Beruflich Dokumente
Kultur Dokumente
Introduction
The z13s “cyberframe” server was developed by IBM, announced on February 16, 2016 [2] (as
shown in Figure 1). The z13s was designed to serve the purpose of being an incredibly secure,
modern, and spacious mainframe that was flexible enough to nurture businesses as they grow
and develop. IBM’s reliability, availability, and serviceability mission is fulfilled in this product
[3]. Its cryptographic implementation provides a safe platform for sensitive information to exist
The IBM z13s is designed at its core for digital business functionality, such as transactions and
data processing. Some features that give the z13s its edge include larger cache sizes,
cryptographic tools in the processors, and simultaneous multithreading [3]. This means data
Page | 2
accesses will take less time, encryption will be quicker, and overall throughput will be higher.
The IBM marketplace portal also boasts statistics like 99.999% availability and clients with zero
downtime over a full decade of use. While the number of encrypted transactions will obviously
be much lower, the statistics for the z13s state that it can handle over 30,000 transactions per
second (for a total of nearly 2.6 billion transactions per day). This amount of transactions is
equivalent to nearly one hundred times the number of transactions during Cyber Monday across
the nation. The z13 and z14 families of mainframes were developed with the intent of use by the
upper end of IBM’s customer base (customers that do not fit in the sub-1,000 or sub-500 MIPS
markets) [4]. The z13s’s encryption and cryptology functionality make it a great asset to any
digital business that wishes to protect information being sent across transactions.
Processor
Given the cryptographic design of the frame, a cryptographic processor is needed. For
cryptographic processors, there is an aspect referred to as the Central Processor Assist for
Cryptographic Function (CPACF) within the core. The CPACF is a coprocessor which provides
has elaborate and extensive encryption algorithms optimized already, resulting in the processor
being saved from many additional cycles. The instruction set includes AES, TDES, DES,
SHA-1, and SHA-2 algorithms [3]. The CPACF coprocessor addition was completely redesigned
for the z13 series, in order for it to be more efficient. The hashing functions became over 3.5
times faster than the previous models, for example. These encryption algorithms vary for usage
Along with the optimization from the CPACF coprocessor, the z13s has a pipelined structure
with an enhanced micro-architecture to allow for better parallelism and multithreading. This is
similar to the Itanium 64 processor as discussed in ECE332, just a much more recent and
updated version. The ability to handle many things at once increases processing speed like none
other. The multithreaded implementation makes it so that two threads can be running at once,
and those two threads are able to share the components of the processor.
As the z13s needs to be able to handle large amounts of data processing, a key concern in
designing the cyberframe is speeding up memory accesses and reducing miss rates in the cache.
This was accomplished by increasing the size of every level of the cache; this takes some
caches are not just for convenience. The purpose of the first two levels is not to catch every
single memory access, but to make the caught memory accesses as fast as possible. Therefore,
the fastest memory available (SRAM) is used for the first two layers, whereas a cheaper - and
slightly slower - memory was used for the last two levels before main memory. This is reflected
in the sizes and quantities of each cache level. While there is one L1 and one L2 cache on each
core in the frame, the L3 caches are shared between an entire PU chip (six or seven cores) and
there is only one L4 cache for each node. The L1 cache has a 96 KB instruction cache and a 128
KB data cache. The L2 cache consists of 2 MB inclusive of DL1 and 2 MB inclusive of IL1. The
L3 cache has 64 MB of storage and is 16w set associative. The L4 cache consists of 480 MB and
224 MB NIC directory and is 30w set associative [3]. The set associativity of the L3 and L4
caches help ensure there are minimal misses before the processor must access main memory.
With progression from the Level 1 cache to the Level 4 cache the memory becomes larger and
slower, as the priorities of the level move from speed to hit rate.
Security
Both business and everyday interactions have become significantly more digital. Due to needing
to protect financial, personal, conversational, and many other types of information, security
systems needed to be developed in order to do so. The specific goals in mind, as stated by IBM,
are to have data confidentiality, message integrity, financial functions, and key management [2].
These are all purposes that can require both encryption and decryption, message authentication
(making sure the message is from the sender and has not been tampered with), both symmetric
and asymmetric algorithms (the encryption and decryption key is the same, or it is different,
Page | 5
respectively), and more. The aforementioned algorithms that IBM chose to run on the z13s
As example, AES algorithm is very heavy duty. As of the early 2000s, the National Security
Agency stated that the Rijndael AES algorithm as being the accepted standard for encrypting
both secret or top secret information. The AES algorithm works by having different “key”
shift for the first “round” of AES. 128 is used for secret,
192 and 256 are acceptable for top secret [6]. The AES
and decrypt. With this, the AES algorithm is seen to be perfect for both personal and business
The government has only two approved algorithms for information protection, AES and Triple
DES (TDES) [7]. Both of these algorithms are greatly supported on the z13s, and while strong
security architectures exist, the z13s really makes its mark with versatile encryption.
Page | 6
The IBM z14 was announced in July of 2017 and was in many ways an improvement to the z13s
[1]. According to the IBM website, the z14 can handle 850 million encrypted transactions per
day (which means a single z14 could handle up to 34 Cyber Mondays by itself) [4]. The CP
Assist for Cryptographic Function was majorly enhanced with up to four times the throughput,
less overhead on the encryption of shorter data, and better cryptographic functionality. In
addition to this, the processor now runs at 4.5 GHz compared the 4.3 GHz of the z13s, the
maximum memory was doubled, and ten more processors can be supported. Lastly, the cache
sizes were increased to further increase data access speeds. The L1 instruction cache was
increased from 96 KB to 128 KB, the L2 data cache was increased from 2 MB to 4 MB, the L3
cache was doubled to total at 128 MB, and the L4 cache was increased from 480 MB to 672 MB
[1]. Even with all these improvements and ten percent larger capacity, the z14 is only sixty
The security system of the z14 is stronger than the z13s, as well. The CPACF for the z14 has
also been adjusted to be better suited for security algorithms. Its AES encryption runs up to 4x
more throughput than the z13s. This CPACF includes a new SHA-3 algorithm and the
capabilities to have combined encryption and hashing, for even stronger security systems. The
security levels of this mainframe are designed to support banking requirements of security, pin
number protection, hardware architectural security expectations, along with other cryptographic
standards [2]. The z14 is quite an impressive upgrade in a very short amount of time.
Page | 7
Conclusion
The z13s has been revolutional in the standard of security for mainframes. As the z13s has been
dubbed the “cyber frame”, it truly holds up as being a very intensely secure piece of architecture.
IBM created this mainframe to completely redo what had been done before and to embark on a
path of intense, heavy encryption protection. Having the CPACF coprocessor designed to be a
component for the processors of this frame is massively part of the reason that this system runs
so quickly and efficiently, along with the strong caching abilities. IBM designing the z14 as a
complete upgrade to the z13s is a huge progression as well. The fact that within a little over two
years two new mainframes have been put out, both pushing boundaries, only says that security is
becoming significantly more important in everyday expectations. The z14 being so much more
compact, while being greatly more powerful, shows that this is truly the direction of
development. The security strengths are only going to get stronger, the processors will get faster,
and the architecture will get smaller. The recent developments create competition and set the bar
higher, and it will be impressive to see the new efforts made to push the field one step further.
Page | 8
References
[1] M. Chuba, “IBM's Recent Mainframe Announcements Increase Options for I&O
Leaders,” Gartner, G00357312, May 14, 2018. [Online]. Available:
https://www.gartner.com/doc/reprints?id=1-53ILPYJ&ct=180614&st=sg. [Accessed:
Mar. 20, 2019].
[4] “IBM z14,” IBM z14 - Overview - United States, 17-Apr-2019. [Online]. Available:
https://www.ibm.com/us-en/marketplace/z14. [Accessed: 18-Apr-2019].
[5] “Family 2965+01 IBM z13s Models N10 and N20,” IBM Europe Sales Manual, May 22,
2018. [Online]. Available:
https://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_sm/1/87
7/ENUS2965-_h01/index.html&lang=en&request_locale=en [Accessed: April 18, 2019]
[6] “Use the U.S. Government approved algorithm for storing classified information,”
East-Tec. [Online]. Available: https://www.east-tec.com/kb/what-is-the-aes-standard/
[Accessed: April 18, 2019]
[7] “Block Cipher Techniques,” Computer Security Resource Center, February 27, 2019.
[Online]. Available: https://csrc.nist.gov/projects/block-cipher-techniques [Accessed:
April 18, 2019]
[8] Artés, A., Ayala, J.L., “Power Impact of Loop Buffer Schemes for Biomedical Wireless
Sensor Nodes,” December, 2012. [Online]. Available:
https://www.researchgate.net/publication/233828516_Power_Impact_of_Loop_Buffer_S
chemes_for_Biomedical_Wireless_Sensor_Nodes [Accessed: April 18, 2019]