Presto crypto: IBM releases gruntier, faster Z14 mainframe

Secure shelter under expanded cryptographic umbrella


IBM has launched its latest, newest, biggest, baddest mainframe, the z14 system.

It features the next generation of IBM's CMOS mainframe chip technology, with 10-core processors using 14nm silicon-on-insulator technology, and running at 5.2GHz, claimed to be the fastest processor in the industry. Each core has hardware accelerated encryption implementing a CP Assist for Cryptographic Function (CPACF). The CPU also has 1.5 times more on-chip cache per core compared to the z13. There can be up to 32TB of memory, three times the z13 maximum, and its IO is three times faster as well.

A compression co-processor in each core has been improved to use fewer CPU cycles for compression/de-compression and DB2 will take advantage of that in the future.

IBM says the z14 has 10 per cent more performance per core than z13, and there are up to 170 configurable cores, meaning up to 35 per cent more total capacity in a single footprint compared to a z13.

IBM_z14_PR_shot

IBM z14 PR shot

The z14 CPU has new instructions in the single instruction, multiple data (SIMD) facility that speeds traditional decimal operation workloads (i.e. COBOL 6.2, PL/I 5.2) and analytics (ie, Apache Spark for z/OS) beyond that provided by the faster processor.

IBM claims the z14 can run Java workloads 50 per cent faster than x86 alternatives. FICON SAN access features 10 times lower latency than the z13 with the zHyperLink Express, enabling application response time to be cut in half.

The z14 has a scalable system structure that delivers up to a 35 per cent capacity increase for traditional workloads and an up to a 35 per cent capacity increase for Linux workloads compared to the previous generation z13.

There is coming z/OS software that will provide capabilities for private cloud service delivery, that will include support of workflow extensions for IBM Cloud Provisioning and Management for z/OS and real-time SMF analytics infrastructure support.

Encryption

The z13 was launched in 2015. At the time we wrote it was grunty enough to do “real time encryption of all mobile transactions at any scale” up to a claimed 2.5 billion transactions a day. The z14 is even gruntier and bumps that up almost five fold to 12 billion encrypted transactions per day.

Big Blue burbles it can run the world's largest MongoDB instance with 2.5x faster NodeJS performance compared to paltry x86-based platforms. It supports 2,000,000 Docker containers and 1,000 concurrent NoSQL databases, it's claimed.

The system has an encryption engine, has a 7x increase in cryptographic performance over the z13, with a 4x increase in silicon dedicated to cryptographic algorithms. It protects encryption keys with so-called tamper responding hardware which invalidates keys at any sign of meddling, and IBM says they can be later restored safely. This capability can be extended outside the z14 to storage systems and servers in the cloud.

A Secure Service Container protects is claimed to protect against insider threats from contractors and privileged users, providing automatic data and code encryption in-flight and at-rest, and tamper-resistance during installation and runtime. Information has to be decrypted before it is processed, of course.

This mainframe responds to API calls from cloud services and z14 developers can call any cloud service. These APIs can be encrypted nearly three times faster than x86 systems, claims IBM.

The z14 can "pervasively encrypt data associated with any application, cloud service or database all the time," including IBM's Cloud Blockchain service. The company has set up IBM Cloud Blockchain data centres in Dallas, London, Frankfurt, Sao Paolo, Tokyo and Toronto, which are secured using the capital Z mainframe as the encryption engine.

Ross Mauri, general manager IBM Z, gave out an (unencrypted) canned quote saying: "The vast majority of stolen or leaked data today is in the open and easy to use because encryption has been very difficult and expensive to do at scale. We created a data protection engine for the cloud era to have a significant and immediate impact on global data security."

There are new container pricing models:

  • Microservices and applications can be co-located to optimize qualities of services priced competitively (IBM claims) with public cloud and on-premises systems,
  • Application development and test - customers can triple capacity with no increase in their monthly licence charge,
  • Pricing based on the payments volume a bank processes, not the available capacity,

These pricing models are scalable within and across logical partitions (LPARs) and provide better metering, capping and billing.

Our thoughts

The two biggest threats to IBM's continued mainframe revenue stream are x86 servers and the public cloud, hence IBM's Z release being littered with "better than x86" statements and claims. The pervasive encryption should encourage security-conscious CIOS to keep mainframe apps on the mainframe and in-house, helping to stem the dykes walling off the x86 server and public cloud seas threatening to breach its proprietary mainframe profit centre.

The pricing changes are intended to fend off the public cloud as well.

An analysis from Toni Sacconaghi Jr for Bernstein Research says IBM's hardware business is in secular decline, and, while mainframe hardware contributes just 3 per cent of revenues, the overall mainframe platform accounted for nearly a quarter of total IBM revenues and an estimated 40 per cent of profits in 2016.

Sacconaghi said he has seen a decline in mainframe hardware revenues from a historic $3bn - $4bn a year to $2bn in fiscal 2016, attributable to fewer new workloads or volumes moving to the mainframe, and some potential migration of Linux workloads off the mainframe.

The overall mainframe platform revenues come from IBM's base and not from new hardware sales. Consequently the z14's prime role is to support and continue this installed base revenue stream.

Container pricing for IBM Z is planned to be available by year-end 2017 and enabled in z/OS V2.2 and z/OS V2.3. Get a z14 datasheet here. ®

Similar topics


Other stories you might like

  • GPL legal battle: Vizio told by judge it will have to answer breach-of-contract claims
    Fine-print crucially deemed contractual agreement as well as copyright license in smartTV source-code case

    The Software Freedom Conservancy (SFC) has won a significant legal victory in its ongoing effort to force Vizio to publish the source code of its SmartCast TV software, which is said to contain GPLv2 and LGPLv2.1 copyleft-licensed components.

    SFC sued Vizio, claiming it was in breach of contract by failing to obey the terms of the GPLv2 and LGPLv2.1 licenses that require source code to be made public when certain conditions are met, and sought declaratory relief on behalf of Vizio TV owners. SFC wanted its breach-of-contract arguments to be heard by the Orange County Superior Court in California, though Vizio kicked the matter up to the district court level in central California where it hoped to avoid the contract issue and defend its corner using just federal copyright law.

    On Friday, Federal District Judge Josephine Staton sided with SFC and granted its motion to send its lawsuit back to superior court. To do so, Judge Staton had to decide whether or not the federal Copyright Act preempted the SFC's breach-of-contract allegations; in the end, she decided it didn't.

    Continue reading
  • US brings first-of-its-kind criminal charges of Bitcoin-based sanctions-busting
    Citizen allegedly moved $10m-plus in BTC into banned nation

    US prosecutors have accused an American citizen of illegally funneling more than $10 million in Bitcoin into an economically sanctioned country.

    It's said the resulting criminal charges of sanctions busting through the use of cryptocurrency are the first of their kind to be brought in the US.

    Under the United States' International Emergency Economic Powers Act (IEEA), it is illegal for a citizen or institution within the US to transfer funds, directly or indirectly, to a sanctioned country, such as Iran, Cuba, North Korea, or Russia. If there is evidence the IEEA was willfully violated, a criminal case should follow. If an individual or financial exchange was unwittingly involved in evading sanctions, they may be subject to civil action. 

    Continue reading
  • Meta hires network chip guru from Intel: What does this mean for future silicon?
    Why be a customer when you can develop your own custom semiconductors

    Analysis Here's something that should raise eyebrows in the datacenter world: Facebook parent company Meta has hired a veteran networking chip engineer from Intel to lead silicon design efforts in the internet giant's infrastructure hardware engineering group.

    Jon Dama started as director of silicon in May for Meta's infrastructure hardware group, a role that has him "responsible for several design teams innovating the datacenter for scale," according to his LinkedIn profile. In a blurb, Dama indicated that a team is already in place at Meta, and he hopes to "scale the next several doublings of data processing" with them.

    Though we couldn't confirm it, we think it's likely that Dama is reporting to Alexis Bjorlin, Meta's vice president of infrastructure hardware who previously worked with Dama when she was general manager of Intel's Connectivity group before serving a two-year stint at Broadcom.

    Continue reading

Biting the hand that feeds IT © 1998–2022