IBM Unveils z15 With Industry-First Data Privacy Capabilities
ARMONK, N.Y., September 12, 2019 — IBM today announced IBM z15, a new enterprise platform delivering the ability to manage the privacy of customer data across hybrid multicloud environments. With z15, clients can manage who gets access to data via policy-based controls, with an industry-first capability to revoke access to data across the hybrid cloud.
The movement of data between partners and third parties is often the root cause of data breaches. In fact, 60 percent of businesses reported they suffered a data breach caused by a vendor or third party in 20181. With the growing adoption of hybrid multicloud environments, the importance of maintaining data security and privacy only grows more acute and challenging.
The IBM z15 culminates four years of development with over 3,000 IBM Z patents issued or in process and represents a collaboration with input from over 100 companies. Key z15 innovations from these investments across IBM Systems and Research include:
- Encryption Everywhere – Building upon pervasive encryption, IBM unveiled new Data Privacy Passports technology2 that clients can use to gain control over how data is stored and shared – enabling the ability to protect and provision data and revoke access to that data at any time, not only within the z15 environment but across an enterprise’s hybrid multicloud environment. z15 can also encrypt data everywhere – across hybrid multicloud environments – to help enterprises secure their data wherever it travels.
- Cloud-Native Development – Can give clients a competitive advantage by evolving how they modernize apps in place, build new cloud-native apps and securely integrate their most important workloads across clouds. Clients are already using IBM Z for their mission-critical workloads to build, deploy and manage next-gen apps and protect data through advanced security.
- Instant Recovery – An industry-first approach to limiting the cost and impact of planned and unplanned downtime, enabling users to access full system capacity for a period of time to accelerate shutdown and restart of IBM Z services and provide a temporary capacity boost to rapidly recover from lost time.
Rising Importance of Data Privacy in Doing Business
A new IBM commissioned study conducted by The Harris Poll3 and released today found that 64 percent of all consumers have opted not to work with a business out of concerns of whether they could keep their data secure. However, that same study found 76 percent of respondents would be more willing to share personal information if there was a way to fully take back and retrieve that data at any time. With z15, pervasive encryption is designed to extend across the enterprise enforcing data privacy by policy even when it leaves the platform. With this industry-first capability, clients can offer new services and features that give their consumers stronger control over how their personal data is used.
The Next Phase of Digital Transformation – Moving Mission-Critical Work to the Cloud
Businesses today have reportedly already completed the first 20 percent of their cloud journey. z15 is uniquely positioned to help companies take this next step in their digital transformation efforts to move mission critical workloads (the other 80 percent) to the cloud4 by delivering a hyper-secure, agile and continuously available platform.
As the center of a secured hybrid cloud strategy, today, two-thirds of the Fortune 100 are using IBM Z. With z15, clients can:
- Process up to one trillion web transactions a day5, support massive databases, and scale-out to 2.4 million Linux containers in a single z15 system6 — up to 2.3 times more Linux containers per core on a z15 LPAR versus a compared bare-metal x86 platform, running an identical web server load7.
- Address mission-critical latency challenges by delivering up to 30 times lower latency and up to 28 times less CPU utilization on z15 by compressing secure web transaction data before encryption using the Integrated Accelerator for z Enterprise Data Compression instead of using software compression8.
- Leverage 12 percent more cores than z14, and 25 percent more memory than z14 to help meet the needs of today’s digital businesses.9
“More than ever, our customers are looking for transactions to happen in a fraction of a second in a highly performant manner. Whether they’re at an ATM machine, making a purchase at a retail store, or transferring money when abroad – the agility, performance and security of IBM Z is paramount for delivering a positive experience for our customers,” said Graham Fagan, Director of Technology and Operations at Allied Irish Bank. “The IBM Z platform is one of our most modern infrastructure platforms in AIB. From our perspective, it’s absolutely pivotal to the successful operation of AIB, and by extension it is critical to the successful operation of payments and day-to-day banking activity across the Irish economy.”
“Bradesco is a company committed to innovation and constant progress and we have pioneered the implementation of many types of technologies. In 1982, we launched the first online current account update model in Brazil and conducted the first banking teleprocessing operation in the country – all running on IBM’s mainframe platform,” said Mr. Waldemar Ruggiero, IT Infrastructure Director at Bradesco. “Nearly 40 years later, we keep running all core banking data on the mainframe and we rely on z15 to offer us more processing power, resilience, security and flexibility so that we can faster deliver new products and services to our customers.”
“IBM Z is an essential component for addressing top concerns around hybrid cloud like security, privacy and agility. With z15, our clients can have the cloud they want, with the privacy and security they need – protection for both traditional mission-critical workloads and newer workloads like digital asset custody or blockchain,” said Ross Mauri, GM of IBM Z. “The reality is that for clients whose business’ depend on access to data in real time, IBM Z remains the go to choice. Often, our clients need access to data and analytic insights in a fraction of a second – not minutes, with the ability to control privacy of that data at a granular level.”
Data-Centric Privacy Controls
Data Privacy Passports is a consolidated data privacy solution that is engineered to extend clients’ ability to deliver privacy by not only protecting data on-premises at the infrastructure level, but allows clients to provision data rules to manage individual user access across private, public and hybrid cloud data at the data level. z15 accomplishes this by delivering:
- Protection for data wherever it goes – Protecting data today is a challenge for the simple reason that data does not stay in one place and solutions are often fragmented or siloed. Data Privacy Passports addresses this challenge by introducing Trusted Data Objects (TDO) which provide data centric protection that stays with the data.
- Provable consumption of data – Track the complete data transformation journey from point of origin to point of consumption, with a central point for clients’ auditing and compliance activities from data access to aggregation.
- Embedded Key Management – Data Privacy Passports provides required key management for Trusted Data Objects that are created and distributed throughout the enterprise. This greatly reduces the complexity of implementing the solutions and provides simple management of data as it moves between systems.
Bringing Cloud-Native App Development to IBM Z
Last month, IBM announced intent to deliver Red Hat OpenShift on IBM Z and LinuxONE. This offering will accelerate the transformation to greater portability and agility through integrated tooling and a feature-rich ecosystem for cloud-native development on Linux on IBM Z and LinuxONE offerings. Cloud developers can deploy z/OS applications using OpenShift with no special Z skills required.
IBM also intends to deliver IBM Cloud Pak offerings to Linux on IBM Z and LinuxONE offerings. These offerings are designed to accelerate the rich IBM software ecosystem that is necessary for enterprise clients to adopt hybrid multicloud deployment. These offerings, combined with the IBM premier enterprise platforms, IBM Z and LinuxONE, will reinforce and further strengthen IBM’s capability to unlock business value and drive growth for clients by providing a secured and open hybrid multicloud platform.
Mission-Critical Work Done with No Time Lost
For both planned and unplanned downtime, Instant Recovery brings clients the ability to unlock the full power of z15, spinning up built-in cores to return to pre-shutdown SLAs10, while uniquely catching up on business transactions up to 2.5 times faster 11 than previously possible. This allows you to:
- Accelerate time to value – By unleashing the potential of extra capacity within the system, you can shorten downtime and rapidly restore services and utilize that extra capacity to rapidly process delayed transactions.
- Gain unlimited Usage – By enabling businesses to utilize Instant Recovery as frequently as the business demands, clients have far greater flexibility to respond to new demands and ongoing maintenance requirements.
- Have zero impact on cost – You can exploit this industry-first approach at zero additional software cost12 for systems not at full capacity, limiting the impact of downtime to the business.
IBM Z and Storage at the Center of a Secured Hybrid Cloud
In May, IBM announced key capabilities to further position IBM Z as a center point of a secured hybrid cloud strategy including z/OS Container Extensions and z/OS Cloud Broker, making it easier for developers to build and manage cloud applications – both available on z15. Clients will also be able to take advantage of Tailored Fit Pricing for IBM Z, a simple cloud pricing model for today’s enterprise IT environment designed to deliver the transparency and flexibility of consumption-based pricing, with economies of scale for workloads on IBM z/OS.
In addition to z15, IBM today announced a new high-end, enterprise storage system, the IBM DS8900F specifically designed for mission critical hybrid multicloud environments. The next generation of IBM DS8900F storage system delivers comprehensive next-level cyber security, data availability and system resiliency for clients. In addition to z15, the IBM DS8900F offers clients more than 99.99999 percent uptime13 and several Disaster Recovery options designed for near-zero recovery times to ensure protection of data. With these new enterprise-class storage services, IBM Z clients now have a new level of control to store their data where it makes the best economic and business sense, while always keeping it resilient and available.
IBM Global Financing offerings for z15 and DS8900F include customized leases with payment plans aligned to business benefits. Credit qualified customers that want to move from older models to z15 or DS8900F can convert an owned IBM Z or IBM high-end enterprise storage to leasing while upgrading, or acquire a net new z15 or DS8900F.
For more information on z15, visit www.ibm.com/z15.
1 Ponemon and Opus 2018 Data Risk in the Third-Party Ecosystem: Third Annual Study
2 For additional information see IBM’s relevant Announcement Letters
3 2019 IBM and Harris Poll Privacy study, commissioned by IBM
5 Disclaimer: Performance result is extrapolated from IBM internal tests running in a z15 LPAR with 36 or 39 dedicated IFLs and 256 GB memory, a z/VM 7.1 instance in SMT mode with 4 guests running SLES 12 SP4. With 36 IFLs each guest was configured with 18 vCPU. With 39 IFLs 3 guests were configured with 20 vCPU and 1 guest was configured with 18 vCPU. Each guest was configured with 64 GB memory, had a direct-attached OSA-Express6S adapter, and was running a dockerized NGINX 1.15.9 web server. The guest images were located on a FICON-attached DS8886. Each NGINX server was driven remotely by a separate x86 blade server with 24 Intel Xeon E5-2697 v2 @ 2.7GHz cores and 256 GB memory, running the wrk2 184.108.40.206 benchmarking tool (https://github.com/giltene/wrk2) with 48 parallel threads and 1024 open HTTPS connections. The transferred web pages had a size of 644 bytes.
6 Disclaimer: Performance result is extrapolated from IBM internal tests running in a z15 LPAR with 1 dedicated IFL and 16 GB memory 980 NGINX Docker containers. Results may vary. Operating system was SLES12 SP4 (SMT mode). Docker 18.09.6 and NGINX 1.15.9 was used.
7 Disclaimer: Performance results based on IBM internal tests running dockerized NGINX web server in a z15 native LPAR compared to running them bare-metal on a compared x86 platform. Results may vary. z15 configuration: LPAR with 2 dedicated IFLs, 32 GB memory, 40 GB DASD storage, SLES 12 SP4 (SMT mode) running Docker 18.09.6 and NGINX 1.15.9. x86 configuration: 2 Intel® Xeon® Gold 6140 CPU @ 2.30 GHz with Hyperthreading turned on, 32 GB memory, 40 GB RAID5 local SSD storage, SLES12 SP4 running Docker 18.09.6 and NGINX 1.15.9.
8 Disclaimer: Performance results based on IBM internal tests running the wrk2 220.127.116.11 benchmarking tool (https://github.com/giltene/wrk2) remotely with a fix transaction rate against a NGINX 1.15.9 web server exploiting zlib (https://github.com/madler/zlib/pull/410) to compress transaction data before encryption versus zlib -1 software compression. Data transmitted via NGINX webserver was the Silesia compression corpus (http://sun.aei.polsl.pl/~sdeor/index.php?page=silesia). Results may vary. z15 configuration: LPAR with 4 dedicated IFL, 32 GB memory, 40 GB DASD storage, 200 GB FlashSystem 900 storage, SLES12 SP4 (SMT mode), running NGINX 1.15.9 with patch https://github.com/nginx/nginx/commit/cfa1316368dcc6dc1aa82e3d0b67ec0d1cf7eebb.
9 Disclaimer: Based on preliminary internal measurements and projections and compared to the z14. Official performance data will be available upon announce. Results may vary by customer based on individual workload, configuration and software levels. Visit LSPR website for more details at: https://www-304.ibm.com/servers/resourcelink/lib03060.nsf/pages/lsprindex.
10 Disclaimer: z15 z/OS partitions benefit from System Recovery Boost for a single period of 30 minutes during shutdown and 60 minutes during restart. Measurements were collected in a controlled environment running an IBM developed workload under z/OS 2.4 comprised of online transactions accessing WAS, CICS, MQ, IMS and Db2. Comparisons were made between z15 with System Recovery Boost and z14. Individual client results may vary.
11 Disclaimer: Measurements were collected in a controlled environment running an IBM developed workload under z/OS comprised of OLTPSE transactional and COBOL Batch workloads. Comparisons were made between z15 and z14. Given that individual configurations, shutdown and restart procedures may be different, individual client results may vary.
12 Disclaimer: This claim is based on IBM internal tests. Results may vary. The use case for this test is a medium-sized customer’s transactional workload with a service level agreement (SLA) of 12 million transaction per half hour. The system is configured to use 3 general processors (GPs) and 1 IBM z Systems Integrated Information Processor (zIIP) running at a sub-capacity of 0.7. During System Recovery Boost, the system uses 3 GPs and 8 zIIPs running at full capacity. software costs are based on a typical software acquisition bill of $500/MIPS.
13 Disclaimer: Internal data based on measurements and projections was used in calculating the expected value. The z15 servers must be configured in a parallel sysplex using z/OS 2.3 or above; GDPS management of data and middleware recovery across Metro distance systems and storage, including GDPS Metro Multi-site Workload and GDPS Continuous Availability; and DS888X with IBM HyperSwap. Necessary resiliency technology must be enabled, such as System Managed CF Structure Duplexing, Sysplex failure management and Capacity Provisioning Manager. Other configurations may provide different availability characteristics.