Posts Tagged ‘LinuxONE’

High Cost of Ignoring Z’s Pervasive Encryption

May 17, 2018

That cost was spelled out at IBM’s Think this past spring.  Writes David Bruce, who leads IBM’s strategies for security on IBM Z and LinuxONE, data breaches are expensive, costing $3.6 million on average. And hoping to avoid one by doing business as usual is a bad bet. Bruce reports breaches are increasingly likely: an organization has a 28 percent chance of being breached in the next 24 months. You can find Bruce’s comments on security and pervasive encryption here.

9 million data records were compromised in 2015

Were any of those 9 million records from your organization? Did you end up on the front page of the newspaper? To stay out of the data breach headlines, organizations require security solutions that protect enterprise and customer data at minimal cost and effort, Bruce observes.

Encryption is the preferred solution, but it is costly, cumbersome, labor-intensive, and hit-or-miss. It is hit-or-miss because the overhead involved forces organizations to choose what to encrypt and what to skip. You have to painstakingly classify the data in terms of risk, which takes time and only adds to the costs. Outside of critical revenue transactions or key intellectual property—no brainers—you will invariably choose wrong and miss something you will regret when it shows up on the front page of the New York Times.

Adding to the cost is the compliance runaround. Auditors are scheduled to visit or maybe they aren’t even scheduled and just drop in; you now have to drop whatever your staff was hoping to do and gather the necessary documentation to prove your data is safe and secure.  Do you really need this? Life is too short as it is.

You really want to put an end to the entire security compliance runaround and all the headaches it entails. But more than that, you want protected, secure data; all data, all the time.  When someone from a ransomware operation calls asking for hundreds or thousands of dollars to get your data back you can laugh and hang up the phone. That’s what Bruce means when he talks about pervasive encryption. All your data is safely encrypted with its keys protected from the moment it is created until the moment it is destroyed by you. And you don’t have to lift a finger; the Z does it all.

That embarrassing news item about a data breach; it won’t happen to you either. Most importantly of all, customers will never see it and get upset.

In fact, at Think, Forrester discussed today’s customer-obsessed approach that leading organizations are adopting to spur growth. To obsess over customers, explained Bruce, means to take great care in protecting the customer’s sensitive data, which provides the cornerstone of a customer-obsessed Forrester zero trust security framework. The framework includes, among other security elements, encryption of all data across the enterprise. Enabling the Z’s built in pervasive encryption and automatic key protection you can ignore the rest of Forrester’s framework.

Pervasive encryption, unique to Z, addresses the security challenges while helping you thrive in this age of the customer. At Think, Michael Jordan, IBM Distinguished Engineer for IBM Z Security, detailed how pervasive encryption represents a paradigm shift in security, reported Bruce. Previously, selective field-level encryption was the only feasible way to secure data, but it was time-, cost-, and resource-intensive – and it left large portions of data unsecured.

Pervasive encryption, however, offers a solution capable of encrypting data in bulk, making it possible and practical to encrypt all data associated with an application, database, and cloud service – whether on premises or in the cloud, at-rest or in-flight. This approach also simplifies compliance by eliminating the need to demonstrate compliance at the field level. Multiple layers of encryption – from disk and tape up through applications – provide the strongest possible defense against security breaches. The high levels of security enabled by pervasive encryption help you promote customer confidence by protecting their data and privacy.

If you have a Z and have not enabled pervasive encryption, you are putting your customers and your organization at risk. Am curious, please drop me a note why.

DancingDinosaur is Alan Radding, a veteran information technology analyst, writer, and ghost-writer. Please follow DancingDinosaur on Twitter, @mainframeblog. See more of his IT writing at technologywriter.com and here.

 

Is Your Enterprise Ready for AI?

May 11, 2018

According to IBM’s gospel of AI “we are in the midst of a global transformation and it is touching every aspect of our world, our lives, and our businesses.”  IBM has been preaching its gospel of AI of the past year or longer, but most of its clients haven’t jumped fully aboard. “For most of our clients, AI will be a journey. This is demonstrated by the fact that most organizations are still in the early phases of AI adoption.”

AC922 with NIVIDIA Tesla V100 and Enhanced NVLink GPUs

The company’s latest announcements earlier this week focus POWER9 squarely on AI. Said Tim Burke, Engineering Vice President, Cloud and Operating System Infrastructure, at Red Hat. “POWER9-based servers, running Red Hat’s leading open technologies offer a more stable and performance optimized foundation for machine learning and AI frameworks, which is required for production deployments… including PowerAI, IBM’s software platform for deep learning with IBM Power Systems that includes popular frameworks like Tensorflow and Caffe, as the first commercially supported AI software offering for [the Red Hat] platform.”

IBM insists this is not just about POWER9 and they may have a point; GPUs and other assist processors are taking on more importance as companies try to emulate the hyperscalers in their efforts to drive server efficiency while boosting power in the wake of declines in Moore’s Law. ”GPUs are at the foundation of major advances in AI and deep learning around the world,” said Paresh Kharya, group product marketing manager of Accelerated Computing at NVIDIA. [Through] “the tight integration of IBM POWER9 processors and NVIDIA V100 GPUs made possible by NVIDIA NVLink, enterprises can experience incredible increases in performance for compute- intensive workloads.”

To create an AI-optimized infrastructure, IBM announced the latest additions to its POWER9 lineup, the IBM Power Systems LC922 and LC921. Characterized by IBM as balanced servers offering both compute capabilities and up to 120 terabytes of data storage and NVMe for rapid access to vast amounts of data. IBM included HDD in the announcement but any serious AI workload will choke without ample SSD.

Specifically, these new servers bring an updated version of the AC922 server, which now features recently announced 32GB NVIDIA V100 GPUs and larger system memory, which enables bigger deep learning models to improve the accuracy of AI workloads.

IBM has characterized the new models as data-intensive machines and AI-intensive systems, LC922 and LC921 Servers with POWER9 processors. The AC922, arrived last fall. It was designed for the what IBM calls the post-CPU era. The AC922 was the first to embed PCI-Express 4.0, next-generation NVIDIA NVLink, and OpenCAPI—3 interface accelerators—which together can accelerate data movement 9.5x faster than PCIe 3.0 based x86 systems. The AC922 was designed to drive demonstrable performance improvements across popular AI frameworks such as TensorFlow and Caffe.

In the post CPU era, where Moore’s Law no longer rules, you need to pay as much attention to the GPU and other assist processors as the CPU itself, maybe even more so. For example, the coherence and high-speed of the NVLink enables hash tables—critical for fast analytics—on GPUs. As IBM noted at the introduction of the new machines this week: Hash tables are fundamental data structure for analytics over large datasets. For this you need large memory: small GPU memory limits hash table size and analytic performance. The CPU-GPU NVLink2 solves 2 key problems: large memory and high-speed enables storing the full hash table in CPU memory and transferring pieces to GPU for fast operations; coherence enables new inserts in CPU memory to get updated in GPU memory. Otherwise, modifications on data in CPU memory do not get updated in GPU memory.

IBM has started referring to the LC922 and LC921 as big data crushers. The LC921 brings 2 POWER9 sockets in a 1U form factor; for I/O it comes with both PCIe 4.0 and CAPI 2.0.; and offers up to 40 cores (160 threads) and 2TB RAM, which is ideal for environments requiring dense computing.

The LC922 is considerably bigger. It offers balanced compute capabilities delivered with the P9 processor and up to 120TB of storage capacity, again advanced I/O through PCIe 4.0/CAPI 2.0, and up to 44 cores (176 threads) and 2TB RAM. The list price, notes IBM is ~30% less.

If your organization is not thinking about AI your organization is probably in the minority, according to IDC.

  • 31 percent of organizations are in [AI] discovery/evaluation
  • 22 percent of organizations plan to implement AI in next 1-2 years
  • 22 percent of organizations are running AI trials
  • 4 percent of organizations have already deployed AI

Underpinning both servers is the IBM POWER9 CPU. The POWER9 enjoys a nearly 5.6x improved CPU to GPU bandwidth vs x86, which can improve deep learning training times by nearly 4x. Even today companies are struggling to cobble together the different pieces and make them work. IBM learned that lesson and now offers a unified AI infrastructure in PowerAI and Power9 that you can use today.

DancingDinosaur is Alan Radding, a veteran information technology analyst, writer, and ghost-writer. Please follow DancingDinosaur on Twitter, @mainframeblog. See more of his IT writing at technologywriter.com and here.

Dinosaurs Strike Back in IBM Business Value Survey

March 2, 2018

IBM’s Institute of Business Value (IBV) recently completed a massive study based 12,000 interviews of executives of legacy c-suite companies. Not just CEO and CIO but COO, CFO, CMO, and more, including the CHO. The CHO is the Chief Happiness Officer. Not sure what a CHO actually does but if one had been around when DancingDinosaur was looking for a corporate job he might have stayed on the corporate track instead of pursuing the independent analyst/writer dream.

(unattributed IBM graphic)

IBV actually referred to the study as “Incumbents strike back.” The incumbents being the legacy businesses the c-suite members represent. In a previous c-suite IBV study two years ago, the respondents expressed concern about being overwhelmed and overrun by new upstart companies, the born-on-the-web newcomers. In many ways the execs at that time felt they were under attack.

Spurred by fear, the execs in many cases turned to a new strategy that takes advantage of what has always been their source of strength although they often lacked the ways and means to take advantage of that strength; the huge amounts of data they have gathered and stored, for decades in some cases. With new cognitive systems now able to extract and analyze this legacy data and combine it with new data, they could actually beat some of the upstarts. Finally, they could respond like nimble, agile operations, not the lumbering dinosaurs as they were often portrayed.

“Incumbents have become smarter about leveraging valuable data, honing their employees’ skills, and in some cases, acquired possible disruptors to compete in today’s digital age,” the study finds, according to CIO Magazine, which published excerpts from the study here. The report reveals 72 percent of surveyed CxOs claimed the next wave of disruptive innovation will be led by the incumbents who pose a significant competitive threat to new entrants and digital players. By comparison, the survey found only 22 percent of respondents believe smaller companies and start-ups are leading disruptive change. This presents a dramatic reversal from a similar but smaller IBV survey two years ago.

Making possible this reversal is not only growing awareness among c-level execs of the value of their organizations’ data and the need to use it to counter the upstarts, but new technologies, approaches like DevOps, easier-to-use dev tools, the increasing adoption of Linux, and mainframes like the z13, z14, and LinuxONE, which have been optimized for hybrid and cloud computing.  Also driving this is the emergence of platform options as a business strategy.

The platform option may be the most interesting decision right now. To paraphrase Hamlet, to be (a platform for your industry) or not to be. That indeed is a question many legacy businesses will need to confront. When you look at platform business models, what is right for your organization. Will you create a platform for your industry or piggyback on another company’s platform? To decide you need to first understand the dynamics of building and operating a platform.

The IBV survey team explored that question and found the respondents pretty evenly divided with 54% reporting they won’t while the rest expect to build and operate a platform. This is not a question that you can ruminate over endlessly like Hamlet.  The advantage goes to those who can get there first in their industry segment. Noted IBV, only a few will survive in any one industry segment. It may come down to how finely you can segment the market for your platform and still maintain a distinct advantage. As CIO reported, the IBV survey found 57 percent of disruptive organizations are adopting a platform business model.

Also rising in importance is the people-talent-skills issue. C-level execs have always given lip service to the importance of people as in the cliché people are our greatest asset.  Based on the latest survey, it turns out skills are necessary but not sufficient. Skills must be accompanied by the right culture. As the survey found:  Companies that have the right culture in place are more successful. In that case, the skills are just an added adrenalin shot. Still the execs put people skills in top three. The IBV analysts conclude: People and talent is coming back. Guess we’re not all going to be replaced soon with AI or cognitive computing, at least not yet.

DancingDinosaur is Alan Radding, a veteran information technology analyst, writer, and ghost-writer. Follow DancingDinosaur on Twitter, @mainframeblog. See more of his work at technologywriter.com and here.

Value and Power of LinuxOne Emperor II

February 4, 2018

There is much value n the mainframe but it doesn’t become clear until you do a full TCO analysis. When you talk to an IBMer about the cost of a mainframe the conversation immediately shifts to TCO, usually in the form of how many x86 systems you would have to deploy to handle a comparable workload with similar quality of service.  The LinuxONE Emperor II, introduced in September, can beat those comparisons.

LinuxONE Emperor II

Proponents of x86 boast about the low acquisition cost of x86 systems. They are right if you are only thinking about a low initial acquisition cost. But you also have to think about the cost of software for each low-cost core you purchase, and for many enterprise workloads you will need to acquire a lot of cores. This is where costs can mount quickly.

As a result, software will likely become the highest TCO item because many software products are priced per core.  Often the amount charged for cores is determined by the server’s maximum number of physical cores, regardless of whether they actually are activated. In addition, some architectures require more cores per workload. Ouch! An inexpensive device suddenly becomes a pricy machine when all those cores are tallied and priced.

Finally, x86 to IBM Z core ratios differ per workload, but x86 almost invariably requires more cores than a z-based workload; remember, any LinuxONE is a Z System. For example, the same WebSphere workload on x86 that requires 10 – 12 cores may require only one IFL on the Z. The lesson here: whether you’re talking about system software or middleware, you have to consider the impact of software on TCO.

The Emperor II delivers stunning specs. The machine can be packed with up to 170 cores, as much as 32 TB of memory, and 160 PCIe slots. And it is flexible; use this capacity, for instance, to add more system resources—cores or memory—to service an existing Linux instance or clone more Linux instances. Think of it as scale-out capabilities on steroids, taking you far beyond what you can achieve in the x86 world and do it with just a few keystrokes. As IBM puts it, you might:

  • Dynamically add cores, memory, I/O adapters, devices, and network cards without disruption.
  • Grow horizontally by adding Linux instances or grow vertically by adding resources (memory, cores, slots) to existing Linux guests.
  • Provision for peak utilization.
  • After the peak subsides automatically return unused resources to the resource pool for reallocation to another workload.

So, what does this mean to most enterprise Linux data centers? For example, IBM often cites a large insurance firm. The insurer needed fast and flexible provisioning for its database workloads. The company’s approach directed it to deploy more x86 servers to address growth. Unfortunately, the management of software for all those cores had become time consuming and costly. The company deployed 32 x86 servers with 768 cores running 384 competitor’s database licenses.

By leveraging elastic pricing on the Emperor II, for example, it only needed one machine running 63 IFLs serving 64 competitor’s database licenses.  It estimated savings of $15.6 million over 5 years just by eliminating charges for unused cores. (Full disclosure: these figures are provided by IBM; DancingDinosaur did not interview the insurer to verify this data.) Also, note there are many variables at play here around workloads and architecture, usage patterns, labor costs, and more. As IBM warns: Your results may vary.

And then there is security. Since the Emperor II is a Z it delivers all the security of the newest z14, although in a slightly different form. Specifically, it provides:

  • Ultimate workload isolation and pervasive encryption through Secure Service Containers
  • Encryption of data at rest without application change and with better performance than x86
  • Protection of data in flight over the network with full end-to-end network security
  • Use of Protected Keys to secure data without giving up performance
  • Industry-leading secure Java performance via TLS (2-3x faster than Intel)

BTW the Emperor II also anchors IBM’s Blockchain cloud service. That calls for security to the max. In the end. the Emperor II is unlike any x86 Linux system.

  • EAL 5+ isolation, best in class crypto key protection, and Secure Service Containers
  • 640 Power cores in its I/O channels (not included in the core count)
  • Leading I/O capacity and performance in the industry
  • IBM’s shared memory vertical scale architecture with a better architecture for stateful workloads like databases and systems of record
  • Hardware designed to give good response time even with 100% utilization, which simplifies the solution and reduces the extra costs x86 users assume are necessary because they’re used to keeping a utilization safety margin.

This goes far beyond TCO.  Just remember all the things the Emperor II brings: scalability, reliability, container-based security and flexibility, and more.

…and Go Pats!

DancingDinosaur is Alan Radding, a Boston-based veteran information technology analyst, writer, and ghost-writer. Please follow DancingDinosaur on Twitter, @mainframeblog. See more of his IT writing at technologywriter.com and here.

Meltdown and Spectre Attacks Require IBM Mitigation

January 12, 2018

The chip security threats dubbed Meltdown and Spectre revealed last month apparently will require IBM threat mitigation in the form of code and patching. IBM has been reticent to make a major public announcement, but word finally is starting to percolate publicly.

Courtesy: Preparis Inc.

On January 4, one day after researchers disclosed the Meltdown and Spectre attack methods against Intel, AMD and ARM processors the Internet has been buzzing.  Wrote Eduard Kovacs on Wed.; Jan. 10, IBM informed customers that it had started analyzing impact on its own products. The day before IBM revealed its POWER processors are affected.

A published report from Virendra Soni, January 11, on the Consumer Electronics Show (CES) 2018 in Las Vegas where Nvidia CEO Jensen Huang revealed how the technology leaders are scrambling to find patches to the Spectre and Meltdown attacks. These attacks enable hackers to steal private information off users’ CPUs running processors from Intel, AMD, and ARM.

For DancingDinosaur readers, that puts the latest POWER chips and systems at risk. At this point, it is not clear how far beyond POWER systems the problem reaches. “We believe our GPU hardware is immune. As for our driver software, we are providing updates to help mitigate the CPU security issue,” Nvidia wrote in their security bulletin.

Nvidia also reports releasing updates for its software drivers that interact with vulnerable CPUs and operating systems. The vulnerabilities take place in three variants: Variant 1, Variant 2, and Variant 3. Nvidia has released driver updates for Variant 1 and 2. The company notes none of its software is vulnerable to Variant 3. Nvidia reported providing security updates for these products: GeForce, Quadro, NVS Driver Software, Tesla Driver Software, and GRID Driver Software.

IBM has made no public comments on which of their systems are affected. But Red Hat last week reported IBM’s System Z, and POWER platforms are impacted by Spectre and Meltdown. IBM may not be saying much but Red Hat is, according to Soni: “Red Hat last week reported that IBM’s System Z, and POWER platforms are exploited by Spectre and Meltdown.”

So what is a data center manager with a major investment in these systems to do?  Meltdown and Spectre “obviously are a very big problem, “ reports Timothy Prickett Morgan, a leading analyst at The Last Platform, an authoritative website following the server industry. “Chip suppliers and operating systems and hypervisor makers have known about these exploits since last June, and have been working behind the scenes to provide corrective countermeasures to block them… but rumors about the speculative execution threats forced the hands of the industry, and last week Google put out a notice about the bugs and then followed up with details about how it has fixed them in its own code. Read it here.

Chipmakers AMD and AMR put out a statement saying only Variant 1 of the speculative execution exploits (one of the Spectre variety known as bounds check bypass), and by Variant 2 (also a Spectre exploit known as branch target injection) affected them. AMD, reports Morgan, also emphasized that it has absolutely no vulnerability to Variant 3, a speculative execution exploit called rogue data cache load and known colloquially as Meltdown.  This is due, he noted, to architectural differences between Intel’s X86 processors and AMD’s clones.

As for IBM, Morgan noted: its Power chips are affected, at least back to the Power7 from 2010 and continuing forward to the brand new Power9. In its statement, IBM said that it would have patches out for firmware on Power machines using Power7+, Power8, Power8+, and Power9 chips on January 9, which passed, along with Linux patches for those machines; patches for the company’s own AIX Unix and proprietary IBM i operating systems will not be available until February 12. The System z mainframe processors also have speculative execution, so they should, in theory, be susceptible to Spectre but maybe not Meltdown.

That still leaves a question about the vulnerability of the IBM LinuxONE and the processors spread throughout the z systems. Ask your IBM rep when you can expect mitigation for those too.

Just patching these costly systems should not be sufficiently satisfying. There is a performance price that data centers will pay. Google noted a negligible impact on performance after it deployed one fix on Google’s millions of Linux systems, said Morgan. There has been speculation, Googled continued, that the deployment of KPTI (a mitigation fix) causes significant performance slowdowns. As far as is known, there is no fix for Spectre Variant 1 attacks, which have to be fixed on a binary-by-binary basis, according to Google.

Red Hat went further and actually ran benchmarks. The company tested its Enterprise Linux 7 release on servers using Intel’s “Haswell” Xeon E5 v3, “Broadwell” Xeon E5 v4, and “Skylake,” the upcoming Xeon SP processors, and showed impacts that ranged from 1-19 percent. You can demand these impacts be reflected in reduced system prices.

DancingDinosaur is Alan Radding, a veteran information technology analyst, writer, and ghost-writer. Please follow DancingDinosaur on Twitter, @mainframeblog. See more of his IT writing at technologywriter.com and here.

 

Under the Covers of Z Container Pricing

December 1, 2017

Along with the announcement of the z14, or now just Z, last July IBM also introduced container pricing as an upcoming capability of the machine intended to make it both flexible and price competitive. This is expected to happen by the end of this year.

A peak into the IBM z14

Container pricing implied overall cost savings and also simplified deployment. At the announcement IBM suggested competitive economics too, especially when benchmarked against public clouds and on-premises x86 environments.

By now you should realize that IBM has difficulty talking about price. They have lots of excuses relating to their global footprint and such. Funny, other systems vendors that sell globally don’t seem to have that problem. After two decades of covering IBM and the mainframe as a reporter, analyst, and blogger I’ve finally realized why the reticence: that the company’s pricing is almost always high, over-priced compared to the competition.

If you haven’t realized it yet, the only way IBM will talk price is around a 3-year TCO cost analysis. (Full disclosure: as an analyst, I have developed such TCO analyses and am quite familiar with how to manipulate them.) And even then you will have to swallow a number of assumptions and caveats to get the numbers to work.

For example, there is no doubt that IBM is targeting the x86 (Intel) platform with its LinuxONE lineup and especially its newest machine, the Emperor II. For example, IBM reports it can scale a single MongoDB database to 17TB on the Emperor II while running it at scale with less than 1ms response time. That will save up to 37% compared to x86 on a 3-year TCO analysis. The TCO analysis gets even better when you look at a priced-per-core data serving infrastructures. IBM reports it can consolidate thousands of x86 cores on a single LinuxONE server and reduce costs by up to 40%.

So, let’s see what the Z’s container pricing can do for you. IBM’s container pricing is being introduced to allow new workloads to be added onto z/OS in a way that doesn’t impact an organization’s rolling four-hour average while supporting deployment options that makes the most sense for an organization’s architecture while facilitating competitive pricing at an attractive price point relative to that workload.

For example, one of the initial use cases for container pricing revolves around payments workloads, particularly instant payments. That workload will be charged not to any capacity marker but to the number of payments processed. The payment workload pricing grid promises to be highly competitive with the price–per-payment starting at $0.0021 and dropping to $0.001 with volume. “That’s a very predictable, very aggressive price,” says Ray Jones, vice president, IBM Z Software and Hybrid Cloud. You can do the math and decide how competitive this is for your organization.

Container pricing applies to various deployment options—including co-located workloads in an existing LPAR—that present line-of-sight pricing to a solution. The new pricing promises simplified software pricing for qualified solutions. It even offers the possibility, IBM adds, of different pricing metrics within the same LPAR.

Container pricing, however, requires the use of IBM’s software for payments, Financial Transaction Manager (FTM). FTM counts the number of payments processed, which drives the billing from IBM.

To understand container pricing you must realize IBM is not talking about Docker containers. A container to IBM simply is an address space, or group of address spaces, in support of a particular workload. An organization can have multiple containers in an LPAR, have as many containers as it wants, and change the size of containers as needed. This is where the flexibility comes in.

The fundamental advantage of IBM’s container pricing comes from the co-location of workloads to get improved performance and lower latency. The new pricing eliminates what goes on in containers from consideration in the MLC calculations.

To get container pricing, however, you have to qualify. The company is setting up pricing agents around the world. Present your container plans and an agent will determine if you qualify and at what price. IBM isn’t saying anything about how you should present your container plans to qualify for the best deal. Just be prepared to negotiate as hard as you would with any IBM deal.

DancingDinosaur is Alan Radding, a veteran information technology analyst, writer, and ghost-writer. Please follow DancingDinosaur on Twitter, @mainframeblog. See more of his IT writing at technologywriter.com and here.

IBM Spotlights Blockchain and Hyperledger Fabric at IBM InterCONNECT

March 23, 2017

IBM announced earlier this week Hyperledger Fabric v 1.0 beta, with security for regulated industries, governance tools, and over 1,000 transactions per second possible.  This is represents the first enterprise-ready blockchain service based on the Linux Foundation’s open source Hyperledger Fabric version 1.0. The service enables developers to quickly build and host security-rich production blockchain networks on the IBM Cloud and underpinned by IBM LinuxONE.

Maersk and IBM transform global trade with blockchain

LinuxONE, a dedicated z-based Linux system with as much security as any commercial platform is likely to have, should play a central role in blockchain networks. The machine also delivers all the itys the z is renowned for: scalability, availability, flexibility, manageability, and more.

The Linux Foundation’s open source Hyperledger Fabric v1.0 is being developed by members of the Hyperledger consortium alongside other open source blockchain technologies. The Hyperledger consortium’s Technical Steering Committee recently promoted Fabric from incubator to active state, and it is expected to be available in the coming weeks. It is designed to provide a framework for enterprise-grade blockchain networks that can transact at over 1,000 transactions per second.

Safety and security is everything with blockchain, which means blockchain networks are only as safe as the infrastructures on which they reside, hence the underpinning on LinuxONE. In addition, IBM’s High Security Business Network brings an extremely secure Linux infrastructure that, according to IBM, integrates security from the hardware up through the software stack, specifically designed for enterprise blockchains by providing:

  • Protection from insider attacks – helps safeguard entry points on the network and fight insider threats from anyone with system administrator credentials
  • The industry’s highest certified level of isolation for a commercial system- Evaluation Assurance Level certification of EAL5+ is critical in highly regulated industries such as government, financial services and healthcare, to prevent the leakage of information from one party’s environment to another
  • Secure Service Containers – to help protect code throughout the blockchain application and effectively encapsulating the blockchain into a virtual appliance, denying access even to privileged users
  • Tamper-responsive hardware security modules –to protect encrypted data for storage of cryptographic keys. These modules are certified to FIPS 140-2 Level 4, the highest level of security certification available for cryptographic modules
  • A highly auditable operating environment – comprehensive , immutable log data supports forensics, audit, and compliance

IBM also announced today the first commercially available blockchain governance tools, and new open-source developer tools that automate the steps it takes to build with the Hyperledger Fabric, reportedly speeding the process from weeks to days.

The new blockchain governance tools also make it easy to set up a blockchain network and assign roles and levels of visibility from a single dashboard. They help network members set rules, manage membership, and enforce network compliance once the network is up and running.

This seems straightforward enough. Once setup is initiated, members can determine the rules of the blockchain and share consent when new members request to join the network. In addition, the deployment tool assigns each network a Network Trust Rating of 1 to 100. New network members can view this before joining and determine whether or not they can trust the network enough to participate. Organizations can also take steps to improve their Trust Ratings before moving into production.

To make it easier for developers to translate business needs from concept to actual code, IBM Blockchain includes a new open-source developer tools for the Hyperledger Fabric called Fabric Composer. Fabric Composer promises to help users model business networks, create APIs that integrate with the blockchain network and existing systems of record, and quickly build a user interface. Fabric Composer also automates tasks that traditionally could take weeks, allowing developers to complete them in minutes instead.

IBM Blockchain for Hyperledger Fabric v1.0 is now available through a beta program on IBM Bluemix. Hyperledger Fabric also is available on Docker Hub as an IBM-certified image available for download at no cost.

At this point, IBM has over 25 publicly named Blockchain projects underway. They address everything from carbon asset management to consumer digital ID, post trade derivatives processing, last mile shipping, supply chain food safety, provenance, securities lending, and more seemingly are being added nearly weekly.

DancingDinosaur is Alan Radding, a veteran information technology analyst, writer, and ghost-writer. Please follow DancingDinosaur on Twitter, @mainframeblog. See more of his IT writing at technologywriter.com and here.

IBM and Northern Trust Collaborate on Blockchain for Private Equity Markets

March 3, 2017

At a briefing for IT analysts, IBM laid out how it sees blockchain working in practice. Surprisingly, the platform for the Hyperledger effort was not x86 but LinuxONE due to its inherent security.  As the initiative grows the z-based LinuxONE can also deliver the performance, scalability, and reliability the effort eventually will need too.

IBM describes its collaboration with Northern Trust and other key stakeholders as the first commercial deployment of blockchain technology for the private equity market. Although as the private equity market stands now the infrastructure supporting private equity has seen little innovation in recent years even as investors seek greater transparency, security, and efficiency. Enter the open LinuxONE platform, the Hyperledger fabric, and Unigestion, a Geneva, Switzerland-based asset manager with $20 billion in assets under management.

IBM Chairman and CEO Ginni Rometty discusses how cognitive technology and innovations such as Watson and blockchain have the potential to radically transform the financial services industry at Sibos 2016 in Geneva, Switzerland on Weds., September 28, 2016. (Feature Photo Service)

IBM Chairman and CEO Ginni Rometty discusses  blockchain at Sibos

The new initiative, as IBM explains it, promises a new and comprehensive way to access and visualize data.  Blockchain captures and stores information about every transaction and investment as meta data. It also captures details about relevant documents and commitments. Hyperledger itself is a logging tool that creates an immutable record.

The Northern Trust effort connects business logic, legacy technology, and blockchain technology using a combination of Java/JavaScript and IBMs blockchain product. It runs on IBM Bluemix (cloud) using IBM’s Blockchain High Security Business Network. It also relies on key management to ensure record/data isolation and enforce geographic jurisdiction. In the end it facilitates managing the fund lifecycle more efficiently than the previous primarily paper-based process.

More interesting to DancingDinosaur is the selection of the z through LinuxONE and blockchain’s use of storage.  To begin with blockchain is not really a database. It is more like a log file, but even that is not quite accurate because “it is a database you play as a team sport,” explained Arijit Das, Senior Vice President, FinTech Solutions, at the analyst briefing. That means you don’t perform any of the usual database functions; no deletes or updates, just appends.

Since blockchain is an open technology, you actually could do it on any x86 Linux machine, but DancingDinosaur readers probably wouldn’t want to do that. Blockchain essentially ends up being a distributed group activity and LinuxONE is unusually well optimized for the necessary security. It also brings scalability, reliability, and high performance along with the rock-solid security of the latest mainframe. In general LinuxONE can handle 8000 virtual servers in a single system and tens of thousands of containers. Try doing that with an x86 machine or even dozens.   You can read more on LinuxONE that DancingDinosaur wrote when it was introduced here and here.

But you won’t need near that scalability with the private equity application, at least at first. Blockchain gets more interesting when you think about storage. Blockchain has the potential to generate massive numbers of files fast, but that will only happen when it is part of, say, a supply chain with hundreds, or more likely, thousands of participating nodes on the chain and those nodes are very active. More likely for private equity trading, certainly at the start, blockchain will handle gigabytes of data and maybe only megabytes at first. This is not going to generate much revenue for IBM storage. A little bit of flash could probably do the trick.

Today, current legal and administrative processes that support private equity are time consuming and expensive, according to Peter Cherecwich, president of Corporate & Institutional Services at Northern Trust. They lack transparency while inefficient market practices leads to lengthy, duplicative and fragmented investment and administration processes. Northern Trust’s solution based on blockchain and Hyperledger, however, promises to deliver a significantly enhanced and efficient approach to private equity administration.

Just don’t expect to see overnight results. In fact, you can expect more inefficiency since the new blockchain/Hyperledger-based system is running in parallel with the disjointed manual processes. Previous legacy systems remain; they are not yet being replaced. Still, IBM insists that blockchain is an ideal technology to bring innovation to the private equity market, allowing Northern Trust to improve traditional business processes at each stage to deliver greater transparency and efficiency. Guess we’ll just have to wait and watch.

DancingDinosaur is Alan Radding, a veteran information technology analyst, writer, and ghost-writer. Please follow DancingDinosaur on Twitter, @mainframeblog. See more of his IT writing at technologywriter.com and here.

 

IBM Cheers Beating Estimates But Losing Streak Continues

January 26, 2017

It has been 19 quarters since IBM reported positive revenue in its quarterly reports but the noises coming out of IBM with the latest 4Q16 and full year 2016 financials are upbeat due to the company beating analyst consensus revenue estimates and its strategic initiatives are starting to generate serious revenue.   Although systems revenues were down again (12%) the accountants at least had something positive to say about the z: “gross profit margins improved driven by z Systems performance.”

ezsource-dashboard

EZSource: Dashboard visualizes changes to mainframe code

IBM doesn’t detail which z models were contributing but you can guess they would be the LinuxONE models (Emperor and Rock Hopper) and the z13. DancingDinosaur expects z performance to improve significantly in 2017 when a new z, which had been heavily hinted in the 3Q2016 results reported here, is expected to ship.

With it latest financials IBM is outright crowing about its strategic initiatives: Fourth-quarter cloud revenues increased 33 percent.  The annual exit run rate for cloud as-a-service revenue increased to $8.6 billion from $5.3 billion at year-end 2015.  Revenues from analytics increased 9 percent.  Revenues from mobile increased 16 percent and revenues from security increased 7 percent.

For the full year, revenues from strategic imperatives increased 13 percent.  Cloud revenues increased 35 percent to $13.7 billion.  The annual exit run rate for cloud as-a-service revenue increased 61 percent year to year.  Revenues from analytics increased 9 percent.  Revenues from mobile increased 34 percent and from security increased 13 percent.

Of course, cognitive computing is IBM’s strategic imperative darling for the moment, followed by blockchain. Cognitive, for which IBM appears to use an expansive definition, is primarily a cloud play as far as IBM is concerned.  There is, however, a specific role for the z, which DancingDinosaur will get into in a later post. Blockchain, on the other hand, should be a natural z play.  It is, essentially, extremely secure OLTP on steroids.  As blockchain scales up it is a natural to drive z workloads.

As far as IBM’s financials go the strategic imperatives indeed are doing well. Other business units, however, continue to struggle.  For instance:

  • Global Business Services (includes consulting, global process services and application management) — revenues of $4.1 billion, down 4.1 percent.
  • Systems (includes systems hardware and operating systems software), remember, this is where z and Power platforms reside — revenues of $2.5 billion, down 12.5 percent. But as noted above, gross profit margins improved, driven by z Systems performance.
  • Global Financing (includes financing and used equipment sales) — revenues of $447 million, down 1.5 percent.

A couple of decades ago, when this blogger first started covering IBM and the mainframe as a freelancer writing for any technology publication that would pay real money IBM was struggling (if $100 billion behemoths can be thought to be struggling). The buzz among the financial analysts who followed the company was that IBM should be broken up into its parts and sold off.  IBM didn’t take that advice, at least not exactly, but it did begin a rebound that included laying off tons of people and the sale of some assets. Since then it invested heavily in things like Linux on z and open systems.

In December IBM SVP Tom Rosamilia talked about new investments in z/OS and z software like DB2 and CICS and IMS, and the best your blogger can tell he is still there. (Rumors suggest Rosamilia is angling for Rometty’s job in two years.)  If the new z does actually arrive in 2017 and key z software is refreshed then z shops can rest easy, at least for another few quarters.  But whatever happens, you can follow it here.

DancingDinosaur is Alan Radding, a veteran information technology analyst, writer, and ghost-writer. Please follow DancingDinosaur on Twitter, @mainframeblog. See more of his IT writing at technologywriter.com and here.

 

Happy Holidays and Best Wishes for 2017

December 21, 2016

DancingDinosaur is taking the rest of the year off. The next posting will be Jan. 5. In the meantime, best wishes for delightful holidays and a peaceful and prosperous New Year. Good time to read a new book (below).

iot-book-cover-2

Until then, based on comments IBM has hinted at we can expect a new z in 2017, might be the z14 as some suggest or something else. Expect it to be optimized for cognitive computing and the other strategic imperatives IBM has been touting for the past two years. But it also will need to satisfy the installed mainframe data center base so expect more I/O, faster performance, and improved price/performance.

Was nice to see LinuxONE come into its own late this year.  Expect to see much more from this z-based machine in 2017. Probably a new LinuxONE machine in the New Year as well.

And we can expect the new POWER9 this year.  That should perk things up a bit, but realistically, it appears IBM considers platform a dirty word. They really want to be a cloud player doing cognitive computing across a slew of vertical industries.

FYI, an important new book on IoT, Building the Internet of Things, by Maciej Kranz was published late in Nov. (See graphic above. It hit third place on the NY Times non-fiction best seller list in mid December. Not bad for a business tech book. You can find it on Amazon.com here. Kranz is a Cisco executive so if you have a relationship with a Cisco rep see if they’ll give you a free copy. Full disclosure: your blogger was the ghostwriter for the book and was thanked in the acknowledgements at the end of the book.  Like movies, Kranz and I have already started on the sequel, The Co-Economy (although the title may change). The new book is briefly described in the IoT book (pg. 161).

BTW, if you’ve always wanted to author a book but didn’t know how to start or finish or proceed, feel welcome to contact me through Technologywriter.com at the bottom of this post. We’ll figure out how to get it done.

Again, best wishes for the holidays. See you in the New Year.

DancingDinosaur is Alan Radding, a veteran information technology analyst, writer, and ghost-writer. Please follow DancingDinosaur on Twitter, @mainframeblog. See more of his IT writing at technologywriter.com and here


%d bloggers like this: