New IBM z13s Brings Built-in Encrypted Security to Entry Level

Earlier this week IBM introduced the z13s, what it calls World’s most secure server, built for hybrid cloud, and sized for mid-sized organizations.  The z13s promises better business outcomes, faster decision making, less regulatory exposure, greater scale, and better fraud protection. And at the low end it is accessible to smaller enterprises, maybe those who have never tried a z before.

z13s features embedded cryptography that brings the benefits of the mainframe to mid-sized organizations . Courtesy IBM

A machine like the low end z13s used to be referred to as a business class (BC) mainframe.  IBM declined to quote a price, except to say z13s will go “for about the same price as previous generations for the equivalent capacity.”  OK, back in July 2013 IBM published the base price of the zEC12 BC machine at $75,000. IBM made a big deal of that pricing at the time.

The key weasel phrase in IBM’s statement is: “for the equivalent capacity.”  Two and a half years ago the $75k zEC12 BC offered significantly more power than its predecessor. Figuring out equivalent capacity today given all the goodies IBM is packing into the new machine, like built-in chip-based cryptography and more, is anybody’s guess. However, given the plummeting costs of IT components over the past two years, you should get it at a base price of $100k or less. If not, call Intel. Adds IBM: The infrastructure costs of z13s are comparable to the Public Cloud infrastructure costs with enterprise support; significant software savings result from core consolidation on the z13s.

But the z13s is not just about price. As digital business becomes a standard practice and transaction volumes increase, especially mobile transaction volumes, the need for increased security becomes paramount. Cybercrime today has shifted. Rather than stealing data criminals are compromising data accuracy and reliability. This is where the z13s’ bolstered built-in security and access to APIs and microservices in a hybrid cloud setting can pay off by keeping data integrity intact.

IBM’s z13s, described as the new entry point to the z Systems portfolio for enterprises of all sizes, is packed with a number of security innovations. (DancingDinosaur considered the IBM LinuxONE Rockhopper as the current z entry point but it is a Linux-only machine.) For zOS the z13s will be the entry point. The security innovations include:

• Ability to encrypt sensitive data without compromising transactional throughput and response time through its updated cryptographic and tamper-resistant hardware-accelerated cryptographic coprocessor cards with faster processors and more memory. In short: encryption at twice the speed equates to processing twice as many online or mobile device purchases in the same time, effectively helping to lower the cost per transaction.
• Leverage the z Systems Cyber Security Analytics offering, which delivers an advanced level of threat monitoring based on behavior analytics. Also part of the package, IBM® Security QRadar® security software correlates data from more than 500 sources to help organizations determine if security-related events are simply anomalies or potential threats, This z Systems Cyber Security Analytics service will be available at no-charge, as a beta offering for z13 and z13s customers.
• IBM Multi-factor Authentication for z/OS (MFA) is now available on z/OS. The solution adds another layer of security by requiring privileged users to enter a second form of identification, such as a PIN or randomly generated token, to gain access to the system. This is the first time MFA has been tightly integrated in the operating system, rather than through an add-on software solution. This level of integration is expected to deliver more streamlined configuration and better stability and performance.

Hybrid computing and hybrid cloud also play a big part in IBM’s thinking latest around z Systems. As IBM explains, hybrid cloud infrastructure offers advantages in flexibility but can also present new vulnerabilities. When paired with z Systems, IBM’s new security solutions can allow clients to establish end-to-end security in their hybrid cloud environment.

Specifically, IBM Security Identity Governance and Intelligence can help prevent inadvertent or malicious internal data loss by governing and auditing access based on known policies while granting access to those who have been cleared as need-to-know users. IBM Security Guardium uses analytics to help ensure data integrity by providing intelligent data monitoring, which tracks users as they access specific data and help to identify threat sources quickly in the event of a breach. IBM Security zSecure and QRadar use real-time alerts to focus on the identified critical security threats that matter the most.

Conventional z System data centers should have no difficulty migrating to the z13 or even the z13s.  IBM told DancingDinosaur it will continue to protect a client’s investment in technology with serial number preservation on the IBM z13s.  The company also is offering upgrades from the zEnterprise BC12 (zBC12) and from the zEnterprise 114 (z114) to the z13s.   Of course, it supports upgradeability within the IBM z13 family; a z13s N20 model can be upgraded to the z13 N30 model. And once the z13s is installed it allows on demand offerings to access temporary or permanent capacity as needed.

DancingDinosaur is Alan Radding, a veteran information technology analyst and writer. Please follow DancingDinosaur on Twitter, @mainframeblog. See more of his IT writing at technologywriter.com and here.

Updated Software for IBM zEC12

Everyone gets excited by a new piece of hardware, but it is the software that enables the new machine to work its magic. This certainly is the case with the zEC12. On Oct. 3 IBM announced  upgrades to zEnterprise workhorse software like CICS, Omegamon, Cognos, and zSecure intended to better tap the capabilities of zEC12. Even IMS and Sterling are getting a refresh.

Also getting increased attention is Netezza, which has emerged as a key component of IBM’s data analytics approach. Netezza enables IBM to counter Oracle’s Exalytics, another in-memory data analytics appliance. In fact, IBM’s announcement of the newest PureSystems, the PureData System, earlier this week gives IBM another counter punch.

For the zEnterprise IBM adds a flexible storage capability that provides the performance of the IDAA while removing the cost of storage from the z. Netezza will work with whatever IBM storage the organization prefers.  A new incremental update capability propagates data changes as they occur, making it possible to analyze activity almost immediately. This resolves the problem of the data currency, in effect providing as close to real-time analytics as most organizations will get or need.

CICS, which already had become a mainframe workhorse through SOA and web services, now adds rich cloud capabilities too. CICS v5.1 brings new web app capabilities built on the WAS Liberty Profile. New PaaS capabilities enable it to host SaaS apps based on CICS applications. It also employs a new lightweight Java web container that combines Java Servlets and JSPs with fast local access to CICS applications.  IBM reports the enhanced CICS v5.1 delivers a 25% performance gain.

Various online discussion groups are buzzing about the zEC12 software enhancements.  A sampling:

• IBM provides DB2 10 performance enhancements for z/OS. As importantly for mixed platform (hybrid) shops DB2 10 LUW (Linux UNIX Windows) also will provide similar performance improvements.
• There is added support for Oracle’s PL/SQL for DB2 10 for stored procedures and Oracle application interfaces for Java, Pro*C, Pro*COBOL, and Forms.
• IBM also announced significant transactional performance improvements when running WebSphere on the zEC12.
• IBM has started a Beta Testing Program for the new CICS Transaction Server 5.1 release that has a significant number of enhancements to support Web Applications and CICS application modernization, mainly through IBM’s Rational HATS.
•  IBM has also improved performance of the C/C++ V1.13 compiler, Metal C feature of the IBM z/OS XL C/C++ compiler; and PL/1 V4.3 compiler for the zEC12.

Maybe less of a buzz generator but IBM Sterling gets a boost with the Sterling B2B Integrator V5.2.4 and Sterling File Gateway V2.2.4 for integration and file-based exchanges. IBM’s zSecure suite V1.13.1 brings new integration with QRadar, expanded integration points with DB2, enhanced RACF database cleanup capabilities, and support for the new enhanced CICS Transaction Server.

IBM also used the announcement to promote the relaunch of zEnterprise Analytics System 9710 (previously called IBM Smart Analytics System 9710) an unusual combo data decision system for analytics. It joins high performance data warehouse management with System z availability and recoverability using the z114. When the IDAA is added the result is a hybrid system of MPP and SMP technologies that combines mixed workload capabilities—both transaction and high speed analytical applications—on single platform tuned for operational business analytics.

Independent Assessment, publisher of DancingDinosaur, has finally released its newest white paper, zEnterprise BladeCenter Extension (zBX): the Case for Adopting Hybrid Computing. It is the most updated look at the zBX yet, including details on the zEC12. Available for free. Click here.