IBM’s mainframe thinking - something old, something new, something borrowed, something Big Blue

Profile picture for user mbanks By Martin Banks September 17, 2019
A story with the word `mainframe’ in it, so look away now. But then you might miss something that, for any business throwing high volumes of sensitive data around their networks, could prove to be worth at least a bit of investigation.


First impressions are that the latest incarnation of IBM’s mainframe family, the z15, is based around a fortuitous coming together of a bride’s outfit for a wedding: something old, something new, something borrowed, something blue.

The old is one of the mainframe’s oldest capabilities; running large numbers of secure, pretty damned bomb-proof partitions. The new (Ok, not that new) is the use to which those partitions are to be put, while, the borrowed element is the use of applications container technology and the blue is, of course, IBM’s ancient and venerable nickname, Big Blue’

The reason there has been this marriage, in the form of a new member of the z-Series family, is because IBM, with its growing experience in the provision of enterprise cloud services and its acquisition of Red Hat has spotted an opportunity to provide a new approach to data security in the large enterprise multi-cloud services marketplace.

The main target is one of the inevitable weak spots of such environments, the point where data is in transit between systems. Here is it often out on the public  networks where it is at its most accessible and therefore most vulnerable.

The old adage of `if it moves encrypt it’ is a good one, but not always adhered to, and can still fall foul of weak points in the security of the digital roads the data has to travel. The IBM approach is pitched towards the notion of making the data as bomb proof as possible, using the power and capabilities of the z-Series mainframe to make it so.

Some may think the days of the mainframe are long past except for back office duties in the most venerable of established enterprises, yet IBM reckons that as much as two-thirds of the Fortune 100 enterprises are already using them as central components of a security environment for hybrid cloud operations. And a large percentage of them are still committed to working with z-Series systems.

Adding a new z15 may not be that much of an arduous task for most of them, and given the quantity and sensitivity of the data many of them work with this may well be considered a worthwhile investment.

The key security service the z15 targets is that one which is essential for large enterprise, multi-cloud environments – encryption. As such that is not new, but what IBM is adding is what it calls its Data Privacy Passport technology. This provides users with the ability to protect and provision data and revoke access to that data at any time, not only within the z15 environment but across an enterprise's hybrid multi-cloud environment.

Should there be an attack, one of the key factors for any business, regardless of what steps need be taken to remediate its long term effects, is to get the business working again as quickly as possible. With this in mind IBM is pitching Instant Recovery. This based on new System Recovery Boost Technologies developed for the z15 which provide users with full system capacity for a period of time. This allows them to  effect an accelerated shutdown and restart of IBM z-Series services, as well as providing a temporary capacity boost to help businesses recover from any time lost.


For those users with a heavier commitment to z-Series-based services and resources, the z15 also comes with a new Cloud-Native Development environment. This is aimed providing users with the development tools needed to ‘cloudify’ existing legacy applications, as well as build new cloud-native apps. Underlying both is the objective of providing secure integration of important workloads across multiple clouds.

Making this happen is where the partitioning capabilities of mainframes comes into play. When the first z-Series systems appeared, they featured the ability to be partitioned into a maximum of 4,000 of them, with each featuring the ability to an instance of Linux. The actual number of partitions was dependent on the type of tasks each was running, with the maximum reached if all were running the same task as that allows the maximum sharing of system resources.

With the focus on running security tools, and in particular encryption and the Data Privacy Passport technology, each partition is running similar tasks. To make that easier, the apps are containerized and, depending on the specific configuration for the z15, each partition can, according to the company, run thousands of individual containers.

The results certainly sound impressive. Systems can run at up to 1 trillion web transactions a day and scale-out to 2.4 million Linux containers in a single z15 system. That is claimed to be up to 2.3 times more containers per core than a bare-metal x86 platform running an identical web server load. The z15 core architecture is also claimed to deliver up to 30x lower latency and up to 28 times less CPU utilization, by compressing secure web transaction data before encryption. This uses the dedicated Integrated Accelerator for z Enterprise Data Compression instead of using software compression.

Though the target market is still going to be where IBM has its strongest hold – the big enterprise user – the appearance of the z15, and in particular the Data Privacy Passport technology, holds out the potential for a far wider opportunity. For now the ultimate `weak point’ here (in potential marketing opportunity terms only) is that getting anything out of the z15 means, essentially, having one at each end of the network where data transmission is required.

For many of those large enterprises the investment required will be in the region of marginal cost: they will also be z-Series mainframe users already. But there is hint here of far more opportunity for the technology. It has long been possible, especially in areas such as running applications development tools, to run mainframe software on x86 architecture, and it would no doubt make sense to provide the option to do just that for its customers, especially as the growth in frontline edge compute requirements grows, requiring a z15 at every such location may well be seen as overkill by enterprise CFOs.

Having a version available for commodity cloud resources would make economic sense, even if there is a hit on latency. That could also open up the rest of the cloud market to some important IBM technology at a time when the edge is itself opening, which in turn could open up IBM Cloud as an important component in the growing multicloud world.

My take

Simply put, this to me is a tech development with important opportunities for IBM’s existing large enterprise customer base, but it has the potential to be a great deal more. But that will require IBM to understand that this is about much more than being a mainframe product offering.