The News – IBM today announced the latest version of the zSystems product line the z16. This new system is the 16th generation of systems that leverage the CMOS architecture. Read the full Press Release from IBM here.
IBM’s New z16 Mainframe – A Deep Dive
Analyst Take: While both the headlines and IBM’s press release go long on the AI inferencing acceleration and the quantum-safe encryption capabilities of the new system, I wanted to review the tech specs and get underneath what is new and what is the same when you look at the current z15 and the new Telum processor-based z16 system.
Each new IBM Z platform is an opportunity for a team of thousands of IBMers across the globe to deliver not only a new chip design, but also a completely new family of systems. This drop of new technology normally happens every 8 to 10 quarters, with the last generation the z15 having been launched back on September 12th 2019. The first system in the newly announced z16 family is what used to be called the ‘high-end’ and is a 4 rack up to 200 processor system. Based on previous mainframe hardware cycles, the ‘midrange’ system will typically ship 4 to 6 quarters later and will offer reduced clock speeds and reduced processor capacity. In addition to the multi-operating system zSystems, the chip architecture and system design are largely carried over in the LinuxONE family of servers, that have in the past either been announced at the same time as the zSystems line or shortly afterwards. IBM has taken the decision this time around to launch the z16 with no corresponding LinuxONE launch, so we will have to wait to find out what those systems will look like.
IBM z16 — Hardware Deep Dive
Having reviewed the 80+ page Red Book on the latest IBM z16, I wanted to provide a deep dive on what we can expect from the new system. The first thing to cover is that IBM’s z16 leverages the Telum processor that was announced at the Hot Chips conference last year. Futurum Research Principal Analyst, Daniel Newman covered the Telum announcement at the time.
We now have the specs of the full system and can compare them side by side with the z15, with the ability to identify where IBM has made the claimed performance improvements system. While the IBM z16 has a new processor chip design with each processor unit (PU) running at 5.2 GHz (the clock speed here is the same as the z15). IBM has made claims in the past that this processor clock speed is the fastest commercially available processor on the market. The marketing materials this time around with the z16 don’t stress this claim, so either another vendor has caught up or IBM has decided to stop stressing this leadership point. Regardless, a 5.2 Ghz processor is lightning fast and if not the fastest, in the industry is certainly right up there in terms of raw clock speed.
One area where IBM’s z16 bests the z15 is that the new system provides 17% more processor capacity per CPC drawer compared to the IBM z15. The IBM z16 (machine type 3931) has one model: the A01. The maximum number of characterizable processor units (PUs) with the IBM z16 is represented by feature names: Max39, Max82, Max125, Max168, and Max200. The Max200 configuration is larger than the z15 generation where the system had a maximum processor capacity of 190 PUs. This may sound like a minor point, but an additional 10 PUs in a system represents a significant amount of capacity for the larger customers. Many mainframe customers have multiple systems and the ability to slim down the number of physical system deployments to meet a certain capacity or performance requirement will be a key criterion for many considering an upgrade.
IBM z16’s Server Features On-Chip Integrated Accelerator for AI
The IBM z16 server is built with the on-chip Accelerator for AI that radically improves decision velocity in transactional scenarios. The on-chip AI scoring logic provides sub-microsecond AI inferencing for deep learning and complex neural network models. This affords the ability to handle the demands of near real-time AI data gravity and transaction gravity intersect. What is required to handle these demanding scenarios is data is co-collocated with transactional systems and infused with AI inferencing. Only then can customers achieve the holy grail of insights at speed and at a scale to enable the decision velocity they so desperately need.
The on-chip Integrated Accelerator for AI is designed for high-speed, real-time inferencing at scale. It is designed to add more than six TFLOPS of processing power shared by all cores on the chip. This centralized AI design is intended to provide extremely high performance and consistent low-latency inferencing for processing a mix of transactional and AI workloads at speed and scale.
The ability to apply complex neural network inferencing on real-time data can deliver insights within high throughput enterprise workloads while still meeting stringent SLAs. This new AI inference capability will allow customers to make improved insights at the point of impact, for instance, in scenarios like fraud detection in credit card transactions. While fraud detection is commonplace within the major credit card processors, the constraints of current systems mean that not every translation is analyzed and rather a sampling approach is adopted. With the new z16, IBM is looking to enable its customers to apply AI model to every transaction. Credit card processing is just one example, and I envision this improved AI capability being useful to many customers with heavy trans-national workloads that require AI to be applied with as little latency as possible.
The mainframe is a transaction workhorse, often being the ‘system of record’ for databases and applications that support mission-critical functions for banks, insurance companies, health care providers, retailers, government agencies, and beyond. A key part of any transactional system is the cacher available to the processor. Cache size is materially important in transactional scenarios, as it enables the system to not have to traverse to memory in order to process the transaction. The IBM z16’s redesigned cache structure has the following cache sizes:
- 256 KB L1 per PU core
- 32 MB semi-private L2 per PU core
- 256 MB (logical) shared victim virtual L3 per chip
- 2 GB (logical) shared victim virtual L4 per CPC drawer
The result of these cache improvements is where I envision IBM is deriving the 11% single thread performance improvements against the z15 system. In subsequent briefings I will be interested to delve deeper on this topic. The key takeaways here are that the IBM z16 delivers 1.5x more cache capacity per core over the IBM z15 and reduced average access latency and this is vitally important for the customer base who rely on the transactional processing capabilities of their mainframe systems.
The IBM z16 Memory
The IBM z16 memory uses a proven, and I believe a unique approach to memory, namely redundant array of independent memory (RAIM) technology to ensure high availability. This memory approach affectively stripes data across the memory in a RAID 10 format, ensuring that the system isn’t impacted by memory failures often seen in commodity x86 and ARM based systems.
While the z16 has the same overall capacity as the z15 at up to 40 TB (10 TB per CPC drawer) of addressable memory per system this is more than enough for most uses cases where a zSystem is deployed. I will be interested to see whether the LinuxONE systems have the same capacity as Linux and open source workloads are more memory intensive and demanding and, as such, 40 TB may be a constraint for Linux only workloads if LinuxONE is to compete against high-end systems like the Superdome range from HPE and the recently updated Exadata systems from Oracle.
Connectivity Options Abound
The devil is in the details when you configure a mainframe system and the system provides a myriad of configurable options for connecting the system to other systems in a sysplex (the way to cluster mainframes), to storage devices or networks. IBM pre-sales teams get extensive training on the options and choices that customers can make here, so customers need not worry. IBM also does a very extensive job on checking and checking again any configuration before it ships to a customer, with a proven technical assurance methodology.
The z16 highlights in the connectivity space are: The IBM z16 in the Max200 configuration can support up to 12 PCIe+ I/O drawers. Each I/O drawer can support up to 16 I/O or special purpose features for storage, network, and clustering connectivity, as well as cryptography. The following features were introduced with the IBM z16:
- FICON Express32S
- OSA-Express7S 1.2
- RoCE Express3 (Long Reach and Short Reach)
- Coupling Express2 Long Reach
Security and Encryption
IBM’s zSystems customers are the most demanding when it comes to security, as many operate in highly regulated industries and use their mainframe systems as the ‘system of record’ to store their most sensitive data. Every generation IBM makes solid enhancements in the security space, and these are always well received by their customer base. The IBM z16 has added functions to protect today’s data now, as well as from future cyberattacks that can be initiated by quantum computers. The IBM z16 provides the following quantum-safe capabilities:
- Key generation
- Key encapsulation mechanisms
- Hybrid key exchange schemes
- Dual digital signature schemes
In addition to the quantum-safe cryptographic capabilities, tools such as IBM Application Discovery and Delivery Intelligence (ADDI), Integrated Cryptographic Service Facility (ICSF), and IBM Crypto Analytics Monitor (CAT) can help customers discover where and what cryptography is used in applications. IBM asserts that these capabilities can aid in developing a cryptographic inventory for migration and modernization planning.
Pervasive Encryption Remains Important in the Z16
IBM launched Pervasive encryption in the z15 generation and continues to stress this capability in the z16 launch, and rightly so. Pervasive Encryption attempts to shift the paradigm for security to a data-centric one. A paradigm where data becomes the new perimeter, and the encryption applies to all of the data, regardless of its origin and location. Vital in this approach is that it does not require costly application changes and is therefore transparent to the applications and their service consumers.
Pervasive encryption provides a holistic approach to data encryption, for data-at-rest (stored in persistent storage) and data in-flight (transactions). This approach reduces the risks of a security breach and financial losses that are associated with it and adhere to the standards and compliance. In order to achieve this holistic approach, the z16 uses hardware cryptography acceleration, which is by IBM claimed to be more effective, performant, and stable compared to software encryption.
IBM is positioning the z16 as the industry’s first quantum-safe system and is highlighting that z16 is protected by quantum-safe technology across multiple layers of firmware. The Quantum-safe secure boot technology in the z16 helps protect firmware from quantum attacks through a built-in dual signature scheme with no configuration changes that are required for enablement.
With the new Crypto Express8S, IBM z16 helps deliver quantum-safe APIs that position businesses to begin the use of quantum-safe cryptography along with classical cryptography as they begin modernizing applications and building new applications.
Discovering where and what kind of cryptography is being used is a key first step along the journey to quantum-safety. IBM z16 provides instrumentation that can be used to track cryptographic instruction execution in the CP Assist for Cryptographic Functions (CPACF).
Pervasive encryption is enabled through integration between IBM z16 hardware and software, and includes the following Integrated cryptographic hardware features:
- CPACF is a coprocessor on every PU that accelerates symmetric encryption operations.
- Crypto-Express features are hardware security modules (HSMs) that comply with Federal Information Processing Standards (FIPS) 140-2 Level 4 (achieving the highest level of compliance within this standard).
An HSM is a hardware computing device that safeguards and manages digital keys for strong authentication and accelerated crypto-operations and algorithms and accelerates various cryptographic algorithms (digital signature sign/verification and many others) as well as acting as tamper-proof storage for private keys and other highly sensitive information. The CPACF and Crypto-Express are implemented on the hardware level and are supported natively by all IBM Z operating systems.
Another key feature in the current geopolitical climate is Secure Boot, which is an enhancement that secures the booting process of an open-source operating system, such as Linux. With the increased number of public open source repository and supply chain attacks, the extra step of verifying that the operating system kernel version has been introduced in z16 Secure Boot validates that an operating system kernel is from an official provider and is not compromised therefore providing a complete chain of trust from a trusted source to a boot loader. The process enforces Common Criteria compliance, which is becoming a mandatory requirement for many customers.
These security features are vital to the core base of zSystems customers, but they are also being acknowledged by new customers, especially in the cryptocurrency space. I am seeing IBM winning new clients here, which is a testament to the innovation and cutting edge capabilities of the architecture.
IBM Z Security and Compliance Center
One announcement that was light on details was the Security and Compliance Center announcement. IBM is positioning this new capability only available on z16 as being designed to help simplify and streamline compliance tasks. According to IBM, this solution provides a centralized, interactive dashboard for a consolidated view of compliance posture and system-generated evidence in near real-time. Customers can now apparently check the regulatory posture of systems on-demand and more easily identify drift so that it can be remedied quickly. I will be interested to find out more about this functionality as, on the surface, it seems to address the concerns of many CISOs. If IBM is able to deliver on the claims, should be an accelerant to z16 adoption within its customer base.
In an environment where IBM knows what every existing zSystems customer has deployed down to the finest detail and the customer base is largely static (apart from the LinuxONE systems), the vital question to ask is: has the z16 system given customers a reason to upgrade? We will only get to know the answer to this question by looking at the results the zSystems business posts over the next few quarters, and then only with very little transparency. What I can say is the signs look promising based on the announcement details. IBM continues to focus on the core strengths of the system and deliver incremental improvements around performance, scalability, and availability are not headline grabbers — more importantly, they are what clients rely on the system to deliver.
When you couple this with infusing the processor with AI capabilities and providing quantum safe encryption, the z16 delivers capabilities not seen on other systems. Based on these new capabilities, it is my opinion that IBM will be able to capture the attention of its loyal customer base with z16 and establish the high level desire that will ultimately lead to a complex commercial discussion that results in an upgrade from prior versions. At the end of the day, that is the best IBM can hope for from this workhorse product line that underpins so much of its growth ambitions in other more headline-grabbing parts of the industry.
Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum Research as a whole.
The original version of this article was first published on Futurum Research.
Other insights from Futurum Research:
Image Credit: IBM
Steven Dickens is Vice President of Sales and Business Development and Senior Analyst at Futurum Research. Operating at the crossroads of technology and disruption, Steven engages with the world’s largest technology brands exploring new operating models and how they drive innovation and competitive edge for the enterprise. With experience in Open Source, Mission Critical Infrastructure, Cryptocurrencies, Blockchain, and FinTech innovation, Dickens makes the connections between the C-Suite executives, end users, and tech practitioners that are required for companies to drive maximum advantage from their technology deployments. Steven is an alumnus of industry titans such as HPE and IBM and has led multi-hundred million dollar sales teams that operate on the global stage. Steven was a founding board member, former Chairperson, and now Board Advisor for the Open Mainframe Project, a Linux Foundation Project promoting Open Source on the mainframe. Steven Dickens is a Birmingham, UK native, and his speaking engagements take him around the world each year as he shares his insights on the role technology and how it can transform our lives going forward.