IBM is refreshing its mainframe range, putting an AI accelerator on the processor and surrounding it with new cryptographic features the company says will help protect today’s data against the quantum computing attacks of the future.
Slated to be available May 31, 2022, the IBM z16 will offer CIOs a way to deploy AI inferencing in the same secure environment, and at the same speed, as their transaction processing. According to IBM’s internal benchmarking, with the on-chip integrated AI inferencing accelerator a z16 can handle 300 billion inference requests per day with just one millisecond of latency, putting real-time fraud detection within reach for credit card transaction processing.
“Two things are important here: ‘on-chip integrated’ and ‘AI inferencing,’” said Peter Rutten, IDC’s global research leader for performance-intensive computing solutions. “IBM did not create a complicated, latency-prone, memory-starved co-processor that would have to be connected to the host and get its own access to memory. Instead, they developed an integrated accelerator, an industry first for data center hardware.”
As for AI inferencing, that means IBM is focusing on executing already-trained models, key for the types of workloads that IBM Z runs, while AI training can be left to another platform, Rutten said.
IBM has been communicating the value of integrating fraud detection with transaction processing since the launch of the z14, and the AI accelerator strengthens that capability, said Mike Chuba, a managing vice president at Gartner. “When you consider that 85% to 90% of the world’s credit card transactions probably touch a mainframe, you can see the value this could deliver,” he said.
Elpida Tzortzatos, IBM’s CTO for AI on IBM Z, said the company has already helped one US bank introduce AI-based fraud detection to its credit card authorization process on IBM Z.
“When they tried to do this off platform, they ran into challenges around timeouts and inconsistent response times. Even when they could get the prediction back to the application it took upwards of 80 milliseconds,” she said. “We helped them bring that AI model and deploy it on that platform, and they could immediately see consistent response time of single-millisecond latency, as well as being able to scale from the 1,200 transactions per second that they could score off platform up to 15,000 to 20,000 transactions per second that they could score on our platform. That meant they could analyze every single transaction.”
Not just for payment
Payment fraud detection isn’t the only application IBM sees for the AI accelerator. Others include identifying tax fraud or insurance claim fraud; federated learning in retail, allowing the sharing of AI models without exposing sensitive data; and loan approval. The return on investment, said IDC’s Rutten, is in reducing fraud expenses, risk, and, where AI replaces manual processes, staff costs.
“It is becoming inconceivable that you would continue to have such critical processes running on an IBM Z (or on any platform) without applying AI to them to improve the quality and speed up the quantity,” Rutten said.
The launch of the z16 comes after a two-year hiatus: Beginning with the launch of the z13 in 2015, the company had introduced a new mainframe model every year — until the z15 T02 in May 2020.
Together with the accompanying investment in an all-new processor design, Telum, the z16 offers customers some reassurance that IBM is in the mainframe business for the long term. Mainframe rival Fujitsu announced in February 2022 that it will end sales of its mainframes by April 2031, discontinuing support five years after that.
Long-term thinking is important for another application IBM is targeting with the Z platform: protecting data from the future threat of quantum computing.
Pervasive encryption of data at rest and in flight was a key feature of the z14, introduced in 2017, but many of the encryption algorithms in use today could, potentially, be cracked by future inventions in quantum computing.
That would mean that encrypted data stolen today could become an open book for attackers in the future through attacks known as ‘harvest now, decrypt later.’ Governments will see this is a threat to national security — but it also holds dangers for trade secrets, potentially enabling competitors to short-circuit years of product design and development.
CIOs need to address this issue sooner rather than later: “As soon as a powerful enough quantum computer goes online, that data will be decrypted,” said IDC’s Rutten. “Quantum computers that are sophisticated enough to crack today’s encryption systems are about 5 years away.”
To counter this, IBM is equipping the z16 with Crypto Express 8S hardware security modules supporting a new wave of quantum-safe encryption algorithms under evaluation by the US National Institute of Standards and Technology. The quantum-safe APIs these modules offer can help enterprises modernize existing applications or secure new ones against quantum attacks.
“The IBM z16 is the first platform that is quantum-safe, meaning that symmetric key and hashing algorithms are fortified by increasing the key or digest sizes, and public key algorithms are protected with new algorithms,” said Rutten.
The feature is a natural follow-on to the Pervasive Encryption that IBM offered in the z14 and the Data Passport function allowing data to retain encryption features even after it had left or been removed from the system of record, said Charles King, president and principal analyst of Pund-IT. “Quantum Safe also scales effectively, supporting up to 19B encrypted transactions per day,” he said. “Most of the major financial services companies and other security-conscious large enterprises that are IBM’s primary Z mainframe customers are likely to consider quantum-safe a logical step in maximally protecting important or sensitive data.”
Migrate now, pay later?
Patrick Moorhead, president and principal analyst of Moor Insights & Strategy, has high praise for the z16: “It really has no competitors to what it does, and [it has] customers that are very focused on specific workloads versus more general-purpose computing.”
But the very uniqueness that Moorhead praises presents a risk for CIOs considering whether to upgrade their existing IBM mainframes or to move non-mainframe workloads onto one: Will the value that Z systems provide continue to exceed the price that IBM asks for them? As Fujitsu’s withdrawal from the mainframe market approaches, lowering the competitive pressure, that’s a serious question CIOs running mission-critical mainframe workloads will need to ask themselves.