 Live from San Francisco, it's theCUBE. Covering IBM Think 2019, brought to you by IBM. Welcome back to Moscone North at IBM Think 2019. I'm Stu Miniman, my co-host for this segment is Dave Vellante. Happy to welcome two IBMers from the Z Group. We have Michael Jordan, distinguished engineer. Everybody in your family, I'm sure, calls you the Michael Jordan. No, not the other one. I won't get into what they call you. Rohit Badlani, who's a director of IBM Z as a service. So Rohit, we have to start there. We are very familiar with Z, you know, all the different pieces of it, but Z as a service, something new for this week. Maybe help explain what the news is, and what happens. Absolutely. So my mission in life is around Z and cloud. And this week, you heard Jenny talk about HyperProtect. And HyperProtect is a family of services built in our IBM cloud on our cloud-ready systems, which are the ZR1 systems in a multi-zone form factor, so it provides the high availability disaster recovery. There are really four key services that we are announcing at this conference. One's around crypto and key management, provides the highest levels of security for our cloud. The second's around data as a service, which does traditionally really well on the platform, as a data-serving platform. The third's virtual servers, and the fourth's containers, that's going to be tied into a Kubernetes service. So we're bringing the breadth of our Z to our cloud. Yeah, you know, Michael, I show my age in the industry, as I remember when we talked about security, was lock the door on that rack that was in, or that mainframe that sat in the corner, we knew that that was secure. It's a little bit different when we talk about security in Z these days, it's cloud, it's global, it's all over the place, so. Well, but at fairness, right, I mean, MacF was the gold standard of security before all this distributed system stuff. You knew, you had full visibility on who did what, when, where, very, very detailed. Have you been able to carry that level of transparency and rigor into the cloud? Yeah, so some of this is what's old is new again. So one of the key areas that is a big focus for security in the cloud is encryption, right? Encryption is going to be essential part of being able to move data to the cloud. And the concepts of being able to bring your own key is absolutely essential. And some of the capabilities that we've had on the Z platform for a very long time actually lend themselves extremely well to a cloud environment. So for example, our cryptographic hardware can be virtualized, right? So each server can have 16 cryptographic cards with 85 virtual domains per card. So you multiply that out. It really serves at cloud scale very well. And in addition to that, the cryptographic hardware is designed to meet the highest level of security certification standards. So a combination of security and that virtualization really lend itself to offering a set of cloud services. If I think about the workloads that are running on Z, clearly there's no business case to move them off Z into some commodity cloud. That would make no sense. You put your business at risk if you did that. But what's the business case of hyperprotect and Z as a service? Can you talk about that a little bit? Yeah, so today our focus is primarily to elevate the security of our core and our cloud. If you look at what we're doing, it's around our Linux systems. They're not a traditional ZOS systems. And we're really focusing on where Z differentiates. It's around, Mike talked about key management and key protection. It's around data protection. It's around scale. So the workloads to a point that do really well on the platform are workloads that need that level of infrastructure characteristics. It's not a well-known fact, but actually a blockchain platform and all the success IBMs had on blockchain has been running in our cloud on our Z systems over the last two years with 500 plus times, right? So those are the kind of workloads that benefit from the hardware characteristics as well as the security characteristics. Just double click on that. So you think blockchain, oftentimes you think about distributed apps. You think about transaction limits, et cetera, et cetera. So what are the attributes of Z that lend itself well to those workloads? That's a great question. So several attributes, right? Definitely the key protection and the data protection on Z. The shared TPS, you know, it's funny. I was actually with RBC doing a session today and they were talking about the transaction per second they get by just running on Z versus commodity hardware. And they've had tremendous success, right? So those two combined with, you know, our blockchain technology in our cloud runs on something called a secure services container, which is an absolutely locked down container that no one can get access to. And those are the characteristics. If you think about permission blockchain, that's where Z excels. So that's great. One of the discussions we've been having is in a multi-cloud world, I have different skill sets for the different environments. Can you give us a little comparison drafts of how security fits in Z versus, you know, X86 Linux in public clouds and also how do I as a customer, you know, manage across those environments from a security standpoint? Sure, so a couple points on there, you know, one of the benefits that we have with Z is we control a large portion of the stack, right? So we're able to integrate security into, you know, multiple layers of the stack. So Rohit mentioned the secure service container and that combines a number of capabilities that we've built in, you know, from the hardware, the firmware, the operating system and so for example, the secure service container by default. All of the code and data associated with one of these secure service containers is encrypted. You don't have to do anything. It's, you know, you deploy an application in one of these containers. Everything gets encrypted in flight and at rest and there's no configuration, no setup for that. It happens automatically. We validate, digitally sign and validate all of the firmware, the operating system, the application, the entire package that gets loaded into one of these environments to protect against introducing malware into that environment and lastly is we block and restrict administrative access to, you know, prevent, you know, administrators from having uncontrolled access to the file system. So, you know, looking at that, right, since we own that stack and we can really, we can really integrate those security capabilities vertically through that stack to give the true value, you know, and the capabilities that you need in the cloud to protect both the application and the data. And that's always been the strength of the mainframe is you, like you said, your security is not a bolt on, you know, it's designed in from the very beginning. I mean, when I started in the business, whatever IBM did with the 390 or whatever it was at the time, the whole industry, yeah, that's true, but the whole industry would focus on that. And then, you know, frankly, IBM in the early 90s kind of lost its way because it had that sort of install base and it didn't really, hey, I have to innovate. That's not the case today. You guys, while you have an install base who eats up every sort of new cycle of Z, you've had to innovate. You've had to really invest in the roadmap and stay current. You know, whether it's, you mentioned, blockchain, you know, certainly Linux, you know, et cetera, now it's infusing AI as a service. So I wonder if you could talk a little bit about the sort of roadmap, you know, that you and your colleagues are on, and without obviously divulging, you know, futures, but there's a legacy there that you've invested in and had to keep really current with some of the major industry trends to keep your clients happy. Yeah, and I'll weigh in and then, you know, might jump in, right? I mean, the legacy of Z has always been scale, performance, hyper security for the most regulated industries, for the most compliant industries, and our biggest enterprises. And that's going to continue. Even the next generation of Z is going to continue down that team. We are very focused on making Z part of the cloud. And so there's a breadth of announcements, and I know we talked about hyper protect in the public cloud, but you know, we're also expanding the Kubernetes orchestration on premise with, you know, our IBM cloud private product being supported fully on Linux one and expanding it to Linux workloads and ZOS workloads. And that is, you know, the cloudification of the platform is the, I think, the next big step for us. But so what's the real business driver for clients there? Is it just the notion of pay by the drink and as a service? I mean, obviously, you know, mainframe invented virtualization and, you know, simplified management was always a key part of it, key tenant. What's the real business driver for people to move to the cloud? I mean, in my view, guys, it's the speed that they need to move at, right? I mean, you look at why we're standardizing on Paz platforms, whether it's on the cloud or on premise, you know, they're, the teams are constantly getting pushed to move faster. DevOps, now there's a new concept of DevSecOps, right? It's all about speed that's driving the need for the cloudification of the platform. The other reason is, you know, skills, right? Can I work with the mainframe in a way that I'm abstracting away the special skills needed, but I could still move with that speed in the DevOps cycle, right? So I think it's a combination of those both that's really driving this. And from a security perspective, I think, you know, a couple of the key points are, you know, looking ahead, we're really focused on the data, right, you know, how do we allow organizations, because it's going to happen, right? Organizations will need to move data, whether it's temporarily, you know, or longer term, they're going to need to move data to the cloud. That's just, it's a fact of life. So how do we leverage and harness the capabilities that we've been talking about with the Z platform to enable clients to securely move their, you know, their applications, pieces of applications and data to the cloud so they can take advantage of the capabilities that Rohit was doing with confidence that their data is not going to be compromised, and that includes, you know, a data-centric approach to, you know, protection of data, as well as, you know, protecting encryption keys and leveraging and taking advantage of the capabilities that we have on the platform for key protection, which is already a key part of the solution that we're, you know, bringing to market today. So the Z customer bets his or her business on your platform. I mean, it's embedded, I mean, it's fundamental. What's the reaction been to HyperProtect, you know, kind of feedback that you've had from clients? You know, everyone wants to be cloud today, right? So the reaction is actually been really positive. You know, we've been working with our biggest Z clients through what we call the Z Design Council, you know, validating this story because we want to help them on this enterprise out journey and the reaction has been good. Now it's, you know, it really depends on where they are on that cloud journey as well, right? Some are very much still want to be an on-premise shop and some are aggressively moving to the public cloud. So our goal is really to intercept them wherever they are on that cloud journey. Yeah, well, many of them have a cloud mandate, right? So absolutely. Yeah, well, and I have clients come up to me on almost a continuous basis when they look at what the capabilities that we delivered with our Z14 machine and the cryptographic, you know, horsepower that we have with that machine, you know, they're looking at and saying, hey, how do I harness this as a, you know, crypto as a service for our enterprise, which is, you know, kind of the precursor to what we're doing with, you know, the hyper protect services, but there is a keen interest from organizations to have a secure, performant, scalable, stable environment for cryptographic services because encryption is becoming ubiquitous. So, you know, providing that capability, I think is, you know, is significant. And our goal, like Mike said, is really to make security easy, right? Whether it's, you know, whether it's in the public cloud and, you know, the enterprise developers don't have to worry about it. Can they get that level of security that they need for their enterprises or their enterprise workloads, but in an easy cloud-native consumption model? Right, that's really what hyper protect is. Yeah, I guess so, final question is, what's the pricing implications of this new offering and, you know, how do customers get started? Is this ready shipping today? It's shipping in March. It's available today. That's the beauty of cloud, right? We went through what we call the experimental service that's available in beta today. You could go to our IBM Cloud Catalog, access it, get it, try it. Give you a final word on takeaways you want people to have when it comes to security in the Z space. Yeah, so I think the main thing is that, you know, Z has a very proud tradition of security leadership and innovation and what we're bringing to the market here is just another example of that security leadership and innovation. All right, well, Michael and Rohit, thank you so much for bringing us the update. Thank you guys. I'm bringing the product to market. Thank you. I look forward to tracking it with you. Thank you guys. Thank you so much. All right, for Dave Vellante, I'm Stu Miniman. We'll be back to wrap up our day three of four days of live wall-to-wall coverage here from Moscone North IBM Think 2019. Thanks for watching theCUBE.