Home
Case Studies
SEAL Systems - IBM case study - Hybrid Cloud
Protecting business data while accelerating critical printing tasks
Even with increasing digitization across all aspects of life, many important business documents still need to be printed on paper or exported to other paper or digital formats. For logistics documentation, address labels or instructions on the factory floor, printouts are a highly cost-efficient, durable and proven solution. Ensuring data protection throughout the printing process is crucial to minimize the risk of data being stolen as part of advanced cyberattacks. That’s why SEAL Systems AG focuses on highly secure enterprise output management solutions.
At a time when most businesses are ramping up investment in cybersecurity, print solutions are often overlooked. Thomas Tikwinski, Chief Technology Officer at SEAL Systems AG, says: “We work with industrial and defense manufacturers who all need to print mission-critical and often secret documents such as CAD construction plans for new products. However, all companies handle a wide range of sensitive documents, such as pay slips, which need to be protected at all times. Corporate print infrastructure including print servers and spoolers is often not as well-protected as it should be, making it a soft target for cybercriminals.”
In addition, printing large amounts of information fast underpins many time-critical business processes across all industries. Working for global enterprises, SEAL Systems also sees the sustainability impact that slow printing performance can have. Jan Bjerre Aagesen, Head of Business Development at SEAL Systems AG, explains: “Reliability, zero downtime and speed are really important in logistics. Slow processing and printing can delay complex supply chains when queues of trucks are building up. Every truck waiting for shipping documents generates avoidable CO2 emissions, impacting environmental sustainability.”
With more and more companies moving core business applications into the cloud, SEAL Systems wanted to offer its highly secure Print as a Service solution as a flexible cloud service. “We set out to create a unique cloud service to accelerate transformations at any scale and help companies keep their business information secure at every step from the backend to the printed page,” says Thomas Tikwinski.
Delivers complete protection and data security throughout the entire application lifecycle with confidential computing features.
With the fast processing and throughput from IBM LinuxONE, the company has cut the time to print a 3,000-page document from half an hour to under five minutes.
Boosting security by leveraging cloud-native confidential computing
When SEAL Systems learned about the security features of IBM® Cloud Hyper Protect Virtual Server for VPC using IBM LinuxONE and the Virtual Private Cloud (VPC) infrastructure of IBM Cloud®, the company decided to evaluate the option of running its application on Linux on IBM Z mainframe. In the past, the company had only deployed its solution on x86 servers.
“It was exciting to rediscover the mainframe platform to launch our new cutting-edge cloud service with IBM Cloud Hyper Protect Virtual Server for VPC,” recalls Jan Bjerre Aagesen. “It was very easy to adapt our containerized microservices architecture to run in the IBM Cloud on IBM Cloud LinuxONE Virtual Server and we’re now benefitting from the advanced security features of IBM Z and IBM LinuxONE.”
Thanks to IBM Hyper Protect, SEAL Systems’ customers benefit from the advanced security of Confidential Compute capabilities built on best practices established by IBM in the course of developing highly secure cloud solutions for financial services companies.
Leveraging Open Container Initiative (OCI) images on Linux, SEAL Systems did not need to make major changes to get started on IBM LinuxONE. To support the transformation, the team at SEAL Systems got involved with some open-source software projects to make sure the IBM Z platform was supported by all the libraries its output solutions relied on. “It paid off that we recently rebuilt our application using Linux containers,” adds Thomas Tikwinski. “We were able to reuse our existing workflows and configurations such as our Docker Compose files to orchestrate and launch various components of our application when deploying our solution with IBM Hyper Protect Virtual Servers.”
Based on IBM LinuxONE, IBM Cloud Hyper Protect Virtual Server for VPC delivers confidential computing capabilities that maximize data security through encryption and data-in-use protection across the entire solution stack. Running its application with Hyper Protect Virtual Server, SEAL Systems can ensure strict isolation of workloads running in a Trusted Execution Environment (TEE) thanks to IBM Secure Execution for Linux with hardware-level security for virtual servers and containerized workloads. Security-critical encryption keys are protected by a Hardware Security Module (HSM) and Secure Execution Enclaves in a Zero-Trust Environment.
IBM Cloud Hyper Protect Virtual Server for VPC offers comprehensive end-to-end security with developer-friendly tools and workflows. The solution covers the entire deployment process with a DevSecOps approach, helping SEAL Systems to build, provision, manage, maintain and monitor its cloud-native container-based applications.
Thanks to IBM Hyper Protect Secure Build, only authorized code and images can be deployed. This provides a secure software supply chain and protects against malware using encrypted contracts and zero-knowledge proof protocols. Encrypted contracts help ensure application integrity, and during operation, all memory used by the application is secured with additional encryption to provide full data and code confidentiality. Every component integrates with the hybrid cloud key management solution Hyper Protect Crypto Services, which is built on FIPS 140-2 Level 4 certified hardware, leveraging a dedicated HSM. This solution design is based on the “keep your own key” (KYOK) principle, so that SEAL Systems always has exclusive encryption key control, further strengthening data protection and end-to-end security.
“It’s impressive what level of security we can achieve with a cloud solution by using IBM Cloud Hyper Protect Virtual Server for VPC,” says Thomas Tikwinski. “We can deliver our cloud service to our customers safe in the knowledge that their data is fully protected throughout the entire application lifecycle. The solution is designed around the zero-trust principles and helps us to ensure integrity with sophisticated encryption technologies.”
For SEAL Systems, IBM Z and LinuxONE are the perfect platform, combining outstanding security, high availability and excellent performance. “Both we and our clients want operations to run smoothly. After all, print services only get noticed when they don’t work,” confirms Jan Bjerre Aagesen. “With IBM Z and LinuxONE, it is much easier to achieve the highest levels of availability than with other architectures. Running Linux on IBM Z, we need only a single application server, compared to x86 where we would need to manage a complex cluster with perhaps six nodes to achieve the same redundancy and reliability.”
The IBM Z and LinuxONE platform delivers much better performance for SEAL Systems’ data-intensive workloads. “For our clients, sometimes milliseconds count,” says Thomas Tikwinski. “For clients such as breweries or large manufacturers with tightly integrated, high-volume just-in-time logistics processes supported by enterprise applications like SAP S/4HANA, delays in label printing hit the business fast and hard. That’s why consistent performance is crucial for us. For another of our clients, a large insurance company, printing very long, complex documents such as spreadsheets with 3,000 pages quickly is essential. We have demonstrated that with IBM Z and LinuxONE, large print jobs complete 7x faster, reducing processing and printing time from half an hour to under five minutes. This improvement helps increase staff productivity and satisfaction.”
Furthermore, IBM Z also allows SEAL Systems to streamline IT operations for its clients and maximize sustainability in the data center. “In one project, we consolidated 182 Microsoft Windows servers on a single IBM Integrated Facility for Linux processor on IBM Z,” explains Jan Bjerre Aagesen. “The IBM Z architecture is very well suited for our print workloads with heavy I/O operations.”
By running on the IBM Z platform, SEAL Systems can deliver a robust hybrid cloud strategy for its new cloud service. Running globally distributed environments cost-efficiently on IBM Cloud with Hyper Protect Server is a big advantage. “IBM Cloud offers highly competitive pricing thanks to free cross-region data transfers,” adds Jan Bjerre Aagesen. “Our customers can choose to use the IBM Cloud or also host the cloud-native application architecture on-premises in their private cloud on their existing IBM Z mainframe and maximize utilization of its resources, further increasing the overall sustainability of IT operations.”
Throughout the implementation of its software on IBM Cloud Hyper Protect Virtual Server for VPC, SEAL Systems has worked closely with IBM. “Thanks to the excellent collaboration with the IBM zStack and IBM Labs teams as well as the SAP team at IBM, we reduced time-to-market for our new cloud solution from one year to just a few months,” remarks Thomas Tikwinski. “We’ve received great support from IBM teams worldwide and managed to onboard a new client very quickly together.”
By choosing IBM Z, SEAL Systems has futureproofed its security and prepared its clients for the coming age of quantum cryptography. IBM LinuxONE and z16 offer industry-first quantum-safe technologies, enabling SEAL Systems to become an early adopter of new security practices. The company can leverage IBM Quantum Safe technology to gradually strengthen cybersecurity for the quantum future.
Thomas Tikwinski concludes: “When we started this initiative, we didn’t know much about IBM Z. The solution architects, engineers and security specialists at IBM were very helpful and patient with us. Learning about the modern, cutting-edge capabilities of IBM Z and IBM Cloud Hyper Protect Virtual Server for VPC completely changed our perception of the mainframe as a secure and future-oriented cloud application platform.”
SEAL Systems AG is a specialist for enterprise output solutions headquartered in Germany. With 130 employees and more than 40 years of experience in printing and converting business documents, SEAL Systems serves 1,500 customers and achieves annual revenues of EUR15.4 million. SEAL Systems provides its highly secure and fully encrypted solution as both on-premises and print-as-a-service cloud offerings.
Legal
© Copyright IBM Corporation 2024. IBM Corporation, IBM Cloud, New Orchard Road, Armonk, NY 10504
Produced in the United States of America, January 2024.
IBM, the IBM logo, ibm.com, IBM Cloud, IBM Z, and z16 are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a worldwide basis.
This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.
The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. It is the user’s responsibility to evaluate and verify the operation of any other products or programs with IBM products and programs. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.