Abstracts:Controlling access to and privacy of data within the enterprise can prove to be a formidable task with increased complexity and management overhead encountered as the granularity of access control is increased. Fibre Channel is the premier enterprise storage transport, so an organization's most sensitive data flows over Fibre Channel links within and across datacenters. In this article, we discuss a new, easy way to deploy innovation for Fibre Channel connections that ensures data is exchanged only between trusted servers and storage controllers, while also enabling the integrity and confidentiality of the data in flight between the trusted entities. We explain how the components of IBM Fibre Channel Endpoint Security are configured to work together to provide protection from insider threats, requiring minimal steps to deploy, fully controlled via policy, and transparent to applications, middleware, and operating systems.

Abstracts:System security is currently a main focus area for all IT infrastructure providers. New system features like pervasive encryption, the transition to cloud-based offerings, and the demand for quantum-safe platforms demand increased cryptographic performance as well as more cryptographic agility. The new IBM 4769 Cryptographic Coprocessor addresses these trends. It brings performance improvements that match the requirements of the new IBM z15. A combination of newly available features allows IBM z15 to scale to greater than 5,000 Virtual Hardware secure modules per system and makes it suitable to support virtualized client environments such as cloud-scale datacenters. To meet the dense packaging and energy requirements of those data centers, the form factor and power consumption of the card were reduced significantly. The card also offers an expanded set of algorithms to support state-of-the-art as well as future workloads. For the first time, the user interface provides access to a selected set of quantum-safe algorithms. Infrastructure extensions add hardware-embedded, attestation-friendly trusted boot services, which improve system resiliency by providing hardware enabled measurements of the secure and trusted boot process. These extensions simultaneously simplify the security certifications built on them. This article provides an overview of the IBM 4769 cryptographic coprocessor, highlighting security characteristics, internal hardware, form factor, and enhanced firmware.

Abstracts:Timekeeping and highly accurate, precise time synchronization are key requirements for modern information technology systems. While true for several industries, this is especially true for industries involved in transaction processing such as the financial industry. As such, the IBM Z Sysplex needs highly accurate timing/timekeeping and synchronization technology to ensure data integrity, and to also provide the ability to reconstruct a database based upon logs. Recently enacted changes and new regulatory requirements, both in Europe and the United States, have brought increasing attention to time synchronization accuracy. These regulations spurred an interest, both from IBM Z and from our IBM Z clients, in the IEEE 1588 Precision Time Protocol (PTP) being implemented in IBM Z. This article explains the history of PTP, PTP technology, the regulations that led IBM to introduce PTP to IBM Z, PTP's implementation on IBM Z, and IBM's involvement and leadership in the development of the PTP technology and standards going forward.

Abstracts:The IBM z15 processor power management enhances several on-chip power management techniques over z14 processor with a specific focus on reducing response time for voltage droop management. The IBM z15 processor puts a specific emphasis on proactive voltage droop management strategy to reduce conservative static guard band that is added to the supply voltage in order to protect against worst-case voltage droops. The z15 processor relies on selected events from the earlier stages of a deep pipeline processor as indicators to predict sharp changes in the power consumption over a short period of time. The early information of the selected events allows to throttle the execution flow through the processor pipeline and prevents the sharp power change before it takes place and thus reduces the voltage droop. In z15, as one of the proactive schemes, we combine both the digital power-proxies, which are direct indicators of the processor activity and the Critical Path Monitors (CPMs) to give an earlier and proactive indication of voltage droop events. This proactive indication provides enough time for the throttle actuation circuits to prevent the voltage droop. CPMs act as real-time timing margin indicators, and power-proxies act to serve as the activity monitors.

Abstracts:This article discusses how the product development cycle is being transformed with “Artificial Intelligence” (AI) for the first time in zSeries history. This new era of AI, under the project name IBM Z Development Transformation (zDT), has allowed the team to grow and learn new skills in data science. This transformation forces change structurally in how data is prepared and stored. In z14, there were incremental productivity gains with enhancements to automation with eServer Automation Test Solution and a technology data analysis engine called zDataAssist. However, in z15, AI will significantly accelerate our efficiency. This article explains how Design Thinking and Agile principles were used to identify areas that are of high impact and feasible to implement: 1) what and how data is collected via System Test Event Logging and Analysis engine, Problem ticket management system (Jupitr), and Processor data analysis engine (Xrings); 2) problem identification, analysis, and management (AutoJup) along with Intelligent Recovery Verification Assistant; 3) product design documentation search engine (AskTheMachine); and 4) prototype microprocessor allocation processes Intelligent Commodity Fulfillment System using Machine Learning. This article details the approach of these areas for z15, the implementation of these solutions under the zDT project, as well as the results and future work.

Abstracts:IBM z15 replaces the former I/O attached accelerator for DEFLATE, zEnterprise Data Compression (zEDC) Express, with an on-chip accelerator that can be synchronously accessed via an instruction. The integration of this new accelerator in the z/OS software stack has been designed to maintain a consistent user experience for software packages that used the previous technology, while still allowing the enhanced aspects of the new technology to deliver the additional value. Two different access paths for DEFLATE have been created in z/OS to accomplish both goals. For user space programs that utilize the zlib API, z/OS directly executes the instruction synchronously, which avoids overhead and reduces latency. Authorized users continue to utilize existing infrastructure and have the Service Assist Processors (SAP) perform compression in an asynchronous fashion on their behalf. The SAP receives information about the requested task via a thin and efficient communication path to z/OS, invokes the instruction in a well-defined fashion, and returns the result to z/OS.</p> <p>This article describes the integration of DEFLATE acceleration in z15 into the z/OS software stack in both synchronous and asynchronous mode and presents the resulting performance for selected workloads.

Abstracts:The IBM Z processor continues to improve over previous System Z processors, but for the first time it does so without a technology improvement as the baseline enabler. The IBM z15 was designed in the same 14-nm High-Performance GLOBALFOUNDRIES technology as the IBM z14 and yet still added 20&#x0025; more cores, doubled the L3 cache, and increased the L2 cache by a third while also adding a third peripheral component interconnect express (PCIe) port to the chip and an elliptic curve cryptography engine into each core. This article discusses the design, tool, and methodology enhancements required to increase the design content so significantly while maintaining the chip size and power limits from the previous z14 design. This article also discusses other design and methodology improvements that were made possible via the deeper understanding of the technology and how to more fully leverage it in a second generation.

Abstracts:The latest-generation IBM Z processor provides enhanced performance and compute capacity compared to its IBM z14 predecessor. This article describes some of the major improvements in both process and design including out-of-order load-and-store sequencing, single-instruction multiple-data and floating point enhancements, a new modulo arithmetic engine for accelerating elliptic curve cryptography, a hardware sort accelerator, and a workflow that modernized the development of these features. Outside of the central processing unit (CPU), the cache sizes have increased on all levels, and each processor chip now contains 12 CPUs. System topology changes have been introduced allowing up to five drawers to exist in a fully populated system. The processor cache subsystem includes numerous improvements in the area of fetch, store, and cache management policies aimed at speeding up both traditional data serving workloads and highly virtualized environments alike.

Abstracts:System Recovery Boost on the IBM z15 server expedites planned operating system shutdown, either planned or unplanned operating system initial program load (IPL), middleware and workload restart and recovery, and the client workload execution that follows, to accelerate service restoration around downtime. It does this by providing limited-duration &#x201C;boost periods&#x201D; that deliver significant usable additional processor capacity and parallelism. On subcapacity machine models, it provides a boost in processor speed by running the general-purpose processors at full-capacity speed, for the boosting LPARs only, and only during the boost periods. It makes all available processing capacity defined to the boosting images available to process any kind of work, &#x201C;blurring&#x201D; general-purpose processor and specialty processor capacity together during the boost period. System Recovery Boost also expedites and parallelizes processor reconfiguration actions that may be part of the client&#x0027;s overall restart and recovery process, as orchestrated by Geographically Dispersed Parallel Sysplex (GDPS) automation. Optionally, System Recovery Boost provides the ability to add additional processor capacity from the client&#x0027;s unused &#x201C;dark cores&#x201D; via activation of a new type of temporary capacity record. All of this can be accomplished without increasing the client&#x0027;s IBM software billing costs or the processor consumption associated with the client&#x0027;s workload during these boost periods.

Abstracts:With the growth of IBM Z and LinuxONE in the cloud, customers are expecting their workloads and data to have the same levels of security, isolation, and privacy as running on-premise. In order to achieve these levels of trust, the IBM z15 and LinuxONE III provide the IBM Secure Execution for Linux facility, which isolates customers&#x2019; data from each other, as well as from the cloud administrators. Unlike other solutions in the industry, IBM Secure Execution does not require remote attestation, thus simplifying the deployment of applications into the protected environment. Also, unlike some other solutions in the industry, the integrity of data is protected end-to-end, that is, from the boot image on disk to memory as it is paged by the hypervisor and throughout execution. The isolation and integrity are provided by hardware and trusted firmware known as the ultravisor. In this article, we describe the security model of IBM Secure Execution, the functionality of the hardware and ultravisor, as well as the required changes to the hypervisor in order to support protected virtual machines.