IBM constructs CyberVault around new FlashSystem family

IBM is fortifying its new PCIe 4-enhanced FlashSystem family with CyberVault features designed to detect, prevent and recover from malware attacks.

Update; gen 3 FlashCore Module information added. More performance data added. 9 February 2022.

FlashSystem data is actively monitored in real-time and ransomware recovery accelerated by using validated restore points. Two new mid-range and high-end FlashSystems get PCIe 4 connectivity along with new controller CPUs, and have both capacity and speed increases.

David Chancellor, director enterprise systems for IBM biz partner Gulf Business Machines, said “Cyber resilience is clearly a top priority for our customers. [IBM Cyber Vault’s] ability to help dramatically reduce recovery times is exactly what cyber resilience teams need to keep the business running.”

IBM mainframe CyberVault graphic.

IBM did not say how CyberVault’s active monitoring and restore point validation work. Its mainframes have a Z CyberVault feature with active monitoring and safeguarded copies and FlashSystem CyberVault is based on this scheme and uses regularly taken safeguarded copy point-in-time snapshots. CyberVault automatically scans the copies created regularly by Safeguarded Copy looking for signs of data corruption introduced by malware or ransomware. It uses standard database tools and automation software.

FlashSystem rack and (inset bottom to top) 5200, 7300 and 9500 models.

New hardware

There are three members in the FlashSystem family, all running the same Spectrum Virtualize code: 

  • Existing 5200 – 1U – 12x NVMe drives in base controller chassis
  • New 7300 – 2U – 24x NVMe drives and replacing the 7200
  • New 9500 – 4U – 48x NVMe drives and replacing the 9200

The 7300 supports dual-port and hot-swappable 4.8, 9.6, 19.2 and 38.4TB gen-3 FlashCore Modules (FCMs – drives). The 19.2 and 38.4B FCMs have a PCIe 4 connection. Commercially available NVMe SSDs with 1.92, 3.84, 7.68, 15.36 and 30.72TB capacities are supported in dual-port, hot-swap form. It also supports SCM drives. The expansion chassis support the use of 2.5-inch and 3.5-inch disk drives as well, caused by convergence of the FlashSystem and Storwize product ranges.

Italicised columns are older systems included for reference.

The gen 3 FlashCore Module has an onboard processor (computational storage) to handle background storage tasks and uses industry standard QLC (4 bits/cell) and faster SLC (1 bit/cell) NAND technology to address performance and capacity requirements. At 38.4TB raw capacity (or 116TB effective), this makes it possible for IBM to deliver 1.1PB effective capacity per single rack unit in the FlashSystem 5200, 7300 and 9500 products.

IBM Master Inventor Barry Whyte said the gen 3 FCM’s “internal computational storage capabilities have been enhanced with a new “hinting” interface that allows the FCMs and the Spectrum Virtualize software running inside all FlashSystem products to pass useful information regarding the use, heat, and purpose of the I/O packets. This allows the FCM to decide how to handle said I/O, for example, if its hot, place it in the SLC read cache on the device. If its a RAID parity scrub operation, de-prioritise ahead of other user I/O. Single FCMs are now capable of more IOPs than an entire storage array from a few years ago!”

Tom Richards, systems and storage practice lead at IT consultancy Northdoor, told us the gen-3 FCMs have improved performance and double the Drive Write Per Day (DWPD) rating over standard SSDs. The in-line compression hardware increases the effective capacity of the larger modules to 3:1. FCM above the entry 4.8TB modules in the previous generation were limited to just over 2:1 compression. The new FCM 4.8, 9.6, 18.9 and 38.4TB modules can achieve hardware-accelerated compression of up to 22, 29, 58 and 116TB effective capacities respectively.

Richards told us the new FCMs will be supported in both of the newly announced arrays, along with the existing 5200 arrays (although mixing of old and new FCM types will not be supported within the same array).

The 9500 supports the same FlashCore Module and commercial SSD capacities as the 7300, plus Storage Class Memory with support for 1.6TB drives specified. The 9500 also supports SAS SSDs but not disk drives.


The FlashSystem 9500 offers twice the performance, twice the number of drives, and twice the connectivity of the 9200. IBM claims it provides performance gains of 50 per cent, 2x increase in connection options, and a 4x increase in workload support, but neglects to say what product is being used in the comparison. A customer said that the Cyber Vault FlashSystem reduced overall cyber attack recovery time from days to hours with a “comparable DS8000 function.”

An IBM spokesperson said the 7300 delivers 45GB/sec bandwidth, 3.5 million cache hit IOPS, and 580,000 IOPS with a 70 per cent read, 30 per cent write, 50 per cent cache workload. The faster 9500 outputs 100GB/sec bandwidth, 8 million cache hit IOPS, and 1.6 million 70/30/50 IOPS.

Whyte said: “I’ve been calling this box “the beast” and for any ‘The Chase’ fan’s I’m not referring to Mark Labbett, but the new top of the line FlashSystem. With 48 x NVMe slots, 12 x Gen4 PCIe Host Interface slots (48 x 32Gbit/s FC, 12 x1 00GbitE, 24 x 25GbitE), 4 x PSU, 4 x Battery, 4 x boot devices – this is the largest and most powerful FlashSystem we’ve produced, and, based on the performance measurements, it has to be one of, if not the fastest, highest bandwidth single enclosure systems in the world!”


FlashSystem 7300 Model 924 systems include eight 10Gb Ethernet ports as standard for iSCSI connectivity and two 1Gb Ethernet ports for service technician use. These models can be configured with up to three I/O adapter features to provide up to 24x 32Gb FC ports with SCSI and FC-NVMe support, or up to 12x 10/25Gb or 100Gb Ethernet ports with iSCSI and NVMe RDMA support.

FlashSystem 9500 systems can be configured with twelve I/O adapter features to provide up to 48x 32Gb FC ports, up to 20x 10/25Gb Ethernet (iSCSI, NVMe RDMA capable) ports, and up to 12x 100Gb Ethernet (iSCSI, NVMe RDMA capable). Two 1Gb Ethernet ports are provided for management and service actions.

According to Richards, “Both of the new FS7300 and FS9500 include the option for 100GbitE iSCSI host connectivity and, crucially, the ability to drive these host connections at full speed thanks to the new packaging at PCIe 4,” (in the 9500).

The two systems can both have end-to-end NVMe connectivity. Both come with utility model options which delivers a variable capacity system, where billing is based on actually provisioned space above the base. The base subscription is covered by a three-year lease that entitles you to utilise the base capacity at no additional cost. If storage needs increase beyond the base capacity, usage is billed based on the average daily provisioned capacity per terabyte, per month, on a quarterly basis.

IBM says that its customers can be helped to achieve sustainability goals because of the new FlashSystem’s greater performance and capacity in a smaller and more energy efficient footprint than prior models.

The FlashSystem 7300 requires IBM Spectrum Virtualize licensed machine code level 8.5 or later, for operation and the 9500 requires equivalent Spectrum Virtualise software. Get a FlashSystem 7300 datasheet here and a 9500 datasheet here.

Bootnote: IBM has refreshed its SAN Volume Controller (SVC) product, giving it a CPU upgrade with 2 x 24-core Intel Ice Lake processors, making it more powerful. The SV3 node hardware is essentially based on the same node canister used in the 9500.