….OK, I’m back! Here are some of my takeaways from IBM’s series of announcements.
IBM’s biggest theme for the new z13s is security in the full sense of the word. This morning I woke up to the glibc security news (debacle). What a mess, and the messes just keep coming. But not with these IBM z Systems. The z13s raises the already high bar again in providing the most highly securable computing problem, including especially for “hybrid clouds,” another major IBM theme. In simple terms (and to me anyway), hybrid clouds take the best parts of cloud technologies and business models, the best parts of traditional on premises computing, and marry them (for/in love). For decades IBM z machines have provided Software as a Service (SaaS), Information as a Service (IaaS), Platform as a Service (PaaS), Business Process as a Service (BPaaS) — that’s not new, and mainframes support such business models extremely well. It’s no coincidence that IBM featured Vodafone in the z13s announcement, a new IBM z customer that is providing new SaaS offerings to municipal governments in Spain, hosted on Vodafone’s multi-tenant IBM z machine with extremely high qualities of service and extremely low cost. IBM also emphasized various payment services in its IBM z13s announcement as another important category where security, trust, and continuous service are also paramount. What is new is that all the pieces have finally and uniquely come together, that the marriage has truly been consummated in the IBM z13, z13s, and LinuxONE platforms.
There are many new security innovations, but I’d like to focus on IBM Multi-Factor Authentication for z/OS for a moment and draw your full attention to it, especially if you have a role in protecting your business or government agency. In my view this innovation is the most important at least since OS/390 introduced SSL/TLS client certificate authentication in the 1990s or even perhaps since RACF’s introduction in the 1970s. Multi-factor authentication means that, in order to access certain resources or services, you must provide, at a minimum, both something you know and something you have. The something you know might be a passphrase — well supported since at least z/OS 1.8, and please use them. The something you have might be an ID badge, a security token, or a mobile device that can receive text messages or push notifications. That’s the core capability that IBM Multi-Factor Authentication for z/OS provides to the z/OS Security Server and to RACF. It’s not a completely new capability. My bank, with lots of z/OS-based services, implemented consumer-facing multi-factor authentication several years ago. There have been many such solutions, including some from IBM. What is new is that this capability is now pervasive and deeper, built right into the z/OS Security Server. That means more businesses and governments can implement multi-factor authentication for more users, for more services, more often. Security doesn’t work unless it’s used; securable doesn’t automatically mean secure. You’ve still got to turn these capabilities on, and they’re still optional. But it’s becoming that much easier to turn them on and to use them well, and that’s a big deal. As a rough comparison, IBM Multi-Factor Authentication for z/OS has similarities to what Apple is delivering in its iOS-based devices with their strong client security features. z/OS appears to be the world’s first operating system to implement multi-factor authentication so deeply into the core fabric of its security subsystems, and there are some good architectural reasons why z/OS is first.
I like the nickname Steve Morgan at Forbes Magazine gave to the new z13s: the “Cyberframe.” Morgan is partially alluding to the fact that IBM has announced a free offer to its IBM z13 and z13s customers: free participation in the beta program for its new cybersecurity analytics service, to help customers monitor their systems to spot potential security concerns before they become genuine threats. I’m always in favor of more value for money, and this is one example. Please take IBM up on its offer. Free is good.
Another example of value for money is the new Shared Memory Communications-Direct Memory Access (SMC-D) between Logical Partitions (LPARs) that provides another secure, high performance connection type that complements HiperSockets and that does not require application changes. It’s a standard, included feature of the IBM z13s (and now also z13). Speaking of LPARs, you can configure up to 40 on a single z13s system, and they’re uniquely Common Criteria EAL5+ compliant to support truly secure multi-tenant installations.
IBM raised the bar, hugely, in minimum specifications. It was only just a few short years ago, with the IBM z114 introduced in 2011, that you could still buy a machine with a z/OS capacity of 26 PCIs and 8GB of main memory. In practice that meant a lot of small mainframe shops fought and lost battles with their own procurement departments, ending up with too little capacity even to keep their existing operations running smoothly. (A long time before that IBM and most other vendors well solved the pricing problems, introducing much better entry pricing.) The new z13s scales down quite nicely for those who need the smallest capacity mainframe configuration, but IBM has called a halt to most of the too-low nonsense. Now 80 PCIs is the minimum z/OS (and z/VSE and z/TPF) capacity, and minimum main memory is a whopping 64GB. (Have you ever tried to run a recent release of DB2 in an 8GB LPAR, never mind whole machine?) If you’ve still got a pricing concern with 80 PCIs, ask your vendors (including IBM) and sharpen your pencils, and in particular make sure you don’t have any vendor playing full capacity licensing games with you. But from what I’ve been able to observe such problems should be well in the past. So kudos to IBM for not perpetuating this bit of corner silliness. Nobody should have to waste even five seconds struggling with too little memory. Now if only Apple would stop shipping iPhones with only 16GB of flash storage….
Also happily, the z13s now scales up to over 7,000 PCIs, as many 20 customer configurable main processor cores (now with two threads each if they’re zIIPs or IFLs), and, brace yourself!, up to 4TB of real main memory per machine — an order of magnitude more than the previous maximum. Fan-freaking-tastic! Your “Big Data” monster has arrived, and this monster is not so little any more. What a long, long way we’ve come from the z800 and z890 machines, as examples — fine machines they were, but they were “small.” In fact, I encourage many “large machine” customers to take a serious look at adopting the IBM z13s, at least to equip remote data centers, DR centers, as external Coupling Facility machines (where merited), front-end processors, “on premises” outposts in non-owned data centers, for large application development teams, as mission critical control systems (power plants, ships), and so forth. Helpfully the z13s is much more tolerant of temperature and humidity than its predecessor, so physically it can go more places. When you get an IBM z System, you get an IBM z System, with all its countless quality characteristics. IBM hasn’t cut any corners. And if you’re fortunate enough to need more capacity than even the mighty z13s can provide, no problem, you can upgrade it to a “double wide” z13 and fully protect your investment.
In my view mainframe customers (and IBM) spend way, way too much time worrying about specific machines, each capacity delivery, etc. Here’s an idea: why don’t you order your mainframe capacity the same way you do public cloud capacity? Sign a 4, 5, or 6 year contract (or whatever term you like — 42 months?), schedule quarterly, semiannual, or annual capacity deliveries, then sit back and let IBM deliver them, with predictable (and low) budgeting and whatever technology level IBM can deliver. As long as you maintain at least reasonable software release level currency, no problem. Pick some reasonable capacity delivery schedule, which by now you should be able to forecast reasonably well, and relax. If you need more capacity above your forecast — a business acquisition that you didn’t forecast, or some unexpected business crisis — just make sure you have some Capacity On Demand and Plan Ahead Memory available in the package. If you need less, no problem, that’s what variable pricing is for (introduced a decade and half ago). Why all the drama, and why all the anxiety every September, or February, or end of fiscal year? This isn’t the 1970s any more. Keep it simple, because it is. You have better, more important stuff to focus on, like actual application innovation and security improvements, and so does IBM and their people.
I expect I’ll have some more comments to offer, but that’s a reasonable start for now. What do you think?