Skip to main content

IBM Z Strengthens Security and Resiliency for Cloud Infrastructure

Three new offerings, including z/OS Cloud Broker, z/OS Container Extensions and Tailored Fit Pricing, make native cloud development possible on IBM Z.

Illustration of a cloud with three colorful, illuminated portions representing three new enhancements to the cloud

Image by Mark McGinnis

With 94% of enterprises using multiple clouds, cloud is no longer a strategic alternative, it’s a cornerstone of IT strategy (bit.ly/2VAwwyz ). A typical hybrid cloud environment includes the data center or traditional IT architecture where mission-critical applications and systems reside; an on-premises private cloud and/or public cloud(s) leveraged for basic services like compute, data and storage, and third-party cloud services such as artificial intelligence (AI) and blockchain.

The initial focus on cloud has been on lowering capex by migrating noncritical workloads to the cloud, and on accelerating innovation by quickly building new services on the cloud. Organizations blend existing investments with new flexible services to meet client expectations and increase efficiency.

Data, and maturing technologies like AI and machine learning to extract maximum value from data, are at the heart of competitive advantage and innovation. These services are increasingly being offered by third-party cloud services, complicating the already-busy IT architecture.

Despite high adoption rates, less than 20% of enterprise workloads are on the cloud. IBM believes that over the next 10 years, organizations will continue to shift data and applications to the cloud, coexisting with other applications, until, ultimately, the microservices architecture is fully exposed to new and existing applications.

However, several factors have been preventing that shift:

  • Security and compliance requirements, which make it essential to govern where data resides and who it may be shared with
  • Lack of centralized control to connect, integrate and manage systems, applications, and data across clouds
  • Lack of skills to prioritize and deliver modernization

These issues, and others, must be overcome to successfully empower the continued shift of workloads to the cloud. IBM recommends key elements to a well-planned hybrid cloud strategy (see Figure 1).

28_Figure1-(1).jpg

Figure 1

Why IBM Z for Hybrid Cloud?

So, how does the IBM Z* platform stack up to these requirements? With its high qualities of service (QoS) for securityscalability and resiliency, the enterprise platform is ideal for hybrid cloud infrastructure. QoS has been standard for the mainframe since long before cloud emerged—but it can now be leveraged in hybrid cloud infrastructures. Recent additions to the IBM Z cloud solutions portfolio enable open-source skills and tooling for developing and managing cloud applications and services. Let’s examine four key benefits of the platform and how they map to hybrid cloud requirements:
  1. Scalability. Organizations look to hybrid cloud to become more agile and grow faster. The IBM Z platform provides vertical scale, allowing new workloads and capacity to be added, on demand, without the need for new servers. Mainframe software, from the virtualization layer up to the middleware, provides the elasticity to deal with large differences in capacity so growth comes without lag time or performance risk.
  2. Resiliency. As more critical workloads move to the cloud, downtime becomes increasingly costly. Not only is the IBM Z server in a class of its own with 99.999% availability, there is no single point of failure. The Parallel Sysplex solution creates a framework for replicating all major processing elements of an IBM Z environment, providing a highly redundant infrastructure. New workloads can be added while the system continues to run and automated recovery procedures ensure nothing is lost during planned or unplanned outages.
  3. Security. As we have seen, security is one of the top concerns for continuing to move workloads and data to the cloud. The most secure commercial platform available on the market, the IBM Z platform features built-in security with pervasive encryption, which enables extensive encryption of data-at-rest or in-flight; Secure Service Containers, which ensure isolation of workloads; Key Management to ensure encryption key safety; Multi-Factor Authentication for z/OS*; and management tools to configure and monitor access control. The IBM Cloud Hyper Protect family also provides built-in data-at-rest and data-in-flight protection to help developers easily build applications with highly sensitive data. Offerings include Crypto and Key Management, Database services and Container services.
  4. Open standards. The lack of skills to deliver modernization has been felt by all, but perhaps none more than mainframe clients. With recent enhancements to IBM Z, the platform now leverages Linux* and secure container technology to offer a consistent and rapid approach to develop, test, and deploy cloud services across platforms. By transforming mainframe applications through z/OS Connect Enterprise and IBM API Connect, the mainframe exposes APIs to connect with cloud-native applications, enabling consumption of these services. Mainframe applications with these exposed APIs can request and use cloud-native services as well.
“Bringing together the paradigm of cloud development with the security, elasticity and multitenancy benefits inherent to IBM Z and z/OS to create new, native cloud applications is going to unlock a lot of doors and will help clients extract value from their existing IBM Z investments and assets.”
—Nathan Dotson, IBM Z offering manager, Cloud

IBM Cloud Offerings for IBM Z

IBM Cloud* Private (ICP) is a Platform as a Service enabling development and management of containerized applications. It sits behind the firewall, managed and controlled by the enterprise. Built on the container orchestrator Kubernetes, it contains a private image repository, a management console and frameworks for monitoring, logging and security. Extending ICP to IBM Z and LinuxONE* enables enterprise workloads to be run in a client-controlled and security-rich environment with all the QoS inherent to IBM Z.

Announced February 2019, IBM z/OS Cloud Broker provides the ability to integrate z/OS technology-based services and resources into ICP for modern cloud deployment and for consumption by the broader development community. That means developers with no z/OS skills can now consume IBM Z resources and services, leveraging the QoS of IBM Z alongside other distributed or public cloud services. “Bringing together the paradigm of cloud development with the security, elasticity and multitenancy benefits inherent to IBM Z and z/OS to create new, native cloud applications is going to unlock a lot of doors and will help clients extract value from their existing IBM Z investments and assets,” says Nathan Dotson, IBM Z offering manager, Cloud.

z/OS Cloud Broker exploits the Kubernetes container management platform, enabling the management of containerized workloads and services. Developers can pick and choose components, like building blocks, to create, deploy and manage new applications. But the operations team still controls which services are available while managing access and the number of instances that can be provisioned through ICP. z/OS Cloud Broker provides the visibility and management capabilities for those resources that have been enabled on the ICP.

In May, IBM previewed IBM z/OS Container Extensions (zCX), a new feature on z/OS v2.4, which will be available in September. The new feature provides a software appliance that can run almost any Linux on IBM Z Docker container in support of z/OS workloads on the same z/OS system without requiring a separately provisioned and managed Linux server. This enables access to development tooling and building blocks, like NoSQL databases, available in the Linux on IBM Z ecosystem. Developers can build new, cloud-native containerized applications using Docker and Linux skills and patterns, and deploy them on z/OS without requiring any z/OS skills. That allows organizations to protect their existing infrastructure investment.

IBM zCX also helps overcome cross-platform operational challenges by managing and servicing the entire software appliance—including Linux and underlying Docker components required. Gus Kassimis, Distinguished Engineer, IBM Z, notes that “the ability to easily extend z/OS applications and workloads without needing to install and maintain Linux and Docker,” is a key benefit for existing IBM Z clients.

Although developed on Linux, applications and services will directly leverage the z/OS QoS. Workloads in zCX will benefit from high availability and DR planning via features like IBM HyperSwap*, storage replication and IBM GDPS. The ultimate protection from z/OS pervasive encryption applies as well, without any changes to the Linux software.

Applications within zCX leverage z/OS workload management capabilities for capacity planning and tuning. “Users requiring additional scalability and availability can take multiple IBM zCX instances to form a Docker swarm cluster with multiple copies of containers deployed with load balancing and high availability,” Kassimis explains. IBM’s statement of direction indicates intent to also support Kubernetes Orchestration in IBM zCX in the future in support of further integration of compatible cloud platforms.

Pricing Flexibility

Predicting demand for IT services and controlling the cost can be challenging, especially in the era of hybrid cloud where workload patterns are constantly changing. Previous pricing methods made it difficult to manage unexpected peaks and create pricing predictability. This May, IBM introduced Tailored Fit Pricing for IBM Z (ibm.co/2Z2qwM9), including the Enterprise Consumption Solution and Enterprise Capacity Solution licensing models.

Enterprise Consumption Solution is a usage-based pricing model that unlocks the full power of the platform. Enterprise Capacity Solution is a full capacity licensing option, providing maximum cost predictability and flexibility of workload mix. TJ Aspden, product marketing manager, IBM Z, notes that this solution is best suited “for organizations looking for the flexibility and agility to cost-effectively deliver new workloads faster and cheaper as they digitally transform.”

What’s Next for Hybrid Cloud Adoption on IBM Z?

If, as IBM predicts, the next chapter of hybrid cloud moves critical data and workloads to the cloud, the importance of security cannot be understated. The simplification of operational management across platforms and the need for simple, open development approaches that broaden the resources available to build new cloud applications are also vital.

IBM Z and ICP offerings make a compelling case for IBM Z clients to leverage their IBM Z investments as a cornerstone to their cloud strategy. These new offerings make it possible to both bring IBM Z assets and capabilities to other platforms while making native cloud development possible on the mainframe.

Delivering the latest technical information to your inbox.