Today IBM is extending the use of its Safeguarded Copy to FlashSystem and SVC users, and introducing an OpEx model of paying for its storage systems through launching Storage as a Service (STaaS). It has also added a model each to its mainframe array and tape library product lines. As usual I was able to catch up on the new stuff by listening in a presentation by Eric Herzog and his steam at IBM’s Storage division.
Safeguarded Copy for FlashSystem and SVC customers
There’s never been a more difficult time for enterprise IT users to protect their systems from cyber crime. Attacks have grown in number and severity since the start of the pandemic, forcing a number of high-profile companies to pay hackers millions in ransom money to unlock their kidnapped data… and we hear about those only in countries and sectors where disclosure is compulsory. In addition weather patterns are becoming more extreme – no doubt associated with global warming.
IBM has its own Security division, but making data resilient has been a long-term major priority for its Storage division as well. For instance it encrypts all data in its arrays and has added 3-site replication for even its smallest FlashSystem 5015 storage array.
While 2- and 3-site replication will help against tornadoes, earthquakes and the effects of extreme heat, IBM has drawn up a list of new needs to extend traditional resilience solutions. In particular:
- Replication – copies need to be in an isolated, secure location.
- Error detection – analysis on point-in-time copies needed.
- Recovery points – you need multiple recovery points.
- Isolation – air-gapped storage and systems to prevent propagation needed.
- Recovery scope – needs to be extended to include forensic, surgical and/or catastrophic recovery capabilities.
To address these the Storage division has added Safeguarded Copy as a function of IBM Spectrum Virtualize software in FlashSystem arrays and SAN Volume Controller (SVC), managed by the Copy Services Manager (CSM) software it has been offering its mainframe customers for sometime. Extending its use across its FlashSystem products adds a new level of data resiliency and can be used by a wide group of users through Spectrum Virtualize, which can virtualize over 500 arrays from other vendors.
Technically Safeguarded Copy allows administrators to create up to 15k immutable ‘write once read many times’ (WORM) point-in-time data copies of production data that are logically[1] air-gapped and isolated by design.
IBM has created three duties/roles for administrators to use the software. These are:
- IT Administrators, who can provision and configure policies for Safeguarded Copy; they can’t remove or damage either Safeguarded backups or their backup location (IBM calls these child pools);
- Superusers, who can perform maintenance actions including removing Safeguarded Copies and their child pool if necessary; the account itself can be disabled for extra security and re-enabled only by attaching a terminal to the system or by Remote Support (IBM);
- Security Administrators, who can manage users and security as well as removing Safeguarded Copies and child pools as necessary.
The software allows data restoration directly into a production system. There are no external APIs for copy deletion, protecting it from third party access. Copy Services Manager is included in Spectrum Control, Virtual Storage Center and Spectrum Storage Suite. It is also available separately as Copy Manager for IBM Spectrum Virtualize; while mainframe customers can use any spare CSM license capacity to acquire it.
Safeguarded Copy can be integrated into IBM’s Qradar SIEM, auto-triggered by perceived threats from suspect login attempts or successes. It will also be added to the potential solutions prospects can implement if they engage in its free Storage Cyber Resilience Assessment.
Storage as a Service (STaaS) adds ‘pay-as-you-go’ to how you acquire IBM FlashSystem storage
It’s not just the price, but how you pay for storage systems that matters. Up until now you could either buy or lease IBM’s offerings – the latter via IBM Global Financing. Today it’s also introducing Storage as a Service (STaaS) – making FlashSystem storage available to those who want to pay from operational expenditure rather than capital budgets.
Under the new scheme IBM will own the equipment installed on premises or in co-location facilities (such as Equinix). It’s offering three performance tiers each with a minimum configuration based on usable capacity as follows:
- Tier 1 – 25TB capacity, 4,500 IOPS/TB
- Tier 2 – 50TB capacity, 2,250 IOPS/TB
- Tier 3 – 100TB capacity, 600 IOPS/TB
Each tier has a Service Level Agreement (SLA) covering availability of 99.9999% (‘6 nines’ – equivalent to less than 32 seconds of unplanned downtime per year), which can be uplifted to 100% guarantee with a redundant configuration and IBM Lab Services implementation.
The customer commits to a base capacity amount that is billed annually, and can use additional ‘variable capacity’ monitored and billed quarterly in arrears under contracts running for anything between one and five years. The initial systems in the service have 50% upgrade capacity built in. When 75% of the capacity is reached IBM will add capacity to return to 50% growth capabillity, which it will also do on request if asked. Once capacity is installed, it can be provisioned for servers in less than 10 minutes. IBM includes Storage Insights Pro and a concierge service for a welcome call, monthly reports, a quarterly meeting, best opractices guidance, and issue resolution. It also offers encryption as an option.
IBM isn’t the first to market with this cloud-like (but not cloud) service – HPE’s GreenLake, Pure Storage’s Pure as a Service, Dell-EMC’s Apex Flex on Demand (which also covers servers) and others got there first. However its offering will be snapped up by some who want to take advantage of the very high performance, security-conscious heterogeneity of IBM’s offerings. Those who can reduce their data (through compression and/or de-duplication) or grow faster than the contract imagined won’t be charged a premium by IBM, unlike some of its competitors.
The new DS8980 array and TS7770 tape library
The thought of adding flash storage to a tape library seems at first site a bit strange… but that’s what the TS7770 All Flash adds to IBM’s mainframe Virtual Tape Library (VTL) line. It adds speedy backup and archiving with 22% faster copy throughput than the pre-existing ‘capacity’ model and complete IBM security and compliance capabilities, including data encryption. As it now supports Amazon’s S3 protocol it can be used with almost any other cloud object store. It can also be used with other TS7770 VTLs in grids of up to 8. It offers ecological advantages as it has a smaller footprint than other models in the range reducing rack space needed for the same performance from up to 20U with its HDD version to only 16U.
The new DS8980F array is designed for mainframe users running deep analytics programs (it is an addition, rather than replacement to the line). Based on IBM’s own Power 9 processor, it has a large 4.3TB system cache, a performance of 2.55m IOPS and has an impressive 80µsec 4k read hit response time, which can be reduced to 18µsec for systems connected to zHyperLink. Raw flash storage is fitted into ‘gen 2’ high performance flash enclosures. It uses 5% less electricity and weighs 19% less than the pre-existing DS8888F models.
Digital transformation, cyber crimes and climate change activities have been accelerating since the beginning of 2020. IBM has always addressed resiliency and heterogeneity as part of its storage strategy and has added ease of use more recently. For large enterprises that have to become more secure as the result of successful cyber attacks or new industry regulations I can think of no better storage system supplier than IBM to help them.
[1] Adding to physical air-gapping of backup and archive data stored on its tapes