Lower-cost IBM z15 mainframes add security for multi-clouds

Eight months after delivering its high-end z15 mainframe, IBM this week filled out the lower end of that line with two less expensive air-cooled, single chassis models that run zOS and LinuxOne.

While the company hopes the less expensive systems bring new users to the mainframe, the more strategic goal is to ease its core customers' efforts to both integrate and secure their mainframe data and applications in IBM hybrid and multi-cloud environments.

To that end, the company debuted new security software that blocks both internal and external threats on premises and across hybrid clouds, as well as software to manage data privacy across multi-cloud environments.

Both the IBM z15 T02 and LinuxOne III LT2, which utilize the core capabilities of the z15, contain IBM's Secure Execution for Linux to provide scalable isolation for individual workloads. This allows users to defend against insider attacks and deal with complexities involving new compliance regulations like GDPR and the California Consumer Privacy Act. The new security software can isolate workloads residing on premises, as well as across hybrid clouds.

"Large banks and insurance companies are very protective of their data. In order to adhere to the latest regulations, they have to show compliance in how they handle data," said Ross Mauri, general manager of IBM's Z and LinuxOne product lines. "With these offerings we are lifting security for users up to the banking level of security. The security you used to get in hardware for logical partitions is now moved up the virtual machine level for both zOS and Linux users."

One analyst appreciates the tricky task IBM is trying to accomplish with its latest security offerings.

"IBM appears focused on two contradictory concepts," said Peter Rutten, research director at IDC's enterprise infrastructure practice. "They are trying to make the platform open to anyone, but also trying to make it as secure as possible. The newer technologies, such as Secure Execution technology in a Kubernetes cluster, address that conundrum."

The new security capabilities for the Linux-based mainframe comes at an opportune time for IBM, given the rapid migration from on-premises to multiple cloud environments.

"For decades, the mainframe has been considered the most secure platform, particularly with [IBM's] pervasive encryption technology," said Judith Hurwitz, president of Hurwitz & Associates, a research and consulting firm. "But adding this new [security] layer, especially in this era of highly distributed computing, is smart." The arrival of the less expensive systems may also be fortuitous from a cost standpoint. In her discussions with corporate users, Hurwitz said many of them believe moving from a mainframe to the cloud would be much less expensive because they could sidestep spending on hiring and managing hard-to-find mainframe experience. But some users have experienced buyer's remorse when they stumble across the hidden and sometimes significant costs associated with managing and maintaining multi-cloud environments.

"Generally, users need to more carefully consider those [hidden cloud] costs along with the ongoing costs of supporting hundreds of servers linked together with all their configuration management issues," Hurwitz said. "Customers tell me they are taking a hard look at costs as we get into the industrialization of the cloud. Times are getting tough out there."

The arrival of the T02, the little brother to the higher-end z15 system announced last September, didn't come as a surprise to some analysts. IBM did not provide pricing details, but the company has traditionally rolled out less expensive lower-end systems in part to attract new users to the platform.

They are trying to make the platform open to anyone, but also trying to make it as secure as possible. The newer technologies, such as Secure Execution technology in a Kubernetes cluster, address that conundrum.

"The T02 isn't particularly surprising or notable as it is filling out the z15 lineup," said Mike Chuba, managing vice president at Gartner's infrastructure and operations group. "The most notable aspect of the hardware announcement is the increase to a maximum of 65 Linux engines, up from 30 on the z14 version."

This is notable because the majority of new users IBM attracts to the mainframe platform come almost exclusively from the Linux world, according to Chuba, and the significant uptick in performance in the new machine could add further appeal.

"The 65 engines give IBM the scalability to go after organizations needing a robust system, but who also may not have ample z/OS skills in their geography," Chuba said. "The new Secure Execution for Linux complements the hardware in that quest."

The new systems, like the z15, have an uptime performance rating of 99.99999% (seven nines), which translates to an average of 30 seconds of downtime per year.

Using the new security features as leverage, IBM hopes to make gains in the broader security market by becoming corporate users' primary source of managing security for not just the IBM Cloud, but with competing clouds users might have inside their organizations, including Microsoft Azure, Google Cloud and AWS via the protections offered by IBM's Data Privacy Passports software.

"They're trying to take over the management of security, including the controls and policies going from the private cloud all the way out to the public cloud," said Frank Dzubeck, president of Communications Network Architects Inc. "They would like to be the manager of all security within large corporations with multiple environments."

Complementing the new hardware and security offerings, IBM also debuted Enterprise Key Management Foundation which offers a centralized and secure management of keys for z/OS management; flexible compute capabilities to increase physical capacity and enhanced high-availability options; and a new version of Red Hat OpenShift Container Platform, which will be available for both the IBM Z and LinuxOne machines.

IBM Secure Execution for Linux along with the z15 T02 and LinuxOne III LT2 will be available on May 15, 2020.