IBM’s z13s Cyberframe

ECE332 Computer Architecture II

Cherise McMahon & Wes Siebenthaler

May 9th, 2019

 Page | 1

Introduction

The z13s “cyberframe” server was developed by IBM, announced on February 16, 2016 [2] (as

shown in Figure 1). The z13s was designed to serve the purpose of being an incredibly secure,

modern, and spacious mainframe that was flexible enough to nurture businesses as they grow

and develop. IBM’s reliability, availability, and serviceability mission is fulfilled in this product

[3]. Its cryptographic implementation provides a safe platform for sensitive information to exist

without concern. As a cloud and mobile hybrid, the

mainframe server was created to be high-speed, safe,

and affordable. IBM’s secure z-series has changed

how frames can be perceived, along with pushing the

boundaries with capabilities. With the z13s creation

acting as the smaller, developing level frame, IBM

built the z14 to be the heavy duty, full fledged

variation. The z14 was designed to be an overall

expansion, as well as an upgrade, to the z13s. This

paper is designed to focus on the significance of the

z13s and how it is so secure, as well as comparing it to

the newer member of the z-series, the z14.

IBM z13s Overview

The IBM z13s is designed at its core for digital business functionality, such as transactions and

data processing. Some features that give the z13s its edge include larger cache sizes,

cryptographic tools in the processors, and simultaneous multithreading [3]. This means data
 Page | 2

accesses will take less time, encryption will be quicker, and overall throughput will be higher.

The IBM marketplace portal also boasts statistics like 99.999% availability and clients with zero

downtime over a full decade of use. While the number of encrypted transactions will obviously

be much lower, the statistics for the z13s state that it can handle over 30,000 transactions per

second (for a total of nearly 2.6 billion transactions per day). This amount of transactions is

equivalent to nearly one hundred times the number of transactions during Cyber Monday across

the nation. The z13 and z14 families of mainframes were developed with the intent of use by the

upper end of IBM’s customer base (customers that do not fit in the sub-1,000 or sub-500 MIPS

markets) [4]. The z13s’s encryption and cryptology functionality make it a great asset to any

digital business that wishes to protect information being sent across transactions.

Architecture Features of the IBM z13s

Processor

Given the cryptographic design of the frame, a cryptographic processor is needed. For

cryptographic processors, there is an aspect referred to as the Central Processor Assist for

Cryptographic Function (CPACF) within the core. The CPACF is a coprocessor which provides

a set of cryptographic instructions to increase performance. Having these instructions means it

has elaborate and extensive encryption algorithms optimized already, resulting in the processor

being saved from many additional cycles. The instruction set includes AES, TDES, DES,

SHA-1, and SHA-2 algorithms [3]. The CPACF coprocessor addition was completely redesigned

for the z13 series, in order for it to be more efficient. The hashing functions became over 3.5

times faster than the previous models, for example. These encryption algorithms vary for usage

as well as in intensity, but are all somewhat standards for security.

 Page | 3

Along with the optimization from the CPACF coprocessor, the z13s has a pipelined structure

with an enhanced micro-architecture to allow for better parallelism and multithreading. This is

similar to the Itanium 64 processor as discussed in ECE332, just a much more recent and

updated version. The ability to handle many things at once increases processing speed like none

other. The multithreaded implementation makes it so that two threads can be running at once,

and those two threads are able to share the components of the processor.

Cache and Memory

As the z13s needs to be able to handle large amounts of data processing, a key concern in

designing the cyberframe is speeding up memory accesses and reducing miss rates in the cache.

This was accomplished by increasing the size of every level of the cache; this takes some

advantage of spatial locality, as was

learned in ECE332. Each processor has

two terabytes of main storage

available, and there are four cache

levels between the processor and main

memory, as Figure 2 shows. The Level

1 and Level 2 caches use static

random-access memory (SRAM), and

the Level 3 and Level 4 caches use

embedded dynamic RAM (or

eDRAM). The differences in the

memory types of the L2 cache and L3

 Page | 4

caches are not just for convenience. The purpose of the first two levels is not to catch every

single memory access, but to make the caught memory accesses as fast as possible. Therefore,

the fastest memory available (SRAM) is used for the first two layers, whereas a cheaper - and

slightly slower - memory was used for the last two levels before main memory. This is reflected

in the sizes and quantities of each cache level. While there is one L1 and one L2 cache on each

core in the frame, the L3 caches are shared between an entire PU chip (six or seven cores) and

there is only one L4 cache for each node. The L1 cache has a 96 KB instruction cache and a 128

KB data cache. The L2 cache consists of 2 MB inclusive of DL1 and 2 MB inclusive of IL1. The

L3 cache has 64 MB of storage and is 16w set associative. The L4 cache consists of 480 MB and

224 MB NIC directory and is 30w set associative [3]. The set associativity of the L3 and L4

caches help ensure there are minimal misses before the processor must access main memory.

With progression from the Level 1 cache to the Level 4 cache the memory becomes larger and

slower, as the priorities of the level move from speed to hit rate.

Security

Both business and everyday interactions have become significantly more digital. Due to needing

to protect financial, personal, conversational, and many other types of information, security

systems needed to be developed in order to do so. The specific goals in mind, as stated by IBM,

are to have data confidentiality, message integrity, financial functions, and key management [2].

These are all purposes that can require both encryption and decryption, message authentication

(making sure the message is from the sender and has not been tampered with), both symmetric

and asymmetric algorithms (the encryption and decryption key is the same, or it is different,
 Page | 5

respectively), and more. The aforementioned algorithms that IBM chose to run on the z13s

coprocessor are historically secure and trusted algorithms.

As example, AES algorithm is very heavy duty. As of the early 2000s, the National Security

Agency stated that the Rijndael AES algorithm as being the accepted standard for encrypting

both secret or top secret information. The AES algorithm works by having different “key”

lengths, as in 128, 192, or 256 random bits that will act as a

shift for the first “round” of AES. 128 is used for secret,

192 and 256 are acceptable for top secret [6]. The AES

algorithm works by having a significant amount of diffusion

and confusion in its execution, depicted in Figure 3. This

means that the current run of the algorithm is compiled

based on previous rounds (executions) of the algorithm,

along with the substitution of values every round. This

makes it so that it is incredibly hard to decrypt and retrace,

as without previous information it is an exponential feat to try

and decrypt. With this, the AES algorithm is seen to be perfect for both personal and business

purposes, which is what the z13s is tailored to.

The government has only ​two​ approved algorithms for information protection, AES and Triple

DES (TDES) [7]. Both of these algorithms are greatly supported on the z13s, and while strong

security architectures exist, the z13s really makes its mark with versatile encryption.
 Page | 6

Comparison to the IBM z14

The IBM z14 was announced in July of 2017 and was in many ways an improvement to the z13s

[1]. According to the IBM website, the z14 can handle 850 million encrypted transactions per

day (which means a single z14 could handle up to 34 Cyber Mondays by itself) [4]. The CP

Assist for Cryptographic Function was majorly enhanced with up to four times the throughput,

less overhead on the encryption of shorter data, and better cryptographic functionality. In

addition to this, the processor now runs at 4.5 GHz compared the 4.3 GHz of the z13s, the

maximum memory was doubled, and ten more processors can be supported. Lastly, the cache

sizes were increased to further increase data access speeds. The L1 instruction cache was

increased from 96 KB to 128 KB, the L2 data cache was increased from 2 MB to 4 MB, the L3

cache was doubled to total at 128 MB, and the L4 cache was increased from 480 MB to 672 MB

[1]. Even with all these improvements and ten percent larger capacity, the z14 is only sixty

percent of the size of the z13s, meaning it is much more space-efficient.

The security system of the z14 is stronger than the z13s, as well. The CPACF for the z14 has

also been adjusted to be better suited for security algorithms. Its AES encryption runs up to 4x

more throughput than the z13s. This CPACF includes a new SHA-3 algorithm and the

capabilities to have combined encryption and hashing, for even stronger security systems. The

security levels of this mainframe are designed to support banking requirements of security, pin

number protection, hardware architectural security expectations, along with other cryptographic

standards [2]. The z14 is quite an impressive upgrade in a very short amount of time.
 Page | 7

Conclusion

The z13s has been revolutional in the standard of security for mainframes. As the z13s has been

dubbed the “cyber frame”, it truly holds up as being a very intensely secure piece of architecture.

IBM created this mainframe to completely redo what had been done before and to embark on a

path of intense, heavy encryption protection. Having the CPACF coprocessor designed to be a

component for the processors of this frame is massively part of the reason that this system runs

so quickly and efficiently, along with the strong caching abilities. IBM designing the z14 as a

complete upgrade to the z13s is a huge progression as well. The fact that within a little over two

years two new mainframes have been put out, both pushing boundaries, only says that security is

becoming significantly more important in everyday expectations. The z14 being so much more

compact, while being greatly more powerful, shows that this is truly the direction of

development. The security strengths are only going to get stronger, the processors will get faster,

and the architecture will get smaller. The recent developments create competition and set the bar

higher, and it will be impressive to see the new efforts made to push the field one step further.
 Page | 8

References

[1] M. Chuba, “IBM's Recent Mainframe Announcements Increase Options for I&O
Leaders,” Gartner, G00357312, May 14, 2018. [Online]. Available:
https://www.gartner.com/doc/reprints?id=1-53ILPYJ&ct=180614&st=sg​. [Accessed:
Mar. 20, 2019].

[2] H. W. Meetza, G. Boyd, “A Synopsis of z Systems Crypto Hardware,” IBM Systems,

WP100810, Version 2 Release 3, 2017. [Online]. Available:
https://www-03.ibm.com/support/techdocs/atsmastr.nsf/5cb5ed706d254a8186256c71006
d2e0a/a23c1afb8085dd81862571c70050a5ed/$FILE/A%20Synopsis%20of%20z%20Syst
ems%20Crypto%20Hardware.pdf​. [Accessed: Mar. 20, 2019].

[3] O. Lascu, B. Sannerud, C. A. De Leon, E. Hoogerbrug, E. Palacio, F. Pinto, J. J. Yang, J.

P. Troy, M. Soellig, “IBM z13s Technical Guide,” IBM Systems, June 2016. [Online].
Available: ​https://www.redbooks.ibm.com/redbooks/pdfs/sg248294.pdf​. [Accessed: Mar.
20, 2019].

[4] “IBM z14,” ​IBM z14 - Overview - United States,​ 17-Apr-2019. [Online]. Available:
https://www.ibm.com/us-en/marketplace/z14. [Accessed: 18-Apr-2019].

[5] “Family 2965+01 IBM z13s Models N10 and N20,” IBM Europe Sales Manual, May 22,
2018. [Online]. Available:
https://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_sm/1/87
7/ENUS2965-_h01/index.html&lang=en&request_locale=en​ [Accessed: April 18, 2019]

[6] “Use the U.S. Government approved algorithm for storing classified information,”
East-Tec. [Online]. Available: ​https://www.east-tec.com/kb/what-is-the-aes-standard/
[Accessed: April 18, 2019]

[7] “Block Cipher Techniques,” Computer Security Resource Center, February 27, 2019.
[Online]. Available: ​https://csrc.nist.gov/projects/block-cipher-techniques​ [Accessed:
April 18, 2019]

[8] Artés, A., Ayala, J.L., “Power Impact of Loop Buffer Schemes for Biomedical Wireless
Sensor Nodes,” December, 2012. [Online]. Available:
https://www.researchgate.net/publication/233828516_Power_Impact_of_Loop_Buffer_S
chemes_for_Biomedical_Wireless_Sensor_Nodes​ [Accessed: April 18, 2019]