z15 and LinuxONE III single frames: Build secure for developers
Meet the new IBM z15 and LinuxONE III systems, which provide enterprise-grade reliability and data privacy to meet the varying budgets of development projects.
Developers know that the right hardware is just as important as an optimum software stack when choosing the ideal environment to run their apps. At the same time, business requirements demand the ability to use AI across enterprises and on their highly-secure workloads.
Today we’re announcing our latest enterprise system hardware, which brings enterprise-grade reliability and data privacy — including Bring Your Own Key (BYOK) technologies — to meet the varying scales of development projects. The z15 and LinuxONE III was introduced in September 2019 as a one to four 19-inch frame system. These latest z15 and LinuxONE III Single Frame systems are designed with the same focus on securing AI and other data-centric workloads as their multi-frame siblings. Don’t let their smaller size fool you; a single one of these systems can handle the load of many commodity servers.
I’m excited that these systems will enable developers to right-size their applications. Need to host your app with a high degree of security and data privacy? Check. Want a server that will scale vertically to handle spikes without having to add more hardware? Check. Want to have confidence that your data will be protected because you are the only one who has the digital key? Of course! This technology benefits from decades of experience and a focus on all the latest tools. This is the stuff that developers can build secure with.
The IBM Z and LinuxONE hardware is designed around security. Each processing core includes a cryptographic co-processor to handle encryption operations right at the heart of the CPU. The Z platform is known for its FIPS 140-2 Level 4 certification, which is designed to not only detect unauthorized attempts at physical access but also automatic key destruction upon such an attempt. Developers can be happy that their applications are secure.
Secure Execution for Linux on IBM Z is a new feature that isolates Linux guests running under control of a KVM hypervisor. An encrypted Linux image is used, created with a private key that’s only accessible to the IBM Z hardware and firmware; this ensures that it can only be run on the hosts it is prepared for, and that the hypervisor does not have access to the image contents. This isolation removes an attack vector for both internal and external threats, and can eliminate one reason why workloads might otherwise be physically separated on different servers.
IBM Data Privacy Passports extends data protection capabilities beyond the boundaries of your system of record for eligible data through JDBC. Using a data-centric approach, administrators are able to define policies to allow certain users to view protected fields of eligible data while others can only see masked or encrypted values. Data privacy “follows” across hybrid enterprise systems by virtue of the fact that Data Privacy Passports enforces the policy whenever data is accessed in your enterprise so future access to this data can be changed or even revoked at any time. Developers don’t even have to modify their applications.
Secure Execution for Linux and Data Privacy Passports are two more reasons for developers to be excited by their ability to build secure using IBM’s technology. With the z15 and LinuxONE III Single Frames, you can deploy these technologies for projects of varying sizes. At IBM, we promise to always find you the best solution on any cloud, and respect and optimize your time with innovative tools, services, and real community. And these days, with security a top concern for most enterprises, we also offer the only cloud with government-grade FIPS 140-2 Level 4 certified security hardware enabling features like BYOK, meaning IBM cannot — and will never be able to — access your data.
Developers: Focus on developing, IBM has your back.
For more information on today’s announcements and some good discussions on its associated technologies, please visit: