This presentation is about the IBM Z Software Strategy. Key points of IBM's strategy for the platform, including Hardware and Software with a quick view on future roadmaps.
2. 2
IBM z Software strategy update
Adam Sturges-Beer Director z Software Sales Europe, Middle East & Africa
HÊlène Lyon zArchitect for Ever
3. IBM z Software October 2021/ Š 2021 IBM Corporation
⢠Our Agenda today:
z platform strategy update
- hardware & software snapshot
- key focus areas
- quick look at futures
4. IBMâs continuous investment in Z platform to ensure
It stays as TECHNOLOGICALLY
ADVANCED as possible
It delivers highest possible
Business Continuity &
Resiliency
and stays the most Securable
platform
It allows Cloud Integration &
Experience
(HÊlène)
4
5. IBMâs continuous investment in Z platform to ensure
It stays as
TECHNOLOGICALLY
ADVANCED as possible
It delivers highest possible
Business Continuity &
Resiliency
and stays the most Securable
platform
It allows Cloud Integration &
Experience
5
6. Š 2017 IBM Corporation
25
IBM Z
z14 Continues the CMOS Mainframe Heritage Begun in 1994
0
1000
2000
3000
4000
5000
6000
z900 z990 z9ec z10ec z196 zEC12 z13 z14
770 MHz
1.2 GHz
1.7 GHz
5.2 GHz 5.0 GHz
2000
z900
189 nm SOI
16 Cores**
Full 64-bit
z/Architecture
2003
z990
130 nm SOI
32 Cores**
Superscalar
Modular SMP
2005
z9 EC
90 nm SOI
54 Cores**
System level
scaling
2010
z196
45 nm SOI
80 Cores**
OOO core
eDRAM cache
RAIM memory
zBX integration
2008
z10 EC
65 nm SOI
64 Cores**
High-freq core
3-level cache
MHz/GHz
1000
0
2000
3000
4000
5000
1202*
+33%
GHz
+18%
902*
+50%
GHz
+159%
1695*
+12%
GHz
-9%
31,826*
+72%
111,556*
+42%
5.5 GHz
1514*
+26%
GHz
+6%
78,426*
+50%
52,286*
+64%
6000
2015
z13
22 nm SOI
141 Cores**
SMT &SIMD
Up to 10TB of
memory
2012
zEC12
32 nm SOI
101 Cores**
OOO and eDRAM
cache improvements
PCIe Flash
Arch extensions
for scaling
** Number of PU cores for customer use
* MIPS Tables are NOT adequate for making comparisons of IBM Z processors. Additional capacity planning required
2017
z14
14 nm SOI
170 Cores**
VFM
zHyperLink
Up to 32TB of
memory
SMT on SAP
4.4 GHz
902*
+50%
GHz
+159%
31,826*
+72%
1832*
+8%
GHz
+4%
146,462*
+31%
5.2 GHz
~ 10% for equal z13 n-way
~ 35% max capacity 170-way vs 141-way (z13)
SMT vs Single Thread ~ 10â40% (average 25%)
- both zIIP & IFL
SMT z14 vs z13 ~ 15% (z/VM Guests)
z900 z990
z9 EC
z10 EC
z196
zEC12
z13 z14
7. November 28, 2018
IBM Z is an increasingly desirable target
Todayâs technologies have eliminated âmainframe isolationâ
Internet
Cloud
Social
Mobile
Big Data
Cognitive
blockchain
Mainframes are
increasingly closer to the
Internet and mobile
platforms and this has
made them more
vulnerable to outside
threats.
Š 2017 IBM Corporation
20
IBM Z
IBM Z Processor Roadmap
Core 0
L3_0
L3_1
L2
CoP
MCU
L2
Core 1
L3_0
L3_1
Core 2
L2
CoP GX
L2
Core 3
L3_0 Controller
L3_1 Controller
MC
IOs
MC
IOs
GX
IOs
GX
IOs
L3B
L3B
Core 0
L3_0
L3_1
L2
CoP
MCU
L2
Core 1
L3_0
L3_1
Core 2
L2
CoP GX
L2
Core 3
L3_0 Controller
L3_1 Controller
MC
IOs
MC
IOs
GX
IOs
GX
IOs
L3B
L3B
z196/z114
9/2010
zEC12/zBC12
8/2012
z14
7/2017
Leadership Single Thread,
Enhanced Throughput
Improved out-of-order
Transactional Memory
Dynamic Optimization
2 GB page support
Step Function in System
Capacity
Top Tier Single Thread
Performance,System Capacity
Accelerator Integration
Out of Order Execution
Water Cooling
PCIe I/O Fabric
RAIM
Enhanced Energy Management
Leadership System Capacity
and Performance
Improved data compression
Enhanced hardware encryption
Enhanced SMT (2-way)
Enhanced SIMD
Pause-less Garbage Collection
for Java
14 nm
32 nm
45 nm
6.1
B
Transistors
6-core
chip
10-core
chip
z13/z13s
1/2015
Leadership System Capacity
and Performance
Modularity & Scalability
SMT (2-way)
Double instruction bandwidth
SIMD
Business Analytics Optimized
22 nm
8-core
chip
4-core
chip
1.4
B
transistors
2.75
B
Transistors
3.99
B
Transistors
8. A quick recap of z15 (09/2019) - Purpose built for mission-critical applications
Processor
⢠Up to 190 client configurable cores
⢠12 core processor chip, 14nm silicon-on-insulator technology,
running @ 5,2 GHz
⢠New on-chip acceleration of compression for
faster processing (including batch) and more efficient
storage of data
⢠More investments in pause-less garbage collection,
30+ new instructions co-designed and exploited by Java,
and vector enhancements for analytics applications
Crypto acceleration w/Crypto Express 7S
⢠Cryptographic coprocessor on every core (CPACF)
⢠Begin journey to a quantum safe system, new algorithms for digital
signatures of SMF data ensure integrity of key system data, even
when quantum computing evolves to the point of putting traditional
encryption algorithms at risk. Agility comes through ability to
seamlessly update algorithms over time to ensure weâre always
meeting latest security standards and are at the forefront of the
market
Availability
⢠System Recovery Boost to diminish impact of any event,
planned or unplanned, so you can achieve service level
excellence
IBM z15 & Z Software/ October 2021 / Š 2021IBM Corporation
IBM z15
Machine Type: 8561
Model T01
15.6 miles of wires, 9.2B
transistors and 26.2B
wiring connections
CPC
Drawer
Custome
r
PUs
Max
Memory
5 190 40 TB
4 145 32 TB
3 108 24 TB
2 71 16 TB
1 34 8 TB
Feature Based Sizing
9. Z15 & Garbage Collection
IBM z15 & Z Software/ September 2019 / Š 2019 IBM Corporation
First introduced with z14
Enhanced with z15
â Further minimization of stop-the
world pause times
â Software based fall-back for
older hardware environments
10. Fuel business growth
with hybrid cloud
deployment and create
better experiences
through application
modernization and AI
enablement.
Easier installation,
management, and use of
z/OS by administrators
and developers for
increased agility, with no
special skills required.
Innovate with integrity with
cyber security solutions
that address evolving
threats and new
regulations. Build
competitive advantage with
a cyber-resilient
infrastructure that predicts,
responds, and recovers.
Hybrid
cloud
Application
modernization
Cyber resiliency
& security
AI
enablement
z/OS V2.5
11. Application modernization
Whether its running Linux applications
on z/OS or extending existing COBOL
applications with Java programs, z/OS
V2.5 enables an application
development team to achieve rapid
and secure application development
and provisioning for their hybrid cloud
deployment.
z/OS V2.5 delivers the following values, features &
capabilities to help organizations succeed with their
modernization efforts:
⪠z/OS Container Extensions (zCX) - Integrate cloud native
Linux containers directly on z/OS
⪠AI ecosystem enablement â seamlessly integrate AI apps into
z/OS environment with zCX
⪠COBOL/ Java Interoperability
⪠Enhanced file systems â improved NFS server for better MS
Windows clients compatibility
⪠Memory-map services
⪠z/OS Cloud storage â based on DS8000 transparent cloud
tiering architecture
⪠Shared Memory Communications Version 2 (SMCv2)
12. IBM Z / 2019 / Š 2019 IBM Corporation
IBM Z /March 2019 / Š 2019 IBM Corporation
Continued z/OS V2.5 feature allowing developers to
⢠build , deploy & manage UNMODIFIED Linux on z Docker applications on Z w/out requiring a separately
provisioned and managed Linux server (apps will look like Docker apps to the developer, not z/OS apps
⢠Allows to maintain operational control while workload inherits the z/OS QoS benefits (HA, DR, scalability,
workload management, security) and is zIIP eligible
IBM z/OS Container Extensions (zCX)
Integrate Linux application into z/OS
Modernize z/OS workloads by providing flexibility for
development and operations on Z.
Maintain operational control and extend z/OS
Qualities of Service to Linux software.
Make use of existing IT investments by employing Linux
within the Z platform.
IBM z15 & Z Software/ September 2019 / Š 2019 IBM Corporation
13. COBOL/ Java interoperability
Modernize existing high-level language
applications, such as COBOL/ Javaâ˘
interoperability, with z/OS Language
Environment (LE) support to manage parallel
31-bit and 64-bit addressing modes within
the same address space.
This enables application developers with full
application transparency, simplifying
enterprise application modernization.
14. COBOL, ABO, and PL/I roadmap for vNext
Our Intent *
Enterprise COBOL vNext
zNext h/w support
31/64 bit interoperability on z/OS v2.5
COBOL/Java interoperability
⢠No need to use OO COBOL
Generates metadata for ABO to
optimized modules compiled by
COBOL 6
Automatic Binary Optimizer (ABO)
vNext
zNext h/w support
Extend capability to optimize binaries
compiled with COBOL 5 and
COBOL 6
New capability in ABO Assistant to
support CICS/COBOL applications
Enterprise PL/I vNext
zNext h/w support
31/64 bit interoperability on z/OS v2.5
Replace current compiler back-end
with strategic COBOL back-end
JSON and XML enhancements
* Subject to change without notice
15. Db2 12 Continuous Delivery
of New Features
2017 2018 2019 2020 2021 2022 and beyond
FL 501 â 1st
post-GA
delivery
⢠LISTAGG
FL 502 â Apr
APAR PI95511
⢠Transparent
Dataset
Encryption: Db2
DBA controls
⢠Casting numeric
to
GRAPHIC/VARGR
APHIC
FL 503 â Sep
APAR PH00506
⢠Db2 AI for z/OS
(Db2ZAI) â prereqs
FL500
⢠Migration support on
DATA CHANGE
OPERATION for
temporal auditing
⢠Enable replication of
system-period
temporal tables and
generated
expression columns
FL 504 â Mar
APAR PH07672
⢠Huffman data
compression
⢠New SQL syntax
alternatives
⢠Prevent new
deprecated objects
⢠Passthru of Built-
In Functions (OLAP
to IDAA
FL 505 â Jun
APAR PH09191
⢠Rebind Phase-in
⢠RUNSTATS
sampling
simplification
⢠BIF for
Transparent
Column Encryption
(TCE)
⢠Temporal and
archive on WHEN
clause of triggers
⢠Indexes for
Decfloat
FL 506 â Nov
APAR PH16829
⢠DROP TABLE
automatic drop of
explicit table
spaces
⢠Alternative
spellings for
existing SQL built-
in scalar functions
to improve
compatibility
FL 507 â Jun
APAR PH24371
⢠Application-
level locking
control
⢠Improved
statistics
management
⢠CREATE OR
REPLACE
⢠IDAA
passthrough
expressions
+ Over 100 new
Db2 12 features
delivered since
GA that are not
tied to specific
Function Level
FL 508 â Oct
APAR
PH29392
⢠Multi-table
table space
conversion to
PBG
FL 509 â Feb APAR
PH33015
⢠Support for
tamper-proof audit
policies
⢠HA for AOTs
⢠Specify a
compression
algorithm at the
table, table space,
or partition level
⢠Temporal RI allows
UPDATE or DELETE
on the parent table
Db2 12
GA
Oct 2016
FL 510 â Apr APAR
PH33727
⢠Delivers fundamental
changes to Db2 12 to
simplify migration to
Db2 VNext
Db2 VNext
⢠Better
performance,
availability,
resiliency and
scalability and
SQL statement
level locking
control
⢠Embedded AI
16. Db2 for z/OS VNext Theme
â˘AI capabilities to serve insights
⢠Support application growth Db2 for z/OS engine
with embedded and performance with smarter
insert processing, reducing the need for DBA
performance tuning expertise
â˘Improved query performance with smarter sort
optimization and smarter access path selection
⢠Reduced down time for implementing application
changes
AI Infused Db2
â˘Support new and growing workloads without having
to enact deep changes to the Db2z environment by
reducing internal resource needs of Db2z while
allowing administrators to quickly adjust to
changing system demands
â˘Improved security compliance and availability by
allowing logs to be encrypted without an outage
â˘Reduced application outages to accommodate
application/workload growth by simplifying the
process for DBAs to make database object changes
Hybrid Cloud
Support
â˘Strengthened resiliency with further exploitation of
system recovery boost which will minimize downtime
impacts from stopping and restarting Db2
â˘Improved performance for online transactions in a Data
Sharing environment with the exploitation of residency
time enhancements in the coupling facility
â˘Improved scalability for growing workloads that require
open data set concurrency
â˘Expanded SORTL exploitation improving even more use
cases for query performance
Z HW Synergy
17. IMS Strategic Investments
and Futures Roadmap
Security & Data
Privacy
Education and
Client adoption
Application and data
transformation and
core growth
Cloud Native and
Ansible
Automation
IBM IMS / Š 2021 IBM Corporation
Database
transformation
R
The inter
⢠Enhance user experience for IMS
Catalog and SQL app development
with web-based UI or other modern
development tool
⢠Continue in-person client engagement
with IMS Makerspace and Client
Internship
⢠Accelerate application transformation
with enhanced COBOL-Java and SQL
functions
⢠Level up IMS skills with IMS Central
which provides no-cost education
offerings and collateral
⢠Support workload and data growth
with 5-times larger Fast path database
and TPIPE enhancements
Embrace Continuous delivery with more than 50 major enhancements delivered since IMS 15.1
⢠Drive more database transformation
with Catalog, Managed ACB and DDL
adoption with enhanced capabilities
⢠IBM intends to deliver containers and
Kubernetes orchestration support for
IBM z/OS (see SOD)
18. IBM z Software October 2021/ Š 2021 IBM Corporation
new IBM Telum processor (announced August 23rd 2021)
⪠First IBM chip with technology
created by IBM Research AI
Hardware Center in Albany, NY
⪠Processor contains on-chip
acceleration for AI inferencing
while a transaction is taking
place (can improve ability to
intercept fraud in real time)
⪠8 processor cores @ >5Ghz
⪠each core has a private 32 MB L2
cache â
⪠all caches are connected with a
double ring
⪠Improved trusted execution
environment (key also for
containerized workloads)
19. IBMâs continuous investment in Z platform to ensure
It stays as TECHNOLOGICALLY
ADVANCED as possible
It delivers highest
possible Business
Continuity & Resiliency
and stays the most
Securable platform
It allows Cloud Integration &
Experience
(HÊlène)
19
20. $3.86M
Average cost of a data breach in 2019 2
Likelihood of an organization having a
data breach in the next 24 months 1
29.6%
4% of the 14.7 B
records breached since 2013
were encrypted 3
80 +
Data privacy regulations, varying
by industry, location, and geo
1, 2 Source: 2020 Ponemon Cost of Data Breach Study: Global Analysis
3 Source: Breach Level Index
Data breach study
+$137,000
Increase in data
breach and incident
response time costs
due to remote work
during COVID-194
21. Is your organization ready?
⢠Does your cyber resiliency strategy include protection from logical
errors or data corruptions that are accidentally or maliciously caused?
⢠What are your plans to respond to a ransomware attack?
⢠Does your recovery plan include restoration of a clean, trusted copy
of data on which your entire system can depend?
⢠Have you done an assessment of the time needed to recover all of
your systems and applications consistently after a cyber attack or
other data corruption scenario?
⢠Have you experienced a data corruption within the last two years?
⢠How much would a data breach cost your business?
22. November 28, 2018
IBM Z is an increasingly desirable target
Todayâs technologies have eliminated âmainframe isolationâ
Internet
Cloud
Social
Mobile
Big Data
Cognitive
blockchain
Mainframes are
increasingly closer to the
Internet and mobile
platforms and this has
made them more
vulnerable to outside
threats.
23. Is your organization ready?
â IBMâs approach to cyber resiliency is a zstack approach
including:
⪠Hardware
⪠Software and
⪠Services
24. A quick recap of z15 (09/2019) - Purpose built for mission-critical applications
Processor
⢠Up to 190 client configurable cores
⢠12 core processor chip, 14nm silicon-on-insulator technology, running @ 5,2 GHz
⢠New on-chip acceleration of compression for
faster processing (including batch) and more efficient storage of data
⢠More investments in pause-less garbage collection, 30+ new instructions
co-designed and exploited by Java, and vector enhancements for analytics
applications
Crypto acceleration w/Crypto Express 7S
⢠Cryptographic coprocessor on every core (CPACF)
⢠Begin journey to a quantum safe system, new algorithms
for digital signatures of SMF data ensure integrity of key
system data, even when quantum computing evolves to the
point of putting traditional encryption algorithms at risk.
Agility comes through ability to seamlessly update
algorithms over time to ensure weâre always meeting latest
security standards and are at the forefront of the market
Availability
⢠System Recovery Boost to diminish impact of any event,
planned or unplanned, so you can achieve service level
excellence
IBM z15 & Z Software/ October 2021 / Š 2021IBM Corporation
IBM z15
Machine Type: 8561
Model T01
15.6 miles of wires, 9.2B
transistors and 26.2B
wiring connections
CPC
Drawer
Custome
r
PUs
Max
Memory
5 190 40 TB
4 145 32 TB
3 108 24 TB
2 71 16 TB
1 34 8 TB
Feature Based Sizing
25. Production Sysplex
CyberVault
Solution
Edition
Production
software
stack
Additional
tools
Additional
tools
⢠The IBM Z Cyber Vault will be started from a copy of the existing production
environment that has already been replicated. This means that all the current
software in production needs to be available (and licensed) in the IBM Z Cyber
Vault. This includes all IBM and non-IBM software.
⢠For enhanced diagnostics and recovery, additional IBM Software could be
required in both the production Sysplex and the Cyber Vault.
⢠IBM will work with you to identify your specific needs and requirements in a
discovery and architecture workshop to define a final software list.
⢠If the required software is not currently licensed, it can be provided through the
IBM Z Cyber Vault Solution Edition contract as a limited use license.
IBM Z Cyber Vault provides air gapped data corruption
protection and tools to detect issues and speed recovery. This
isolated environment requires hardware and software that
will be configured and priced as a âSolution Editionâ in order
to provide the best value.
IBM Z Cyber Vault software
26. Why traditional resiliency solutions wonât protect you
from logical data corruption
You have IBM Cyber Vault
Replication
Data is being replicated
continuously but logical errors are
also replicated instantaneously
Scheduled point in time
copies stored in an isolated,
secure location
Error detection
Immediate detection of system
and application outages
Regular validation of point
in time copies to verify
data consistency
Recovery points
Single recovery point that likely
will be compromised
Multiple recovery points
Isolation
All systems, storage and tape
pools participate in the same
logical system structure
Air gapped systems and storage so
that logical errors and malicious
intruders can not propagate
Recovery scope
Continuous availability and
disaster recovery
Forensic, surgical or catastrophic
recovery capabilities providing row
level recovery up to full restores
27. Speed recovery to significantly reduce the impact
0 30 45 60 90 2 hrs 10 hrs
tier 1
recovery
2 days
tier 2
recovery
3 days 1 week 2 weeks
Platform
recovery
Platform
recovery
complete
Recover phase
Major
breach
IBM Cyber
Vault
Initial
compromise
Infrastructure
recovery
Breach
impact Infrastructure
recovery
complete
Corruption of data occurs â but not yet detected
Due to the Cyber Vault environment and the use of
SafeGuarded Copy technology, data is continuously
validated and the corruption is found and corrected
Without the Cyber Vault environment corruption is
detected much later and has a greater chance to spread
It takes even longer to identify all impacted data once the
corruption has spread within the enterprise
1
2
3
4
2
3
4
Detect
phase
Respond phase
1
Cyber
attack
28. IBM Z Cyber Vault
IBM storage IBM Z and software IBM Services
Data volumes and active copies
generated and maintained
DS8000 SafeGuarded Copy
Immutable backups
TS7700 Virtual Tape with
Encryption and/or WORM
Secure air-gapped data vault
The only system with a
99.99999% availability
EAL 5+ certified IBM Cyber Vault
for Z LPAR for validation, testing
and forensics
Data monitoring, consistency and
anomaly detection
Management Software
IBM Security solutions
IBM GDPS provides services, clustering
technologies, and server and storage
replication and automation
Logical Data Corruption (LCP) and
Copy Services Manager (CSM)
enhancements manage the entire
recovery environment
IBM Lab Services risk assessment
and deployment services
29. Data
validation
Forensic
analysis
Surgical
recovery
Catastrophic
recovery
Offline
backup
The next cyber resiliency mandate: Data corruption protection
Consider
Regular analytics on
the data copy to
provide early
detection of a
problem, or
reassurance that
everything is OK
Start a copy of the
production systems
from the copy and
use this to
investigate the
problem and
determine what the
recovery action is
Extract data from
the copy and
logically restore
back to the
production
environment
Recover the entire
environment back to the
point in time of the copy
as this is the only
recovery option
Copy the copy of the
environment to
offline media to
provide a second
layer of protection
30. Air gap: Virtual or physical isolation of protection copies
Metro
Mirror
Protection
copies
Restore
Production
Systems
SAN / WAN
Administrators
Metro
Mirror
Protection
copies
Production
Systems
Recovery
system
SAN / WAN
Administrators Administrators
SAN / WAN
Virtual isolation Physical isolation
⢠The protection copies are created in one or more
storage systems in the existing high availability
and disaster recovery topology
⢠The storage systems are typically in the same SAN
or IP network as the production environment
⢠Additional storage systems are used for the protection copies
⢠The storage systems are typically not on the same SAN or IP network
as the production environment
⢠The storage systems have restricted access and even different
administrators to provide separation of duties
Restore
Recover
Recover
31. Pervasive Encryption
Reduce risk associated with incorrect classified or
undiscovered sensitive data
Reduce the treat from within by
leveraging role-based encryption
Comply with with a variety of protection and
privacy regulations
Achieve application
transparent encryption
Protecting
data on Z
32. 32
IBM Security / Š 2020 IBM Corporation
Crypto clock countdown to
zero has startedâŚ
â The moment when the power of Quantum
computing may crack public key crypto
protection measuresâŚ
â If a Quantum computer of sufficient scale is
available in the future, it may be able to
compromise secret communications currently
stored
34. 4
Quantum safe
3
Crypto agility
2
Crypto inventory
1
Discover and
classify data
Maturity milestones toward Quantum safety
34
IBM Security / Š 2020 IBM Corporation
Today
35. IBM Enterprise Key Management Foundation for real-time management
of keys and certificates in an enterprise with a variety of cryptographic
devices and key stores
A remote crypto services solution that enables distributed clients to have
cryptographic services executed on IBM Z.
Digital Signature solution for handling encrypted/signed messages and
documents according to the CADES and XADES standards.
The IBM Crypto Analytics Tool (CAT) is part of the IBM Enterprise Key
Management Foundation (EKMF) and has been developed to help provide
up-to-date monitoring of crypto related information on the IBM Z in the
enterprise.
Java API for IBM CCA allowing Java programs to interact with IBM 476x
Cryptographic Co-processors on supported platforms.
Cryptography Services from
IBM Crypto Competence Center Copenhagen
IBM Security / Š 2019 IBM Corporation
35
IBM Enterprise Key Management System (EKMF)
IBM Advanced Crypto Service Provider (ACSP)
Digital Signing
IBM Crypto Analytics Tool (CAT)
jCCA
User Defined eXtensions to IBM 476x
User Defined Extensions for IBM 476x Cryptographic Co-processors.
Implementation of special solutions to be performed inside the tamper
resistant cryptographic hardware.
NIST SP800-57
Key mgt. guidelines
PCI
Read more: https://www.ibm.com/security/key-management
36. Design, build & deploy Data-at-rest Encryption & Key Management Solutions for Hybrid
and Multi-Cloud environments.
Managed Data-at-Rest Encryption and support for Key Management for Multi-Cloud,
Hybrid, and on-premise
Understand the impact of Quantum Computing on data risk and prepare for the future.
Prepare for Cryptographic Agility: Know whatâs deployed, understand crypto
dependencies, improve the ability to change.
Enablement for cloud native Key Management Systems on IBM Cloud, Azure, AWS,
Google, and design & deployment of hybrid multicloud key management solutions.
Build and extend Public-Key Infrastructures. Fully automate certificate lifecycle
management across all platforms.
IBM Security / Š 2019 IBM Corporation 36
Other Cryptography Services
from IBM Security
Encryption & Key Management
Managed Encryption Services
Quantum Risk Assessment
Cloud Key Management
Certificate Lifecycle Automation
Data Masking & Tokenization
Set up a solution for continuous delivery of pseudonymized/ anonymized / masked data
from diverse source technologies to support testing in an agile/DevOps environment.
37. 3rd parties
Public
cloud
Private
cloud
Trusted data objects Masked data
Protecting critical data on Z
Protecting data after it
leaves the systems of record
Protect with Hyper Protect Data Controller
Protect with Pervasive Encryption and EKMF Web
Protecting client critical data on and off IBM Z
38. Enterprise Key Management Foundation Web (EKMF Web)
Key Management
for Pervasive
Encryption
Centralized key
management across
the enterprise
Dashboard
provides
overview of
encryption
status
Every important
activity is logged
using audit
logging
Single
central key
repository
Single
point back
up and
recovery
Manage BYOK for
multi-cloud
(i.e.Amazon,
Azure, Google IBM
CloudâŚ)
39. Hyper Protect Data Controller
Protecting data
after it leaves the
system of record
Move a subset
of data from
one system to
another
Present data in
the clear,
masked or
encrypted
Maintain a single
point of control
over data
throughout its
lifecycle
Revoke data
after it is no
longer
required
40. IBMâs continuous investment in Z platform to ensure
It stays as TECHNOLOGICALLY
ADVANCED as possible
It delivers highest possible
Business Continuity &
Resiliency
and stays the most Securable
platform
It allows Z Cloud
Integration &
Experience
(HÊlène)
40
Think how Lucky you are to be an IBM Z Enterprise User ;)
41. Š 2021 IBM Corporation
Back to Basics on Cloud
41
Hybrid cloud environment integrates traditional platforms with private, public,
and managed cloud services. In essence, it is a virtual computing environment that
aligns workloads and interfaces with the most appropriate computing platform. All these
services need to be designed and managed to behave as a unified environment.
A hybrid cloud strategy involves prioritizing each workload with an optimal platformâ
traditional, private cloud, or public cloudâso that each workload is in the right place and
each of the environments is handling what it does best.
On Premise
Dedicated Local Traditional IT
e.g. on IBM Z
Private
Hybrid Cloud
Off Premise
Multi-Cloud
Public
42. Š 2021 IBM Corporation
IBM Z Day 2021 Sept 15 â Forrester Session â One Link
42
43. Š 2021 IBM Corporation
For many Enterprise Customers the end of the journey to cloud
is an hybrid cloud platform, where traditional IT and new cloud-
native applications coexist side by side for some time.
Time
Cloud
Native
Legacy
0
New features
will be added to
existing
applications
Coexistence will involve new and
traditional applications working
together
Target â Microservices architecture
fully exposed to new and traditional
applications
Co-existence between Traditional IT and cloud-native
Source: IBM
largely platformed on IBM Z
Running on IBM Z potentially
43
44. Š 2021 IBM Corporation
Application Data
IT
Automation
Integration
Donât leave data behind
Improve placement
Delivering Agile infrastructure
Automation and resilience
Delivering new data capabilities
Data and AI everywhere
Culture change
Digital transformation options
New data usage
Integrating Clouds
Integrating Data and Apps up to
the traditional
Automating Clouds
Automating Processes
Modernization as a Balancing Act to deliver new Business Value
44
45. Š 2021 IBM Corporation
Leverage the power of IBM Z & z/OS, THE
Runtime Environment of critical
applications and enterprise data âŚ
Back to Basics on IBM Z
45
âFast response timesâ
âExtremely reliableâ
âHighly availableâ
âCopes with high and unpredictable workloadâ
⌠Invest in Simplification & Industrialization
of the DevOps & Integration & IT Management & Automation Processes,
End to End when possible âŚ
âShared Data Architectureâ
âHighest Security and Trustâ
An excellent Host for your Core Assets â databases & applications! ⌠And now APIs!
âInvestment Protection since Day Oneâ
âLow #carbonfootprintâ
Adopt Linux on z for deployment of
critical Cloud Native Apps &
containerized solutions âŚ
âDelivering continued business value
through new innovationâ
46. Š 2021 IBM Corporation
Real-Time
Decision
DevOps
AI Ops
E2E Security
IBM Z is a Key Player in the Hybrid Cloud Journey.
On-Premises
Dedicated Local
Modernized
Traditional IT
e.g. on IBM Z
Private
Hybrid Cloud
Off-Premises
Multi-Cloud
Public
46
Elevate your Hybrid
Cloud strategy for
mission critical
workload with the level
of performance,
protection and
availability you deserve
Z: Cloud Integration â IN & OUT â Apps & Data
Z: Cloud
Experience
Z: Secure
API for Business
Data Gravity
47. Š 2021 IBM Corporation
End-to-End Vision for z/OS Enterprise Customers
47
⪠z:Cloud Integration - Leverage the end-to-end business capabilities of your enterprise
âIntegrate â Inbound: Enable any Cloud native application to integrate mainframe-based service
âIntegrate â Outbound: Modernize & extend your critical applications by integrating real-time decision services and
other cloud services
âIntegrate â Data: Avoid data movement by promoting data virtualization â including data on z and data on distributed
⪠z:Cloud Experience
âLeverage Cloud IT methodologies and z/OS System API & interfaces to build end-to-end processes
⢠Consider use of z/OSMF, z/OS Cloud Broker or Ansible for z/OS to automate z/OS workload provisioning
DevOps & IT Management Processes
CICS
IMS
Db2
MQ
DVM
z/OS
z/OSMF
Zowe
Open Source
...
Development and
Operations Teams
IT Management Teams
(Internal/IT Facing)
Enterprise Applications
and Data
System Management and
Infrastructure tools
Enterprise API
Consumer &
Provider
APIs for Business
Applications and
Data
APIs and new interfaces
for Development and
Operations
System APIs
Integration Processes
z/OS Cloud Broker
RedHat Ansible
Automation Platform
Business
APIs IMS DB
Create, Build
Manage, Operate
48. Achieve your full potential with IBM Z in your hybrid cloud
IBM Z integrated in a
hybrid cloud platform
IBMâs Hybrid
Cloud platform
SaaS
Private
cloud
Public
cloud
CLOUD
PAKS
48
With IBM Z in the hybrid cloud
Eliminate the talent gap with common tools and
operating models across platforms
Accelerate time to market for cloud native
services with a consistent DevOps experience
Easily access IBM Z data without moving off-
platform
Optimize costs with a cloud consumption model
that extends to IBM Z