For many enterprises, IBM Power continues to sit at the heart of their most critical workloads. With IBM Power11, IBM has pushed the platform further towards explicit design for operational resilience, high availability and modern workloads.
In a recent 20 minute technical conversation, Triangle’s Director of Services, Brendan Healy, and IBM’s EMEA Power AI and security principal, David Spurway, discussed how Power11 is engineered and how clients are using it. This article distils some of the key ideas from that discussion. You can watch the full conversation on our IBM Power11 resource page.
Designing the platform for resilience, not just performance
IBM’s starting point with Power11 is not just raw performance, but the ability to keep mission critical workloads running through both planned and unplanned events. IBM uses an internal process described as “designed for operational excellence” - based on a systematic analysis of the failure modes that have historically caused outages on servers and platforms, and then designing those out wherever possible.
A recurring theme is that resilience is not only about preventing failures, but also about removing practical barriers to operating the platform safely. Patch management is a clear example. From IBM’s own security data, a significant proportion of incidents investigated globally in the past year were linked to known vulnerabilities that had not yet been patched.
“Over a quarter of the security issues we looked at last year were down to known vulnerabilities. The patches existed, but people were not applying them because getting downtime agreed is really hard.”
- David Spurway, EMEA Power AI and security principal, IBM
The challenge is familiar to most infrastructure teams: when patching requires negotiated downtime windows, known vulnerabilities often remain in production longer than they should.
On Power11, IBM has focused on making patching itself non disruptive at the firmware layer, and is working towards the same experience at the operating system level. On Power11, firmware patching can be applied through a simplified workflow that does not require a service outage, so vulnerabilities and defect fixes can be addressed while systems remain in service.
For organisations that depend on these systems day to day, this is a meaningful shift. It makes it more realistic to keep critical infrastructure patched without continually trading availability against security.
From “four to six hours of logs” to support in minutes
Availability figures on Power11 are framed in the context of IBM’s broader portfolio. Independent assessments still place IBM Z at the top of the list for platform resilience. Power follows immediately behind it, with some deployments achieving availability levels in the “six nines” range, where outages are measured in seconds per year rather than hours.
However, design for resilience also extends beyond the hardware and virtualisation layers into how support and operations work in practice. Historically, capturing and collating the right logs for a severity one (Sev1) support case could take four to six hours of specialist effort on the customer side before IBM could even start investigating the issue.
On current Power systems, IBM has simplified this significantly so that a Sev1 case can be opened and full diagnostic logs gathered with a small number of guided steps. As David Spurway puts it, the workflow is now "straightforward enough that my 15-year-old son could open a Sev1 support case and gather all the logs." In practice, that reduces the time and specialist effort needed to start diagnosis, which directly supports lower mean time to resolution for critical incidents.
For managed services teams, including Triangle’s own, that simplicity matters. It helps reduce time to resolution when something does go wrong and supports the broader goal of minimising outage duration and restoring services quickly.
AI where the business critical data already lives
A key question for many organisations is how to introduce AI into environments that already rely on IBM i and AIX on Power without disrupting existing systems. The emphasis is on pragmatic, workload driven use cases that run close to existing data rather than on separate experimental stacks.
One logistics client illustrates this. For years, IBM i has been the core system of record, with staff manually reading quote request emails and keying details into the database before a quote could be generated. Today, AI services running on the same Power system perform entity extraction on incoming emails and update the IBM i database automatically, with staff focused on validation and exceptions.
As David Spurway explains,
“we now have AI running on the same Power system as IBM i, doing entity extraction on quote requests and populating the database directly… and seeing roughly five times the throughput, with people still validating everything before it goes to the customer.”
For architects, the important points are:
- the AI workload runs on the same physical Power infrastructure as the IBM i instances
- the data does not need to be moved to an external AI service
- humans remain in the loop, which is important for both quality and governance
This reflects a broader design principle: rather than moving sensitive or regulated data out to wherever an AI engine happens to be running, bring the AI capabilities to where the data already lives on Power. For senior teams, this pattern offers a way to gain AI driven efficiency in key processes without a full replatform or widening the compliance footprint of core datasets.
Bringing AI to the data in a hybrid world
That “AI to the data” stance is also tied to a wider view on hybrid architectures. Public cloud services are useful for workloads that are bursty, short lived or highly variable in their resource requirements.
“IBM have flipped the usual pattern. We bring the AI engine to the Power platform. We run the AI there and it is not only in the same data centre, it is in the same physical box as your data.”
- Brendan Healy, Triangle’s Director of Services.
However, for long running, steady state workloads that underpin the business, the economics and risk profile are different. Many organisations have found that moving everything to cloud did not deliver the expected cost or security benefits, leading to repatriation of some workloads back to owned or hosted infrastructure.
In that context, treating Power as the system of record for “crown jewel” data makes sense. The platform can keep the most sensitive and critical datasets within a tightly controlled environment, whether that is on premises or within IBM’s own Power based cloud services, while still participating in a hybrid model. AI services or other analytics components can be brought down to that secure location to run against the data, rather than exporting entire datasets to be processed elsewhere.
For security and risk teams, that model offers a more contained attack surface and clearer lines of responsibility, which is increasingly important in regulated industries.
Incremental modernisation with containers and OpenShift
Modernisation is another central theme. Organisations with substantial investments in IBM i and AIX are understandably cautious about “big bang” rewrites of core applications. The patterns emerging on Power are more incremental.
There are three broad approaches commonly seen in the field, but the most common is incremental modernisation using containers. New services and business logic are introduced as containerised workloads, often orchestrated by Red Hat OpenShift, running on the same Power systems that host the existing IBM i and AIX environments.
Where a full OpenShift deployment is not required, smaller scale containerisation can be achieved using Podman within Red Hat Enterprise Linux instances. These container workloads sit alongside IBM i and AIX logical partitions, sharing compute resources but remaining isolated through the Power virtualisation layer.
This approach allows teams to:
- add new capabilities and services without destabilising existing systems
- reuse the same physical infrastructure and virtualisation stack
- keep a consistent security model and operational practice across IBM i, AIX, Linux and containers
For enterprises that need to evolve application portfolios over time rather than in a single step, that incremental model is often more realistic and less risky. It also lends itself to structured, multi year modernisation roadmaps, where each step can be assessed for impact and risk before moving on.
Security posture and virtualisation heritage
Another critical dimension is security and the maturity of the Power virtualisation stack. The virtualisation technology underpinning logical partitions on Power has been in use and evolving for many years. That heritage matters when it comes to isolating workloads and limiting the blast radius of any given issue.
From IBM’s vulnerability data, the Power platform has historically experienced significantly fewer publicly disclosed vulnerabilities than more general purpose platforms. As David Spurway notes, “fewer does not mean none” – disciplined patching and operational hygiene remain essential – but the design intent is clear. Power is built as a focused platform for enterprise grade workloads rather than a general purpose environment for every possible use case.
Combined with the hybrid and AI patterns described earlier, this gives security teams a coherent story: a platform engineered for isolation and stability, augmented with AI and modern services that run close to core data, and integrated into a hybrid model where each workload runs where it makes most sense from a risk and resilience perspective.
Watch the full conversation
This article can only highlight some of the themes covered in the session. If you would like to hear the full 20 minute discussion between Brendan Healy and David Spurway on IBM Power11, operational resilience, AI and modernisation, you can watch the video here.
If you want to explore how these approaches might apply in your own environment, you are welcome to get in touch with the Triangle team to discuss it further.
