied to diagnostic data captured to troubleshoot issues and often shared with support partners, ensuring that you get optimum support without compromising data privacy.
Quantum computing advances have given rise to great concern about the future viability of current cryptographic algorithms. The IBM z15 is starting the journey to a quantum-safe IBM Z platform by providing quantum-safe digital signing algorithms as part of the base system. IBM has announced its intention to introduce additional hardware-specific support throughout the IBM z15 timeframe, including providing primitives, which support lattice-based algorithms, support for the dilithium algorithms as well as internal usage of quantum-safe signatures. “With quantum-safe digital signatures, we’re starting to tackle the kind of future security challenges that clients haven’t even considered yet,” Whitbourne says.
Delivering Resiliency and Performance
IBM Z clients run some of the highest volumes of transactions in the world, so every micro-second of performance counts. Desens shared that the IBM z15, built on 14-nanometer technology, “provides a 14% increase in single thread performance compared to the IBM z14, and a 25% overall performance increase with the increase in cores from 170 to 190.” That adds up to the capacity for 1 trillion secure web transactions a day or 19 billion encrypted transactions a day.
This new Instant Recovery is a first-of-a-kind capability that provides the boost to rapidly complete the transaction backlog without incurring additional IBM software cost to our clients.
In an “always on” world where clients expect 24-7 service, resiliency is a must. The IBM Z platform was already one of the most resilient systems with features like Parallel Sysplex providing 99.99999% availability, dynamic workload balancing and no single point of failure. It also boasts GDPS driving long-distance failure recovery with a single point of control and enabling the creation of secure point-in-time copies of critical source data for restoring. Miao Zhang-Cohen, product manager for IBM Z, notes that the new system “provides 2.5x faster GDPS reconfiguration for site switch or CPC failover.”
Planned outages for maintenance and updates are a reality for any data center, but every second of downtime is costly. The new Instant Recovery feature reduces the time needed for shutdown and reboot. In addition, the feature also concentrates more processing power on the recovery cycle after reboot to catch up 2x faster than before on transactions in holding while the partition is offline. End-to-end, that represents a 50% improvement in the time to get back to business. Combined with existing resiliency features, this creates what IBM calls “instant recovery,” a precious capability for anyone with high volumes of transactions and higher-than-average cost of downtime. “This new Instant Recovery is a first-of-a-kind capability that provides the boost to rapidly complete the transaction backlog without incurring additional IBM software cost to our clients,” Zhang-Cohen says.
Increasing amounts of data are adding to the cost of storage and also slowing down system performance. With a hybrid multicloud infrastructure, data needs to circulate across systems with speed and protection. The IBM z15 introduces on-chip compression, increasing throughput by 17x from previous systems and an astonishing 42x over software compression on x86 systems. This capability will enable clients to “store data cheaper, reduce latency and make sending files from one system to another easier” says Whitbourne. It can even ultimately reduce MIPS usage, according to Desens. In addition, encryption simply performs better due to the smaller data footprint.
z15: Elevating Cloud Strategy
Cloud isn’t a trend that will soon fade away. Seamlessly integrating on-premises infrastructure into the hybrid multicloud while maintaining resiliency, availability, scalability, and data privacy and protection is the holy grail. The IBM z15 has taken some huge steps forward to make that possible. It includes the extension of the highest industry SLA standards in security, resilience and scale to the hybrid cloud, the reduction of the service window, the introduction of on-chip compression reducing costs for data and improving performance, and newly introduced cloud-native development capabilities. And as Desens says, “the economics of IBM Z just make sense.”
Angela is responsible for IBM TechU business development and curriculum management.
See more by Angela Fresne