>> Live from San Francisco, it's TheCUBE. Covering IBM Think 2019. Brought to you by IBM. >> Welcome back to Moscone North at IBM Think 2019 I'm Stu Miniman, and my cohost for this segment is Dave Vellante. Happy to welcome two IBMers from the Z Group, we have Michael Jordan, distinguished engineer, everybody I'm sure in your family calls you the Michael Jordan? >> Nah, no, no >> Not the other one? >> I won't get into what they call me. >> Rohit Badlaney, who's a director of IBM Z as a service. So Rohit, we have to start there. We're very familiar with Z, you know, all the different pieces of it, but Z as a service, something new for this week, maybe help explain what the news is and-- >> Absolutely, so my mission in life is around Z and cloud. And this week you heard Jenny talk about Hyper Protect, and Hyper Protect is a family of services built in our IBM Cloud, on a cloud-ready systems, which are the ZR1 systems, in a multi-zone platform factor, so it provides the high availability disaster recovery. There are really four key services that we're announcing at this conference. One's around crypto and key management, provides the highest levels of security for our cloud. The second's around data as a service, which does traditionally really well on the platform, as a data-serving platform. The third's virtual servers, the fourth's containers that's going to be tied in to our Kubernetes Service. So we're bringing the breadth of our Z to our cloud. >> Yeah, you know, Michael, I show my age in the industry, I remember when we talked about security was, you know, lock the door on that rack that was in, or that mainframe that sat in the corner, we knew that that was secure. It's a little bit different when we talk about security and Z these days, it's cloud, it's global, >> Sure. >> It's all over the place. >> So-- >> But in fairness, right, I mean RACF was the gold standard of security, you know, before all this distributed systems stuff. You knew, you had full visibility on who did what, when, where, you know, very very detailed. Have you been able to carry that level of transparency and rigor into the cloud? >> Yeah, so some of this is what's old is new again, so one of the key areas that is a big focus for security in the cloud is encryption, right? You know encryption is going to a central part of being able to move data to the cloud, and the concepts of being able to bring your own key, is absolutely essential, and some of the capabilities that we've had on the Z platform for a very long time actually lend themselves extremely well to a cloud environment so for example, our cryptographic hardware can be virtualized, right? So each server can have 16 cryptographic cards, with 85 virtual domains per card, so you multiply that out it's, really serves cloud scale very well. And in addition to that, the cryptographic hardware is designed to meet the highest level of security certification standards, so a combination of security, and that virtualization really lends itself to offering a set of cloud services. >> If I think about the workloads that are running on Z, clearly there's no business case to move them off Z, into some commodity cloud, that would make no sense. You'd put your business at risk if you did that. But what's the business case of Hyper Protect, and Z as a service, could you talk about that a little bit? >> Yeah, so today our focus is primarily to elevate the security of our core and our cloud. If you look at what we are doing, it's around our Linux systems and not our traditional z/OS systems, and we're really focusing on where Z differentiates. It's around, you know Mike talked about key management, and key protection. It's around data protection, it's around scale. So the workloads, to your point, that do really well on the platform, are workloads that need that level of infrastructure characteristics. And it's not a well-known fact, but actually our Blockchain platform, and all the success IBM's had on Blockchain, has been running in our cloud, on our Z systems, over the last two years with 500 plus clients. Right, so those are the kind of workloads that benefit from the hardware characteristics, as well as the security characteristics. >> Just double-click on that, so you think Blockchain, often times you're thinking about distributed apps, you know, you think about transaction limits, et cetera et cetera, so what are the attributes of Z that lend itself well to those workloads? >> Oh that's a great question, so, several attributes, right? Definitely the key protection, and the data protection on Z, the sheer TPS, you know it's funny, I was actually with our BC doing a session today, and they were talking about the transaction per second they get by just running on Z versus commodity hardware. And they've had tremendous success, right? So those two, combined with you know, our Blockchain technology in our cloud runs on something called a Secure Services Container, which is an absolutely locked down container that no one can get access to. And those are the characteristics that, if you think about permissioned blockchain, that's where Z excels. So that's. >> One of the discussions we've been having is that, in a multi-cloud world I have different skillsets for the different environments. Can you give me a little compare/contrast how security fits in Z versus you know, x86, Linux, and public clouds? And also, how do I, as a customer, manage across those environments from a security standpoint? >> Sure, so a couple points on there. You know, one is, one of the benefits that we have with Z is we control a large portion of the stack, right? So we're able to integrate security into multiple layers of the stack. So Rohit mentioned the Secure Service Container, and that combines a number of capabilities that we've built in from the hardware, the firmware, the operating system, end to end. So for example, the Secure Service Container by default, all of the code and data associated with with one of these Secure Service Containers is encrypted. You don't have to do anything, it's, you deploy an application in of these containers, everything gets encrypted, in flight and at rest. And there's no configuration, no set up for that, it happens automatically. We validate, digitally sign and validate all of the firmware, the operating system, the application, and the entire package that gets loaded into one of these environments, to protect against introducing malware to that environment, and lastly is we block and restrict administrative access to prevent administrators from having uncontrolled access to the file system. So looking at that, right, since we own that stack and we can really integrate those security capabilities vertically through that stack to give the true value and the capabilities that you need in the cloud to protect both the application and the data. >> And that's always been the strength of the mainframe, is like you said, security's not a bolt-on, it's designed in from the very beginning. I mean when I started in the business, whatever IBM did with the 390, or whatever it was at the time-- >> You're dating yourself. >> Yeah, that's true. But the whole industry would focus on that. And then, frankly, IBM in the early '90s kind of lost it's way because it had that sort of install base, and it didn't really have to innovate. That's not the case today, you guys, well you have an install base who eats up, sort of every new cycle of Z. You've had to innovate, you've had to really invest in the roadmap, and stay current. Whether it's, you mentioned Blockchain, certainly Linux, et cetera. Now infusing AI as a service, so I wonder if you could talk a little bit about the sort of roadmap that you and your colleagues are on. Without obviously divulging futures, but there's a legacy there that you've invested in, and had to keep really current with some of the major industry trends to keep your clients happy. >> Yeah, and I'll weigh in and then Mike can jump in. I mean, the legacy of Z has always been scale, performance, hyper security, for the most regulated industries, for the most compliant industries, and our biggest enterprises. And that's going to continue, and the next generation of Z's going to continue down that theme. We are very focused on making Z part of the cloud. And so, there's a breadth of announcements, and I know we talked about Hyper Protect and the public cloud, but we're also expanding the Kubernetes orchestration on-premise with our IBM Cloud private product being supported fully on LinuxOne, and expanding it to Linux workloads, and z/OS workloads. And that is, you know, the cloudification of the platform is, I think, the next big step for us. >> But, so what's the real business driver for clients there? Is it just the notion of pay by the drink, and as a service? I mean obviously mainframe invented virtualization, and simplified management, and was always a key part of it, a key tenet. What's the real business driver for people to move to the cloud? >> I mean, in my view guys, it's the speed that they need to move at, right? I mean, you look at why we are standardizing on PaaS platforms, whether it's on the cloud or on-premise. The teams are constantly getting pushed to move faster, DevOps, now there's a new concept of DevSecOps, right? It's all about speed that's driving the need for the cloudification of the platform. The other reason is skills, right? Can I work with the mainframe in a way that I'm abstracting away the special skills needed, but I could still move with that speed in the DevOps cycle, right? So I think it's a combination of those both that's really driving this. >> And from a security perspective, I think a couple of the key points are looking ahead we're really focused on the data, right? How do we allow organizations, 'cause it's going to happen, right? Organizations will need to move data, whether it's temporarily, or longer term. They're going to need to move data to the cloud, that's just, it's a fact of life. So, how do we leverage and harness the capabilities that we have, that we've been talking about with the Z platform to enable clients to securely move their applications, pieces of applications, and data to the cloud so they can take advantage of the capabilities that Rohit was doing, with confidence that their data is not going to be compromised. And that includes a data-centric approach to protection of data, as well as protecting encryption keys and leveraging and taking advantage of the capabilities that we have on the platform for key protection, which is already a key part of the solution that we're bringing to market today. >> So the Z customer that bets his or her business on your platform, I mean, it's embedded, it's fundamental. What's the reaction been to Hyper Protect, you know, kind of feedback that you've had from clients? >> You know, everyone wants to be cloud today, right? So the reaction is actually been really positive. You know we've been working with our biggest Z clients, through what we call the Z Design Council, you know, validating the story. Because we want to help them on this enterprise-out journey. And the reaction has been good. Now, it's, it really depends on where they are on their cloud journey as well, right? Some are very much still want to be an on-premise shop, and some are aggressively moving to the public cloud. So our goal's really to intercept them wherever they are on that cloud journey. >> Yeah well many of them have a cloud mandate, right? >> Absolutely. >> Well, and I have clients come up to me on almost a continuous basis. When they look at what we, the capabilities that we've delivered with our z14 machine, and the cryptographic horsepower that we have with that machine, they're looking at it and saying hey, how do I harness this as a, you know, a crypto as a service for our enterprise? Which is kind of the precursor to what we're doing with the Hyper Protect services, but there is a keen interest from organizations to have a secure, performant, secure, stable environment for cryptographic services because, encryption is becoming ubiquitous, so providing that capability I think is significant. >> Yeah, and our goal, like Mike said, is really to make security easy, right? Whether it's in the public cloud and the enterprise developers don't have to worry about it. Can they get the levels of security that they need for their enterprises, or their enterprise workloads, but in an easy, cloud-native consumption model? That's really what Hyper Protect is. >> Yeah, I guess so final question is, what's the pricing implications of this new offering, and how do customers get started? Is this ready, shipping today? >> It's shipping in March. It's available today, that's the beauty of cloud, right? We went through what we call the experimental services, it's available in beta today. You could go to our IBM Cloud Catalog, access it, get it, try it. >> Great, give you a final word and takeaways you want people to have when it comes to security in the Z space. >> Yeah, so I think the main thing is that Z has a very proud tradition of security leadership and innovation, and what we're bringing to the market here is just another example of that security leadership and innovation. >> All right, well Michael and Rohit, thank you so much for bringing us the update-- >> Thanks, guys. >> Congratulations, on bringing the product to market. >> Thank you. >> Look forward to-- >> Good luck with it. >> Thank you. >> Thank you guys so much. >> All right, for Dave Vellante, I'm Stu Miniman, we'll be back to wrap up our day three of four days live, wall-to-wall coverage here, from Moscone North, IBM Think 2019, thanks for watching TheCube. (energetic techno music)