IBM z16 – An Evolving Solutions Perspective Part 2: Pillars Two and Three

This blog is part 2 in a series focused on IBM April 5 2022 Announcement. Read the first blog here.

As I shared previously, IBM’s April 5, 2022 announcements are centered around four pillars. In this blog, we will review the second and third pillars of Quantum-safe Protection and the Z and Cloud Experience.

The second pillar is Quantum-safe Protection  

Quantum-safe Protection positions the IBM z16 server as the first server that is protected using quantum-safe technology at the firmware (system boot) level right out of the box. IBM’s z16 server also provides a set of hardware assisted QuantumSafe algorithms and associated APIs that allow you to protect your data from bad actors who try to harvest your encrypted data now for later decryption as quantum computing matures.

The third pillar is Z and Cloud Experience

IBM’s Z and Cloud Experience announcements build off what was first revealed by IBM earlier this year. In February, IBM announced a z/OS development and test-as-a-service public cloud offering known as Wazi as-a-Service (Wazi aaS). Wazi aaS provides a cloud-based mainframe application development and testing platform that enables developers to write code for mainframes and test it in a convenient pay-as-you-go model.

Access to this new service can be arranged in a little as six minutes and outperforms comparable x86 based alternatives (e.g. ZD&T) as tested within IBM’s own cloud data centers. Wazi aaS general availability is expected during the second half of 2022.

IBM also launched two resource centers.

  • IBM Z and Cloud Modernization Center: Helps IBM Mainframe clients ensure their IBM Z platform is an essential part of their hybrid cloud strategy.
  • IBM Cloud Infrastructure Center (ICIC): A self-service portal that offers simplified IaaS management for all workloads (containerized and non-containerized), integration and cloud automation tools.

IBM’s Z and Cloud Experience announcement on April 5 centers around the simple fact that Red Hat OpenShift is IBM’s hybrid cloud platform approach. No matter what architecture you choose for your applications, what programming language your developers find most useful or what services you want to use as building blocks, OpenShift provides a single and consistent development model across your enterprise, including IBM Z!

Prior to the announcement of the IBM z16, the most popular Red Hat OpenShift on IBM Z’s deployment model centered on co-location. Here, you find yourself developing and deploying Red Hat OpenShift microservices in one LPAR, co-located with z/OS found in an adjacent LPAR or with the correct level of z/OS service; within the same LPAR as z/OS. With the announcement of the z16 server coupled with its native AI Inference engine, co-location just became a lot more interesting.

The nemesis to application innovation is network latency – IBM z/OS Container Extensions coupled with an on-chip Inference Engine eliminate your latency. Are you in an industry that deals with fraud? Are you looking for ways to improve your fraud risk posture? One way is to fully exploit both data and transaction gravity and score a greater number of your transactions where the data and transactions originate. It’s now possible on the z16 and your microservices deployed within Red Hat OpenShift containers on IBM Z to take full advantage of this capability.

Within the context of IBM’s announcement, Red Hat OpenShift supports the use of IBM’s latest CryptoExpress-8S cards.  This offers access to high performance Quantum Safe cryptography as well as highly secure key storage within the Hardware Security Module. Support was made possible via a Kubernetes device plug-in that has been available since December 2021.

Application developers that make use of cloud-based resources typically require a set of programming primitives. One of those primitives is the ability to generate a unique identifier. This unique identifier will allow an application developer to store any object into a high performance cache for later retrieval by ID. It is not uncommon for programmers to make use of the C++ Standard Library and related UID Standard that is based on random number generation. It is important that the generated identifier is unique, but this cannot be guaranteed for large scale-out cloud environments using the C Standard  Library. Mainframe clients have solved this problem by making use of the hardware-based pseudorandom number generation capability that is available on IBM’s CryptoExpress-8S card that guarantees uniqueness.

IBM’s Z and Cloud Experience recognizes than an incredibly important piece to having a successful cloud strategy is a robust automation strategy. Finding ways to optimize manual processes into automated ones helps maintain the speed and agility clients are aiming for with their hybrid cloud strategies. IBM’s z/OS operating system has had automation for  its lifetime. But that automation has been proprietary. A central and consistent automation strategy is essential to a successful hybrid cloud strategy and Red Hat Ansible Certified Content for IBM Z is connecting z/OS to the enterprise’s automation strategies of tomorrow. IBM is providing Ansible collections on their automation hub found here – These collections make automation on z/OS much simpler and are worth exploring.

IBM’s Z and Cloud Experience final component to review centers on containers.

First, there are x86 Linux containers. These are Linux applications compiled for x86 architectures and they are optimal for micro-service architectures with portability across environments. Hands down, x86 Linux containers are the software packaging standard for cloud-based deployment.

Did you know that it is possible to take an x86 Linux workload deployed in a container and recompile that workload to run in a container on IBM’s z16 server under Linux? This works quite well when the building blocks of the workload are open source and the Linux workload favors extremely low network latency, high transaction throughput, security or extremely large IOPS with a desire to only shard the database when absolutely necessary. Those characteristics are strengths of the IBM z16 server running Linux.

There are Windows containers packaged for Windows applications running on the Windows kernel on x86.

There is also a container technology known as z/OS Container Extensions that runs on IBM’s z16 server. This technology allows you to create a packaged Linux application running in a Linux on Z container within z/OS. This is optimal for Linux applications that need direct access to transactional data, demand minimal network and data latency and desire to score transactions on-platform at the time of their execution.

As we look to continue the conversation around modernization, containerization is no exception. IBM is looking at bringing standard OCI compliant containerized technology and orchestration through Kubernetes to z/OS. This isn’t about Linux applications running in a z/OS address space like zCX. This is about z/OS containerized applications. In June of 2020, IBM issued a statement of direction around this, and coming later this year IBM will deliver against this statement of direction.

In my final installment of this blog series, I will highlight the fourth and final pillar, Flexible Infrastructure.

If you are interested in learning more about the IBM Z16 server, or components of IBM’s broader April 5th announcement, feel free to reach out to Jim Fyffe via LinkedIn or send an email to

Jim Fyffe

Senior Solution Architect

Jim is a Senior Solution Architect at Evolving Solutions and joined the company in 2016. Connect with Jim on LinkedIn here.

Photo of Jim Fyffe

Related Blog Posts