Would your business survive a Cyber attack?

Introducing IBM Cyber Vault with the new FlashSystem 7300, FlashSystem 9500 and SVC SV3

You are prepared. You have the monitoring. You have the protection. You feel safe.

But if the worst happens and your data is held ransom after a latent ransomware trojan is triggered, how long would you take to recover?

You figure its OK, you have HA and/or DR… but those are now held ransom too…

You have the backups, lets recover from backup…

But how long would it take you to recover the data?

The industry average is 23 days… yes 23 days! Would you still have customers after 23 days of no access to your services, and you cannot access your supply chain, your invoicing, your stock data, your … well everything?!

With an IBM Cyber Vault design, you have the process and infrastructure, all underpinned by IBM Safeguarded copy in Spectrum Virtualize, that means you could recover in seconds. To learn more, read on…

IBM Cyber Vault

I discussed Cyber Vault briefly last year, the idea is quite simple. If you have a vaulted environment, some safe and secure compute, you can bring up a copy of an immutable point in time copy of your data that was take pre ransom, validate the data and instantly restore this to your production systems, eradicating the infected (encrypted) data. Sounds simple, and with all things Spectrum Virtualize, the generation of automatic immutable snapshots is simple to configure and automate.

The Cyber Vault process you define dictates what you do in your normal business day with those point in time copies. You may as well mount a copy, validate it, then you know you have a good point in time to revert to should you need to. In this way, you can recover in seconds.

Hopefully you get the idea and you can check out this solution brief for more details.

But in this post I wanted to talk about the new announced hardware platforms that are all enabled for IBM Safeguarded Copy, the feature at the heart of a Cyber Vault.

Introducing IBM FlashSystem “the beast” 9500

I’ve been calling this box “the beast” and for any ‘The Chase’ fan’s I’m not referring to Mark Labbett, but the new top of the line FlashSystem. With 48x NVMe slots, 12x Gen4 PCIe Host Interface slots (48x 32Gbit FC, 12x100GbE, 24x25GbE), 4x PSU, 4x Battery, 4x boot devices – this is the largest and most powerful FlashSystem we’ve produced, and based on the performance measurements it has to be one of, if not the fastest, highest bandwidth single enclosure systems in the world!

The control enclosure comes in at 4U in height, with two hot swap-able rear mounted node canisters. Each canister has redundant hot swap-able power supplies, batteries and Secure Boot EFI enabled boot devices, meaning any of these components can be swapped without powering off or removing the node canister itself.

FlashSystem 9500 – Rear View

The host interface cards are installed in cold swap-able cages. Each cage can have one or two PCIe cards, depending on the connectivity type, for example two FC or 25GbEcards, a mix of FC and 25GbE cards, or one 100GbE card. These cages do require the node canister to be powered off to replace, but changing the interface cards is not a frequent task – if ever.

The entire system is PCIe Gen4 based, giving double the bandwidth over Gen3, it allows the FlashSystem 9500 to achieve impressive performance numbers. Over 90GB/s read for example.

Speaking of Gen4, the large (19.2TB) and extra-large (38.4TB) self compressing FlashCore Modules (FCM) are now boasting Gen4 connectivity with individual drive bandwidths of over 3GB/s possible. See the FCM3 section below.

The internals have switched up to the Intel Ice Lake Gold Xeon processors, with 96 hyperthreaded cores per 9500. The cache comes as standard as 1TiB, but can be upgraded in two stages to 3TiB… These improvements and some code enhancements mean the hero number (read cache hit) jumps to 7.5 million IOPs. However, to keep it real, unlike some other vendors, a real life 70/30/50 transaction processing number is in excess of 1.5 million IOPs – more than enough for most people!

Introducing FlashSystem 7300

The 7300 is more of a traditional refresh over the 7200 it replaces. With an uptick in clock speed and the core count to 40 Cascade Lake Intel Xeons, the 7300 delivers around 25% more performance than its predecessor.

Added support for FCM3 and 100GbE host connectivity rounds off the enhancements at a hardware level. The box itself retains the 2U form factor, with 24x NVMe Gen3 slots.

7300 Front and Rear views

Introducing IBM SAN Volume Controller SV3 Node Hardware

The SV3 node hardware is essentially based off the same node canister you find in the 9500. So all the hardware details I outlined above come with the SV3. This means we go back to hot swap-able external batteries and boot devices (like SV1) and an increase to the host interface slots from 6 (SV2) and 8 (SV1) to 12 in the SV3.

SVC – SV3 Node

Added support for 100GbE connectivity and the huge core (96) and cache counts (3TB) mean this is an SVC node unlike any before it in terms of performance capability.

SVC – SV3 Node – rear view

Introducing IBM FlashCore Module3 (FCM3)

I mentioned this above, but the latest generation of FCM that will be shipping in all newly purchased FlashSystem 5200,7300 and 9500 will be FCM3. These are PCIe Gen4 capable in the two larger capacities. The capacities stay the same, with 4.8, 9.6, 19.2 and 38.4TB modules available.


However, due to some clever management of the internal drive meta-data we can now achieve up to 3:1 compression on the larger two capacities, thus meaning, even when fully written, the 19.2 and 38.4TB modules can store over 57TB and 115TB respectively!

Internal computational storage capabilities have also been enhanced with a new “hinting” interface that allows the FCMs and the Spectrum Virtualize software running inside all FlashSystem products to pass useful information regarding the use, heat, and purpose of the I/O packets. This allows the FCM to decide how to handle said I/O, for example if its hot, place it in the pSLC read cache on the device. If its a RAID parity scrub operation, de-prioritise ahead of other user I/O.

Single FCMs are now capable of more IOPs than an entire storage array from a few years ago!


Phew, so thats a whole load to take in. The work by the IBM Storage development teams has yet again been amazing. During a global pandemic, to refresh the entire line of NVMe products really is no simple task with most people working remotely and not able to touch the hardware.

The family is set to take us into the new hopefully post-pandemic world, not only in terms of the latest and greatest NVMe based technologies, but also the ever present threats of Cyber-criminals.

If you haven’t looked at IBM Storage for a while, get in touch, we really have what I feel are the best set of solutions and capabilities of any vendor, and the price might just be a pleasant surprise.

If you are in the AP timezone, we have a webinar discussing Cyber Vault and the new FlashSystem products on the 15th February at 3pm NZ time (GMT+12) – feel free to register and I will see you there.

10 responses to “Would your business survive a Cyber attack?”

  1. Shacklock, Russell Avatar
    Shacklock, Russell

    One of my colleagues noted that on an IBM call last week, 3:1 is only achievable as long as the customer is already getting more than 2:1 compression already.

    Seems an odd comment if you are a new customer and never compressed data before.
    Are we expecting the smaller FCMs to be refreshed to achieve improved compression?



    OoO – Annual Leave
    April 15th > 24th & 29th

    Russ Shacklock
    IBM Power and Storage Technical Specialist – UK&I
    Home-Office Mobile Only +44 7872 400311


  2. Hi, so yes your data needs to compress to > 2:1 to be able to achieve 3:1 clearly. Also remember that if data compressed even higher, then the FCM stores it even higher. So the 3:1 is just an average maximum that can be stored.

    As for the smaller capacities, they can already store up to 4:1, hence why they report as 20TiB in some views 🙂


  3. Hello Barry

    I want to ask about FCM and Data Reduction Pools. In 8.3 version I try to want to create DRP and Thin volume with FCM but system not allow it. System said you have to create compressed or fully allocated volume. I want it because I need automatic scsi unmap(VMFS6) and best performance. I don’t want to FCM compression after the Intel compression. In 8.4 or 8.5 is this behaviour changed?


    1. So we don’t low just thin on FCM because the FCM always does the compression/thin, so capacity planning can be a headache. If you use FA volumes, you still get FCM thin and unmap, but it does limit the overallocation maximum to that which the FCM can manage.


      1. Thank you Barry. You say fully allocated volumes also reclaimable in DRP. Thank you I don’t know this. Is this feature fully compatible to VMFS6? Because I migrate the data different storage. Change pool to DRP and map fully allocated volumes. Then customer wants to test see unmap in VMFS6.


      2. So yes, I’d you have unhappy enabled on VMware and on the FlashSystem, if the host sends an unhappy you will see the used written capacity shrink on the FCM level.


      3. So when we use FA volumes we will get FCM thin and unmap. But the question is if this unmap is automatically done like it is on DRP level ? I’m asking mainly because of requirements in public tenders.


      4. Yes, it will automatically free and shrink the usage on the FCM. The volume capacity doesn’t change, it’s FA, but the used written physical capacity will shrink when the host sends an unmap


  4. So it looks even better than DRP cause AFAIK Data Reduction Pool is waiting with unmap process to the next garbage collection, so in DRP unmap is not immediate. Am I right ?

    Liked by 1 person

    1. I wouldn’t say better, different. Because of garbage collection in DRP the reclaim is added to the general reclaimable capacity that is happening all the time. To make,GC as efficient,as possible the system balances the amount of GC and reclsimable space to minimize the amount of data movement caused by GC.

      Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: