IBM Bolsters Z Portfolio With New Data Privacy Capabilities

By Patrick Moorhead - April 30, 2020
Figure 1: IBM z15 servers

Last fall IBM unveiled the latest addition to its popular long-standing Z mainframe portfolio, the z15. The z15 was designed expressly with data security and privacy in mind—security meaning keeping bad guys out, and privacy meaning protecting corporate data.

The z15’s predecessor, the z14, did much to move the ball down the court in terms of security with its “encryption everywhere.” However, the z15 really kicked data privacy efforts into high gear with a number of advanced controls under the IBM Data Privacy Passports umbrella. The biggest innovation there was the introduction of Trusted Data Objects (TDOs), in which protections are added to eligible data so that they follow it wherever it goes in your enterprise. Additionally, Data Privacy Passports allows organizations to create and enforce a company-wide data policy. For more on the z15’s data privacy advancements, read my original take here.

This week IBM hit us with several more announcements worth diving into. These include its new Secure Execution for Linux solution, which promises to expand the z15’s data privacy prowess even further, and two new single frame platforms. Let’s take a closer look.

New platforms

The two new platforms announced, z15 T02 and LinuxONE III LT2, are both single-frame and expand on the z15’s capabilities, but at a lower, entry-level price point, specifics on price TBD. Both come with several new capabilities designed to bring increased cyber resiliency and flexibility to IBM’s customers. These include Enterprise Key Management Foundation – Web Edition, which delivers real-time, centralized, and secure management of z/OS dataset encryption keys.

Additionally, the new platforms feature improved on-chip compression acceleration, which is intended to reduce data size and improve execution time. These features should help manage the exponential growth of data we’ve seen in recent years—this is crucial, since the proliferation of data is only accelerating. The fact that this acceleration is built-in will likely appeal to clients, since no additional hardware or application changes are required to achieve these benefits.

New Secure Execution for Linux

Secure Execution is a new cybersecurity feature designed to enable customers to isolate workloads, and with granularity, inside of a Trusted Execution Environment to provide isolation between a KVM host and guests in virtual environments. To illustrate the need for such a solution, IBM cites a 2020 study from the Ponemon Institute, which found that the average number of cybersecurity incidents per company involving employee or contractor negligence grew from 10.5 in 2016 to 14.5 last year. The same study found that the average number of credential theft incidents per organization has actually more than tripled in the last 3 years, from 1 incident up to 3.2. This poses a serious threat to customers who work with sensitive workloads (think blockchain or crypto) and paints a good picture of the increasing importance of data privacy and the need for proactive features that address it.

This solution attempts to do just that by establishing secure, scalable enclaves to host sensitive and regulated data and workloads, with enterprise-grade integrity and security. IBM says that Secure Execution for Linux is designed to also help clients simplify compliance efforts for new, complex regulations such as GDPR and the California Consumer Privacy Act.

While sensitive workloads have traditionally required many servers to ensure workload isolation and separation of control (sometimes thousands of x86 servers), Secure Execution for Linux can accomplish this with just a single IBM LinuxONE server. IBM says this fact can save organizations 59% per year on average in power consumption, versus x86 systems running the same workloads with the same throughput. The 59% doesn’t come from Moor Insights & Strategy testing, but given the LinuxONE scalability, it doesn’t surprise me at all. See the IBM disclaimer I received from the company below.

This is exactly what LinuxONE was architected to do- it’s a throughput beast. Reduced power consumption is good for the environment and for the bottom line, and this benefit should not be overlooked.

Wrapping up

With Secure Execution for Linux, IBM’s z15 line of mainframes push the ball even further down the court in terms of data privacy. This combined with the “encryption everywhere” strategy of its Data Privacy Passports offering, intend to make the z15 one of the most private and, secure systems on the market. There’s a reason IBM’s Z line has been around for as long as it has, and a lot of it has to do with the way the company rises to the occasion to meet the changing times; workloads are evolving, the threat landscape is evolving, and IBM appears determined to not be caught flat footed. Nice work, IBM.

Disclaimer information IBM shared with me on the following claim: “An IBM z15 T02 can save on average 59% per year in power consumption than compared x86 systems running workloads with the same throughput.”

DISCLAIMER: Compared z15 T02 model consists of two CPC drawers containing 64 IFLs, and 1 I/O drawer to support both network and external storage versus 49 x86 systems with a total of 1,080 cores. IBM z15 T02 power consumption was based on 40 power draw samples for workloads on 64 IFLs running at 90% CPU utilization. x86 power consumption was based on 45 power draw samples for three workload types running from 10.6% to 15.4% CPU utilization. x86 CPU utilization rates were based on data from 15 customer surveys representing Development, Test, Quality Assurance, and Production levels of CPU utilization and throughput.

Each workload ran at the same throughput and SLA response time on IBM Z and x86. Power consumption on x86 was measured while each system was under load. z15 T02 performance data and number of IFLs was projected from actual z14 performance data. To estimate z15 T02 performance, a 3% lower throughput adjustment based on the z15 T02 / z14 MIPS ratio was applied.

Compared x86 models were all 2-socket servers containing a mix of 8-core, 12-core and 14-core Xeon x86 processors.

External storage is common to both platforms and is not included in power consumption. Assumes IBM Z and x86 are running 24x7x365 with 42 Development, Test, Quality Assurance, and Production servers and 9 High Availability servers.

Power consumption may vary depending on factors including configuration, workloads, etc. Energy cost savings are based on a U.S. national average commercial power rate of $0.10 per kWh based on U.S Energy Information Administration (EIA) data,

Individual rates may vary.

Savings assumes a power usage effectiveness (PUE) ratio of 1.66 to calculate additional power for data center cooling. PUE is based on IBM and the Environment - Climate protection - Data center energy efficiency data,

Note: Moor Insights & Strategy writers and editors may have contributed to this article.

+ posts

Patrick founded the firm based on his real-world world technology experiences with the understanding of what he wasn’t getting from analysts and consultants. Ten years later, Patrick is ranked #1 among technology industry analysts in terms of “power” (ARInsights)  in “press citations” (Apollo Research). Moorhead is a contributor at Forbes and frequently appears on CNBC. He is a broad-based analyst covering a wide variety of topics including the cloud, enterprise SaaS, collaboration, client computing, and semiconductors. He has 30 years of experience including 15 years of executive experience at high tech companies (NCR, AT&T, Compaq, now HP, and AMD) leading strategy, product management, product marketing, and corporate marketing, including three industry board appointments.