IBM announces a new mainframe today: the IBM z13s. There are many, many other big announcements today. I’ll have more to say here soon, but in the meantime take a look….

….OK, I’m back! Here are some of my takeaways from IBM’s series of announcements.

IBM’s biggest theme for the new z13s is security in the full sense of the word. This morning I woke up to the glibc security news (debacle). What a mess, and the messes just keep coming. But not with these IBM z Systems. The z13s raises the already high bar again in providing the most highly securable computing problem, including especially for “hybrid clouds,” another major IBM theme. In simple terms (and to me anyway), hybrid clouds take the best parts of cloud technologies and business models, the best parts of traditional on premises computing, and marry them (for/in love). For decades IBM z machines have provided Software as a Service (SaaS), Information as a Service (IaaS), Platform as a Service (PaaS), Business Process as a Service (BPaaS) — that’s not new, and mainframes support such business models extremely well. It’s no coincidence that IBM featured Vodafone in the z13s announcement, a new IBM z customer that is providing new SaaS offerings to municipal governments in Spain, hosted on Vodafone’s multi-tenant IBM z machine with extremely high qualities of service and extremely low cost. IBM also emphasized various payment services in its IBM z13s announcement as another important category where security, trust, and continuous service are also paramount. What is new is that all the pieces have finally and uniquely come together, that the marriage has truly been consummated in the IBM z13, z13s, and LinuxONE platforms.

There are many new security innovations, but I’d like to focus on IBM Multi-Factor Authentication for z/OS for a moment and draw your full attention to it, especially if you have a role in protecting your business or government agency. In my view this innovation is the most important at least since OS/390 introduced SSL/TLS client certificate authentication in the 1990s or even perhaps since RACF’s introduction in the 1970s. Multi-factor authentication means that, in order to access certain resources or services, you must provide, at a minimum, both something you know and something you have. The something you know might be a passphrase — well supported since at least z/OS 1.8, and please use them. The something you have might be an ID badge, a security token, or a mobile device that can receive text messages or push notifications. That’s the core capability that IBM Multi-Factor Authentication for z/OS provides to the z/OS Security Server and to RACF. It’s not a completely new capability. My bank, with lots of z/OS-based services, implemented consumer-facing multi-factor authentication several years ago. There have been many such solutions, including some from IBM. What is new is that this capability is now pervasive and deeper, built right into the z/OS Security Server. That means more businesses and governments can implement multi-factor authentication for more users, for more services, more often. Security doesn’t work unless it’s used; securable doesn’t automatically mean secure. You’ve still got to turn these capabilities on, and they’re still optional. But it’s becoming that much easier to turn them on and to use them well, and that’s a big deal. As a rough comparison, IBM Multi-Factor Authentication for z/OS has similarities to what Apple is delivering in its iOS-based devices with their strong client security features. z/OS appears to be the world’s first operating system to implement multi-factor authentication so deeply into the core fabric of its security subsystems, and there are some good architectural reasons why z/OS is first.

I like the nickname Steve Morgan at Forbes Magazine gave to the new z13s: the “Cyberframe.” Morgan is partially alluding to the fact that IBM has announced a free offer to its IBM z13 and z13s customers: free participation in the beta program for its new cybersecurity analytics service, to help customers monitor their systems to spot potential security concerns before they become genuine threats. I’m always in favor of more value for money, and this is one example. Please take IBM up on its offer. Free is good.

Another example of value for money is the new Shared Memory Communications-Direct Memory Access (SMC-D) between Logical Partitions (LPARs) that provides another secure, high performance connection type that complements HiperSockets and that does not require application changes. It’s a standard, included feature of the IBM z13s (and now also z13). Speaking of LPARs, you can configure up to 40 on a single z13s system, and they’re uniquely Common Criteria EAL5+ compliant to support truly secure multi-tenant installations.

IBM raised the bar, hugely, in minimum specifications. It was only just a few short years ago, with the IBM z114 introduced in 2011, that you could still buy a machine with a z/OS capacity of 26 PCIs and 8GB of main memory. In practice that meant a lot of small mainframe shops fought and lost battles with their own procurement departments, ending up with too little capacity even to keep their existing operations running smoothly. (A long time before that IBM and most other vendors well solved the pricing problems, introducing much better entry pricing.) The new z13s scales down quite nicely for those who need the smallest capacity mainframe configuration, but IBM has called a halt to most of the too-low nonsense. Now 80 PCIs is the minimum z/OS (and z/VSE and z/TPF) capacity, and minimum main memory is a whopping 64GB. (Have you ever tried to run a recent release of DB2 in an 8GB LPAR, never mind whole machine?) If you’ve still got a pricing concern with 80 PCIs, ask your vendors (including IBM) and sharpen your pencils, and in particular make sure you don’t have any vendor playing full capacity licensing games with you. But from what I’ve been able to observe such problems should be well in the past. So kudos to IBM for not perpetuating this bit of corner silliness. Nobody should have to waste even five seconds struggling with too little memory. Now if only Apple would stop shipping iPhones with only 16GB of flash storage….

Also happily, the z13s now scales up to over 7,000 PCIs, as many 20 customer configurable main processor cores (now with two threads each if they’re zIIPs or IFLs), and, brace yourself!, up to 4TB of real main memory per machine — an order of magnitude more than the previous maximum. Fan-freaking-tastic! Your “Big Data” monster has arrived, and this monster is not so little any more. What a long, long way we’ve come from the z800 and z890 machines, as examples — fine machines they were, but they were “small.” In fact, I encourage many “large machine” customers to take a serious look at adopting the IBM z13s, at least to equip remote data centers, DR centers, as external Coupling Facility machines (where merited), front-end processors, “on premises” outposts in non-owned data centers, for large application development teams, as mission critical control systems (power plants, ships), and so forth. Helpfully the z13s is much more tolerant of temperature and humidity than its predecessor, so physically it can go more places. When you get an IBM z System, you get an IBM z System, with all its countless quality characteristics. IBM hasn’t cut any corners. And if you’re fortunate enough to need more capacity than even the mighty z13s can provide, no problem, you can upgrade it to a “double wide” z13 and fully protect your investment.

In my view mainframe customers (and IBM) spend way, way too much time worrying about specific machines, each capacity delivery, etc. Here’s an idea: why don’t you order your mainframe capacity the same way you do public cloud capacity? Sign a 4, 5, or 6 year contract (or whatever term you like — 42 months?), schedule quarterly, semiannual, or annual capacity deliveries, then sit back and let IBM deliver them, with predictable (and low) budgeting and whatever technology level IBM can deliver. As long as you maintain at least reasonable software release level currency, no problem. Pick some reasonable capacity delivery schedule, which by now you should be able to forecast reasonably well, and relax. If you need more capacity above your forecast — a business acquisition that you didn’t forecast, or some unexpected business crisis — just make sure you have some Capacity On Demand and Plan Ahead Memory available in the package. If you need less, no problem, that’s what variable pricing is for (introduced a decade and half ago). Why all the drama, and why all the anxiety every September, or February, or end of fiscal year? This isn’t the 1970s any more. Keep it simple, because it is. You have better, more important stuff to focus on, like actual application innovation and security improvements, and so does IBM and their people.

I expect I’ll have some more comments to offer, but that’s a reasonable start for now. What do you think?

Posted in IBM.

Gene Amdahl, the chief architect of the IBM System/360 (the original, direct lineal ancestor of today’s modern IBM z Systems) and former IBM Fellow, died on November 10. He was 92. If you care at all about computing, pause for a moment to reflect on the passing of (most probably) history’s greatest system architect.

Amdahl’s career at IBM lasted only a total of 13 1/2 years in two stints, but what a stellar career it was (and outside of IBM, too). He worked on the landmark IBM 704, 709, and Stretch computer systems, then, in his second stint with IBM, he helped transform computing forever with the System/360. IBM invested a reported $5 billion (1964 dollars) in the System/360 project, a breathtakingly vast R&D investment to back Amdahl’s architecture. Fortunately the computing architecture Amdahl defined is history’s most durable, and IBM has recouped its investment many times over. That architecture thrives today in incredibly evolved form as the IBM z System with no physical correspondence whatsoever to the System/360 but still with Amdahl’s original design principles at its core. The design foundation was so strong, so enduring, that it’s extremely common for code written in 1965 to be running on today’s latest IBM z13 machine, unmodified, right alongside (and interacting with) 64-bit Java code written ten minutes ago, for example.

Amdahl was named an IBM Fellow in 1965, IBM’s highest honor in its technical and engineering professions. He had a falling out with IBM in 1970 over plans for a supercomputer. (IBM management didn’t think Amdahl’s ideas would be profitable.) After Amdahl left in 1970, IBM embarked on the Future Systems project that, in hindsight at least, was overly ambitious. Parts of the FS project ended up being useful, but for the most part FS was a business investment failure. In contrast, Amdahl founded a company that bore his name that, beginning in 1975, grew to become one of IBM’s biggest competitors ever. Amdahl left his company in 1979, but Amdahl’s “plug-compatible” mainframes reached about 22% marketshare and were still reasonably competitive well into the 1990s when Fujitsu, Amdahl’s initial investor, bought out the company.

IBM bet heavily on several key technologies in the 1990s that were, even in hindsight, risky, expensive bets, including moving from bipolar to CMOS processors throughout the product line, bringing Linux to the IBM mainframe (and with full IBM support), and the development of 64-bit z/Architecture. (The first 64-bit mainframe, the IBM zSeries z900, started shipping in 2000 and was a big success, kicking off the new century’s “mainframe renaissance.”) The CMOS transition was particularly difficult since the first CMOS processors were slower than the older bipolar technology on single threaded tasks, and many workloads are sensitive to single thread performance and throughput. Amdahl (the company) and particularly Hitachi, the other plug-compatible mainframe manufacturer, enjoyed a few years of increased sales during this rocky transition period. However, the writing was on the wall. Amdahl and Hitachi were not able to make the big investments to continue improving their mainframe designs, and z/Architecture in particular sealed their fates. Innovation also accelerated in software, beyond the boundaries of the physical system design. Hitachi and Fujitsu still continue to deliver mainframe systems in their domestic Japanese market with MVS-like domestic Japanese operating systems, though even in Japan IBM’s marketshare has eclipsed them both due to powerful economic forces and the engineering challenges in high-end server development.

It takes a team of great engineers to develop great technology, and Amdahl had a lot of great engineers working with him. That said, by all accounts he was an amazing, inspiring engineer and system architect. Thanks, Gene.

Connor Krukosky, an 18 year old college student, has installed an IBM z890 mainframe in his parents’ basement in Maryland. He posted some photos of his personal mainframe, and at last report (on IBM-MAIN) he has successfully booted Linux on z and can connect. His next task is to get some disk storage attached and working. You can follow his progress on the IBM-MAIN list.

Connor reports that he paid $237 for his mainframe, a capacity model 320 (approximately 120 PCIs according to IBM’s LSPR table). That means that Connor’s z890 has 3 of its 4 main processor cores configured as CPs, and CPs are technically capable of running any workloads, including Linux. It’s possible the 4th core is configured as some other engine type, though that’s unclear at this point. The z890 was available with anywhere from 8GB to 32GB of main memory, so Connor should have plenty of memory to support his personal mainframe workloads. It’s unclear exactly what I/O adapters he has installed in his particular machine, but the z890 was available with 2Gbps FICON/FCP and 10Gbps Ethernet.

IBM introduced the z890 in 2004 and halted new z890 sales in 2007. The z800 was its predecessor, and the z9BC was its successor. One of the reasons Connor likely got a great price on his used z890 is because z/OS 1.13 is the last release of z/OS compatible with this model. There are still some Linux distributions compatible with the z890, however.