>> Live, from San Francisco, it's theCUBE covering IBM Think 2019. Brought to you by IBM. >> Hello everyone, welcome back to theCUBE's live coverage here in San Francisco for IBM Think 2019. I'm John Furrier, Stu Miniman with theCUBE. Stu, it's been a great day. We're on our fourth day of four days of wall to wall coverage. A theme of AI, large scale compute with Cloud and data that's great. Great topics. Got two great guests here. Rohit Badlaney, who's the director of IBM Z As a Service, IBM Systems. Real great to see you. And Nataraj Nagaratnam, Distinguished Engineer and CTO and Director of Cloud Security at IBM and Hybrid Cloud, thanks for joining us. >> Glad to be here. >> So, the subtext to all the big messaging around AI and multi-cloud is that you need power to run this. Horsepower, you need big iron, you need the servers, you need the storage, but software is in the heart of all this. So you guys had some big announcements around capabilities. The Hyper Protect was a big one on the securities side but now you've got Z As a Service. We've seen Linux come on Z. So it's just another network now. It's just network computing is now tied in with cloud. Explain the offering. What's the big news? >> Sure, so two major announcements for us this week. One's around our private cloud capabilities on the platform. So we announced our IBM Cloud Private set of products fully supported on our LinuxOne systems, and what we've also announced is the extensions of those around hyper-secure workloads through a capability called the Secure Services Container, as well as giving our traditional z/OS clients cloud consumption through a capability called the z/OS Cloud Broker. So it's really looking at how do we cloudify the platform for our existing base, as well as clients looking to do digital transformation projects on-premise. How do we help them? >> This has been a key part of this. I want to just drill down this cloudification because we've been talking about how you guys are positioned for growth. All the REORG's are done. >> Sure, yeah >> The table's all set. Products have been modernized, upgraded. Now the path is pretty clear. Kind of like what Microsoft's playbook was. Build the core cloudification. Get your core set of products cloudified. Target your base of customers. Grow that and expand into the modern era. This is a key part of the strategy, right? >> Absolutely right. A key part of our private cloud strategy is targeted to our existing base and moving them forward on their cloud journey, whether they're looking to modernize parts of their application. Can we start first with where they are on-premise is really what we're after. >> Alright, also you have the Hyper Protect. >> Correct. >> What is that announcement? Can you explain Hyper Protect? >> Absolutely. Like Rohit talked about, taking our LinuxOne capabilities, now that enterprise trusts the level of assurance, the level of security that they're dependent on, on-premise and now in private cloud. We are taking that further into the public cloud offering as Hyper Protect services. So these are set of services that leverage the underlyings of security hardening that nobody else has the level of control that you can get and offering that as a service so you don't need to know Z or LinuxOne from a consumption perspective. So I'll take two examples. Hyper Protect Crypto Service is about exposing the level of control. That you can manage they keys. What we call "keep your own keys" because encryption is out there but it's all about key management so we provide that with the highest level of security that LinuxOne servers from us offer. Another example is database as a service, which runs in this Hyper Secure environment. Not only encryption and keys, but leveraging down the line pervasive encryption capabilities so nobody can even get into the box, so to say. >> Okay, so I get the encryption piece. That's solid, great. Internet encryption is always good. Containers, there's been discussions at the CNCF about containers not being part of the security boundaries and putting a VMware around it. Different schools of thought there. How do you guys look at the containerization? Does that fit into Secure Protect? Talk about that dynamic because encryption I get, but are you getting containers? >> Great question because it's about the workload, right? When people are modernizing their apps or building cloud-native apps, it's built on Kubernetes and containers. What we have done, the fantastic work across both the IBM Cloud Private on Z, as well as Hyper Protect, underlying it's all about containers, right? So as we deliver these services and for customers also to build data services as containers or VM's, they can deploy on this environment or consume these as a compute. So fundamentally it's kubernetes everywhere. That's a foundational focus for us. When it can go public, private and multicloud, and we are taking that journey into the most austere environment with a performance and scale of Z and LinuxONE. >> Alright, so Rohit, help bring us up to date. We've been talking about this hybrid and multi-cloud stuff for a number of years, and the idea we've heard for many years is, "I want to have the same stack on both ends. I want encryption all the way down to the chip set." I've heard of companies like Oracle, like IBM say, "We have resources in both. We want to do this." We understand kubernetes is not a magic layer, it takes care of a certain piece you know and we've been digging in that quite a bit. Super important, but there's more than that and there still are differences between what I'm doing in the private cloud and public cloud just naturally. Public cloud, I'm really limited to how many data centers, private cloud, everything's different. Help us understand what's the same, what's different. How do we sort that out in 2019? >> Sure, from a brand perspective we're looking at private cloud in our IBM Cloud Private set of products and standardizing on that from a kubernetes perspective, but also in a public cloud, we're standardizing on kubernetes. The key secret source is our Secure Services Container under there. It's the same technology that we use under our Blockchain Platform. Right, it brings the Z differentiation for hyper-security, lockdown, where you can run the most secure workloads, and we're standardizing that on both public and private cloud. Now, of course, there are key differences, right? We're standardizing on a different set of workloads on-premise. We're focusing on containerizing on-premise. That journey to move for the public cloud, we still need to get there. >> And the container piece is super important. Can you explain the piece around, if I've got multi-cloud going on, Z becomes a critical node on the network because if you have an on-premise base, Z's been very popular, LinuxONE has been really popular, but it's been for the big banks, and it seems like the big, you know, it's big ire, it's IBM, right? But it's not just the mainframe. It's not proprietary software anymore, it's essentially large-scale capability. >> Right. >> So now, when that gets factored into the pool of resources and cloud, how should customers look at Z? How should they look at the equation? Because this seems to me like an interesting vector into adding more head room for you guys, at least on the product side, but for a customer, it's not just a use case for the big banks, or doing big backups, it seems to have more legs now. Can you explain where this fits into the big picture? Because why wouldn't someone want to have a high performant? >> Why don't I use a customer example? I had a great session this morning with Brad Chun from Shuttle Fund, who joined us on stage. They know financial industry. They are building a Fintech capability called Digital Asset Custody Services. It's about how you digitize your asset, how do you tokenize them, how you secure it. So when they look at it from that perspective, they've been partnering with us, it's a classic hybrid workload where they've deployed some of the apps on the private cloud and on-premise with Z/LinuxONE and reaching out to the cloud using the Hyper Protect services. So when they bring this together, built on Blockchain under the covers, they're bringing the capability being agile to the market, the ability for them to innovate and deliver with speed, but with the level of capability. So from that perspective, it's a Fintech, but they are not the largest banks that you may know of, but that's the kind of innovation it enables, even if you don't have quote, unquote a mainframe or a Z. >> This gives you guys more power, and literally, sense of pretty more reach in the market because what containers and now these kubernetes, for example, Ginni Rometty said "kubernetes" twice in her keynote. I'm like, "Oh my God. The CEO of IBM said 'kubernetes' twice." We used to joke about it. Only geeks know about kubernetes. Here she is talking about kubernetes. Containers, kubernetes, and now service missions around the corner give you guys reach into the public cloud to extend the Z capability without foreclosing the benefits of Z. So that seems to be a trend. Who's the target for that? Give me an example of who's the customer or use case? What's the situation that would allow me to take advantage of cloud and extend the capability to Z? >> If you just step back, what we're really trying to do is create a higher shorten zone in our cloud called Hyper Protect. It's targeted to our existing Z base, who want to move on this enterprise out journey, but it's also targeted to clients like Shuttle Fund and DAX that Raj talked about that are building these hyper secure apps in the cloud and want the capabilities of the platform, but wanted more cloud-native style. It's the breadth of moving our existing base to the cloud, but also these new security developers who want to do enterprise development in the cloud. >> Security is key. That's the big drive. >> And that's the beauty of Z. That's what it brings to the table. And to a cloud is the hyper lockdown, the scale, the performance, all those characteristics. >> We know that security is always an on-going journey, but one of the ones that has a lot of people concerned is when we start adding IoT into the mix. It increased the surface area by orders of magnitude. How do those type of applications fit into these offerings? >> Great question. As a matter of fact, I didn't give you the question by the way, but this morning, KONE joined me on stage. >> We actually talked about it on Twitter. (laughs) >> KONE joined us on stage. It's about in the residential workflow, how they're enabling here their integration, access, and identity into that. As an example, they're building on our IoT platform and then they integrate with security services. That's the beauty of this. Rohit talked about developers, right? So when developers build it, our mission is to make it simple for a developer to build secure applications. With security skill shortage, you can't expect every developer to be a security geek, right? So we're making it simple, so that you can kind of connect your IoT to your business process and your back-end application seamlessly in a multi-cloud and hybrid-cloud fashion. That's where both from a cloud native perspective comes in, and building some of these sensitive applications on Hyper Protect or Z/LinuxONE and private cloud enables that end to end. >> I want to get you guys take while you're here because one of the things I've observed here at Think, which is clearly the theme is Cloud AI and developers all kind of coming together. I mean, AI, Amazon's event, AI, AI, AI, in cloud scale, you guys don't have that. But developer angle is really interesting. And you guys have a product called IBM Cloud Private, which seems to be a very big centerpiece of the strategy. What is this product? Why is it important? It seems to be part of all the key innovative parts that we see evolving out of the thing. Can you explain what is the IBM Cloud Private and how does it fit into the puzzle? >> Let me take a pass at it Raj. In a way it is, well, we really see IBM Cloud Private as that key linchpin on-premise. It's a Platform as a Service product on-premise, it's built on kubernetes and darker containers, but what it really brings is that standardized cloud consumption for containerized apps on-premise. We've expanded that, of course, to our Z footprint, and let me give you a use case of clients and how they use it. We're working with a very big, regulated bank that's looking to modernize a massive monolithic piece of WebSphere application server on-premise and break it down into micro-services. They're doing that on IBM Cloud Private. They've containerized big parts of the application on WebSphere on-premise. Now they've not made that journey to the cloud, to the public cloud, but they are using... How do you modernize your existing footprint into a more containerized micro-services one? >> So this is the trend we're seeing, the decomposition of monolithic apps on-premise is step one. Let's get that down, get the culture, and attract the new, younger people who come in, not the older guys like me, mini-computer days. Really make it ready, composable, then they're ready to go to the cloud. This seems to be the steps. Talk about that dynamic, Raj, from a technical perspective. How hard is it to do that? Is it a heavy lift? Is it pretty straight-forward? >> Great question. IBM, we're all about open, right? So when it comes to our cloud strategy open is the centerpiece offered, that's why we have banked on kubernetes and containers as that standardization layer. This way you can move a workflow from private to public, even ICP can be on other cloud vendors as well, not just IBM Cloud. So it's a private cloud that customers can manage, or in the public cloud or IBM kubernetes that we manage for them. Then it's about the app, the containerized app that can be moved around and that's where our announcements about Multicloud Manager, that we made late last year come into play, which helps you seamlessly move and integrate applications that are deployed on communities across private, public or multicloud. So that abstraction venire enables that to happen and that's why the open... >> So it's an operational construct? Not an IBM product, per say, if you think about it that way. So the question I have for you, I know Stu wants to jump in, he's got some questions. I want to get to this new mindset. The world's flipped upside down. The applications and workloads are dictating architecture and programmability to the DevOps, or infrastructure, in this case, Z or cloud. This is changing the game on how the cloud selection is. So we've been having a debate on theCUBE here, publicly, that in some cases it's the best cloud for the job decision, not a procurement, "I need multi-vendor cloud," versus I have a workload that runs best with this cloud. And it might be as if you're running 365, or G Suite as Google, Amazon's got something so it seems to be the trend. Do you agree with that? And certainly, there'll be many clouds. We think that's true, it's already happened. Your thoughts on this workload driving the requirements for the cloud? Whether it's a sole purpose cloud, meaning for the app. >> That's right. I'll start and Rohit will add in as well. That's where this chapter two comes into play, as we call Chapter Two of Cloud because it is about how do you take enterprise applications, the mission-critical complex workloads, and then look for the enablers. How do you make that modernization seamless? How do you make the cloud native seamless? So in that particular journey, is where IBM cloud and our Multicloud and Hybrid Cloud strategy come into play to make that transition happen and provide the set of capabilities that enterprises are looking for to move their critical workloads across private and public in bit much more assurance and performance and scale, and that's where the work that we are doing with Z, LinuxONE set of as an underpinning to embark on the journey to move those critical workloads to their cloud. So you're absolutely right. When they look at which cloud to go, it's about capabilities, the tools, the management orchestration layers that a cloud provider or a cloud vendor provide and it's not only just about IBM Public Cloud, but it's about enabling the enterprises to provide them the choice and then offer. >> So it's not multicloud for multicloud sake, it's multicloud, that's the reality. Workload drives the functionality. >> Absolutely. We see that as well. >> Validated on theCUBE by the gurus of IBM. The cloud for the job is the best solution. >> So I guess to kind of put a bow on this, the journey we're having is talking about distributed architectures, and you know, we're down on the weeds, we've got micro-services architectures, containerization, and we're working at making those things more secure. Obviously, there's still a little bit more work to do there, but what's next is we look forward, what are the challenges customers have. They live in this, you know, heterogeneous multicloud world. What do we have to do as an industry? Where is IBM making sure that they have a leadership position? >> From my perspective, I think really the next big wave of cloud is going to be looking at those enterprise workloads. It's funny, I was just having a conversation with a very big bank in the Netherlands, and they were, of course, a very big Z client, and asking us about the breadth of our cloud strategy and how they can move forward. Really looking at a private cloud strategy helping them modernize, and then looking at which targeted workloads they could move to public cloud is going to be the next frontier. And those 80 percent of workloads that haven't moved. >> An integration is key, and for you guys competitive strategy-wise, you've got a lot of business applications running on IBM's huge customer base. Focus on those. >> Yes. >> And then give them the path to the cloud. The integration piece is where the linchpin is and OSSI secure. >> Enterprise out guys. >> Love encryption, love to follow up more on the secure container thing, I think that's a great topic. We'll follow-up after this show Raj. Thanks for coming on. theCUBE coverage here. I'm John Furrier, Stu Miniman. Live coverage, day four, here live in San Francisco for IBM Think 2019. Stay with us more. Our next guests will be here right after a short break. (upbeat music)

>> Live from San Francisco, it's TheCUBE. Covering IBM Think 2019. Brought to you by IBM. >> Welcome back to Moscone North at IBM Think 2019 I'm Stu Miniman, and my cohost for this segment is Dave Vellante. Happy to welcome two IBMers from the Z Group, we have Michael Jordan, distinguished engineer, everybody I'm sure in your family calls you the Michael Jordan? >> Nah, no, no >> Not the other one? >> I won't get into what they call me. >> Rohit Badlaney, who's a director of IBM Z as a service. So Rohit, we have to start there. We're very familiar with Z, you know, all the different pieces of it, but Z as a service, something new for this week, maybe help explain what the news is and-- >> Absolutely, so my mission in life is around Z and cloud. And this week you heard Jenny talk about Hyper Protect, and Hyper Protect is a family of services built in our IBM Cloud, on a cloud-ready systems, which are the ZR1 systems, in a multi-zone platform factor, so it provides the high availability disaster recovery. There are really four key services that we're announcing at this conference. One's around crypto and key management, provides the highest levels of security for our cloud. The second's around data as a service, which does traditionally really well on the platform, as a data-serving platform. The third's virtual servers, the fourth's containers that's going to be tied in to our Kubernetes Service. So we're bringing the breadth of our Z to our cloud. >> Yeah, you know, Michael, I show my age in the industry, I remember when we talked about security was, you know, lock the door on that rack that was in, or that mainframe that sat in the corner, we knew that that was secure. It's a little bit different when we talk about security and Z these days, it's cloud, it's global, >> Sure. >> It's all over the place. >> So-- >> But in fairness, right, I mean RACF was the gold standard of security, you know, before all this distributed systems stuff. You knew, you had full visibility on who did what, when, where, you know, very very detailed. Have you been able to carry that level of transparency and rigor into the cloud? >> Yeah, so some of this is what's old is new again, so one of the key areas that is a big focus for security in the cloud is encryption, right? You know encryption is going to a central part of being able to move data to the cloud, and the concepts of being able to bring your own key, is absolutely essential, and some of the capabilities that we've had on the Z platform for a very long time actually lend themselves extremely well to a cloud environment so for example, our cryptographic hardware can be virtualized, right? So each server can have 16 cryptographic cards, with 85 virtual domains per card, so you multiply that out it's, really serves cloud scale very well. And in addition to that, the cryptographic hardware is designed to meet the highest level of security certification standards, so a combination of security, and that virtualization really lends itself to offering a set of cloud services. >> If I think about the workloads that are running on Z, clearly there's no business case to move them off Z, into some commodity cloud, that would make no sense. You'd put your business at risk if you did that. But what's the business case of Hyper Protect, and Z as a service, could you talk about that a little bit? >> Yeah, so today our focus is primarily to elevate the security of our core and our cloud. If you look at what we are doing, it's around our Linux systems and not our traditional z/OS systems, and we're really focusing on where Z differentiates. It's around, you know Mike talked about key management, and key protection. It's around data protection, it's around scale. So the workloads, to your point, that do really well on the platform, are workloads that need that level of infrastructure characteristics. And it's not a well-known fact, but actually our Blockchain platform, and all the success IBM's had on Blockchain, has been running in our cloud, on our Z systems, over the last two years with 500 plus clients. Right, so those are the kind of workloads that benefit from the hardware characteristics, as well as the security characteristics. >> Just double-click on that, so you think Blockchain, often times you're thinking about distributed apps, you know, you think about transaction limits, et cetera et cetera, so what are the attributes of Z that lend itself well to those workloads? >> Oh that's a great question, so, several attributes, right? Definitely the key protection, and the data protection on Z, the sheer TPS, you know it's funny, I was actually with our BC doing a session today, and they were talking about the transaction per second they get by just running on Z versus commodity hardware. And they've had tremendous success, right? So those two, combined with you know, our Blockchain technology in our cloud runs on something called a Secure Services Container, which is an absolutely locked down container that no one can get access to. And those are the characteristics that, if you think about permissioned blockchain, that's where Z excels. So that's. >> One of the discussions we've been having is that, in a multi-cloud world I have different skillsets for the different environments. Can you give me a little compare/contrast how security fits in Z versus you know, x86, Linux, and public clouds? And also, how do I, as a customer, manage across those environments from a security standpoint? >> Sure, so a couple points on there. You know, one is, one of the benefits that we have with Z is we control a large portion of the stack, right? So we're able to integrate security into multiple layers of the stack. So Rohit mentioned the Secure Service Container, and that combines a number of capabilities that we've built in from the hardware, the firmware, the operating system, end to end. So for example, the Secure Service Container by default, all of the code and data associated with with one of these Secure Service Containers is encrypted. You don't have to do anything, it's, you deploy an application in of these containers, everything gets encrypted, in flight and at rest. And there's no configuration, no set up for that, it happens automatically. We validate, digitally sign and validate all of the firmware, the operating system, the application, and the entire package that gets loaded into one of these environments, to protect against introducing malware to that environment, and lastly is we block and restrict administrative access to prevent administrators from having uncontrolled access to the file system. So looking at that, right, since we own that stack and we can really integrate those security capabilities vertically through that stack to give the true value and the capabilities that you need in the cloud to protect both the application and the data. >> And that's always been the strength of the mainframe, is like you said, security's not a bolt-on, it's designed in from the very beginning. I mean when I started in the business, whatever IBM did with the 390, or whatever it was at the time-- >> You're dating yourself. >> Yeah, that's true. But the whole industry would focus on that. And then, frankly, IBM in the early '90s kind of lost it's way because it had that sort of install base, and it didn't really have to innovate. That's not the case today, you guys, well you have an install base who eats up, sort of every new cycle of Z. You've had to innovate, you've had to really invest in the roadmap, and stay current. Whether it's, you mentioned Blockchain, certainly Linux, et cetera. Now infusing AI as a service, so I wonder if you could talk a little bit about the sort of roadmap that you and your colleagues are on. Without obviously divulging futures, but there's a legacy there that you've invested in, and had to keep really current with some of the major industry trends to keep your clients happy. >> Yeah, and I'll weigh in and then Mike can jump in. I mean, the legacy of Z has always been scale, performance, hyper security, for the most regulated industries, for the most compliant industries, and our biggest enterprises. And that's going to continue, and the next generation of Z's going to continue down that theme. We are very focused on making Z part of the cloud. And so, there's a breadth of announcements, and I know we talked about Hyper Protect and the public cloud, but we're also expanding the Kubernetes orchestration on-premise with our IBM Cloud private product being supported fully on LinuxOne, and expanding it to Linux workloads, and z/OS workloads. And that is, you know, the cloudification of the platform is, I think, the next big step for us. >> But, so what's the real business driver for clients there? Is it just the notion of pay by the drink, and as a service? I mean obviously mainframe invented virtualization, and simplified management, and was always a key part of it, a key tenet. What's the real business driver for people to move to the cloud? >> I mean, in my view guys, it's the speed that they need to move at, right? I mean, you look at why we are standardizing on PaaS platforms, whether it's on the cloud or on-premise. The teams are constantly getting pushed to move faster, DevOps, now there's a new concept of DevSecOps, right? It's all about speed that's driving the need for the cloudification of the platform. The other reason is skills, right? Can I work with the mainframe in a way that I'm abstracting away the special skills needed, but I could still move with that speed in the DevOps cycle, right? So I think it's a combination of those both that's really driving this. >> And from a security perspective, I think a couple of the key points are looking ahead we're really focused on the data, right? How do we allow organizations, 'cause it's going to happen, right? Organizations will need to move data, whether it's temporarily, or longer term. They're going to need to move data to the cloud, that's just, it's a fact of life. So, how do we leverage and harness the capabilities that we have, that we've been talking about with the Z platform to enable clients to securely move their applications, pieces of applications, and data to the cloud so they can take advantage of the capabilities that Rohit was doing, with confidence that their data is not going to be compromised. And that includes a data-centric approach to protection of data, as well as protecting encryption keys and leveraging and taking advantage of the capabilities that we have on the platform for key protection, which is already a key part of the solution that we're bringing to market today. >> So the Z customer that bets his or her business on your platform, I mean, it's embedded, it's fundamental. What's the reaction been to Hyper Protect, you know, kind of feedback that you've had from clients? >> You know, everyone wants to be cloud today, right? So the reaction is actually been really positive. You know we've been working with our biggest Z clients, through what we call the Z Design Council, you know, validating the story. Because we want to help them on this enterprise-out journey. And the reaction has been good. Now, it's, it really depends on where they are on their cloud journey as well, right? Some are very much still want to be an on-premise shop, and some are aggressively moving to the public cloud. So our goal's really to intercept them wherever they are on that cloud journey. >> Yeah well many of them have a cloud mandate, right? >> Absolutely. >> Well, and I have clients come up to me on almost a continuous basis. When they look at what we, the capabilities that we've delivered with our z14 machine, and the cryptographic horsepower that we have with that machine, they're looking at it and saying hey, how do I harness this as a, you know, a crypto as a service for our enterprise? Which is kind of the precursor to what we're doing with the Hyper Protect services, but there is a keen interest from organizations to have a secure, performant, secure, stable environment for cryptographic services because, encryption is becoming ubiquitous, so providing that capability I think is significant. >> Yeah, and our goal, like Mike said, is really to make security easy, right? Whether it's in the public cloud and the enterprise developers don't have to worry about it. Can they get the levels of security that they need for their enterprises, or their enterprise workloads, but in an easy, cloud-native consumption model? That's really what Hyper Protect is. >> Yeah, I guess so final question is, what's the pricing implications of this new offering, and how do customers get started? Is this ready, shipping today? >> It's shipping in March. It's available today, that's the beauty of cloud, right? We went through what we call the experimental services, it's available in beta today. You could go to our IBM Cloud Catalog, access it, get it, try it. >> Great, give you a final word and takeaways you want people to have when it comes to security in the Z space. >> Yeah, so I think the main thing is that Z has a very proud tradition of security leadership and innovation, and what we're bringing to the market here is just another example of that security leadership and innovation. >> All right, well Michael and Rohit, thank you so much for bringing us the update-- >> Thanks, guys. >> Congratulations, on bringing the product to market. >> Thank you. >> Look forward to-- >> Good luck with it. >> Thank you. >> Thank you guys so much. >> All right, for Dave Vellante, I'm Stu Miniman, we'll be back to wrap up our day three of four days live, wall-to-wall coverage here, from Moscone North, IBM Think 2019, thanks for watching TheCube. (energetic techno music)