IBM continued to reshape the mainframe with an eye toward further integrating it within hybrid clouds and securing Linux-based workloads.\nOn the hardware side, IBM rolled out two entry-level, 19\u201d single-frame, air-cooled platforms, the \u00a0z15 Model T02 and LinuxONE III Model LT2. The new machines are extensions of the IBM z15 family that Big Blue rolled out in September of last year.\u00a0\nBoth can fit in cloud data-center racks and can be outfitted with a second drawer, should customers need to grow capacity.\u00a0 Both feature 65 cores using commercial processors running at 4.5GHz and can be configured to support all manner of workloads.\u00a0\nIBM said new machines support z\/OS Container Extensions that enable access to an ecosystem of open-source and Linux-on-IBM Z applications that may be deployed within the native z\/OS environment without requiring a separate Linux server, using Docker container skills and patterns. In addition customers can use the latest open-source tools, popular NoSQL databases, analytics frameworks and application servers, IBM said.\nThe LinuxONE Model LT2 can run a number of Linux systems including Red Hat Enterprise Linux, SUSE and Ubuntu, alone or side by side with IBM z\/VM environments on a single physical server. The IBM LinuxONE server can run Linux workloads independently on a single server.\nBoth systems support IBM\u2019s prepackaged Cloud Paks, which include a secured Kubernetes container and containerized IBM middleware designed to let customers quickly spin-up enterprise-ready containers, the company said. IBM has standard Cloud Paks for data, application, integration, automation and multicloud management and security. The idea is to help customers develop, deploy, and manage cloud-native applications for the z15 family, IBM stated.\nSecurity and privacy features are key for the z15 and those have been extended with the introduction of IBM Secure Execution for Linux for the all z15 models.\u00a0 In a blog post about the security extensions, IBM stated that at its core, a Secure Execution provides a KVM-based virtual machine that is fully isolated and protected from the hypervisor with encryption keys that only the IBM Z hardware and firmware have access to.\n\u201cIn practice, an encrypted Linux image is created using the host public key and a customer-specific key. Since the encryption keys are stored on the IBM Z hardware and firmware, the encrypted image can only be executed in a virtual machine on the host(s) it has been prepared for, and the image can\u2019t be decrypted or tampered with outside of the designated host(s). In addition, your unencrypted virtual machine memory cannot be accessed by the host operating system either,\u201d IBM stated. \u201cApplications are then run inside of that virtual machine, allowing the owner of the application to focus on just disk and network data encryption, both of which can be easily handled in userland.\u201d\nIn an environment where customers are running Kubernetes across servers running on x86 and Linux on Z systems, you can deploy the Secure Execution containers specifically for the applications you want to have protected, like sensitive databases and blockchain services. In this model, Kubernetes still manages the orchestration of containers, both on x86 and IBM Z, but it has no access to the data inside the Secure Execution environment container, IBM stated.\u00a0\nWith Secure Execution IBM is trying to mitigate insider threats to enterprise data.\nFrom 2016 to 2019, the average number of incidents involving employee or contractor negligence has increased from 10.5 to 14.5\u2013and the average number of credential theft incidents per company has tripled over the past three years, from 1.0 to 3.2, According to the Ponemon Institute\u2019s 2020 Cost of an Insider Breach Report, IBM stated.\u00a0 \u201cIBM Secure Execution for Linux helps to mitigate these concerns by enabling clients to isolate large numbers of workloads with granularity and at scale, within a trusted execution environment.\u201d\nThe z15 family already supports what IBM calls Data Privacy Passports that promise to let customers control privacy and security by defining how all data is accessed, stored and shared. The idea is to let customers\u00a0 protect and provision data and revoke access to that data at any time, not only within the z15 environment but across an enterprise's hybrid multicloud environment, IBM stated.\u00a0\nThe new systems and software are expected to be available by mid-May.\u00a0 z15 T02 pricing starts at $160,000 but each machine is built to order so prices vary.