In-Depth

Big Blue’s Big-Iron Security Trump Card

IBM is pushing a retro database security model: bring it all back home to the mainframe, and trust the security and privacy of Big Iron

• By Stephen Swoyer
• 01/02/2007

DBAs, like their colleagues in other parts of IT, must constantly do more with less, all while facing a dizzying array of new concerns.

Take security, for example. Even more than capacity and performance management, security is one of a DBA’s paramount concerns these days. There’s the post Sarbanes-Oxley compliance climate, for one, not to mention post-9/11 paranoia, post-SQL Slammer vulnerability awareness, post-Choicepoint identity-theft worry, post-Bank of America stolen-credit-card-numbers sobriety, just to name a few. The two latter cases weren’t really cases of database security exploits, of course, but—in the eyes of the public, anyway—they’ve come to be seen as symptomatic of lax information-security practices.

Given all this, it isn’t surprising that at least one vendor—IBM Corp.—is pushing a decidedly retro database security model: bring it all back home to the mainframe, and trust the security and privacy protection of Big Iron.

Earlier this year, IBM announced a new addition to its family of mainframe processor engines: the z9 Integrated Information Processor, or zIIP for short.

Big Blue positions zIIP as a specially-packaged, low-priced processor engine designed to encourage customers to consolidate database workloads on the mainframe. It nominally helps customers address one of their biggest mainframe pain points—DB2 licensing costs under z/OS—but actually has a little-recognized purpose, too: to recast database processing on the mainframe as an affordable proposition and encourage the return of database workloads to Big Iron.

One big driver for this, IBM officials say, is the mainframe security model. "[Customers] are just concerned about security. In [the open systems] segment, there are always vulnerabilities, exploits, [and] issues that need to be addressed, systems or applications that need to be patched. It [security] has improved, but it still isn’t perceived as being as secure as [it is on] the mainframe," says Bob Hoey, worldwide vice-president of System z sales for IBM.

By promoting the mainframe as a more affordable platform—and as a surprisingly affordable platform, at that—and by touting the virtues of the mainframe security model, Hoey and other IBM executives hope to simultaneously foment churn in the distributed systems space.

It’s a message that resonates with existing mainframe customers. "This is something they repeatedly told me concerns them, securing this [information]," said System z GM Jim Stallings, in an interview this summer. Stallings embarked on a global blitz of System z customers following his appointment earlier in the year. He says existing mainframe customers have responded warmly to IBM’s bring-back-Big-Iron efforts. In many cases, Stallings points out, customers have deemphasized their dependence on the mainframe in favor of other (distributed) platforms.

Increasingly, however, concerns about information security—along with a universe of other issues, including data center power and cooling costs—are causing customers to reconsider this strategy.

In this respect, Stallings argues, a low-priced processor engine such as zIIP gives these customers added incentive to do just that.

"It’s to make it easy for them to do it. They can take advantage of the security of the [mainframe], [and] they can take advantage of the availability of it. You’ve seen the surveys that show that [if] you take a billion dollar company, most of them have multiple databases. In some cases, [they have] over 100 different data structures, so what some of them are considering doing is consolidating," Stallings explains.

Hence, IBM’s push to recast System z as the hub of an emerging Information utopia. "The zIIP makes it extremely easy for a customer that has a mainframe to not get a different database management system, they just move it to z/OS, and … [they] get the same performance, if not better, on the database," he argued.

"They take advantage of the legendary mainframe reliability, availability, manageability, performance, and security. They get [a mainframe] security [model] that is more secure than any other platform [in the open systems space]."

It might sound like a pipedream, but some industry watchers are duly impressed. Take Richard Ptak, a principal with consultancy Ptak, Noel, & Associates, who says it really isn’t all that much of a stretch to imagine a z9-centered Information utopia populated by a distributed application ecosystem which (securely) consumes data served up by zIIP workload engines.

"[D]espite all the recent product innovation and [the] creation of [new] ways to share data, from common repositories to keen new ways to network and virtualize data stores, to schemes and techniques to optimize access—problems remain," Ptak has written.

IBM’s core use case for zIIP—namely, as a means for organizations to securely and inexpensively expose mainframe data to distributed BI, CRM, or ERP applications via SQL calls using DRDA over TCP/IP—is one that could resonate with customers. "[T]his approach [also] leverages [the] unique architectural and performance advantages of the IBM mainframe in terms of data consolidation, workload management, end-to-end view, and manageability," Ptak argues.