IBM turns on AI, simplifies programming in new mainframe OS release

IBM today introduced the next release of z/OS, which promises to unlock the snazziest AI, management and security features in the z17 mainframe portfolio.

The z/OS 3.2 software, available Sept. 30, will be the underpinning of IBM’s z17 mainframe. It features support for the Big Iron’s new AI acceleration technologies as well as improved management for hybrid cloud applications, advanced encryption and threat detection, and integrated and simplified programming capabilities.

Available now, the z17 mainframe features a 5.5 GHz IBM Telum II processor and a built-in AI accelerator that IBM says will let customers run more than 450 billion inferencing operations in a day with one millisecond response time. In addition, a 32-core AI accelerator called Spyre will be available in the fourth quarter via an optional PCIe card, and additional cards can be added depending on requirements. The Spyre accelerator is designed to handle all manner of emerging AI workloads.

The IBM z17’s Telum II processor, Integrated Accelerator for AI, and Spyre Accelerator are designed to work in unison to support real-time, high-speed AI inferencing and model execution directly on the platform, minimize latency and eliminate the need to move sensitive data. The idea is to embed AI into mission-critical workloads and support new high-performance applications such as advanced fraud detection, supply chain optimization, and automated decision-making with high performance and security, according to Kelly Ryan, vice president, IBM Z & LinuxONE, Operating Systems.

“Considering that 95% of the banks, 70% of the Fortune 500, and many governments and enterprises depend on the mainframe for the high volume, high security data processing, but that just 1% of the world’s enterprise data has been put into LLMs so far, it makes sense to put AI where that data is,” Ryan told Network World.

AI on the mainframe is the headline grabber for this release, said Steven Dickens, CEO and principal analyst with HyperFRAME Research. “But we are hearing over 200+ use cases already from IBM for Spyre. Which is not surprising. In-Transition AI with small language models makes perfect sense when you are looking at fraud, [(Know Your Customer) and AML (Anti-Money Laundering)] use cases in financial services where a lot of the mainframe installed base resides.”

Making the use of AI on the mainframe easier is in part the job of a new zOS component called AI Framework for IBM z/OS. “The AI Framework for IBM z/OS Configuration Workflow guides clients through the configuration of AI Framework for IBM z/OS, to make data collection more efficient and collaborative, improving the user experience. z/OS 3.2 has improved the core functionality by breaking down the initial data collection step and updated task and variable descriptions to be clearer, more consistent, and efficient,” IBM documentation states.

Another example of AI working on the mainframe is a new version of the AI-based Workload Manager (WLM). According to IBM, AI is used to watch workload patterns and predict workload spikes. It can proactively adjust the number of initiators, or components that launch and manage batch jobs to meet the demand, IBM said. 

“If you think about the huge volume of data running through these systems, and we know that clients are hungry for AI inferencing technology so they can interpret the data and delivered outcomes very quickly,” Ryan said. “We’re putting all the AI onto the system from a hardware, operating system and a stack perspective, but it’s fully engineered across there. And the key is it’s secure and protected.”

New security features include embedded support for the National Institute of Standards and Technology (NIST) quantum-safe algorithms, which will let customers protect transactions, data and identity management now and in the future as well as resist potential quantum attacks that might occur the years to come, added Kelly Pushong, director, IBM Z and LinuxONE product management.

Another security item is IBM Threat Detection for z/OS (TDz), which includes a new quarantine feature that lets customers more easily contain security threats using the Big Iron’s Resource Access Control Facility (RACF), which provides access control and security auditing functions. TDz brings AI-driven threat detection using behavior analytics, machine learning, and security data feeds to monitor z/OS environments for signs of insider threats, compromised credentials, unauthorized access attempts, and suspicious behaviors, according to IBM.

The new RACF feature provides richer set of control capabilities, Bushong said. “For example, traditionally, when a user ID is revoked, any work in progress continued to function. So, with this new capability, any [suspicious] request on that user’s behalf is going to fail with a unique reason code so they’ll be able to stop that work that’s already in progress, issue System Management Facility event log to track the event, and all this feeds up into the threat detection zOS threat detection capability,” Bushong said. The idea is to better control access and limit the exposure and impact of suspicious activity, Bushong said.

The new OS will also support AI-powered network packet batching, which reacts to changes in network patterns and optimizes communications between the TCP/IP stack and the mainframe’s network interface. The idea is to reduce network CPU overhead with minimal impact to transaction latency, Bushong said. Customers can easily activate and use the network packet batching when it becomes available in the fourth quarter, Bushong said.

Among the goals of zOS 3.2 are to improve enterprise operational efficiency and simplify the overall mainframe environment, added Kelly Pushong, director, IBM Z and LinuxONE product management.

One example is the implementation of REST APIs across a number of the mainframe’s core systems. REST APIs are considered industry standard ways of accessing cloud, web, mobile and microservice applications.

The idea is to make to easier for customers to quickly use a variety of z/OS data, including CISC transactions, batch jobs, System Management Facility and Storage Management System tasks, and automate and integrate them into the modern tools, Bushong said. “Typically, these tasks were really manual, complex processes, and with this new capability, we’ve taken all of that complexity out,” Bushong said. 

Another benefit comes on the personnel front. Complex tasks are typically executed by experienced system programmers, but the automation allows customers to more easily and quickly onboard new staff that might not be familiar with mainframe programming, Bushing said. 

“The simplification or ‘de-clunkifying’ the mainframe has been a key mission for some of the team at IBM for a while now and will be appreciated by many customers,” Dickens said. “Making the platform easier for newbies and early-stage professionals while still delivering everything that has come to be expected of the mainframe won’t get the headlines, but it’s solid work.” 

Another key for customers is the further containerization of the mainframe, Dickens added. Specifically with the new OS, IBM has enhanced its z/OS Container Extensions (zCX), which lets customers run Linux-based Docker containers natively on z/OS. In the new release, IBM has greatly reduced the costs around deploying zCX in that it is now included as part of z/OS 3.2. and no longer requires a separate hardware feature code.

IBM also expanded the networking capabilities of zCX so it can now more easily distribute network traffic across multiple containers running inside zCX. And customers no longer need an external load balancer to do that work, IBM said.

In addition IBM now supports running Red Hat OpenShift clusters directly under zCX, IBM stated. “With zCX and RHOCP now running on the platform as well as other Red Hat integrations, the mainframe is a first-party participant in a microservices deployment for many customers,” Dickens said. 

Source:: Network World