Presto crypto: IBM releases gruntier, faster Z14 mainframe

Secure shelter under expanded cryptographic umbrella

z14_detail
IBM z14 mainframe detail

IBM has launched its latest, newest, biggest, baddest mainframe, the z14 system.

It features the next generation of IBM's CMOS mainframe chip technology, with 10-core processors using 14nm silicon-on-insulator technology, and running at 5.2GHz, claimed to be the fastest processor in the industry. Each core has hardware accelerated encryption implementing a CP Assist for Cryptographic Function (CPACF). The CPU also has 1.5 times more on-chip cache per core compared to the z13. There can be up to 32TB of memory, three times the z13 maximum, and its IO is three times faster as well.

A compression co-processor in each core has been improved to use fewer CPU cycles for compression/de-compression and DB2 will take advantage of that in the future.

IBM says the z14 has 10 per cent more performance per core than z13, and there are up to 170 configurable cores, meaning up to 35 per cent more total capacity in a single footprint compared to a z13.

IBM_z14_PR_shot

IBM z14 PR shot

The z14 CPU has new instructions in the single instruction, multiple data (SIMD) facility that speeds traditional decimal operation workloads (i.e. COBOL 6.2, PL/I 5.2) and analytics (ie, Apache Spark for z/OS) beyond that provided by the faster processor.

IBM claims the z14 can run Java workloads 50 per cent faster than x86 alternatives. FICON SAN access features 10 times lower latency than the z13 with the zHyperLink Express, enabling application response time to be cut in half.

The z14 has a scalable system structure that delivers up to a 35 per cent capacity increase for traditional workloads and an up to a 35 per cent capacity increase for Linux workloads compared to the previous generation z13.

There is coming z/OS software that will provide capabilities for private cloud service delivery, that will include support of workflow extensions for IBM Cloud Provisioning and Management for z/OS and real-time SMF analytics infrastructure support.

Encryption

The z13 was launched in 2015. At the time we wrote it was grunty enough to do “real time encryption of all mobile transactions at any scale” up to a claimed 2.5 billion transactions a day. The z14 is even gruntier and bumps that up almost five fold to 12 billion encrypted transactions per day.

Big Blue burbles it can run the world's largest MongoDB instance with 2.5x faster NodeJS performance compared to paltry x86-based platforms. It supports 2,000,000 Docker containers and 1,000 concurrent NoSQL databases, it's claimed.

The system has an encryption engine, has a 7x increase in cryptographic performance over the z13, with a 4x increase in silicon dedicated to cryptographic algorithms. It protects encryption keys with so-called tamper responding hardware which invalidates keys at any sign of meddling, and IBM says they can be later restored safely. This capability can be extended outside the z14 to storage systems and servers in the cloud.

A Secure Service Container protects is claimed to protect against insider threats from contractors and privileged users, providing automatic data and code encryption in-flight and at-rest, and tamper-resistance during installation and runtime. Information has to be decrypted before it is processed, of course.

This mainframe responds to API calls from cloud services and z14 developers can call any cloud service. These APIs can be encrypted nearly three times faster than x86 systems, claims IBM.

The z14 can "pervasively encrypt data associated with any application, cloud service or database all the time," including IBM's Cloud Blockchain service. The company has set up IBM Cloud Blockchain data centres in Dallas, London, Frankfurt, Sao Paolo, Tokyo and Toronto, which are secured using the capital Z mainframe as the encryption engine.

Ross Mauri, general manager IBM Z, gave out an (unencrypted) canned quote saying: "The vast majority of stolen or leaked data today is in the open and easy to use because encryption has been very difficult and expensive to do at scale. We created a data protection engine for the cloud era to have a significant and immediate impact on global data security."

There are new container pricing models:

  • Microservices and applications can be co-located to optimize qualities of services priced competitively (IBM claims) with public cloud and on-premises systems,
  • Application development and test - customers can triple capacity with no increase in their monthly licence charge,
  • Pricing based on the payments volume a bank processes, not the available capacity,

These pricing models are scalable within and across logical partitions (LPARs) and provide better metering, capping and billing.

Our thoughts

The two biggest threats to IBM's continued mainframe revenue stream are x86 servers and the public cloud, hence IBM's Z release being littered with "better than x86" statements and claims. The pervasive encryption should encourage security-conscious CIOS to keep mainframe apps on the mainframe and in-house, helping to stem the dykes walling off the x86 server and public cloud seas threatening to breach its proprietary mainframe profit centre.

The pricing changes are intended to fend off the public cloud as well.

An analysis from Toni Sacconaghi Jr for Bernstein Research says IBM's hardware business is in secular decline, and, while mainframe hardware contributes just 3 per cent of revenues, the overall mainframe platform accounted for nearly a quarter of total IBM revenues and an estimated 40 per cent of profits in 2016.

Sacconaghi said he has seen a decline in mainframe hardware revenues from a historic $3bn - $4bn a year to $2bn in fiscal 2016, attributable to fewer new workloads or volumes moving to the mainframe, and some potential migration of Linux workloads off the mainframe.

The overall mainframe platform revenues come from IBM's base and not from new hardware sales. Consequently the z14's prime role is to support and continue this installed base revenue stream.

Container pricing for IBM Z is planned to be available by year-end 2017 and enabled in z/OS V2.2 and z/OS V2.3. Get a z14 datasheet here. ®


Biting the hand that feeds IT © 1998–2017