IBM / Red Hat is the only vendor in this assessment series attempting to build an enterprise AI operating model from middleware outward. Where Dell builds upward from hardware, VAST builds upward from storage, and Google builds downward from model intelligence, IBM builds from the platform layer — Red Hat OpenShift as the universal substrate — and extends authority in both directions: downward into infrastructure governance (Sovereign Core, Concert) and upward into agent orchestration (watsonx Orchestrate). The platform is the distribution vehicle, not the value. The value is the governance and orchestration intelligence that rides on top.
The critical analytical lens for IBM is separating defensible proprietary IP from open-source packaging. The majority of IBM's AI platform capabilities — OpenShift (Kubernetes), vLLM (inference), KServe (model serving), Ray (distributed compute), Kubeflow (ML pipelines), MLflow (experiment tracking), Tekton (CI/CD), even InstructLab (model customization) — are open-source projects that run identically on VMware Tanzu, Amazon EKS, or bare Kubernetes. An enterprise could replicate most of IBM's Layer 2A/2B capabilities on any CNCF-compliant Kubernetes distribution. IBM's structural moats — capabilities that cannot be replicated without IBM — are concentrated in a narrow but strategically critical band: watsonx.governance (cross-platform AI assurance), watsonx Orchestrate (agentic control plane), Confluent integration with watsonx.data (governed real-time streaming), and Sovereign Core (runtime sovereignty). These are the components where IBM provides genuine authority above the Kubernetes baseline.
IBM does not own compute silicon, does not own GPU scheduling, does not own networking fabric, does not own a high-performance AI-optimized storage platform, and does not own a frontier foundation model. Layer 0 is entirely Delegated or Absent — IBM provides no compute hardware, no server chassis, no networking switches, no cooling infrastructure, and no GPU fabric interconnect. IBM would be perfectly content for customers to run Layers 1A through 3 on a Dell AI Factory, HPE Private Cloud AI, or any OEM hardware. IBM's business model depends on someone else solving Layer 0.
The consulting and services model reinforces the open-source strategy. IBM Consulting (~160,000 consultants) provides implementation expertise for the AI platform — but consulting is a competitive services market, not a platform dependency. Enterprises switch from IBM Consulting to Deloitte or Accenture for platform support the same way they switch SAP BASIS support providers: the structural moat is the platform IP (watsonx.governance, Orchestrate), not the services engagement. IBM Consulting is a competitive advantage in the services market, not a structural advantage in the platform architecture.
The structural question for IBM is whether governance and orchestration authority — owning the narrow band of non-substitutable AI control plane software while everything else is open-source — is more durable than infrastructure authority (Dell, HPE), storage authority (VAST), or model authority (Google). The 4+1 model suggests this bet is architecturally sound — Layer 2C is where authority concentrates — but IBM must prove that watsonx Orchestrate's control plane is substantive, not just well-named, and that watsonx.governance's cross-platform assurance creates sufficient switching costs to justify the subscription when the rest of the stack is free.
Layer-by-layer status: Layer 0 (Delegated to Partners), Layer 1A (Governance Strength, Storage Gap), Layer 1B (Open-Source Assembled), Layer 1C (Confluent + Open-Source Pipeline), Layer 2A (OpenShift Strength), Layer 2B (Open-Source Runtime + NVIDIA), Layer 2C (Most Explicit 2C Claim), Layer 3 (+1) (Consulting-Led Ecosystem).
Assessment framework: 4+1 Layer AI Infrastructure Model. Scoring model: Decision Authority Placement Model (DAPM) — Retained, Delegated, Ceded, or Absent. Published by The CTO Advisor LLC. Author: Keith Townsend. Date assessed: May 23, 2026. Version: v1.0 — Draft, Editorial Review Pending.
Raw compute, networking, and acceleration fabric
RHEL 26.01 with Day 0 Blackwell support. Co-engineering for Vera Rubin. Validated driver, firmware, and runtime integration for NVIDIA AI Factory deployments on OpenShift. Integration work, not hardware authority.
Co-engineered software stack: Red Hat AI Enterprise + NVIDIA AI Enterprise. Unified lifecycle management across RHEL AI, OpenShift AI, Red Hat AI Enterprise. Not a hardware product — a validated software integration path that runs on OEM hardware IBM does not provide.
NVIDIA GPU, AMD GPU (ROCm), Intel Gaudi, IBM Spyre (Tech Preview). Each accelerator uses a different vLLM ServingRuntime variant for KServe. Broadest accelerator support of any AI platform assessed — but this is Layer 2A/2B software integration, not Layer 0 hardware authority.
IBM provides no networking hardware, no GPU fabric interconnect, no software-defined AI networking. OpenShift SDN handles container networking but not the GPU-to-GPU fabric that determines distributed training performance. East-west bandwidth is entirely OEM-dependent. Compare to Dell (PowerSwitch/Spectrum), HPE (Juniper + Slingshot + Aruba), AWS (EFA/SRD).
Blackwell, Vera Rubin available through Dell, HPE, Lenovo, Supermicro OEM partners running OpenShift. Red Hat Enterprise Linux for NVIDIA 26.01 provides Day 0 Blackwell support with Vera Rubin co-engineering underway.
GPU Operator, NVIDIA Run:ai (included in AI Enterprise), NIM microservices, DOCA runtime protection. Validated integration path through Red Hat AI Factory with NVIDIA.
IBM does not own compute silicon, server hardware, networking switches, cooling infrastructure, or AI-optimized network fabric. This is the emptiest Layer 0 of any vendor assessed. Dell owns PowerRack/PowerEdge/PowerSwitch/PowerCool. HPE owns ProLiant/Cray/Juniper/Slingshot/Aruba. VAST co-designs CNode-X storage hardware. Google owns TPUs and custom networking. AWS owns Trainium and EFA/SRD. IBM owns none of these. IBM's Layer 0 story is entirely indirect: Red Hat OpenShift runs on any x86/ARM hardware from any OEM. This is presented as a strength (hardware agnosticism, no vendor lock-in) but in 4+1 terms it means IBM has no Layer 0 authority whatsoever. Abstraction is not authority. Layer 0 defines what physical capabilities exist — compute density, thermal envelope, east-west bandwidth, accelerator topology. IBM has no opinion on any of these because IBM provides none of them. The networking gap is particularly significant for AI workloads. GPU-to-GPU bandwidth determines distributed training performance. Dell has PowerSwitch (NVIDIA Spectrum silicon). HPE owns Juniper + Slingshot for HPC fabric. AWS built EFA with SRD custom transport. IBM has no networking IP — not hardware, not software-defined networking for GPU fabrics. OpenShift's SDN handles container networking, not the GPU fabric networking that AI training requires. When an enterprise runs distributed training across 64 GPUs on OpenShift, east-west bandwidth depends entirely on whatever the OEM provided. IBM contributes nothing. The Red Hat AI Factory with NVIDIA co-engineering is significant: Day 0 Blackwell support, Vera Rubin co-engineering, NVIDIA Run:ai integration. But this is validation and integration work, not silicon or fabric authority. The same NVIDIA software stack runs on Dell, HPE, and Lenovo hardware. Note: IBM Z/Power with Telum on-chip AI inference is classified at Layer 3 (AI Application Layer), not Layer 0. Telum's value is transactional AI inference co-located with enterprise ledgers (banking, insurance) — this is an application-layer advantage where AI capability is adjacent to business data, not an infrastructure fabric capability. The same logic applies to SAP HANA on dedicated hardware: the value is in the application adjacency, not the compute fabric.
Total at Layer 0. IBM borrows all compute, networking, cooling, and fabric judgment from OEM partners and NVIDIA. The enterprise retains hardware vendor choice — a genuine governance benefit — but IBM adds no proprietary hardware value at any sub-layer: no silicon, no thermal engineering, no network fabric, no rack integration. Compare to Dell (retains mechanical/thermal/rack authority), HPE (retains networking end-to-end post-Juniper, cooling via Cray DLC, silicon agnosticism within owned chassis), VAST (retains storage hardware co-design with CNode-X). The abstraction-as-authority argument fails the 4+1 test. OpenShift abstracting hardware is a Layer 2A capability (infrastructure orchestration), not a Layer 0 capability. Layer 0 asks: what physical capabilities does the vendor provide? IBM's answer: none.
IBM Spyre AI Accelerator in Technology Preview is worth tracking. If IBM productizes custom AI silicon for OpenShift, the Layer 0 story changes fundamentally — IBM would join Google (TPU) and AWS (Trainium) as vendors with proprietary AI acceleration. But Technology Preview is not production. The multi-accelerator support story (NVIDIA, AMD ROCm, Intel Gaudi, IBM Spyre through different vLLM ServingRuntime variants) is the broadest of any platform assessed. But this is a Layer 2A/2B capability (platform support for multiple accelerators via Kubernetes operators), not Layer 0 authority. Supporting accelerators through software is fundamentally different from providing accelerators through hardware. Gemini's assessment frames Layer 0 abstraction as 'Silicon Decoupling' — a deliberate strategic choice. This framing is accurate as strategy but misleading as architecture. The enterprise architect choosing IBM accepts that Layer 0 is someone else's problem. The 4+1 model makes that acceptance visible.
Durable, governed data foundation — the Governance Catalog that Layer 2C queries
Enterprise AI governance: Governance Graph (connected map of AI assets, policies, risks, regulations), model monitoring (bias, drift, fairness), agentic monitoring and security, regulatory library (EU AI Act, HIPAA, GDPR). Cross-platform: governs IBM, OpenAI, AWS, Meta models. IDC named IBM a Leader in AI governance.
Open data lakehouse with Presto and Spark engines, Iceberg table format. Shared metadata layer across clouds and on-premises. GPU-accelerated Presto (private preview). Context layer for AI-queryable metadata (private preview). watsonx.data intelligence provides data lineage, classification, quality, and Master Data Management.
Kafka + Flink + Tableflow integrated into watsonx.data. Zero-copy data sharing: query live Kafka streams as Iceberg tables without ETL. $11B acquisition positions IBM as the only infrastructure vendor with owned real-time streaming substrate.
Ceph: distributed S3-compatible object storage for watsonx.data lakehouse. Fusion: storage services for OpenShift applications with data caching and acceleration. Storage Fusion HCI provides hosted platform for watsonx on-premises. Competent but not AI-optimized at competitor level.
GA May 2026. Software platform enforcing data sovereignty across four pillars: operational, data, technology, AI sovereignty. Embeds policy at infrastructure runtime. Built on Red Hat OpenShift. Mistral AI as first certified model partner. Ensures data residency, model execution, and inference all operate within sovereign boundary.
Private preview. Proof-of-concept with Nestlé showed 83% cost savings. GPU acceleration for analytical queries on the lakehouse.
IBM's Layer 1A is structurally split: strong governance, moderate storage. The governance stack is the strongest in this assessment. watsonx.governance provides end-to-end AI lifecycle governance — model monitoring, bias detection, drift monitoring, regulatory compliance (EU AI Act, HIPAA, GDPR), and a Governance Graph that maps relationships between AI assets, policies, risks, and regulatory requirements across platforms. Unlike Dell's Trust3 AI (partner overlay) or VAST's PolicyEngine (proprietary, platform-bounded), watsonx.governance operates across IBM and third-party platforms (OpenAI, AWS, Meta). This is the only cross-platform AI governance solution assessed. The watsonx.data lakehouse provides a governed data foundation with Presto and Spark engines, Iceberg table format, and shared metadata across cloud and on-premises. IBM Storage Ceph provides S3-compatible object storage. IBM Storage Fusion provides storage services for OpenShift applications. The Confluent acquisition adds real-time streaming (Kafka + Flink + Tableflow) with zero-copy data sharing — AI models can query live Kafka streams as Iceberg tables without ETL. But the storage infrastructure itself is not AI-optimized at the level of competitors. Compare: Dell Exascale provides 10+ PB/rack unified file+object+fast-file with MetadataIQ indexing billions of files. HPE Alletra X10000 provides unified file+object with Data Fabric policy-based placement. VAST Element Store collapses file, object, table, and vector into a single governed data structure. IBM Storage Ceph is competent distributed object storage but lacks the AI-specific metadata enrichment, inline embedding, or vector-native capabilities of Dell, HPE, or VAST storage platforms. The watsonx.data intelligence layer (data lineage, automated classification, Master Data Management, data quality) partially compensates by providing governance above storage — but the storage layer underneath is less performant and less AI-native than competitors' purpose-built solutions.
Low for governance (watsonx.governance, watsonx.data intelligence are IBM IP). Moderate for storage (IBM Storage Ceph and Fusion are IBM-owned but lack AI-specific optimizations). Low for streaming data (Confluent is now IBM-owned post-acquisition). The cross-platform governance capability is unique: watsonx.governance monitors models running on OpenAI, AWS, or Meta — not just IBM. This is the only assessed solution where governance authority is deliberately designed to extend beyond the vendor's own platform boundary.
The Confluent acquisition is the most strategically significant data-layer move from any vendor in this assessment. Real-time streaming + governed lakehouse + cross-platform governance creates a data foundation story that is architecturally distinct. Where Dell invested in Dataloop (pipeline orchestration) and VAST built DataEngine (serverless compute on data), IBM acquired the streaming substrate itself. The watsonx.data Context layer (private preview) adds contextual metadata directly into the lakehouse — making data AI-queryable without separate ETL. If this matures, it could address the metadata boundary problem identified in the Control Plane Working Notes: metadata that is both governed and real-time, not just batch-indexed. IBM's Governance Graph — mapping AI assets through policies, risks, and regulatory requirements as a connected graph — is the most sophisticated governance data model in this assessment. Whether it can serve as the queryable governance surface that a Layer 2C control plane needs is the open question.
Low-latency retrieval for RAG — vector/hybrid search, context windows
KServe for model serving orchestration. vLLM as primary inference runtime with support for NVIDIA, AMD, Intel Gaudi, and IBM Spyre accelerators. Serverless (Knative) and RawDeployment modes. Autoscaling based on request concurrency.
IBM-led open-source project for enterprise model customization. Structured taxonomy-based knowledge contribution without full retraining. Reduces dependency on model provider for domain-specific retrieval quality. Community-driven knowledge curation.
OpenShift AI supports deployment of Milvus, Elasticsearch, pgvector, and other vector databases as containerized workloads. No IBM-owned vector database — enterprise selects and manages. Integration with watsonx.data for hybrid structured+unstructured queries.
Embedding models and retrieval microservices available through Red Hat AI Factory with NVIDIA. Same components available across Dell and HPE deployments.
Applying the Kubernetes-baseline test: IBM has zero defensible IP at Layer 1B. Every component — KServe (CNCF), vLLM (open-source), Milvus (open-source), InstructLab (Apache 2.0), Granite Guardian (Apache 2.0) — runs identically on VMware Tanzu, Amazon EKS, or bare Kubernetes without IBM involvement. A competent ML engineering team can deploy the same retrieval stack on any CNCF-compliant cluster without IBM licensing, IBM consulting, or IBM support. This is IBM's weakest layer from a defensibility standpoint. The retrieval capability exists and works. The enterprise can build effective RAG pipelines on OpenShift AI. But nothing in the pipeline is IBM-specific. Compare: • VAST: InsightEngine provides end-to-end embedding + vector search + retrieval pipeline as a single integrated system on the same Element Store. Embeddings trigger the moment data lands — vectors are always current with source data. One authority, zero integration seams. This is proprietary IP that cannot be replicated outside VAST. • Dell: Data Search Engine (Elastic-powered) + MetadataIQ + NVIDIA cuVS. Three-party dependency, but MetadataIQ is Dell-proprietary metadata integration — a defensible asset. The Elastic partnership provides search intelligence Dell doesn't own but has engineered deep integration with. • HPE: Data Fabric namespace + NVIDIA NeMo Retriever + Milvus/LangChain. HPE has proprietary storage infrastructure underneath but no proprietary retrieval intelligence. When Kamiwaza enters via Unleash AI, it adds governed context orchestration — a defensible Layer 1B/2C capability. • IBM: Everything open-source. No proprietary vector database, no proprietary embedding pipeline, no proprietary search intelligence, no inline metadata enrichment at the storage layer. IBM provides the Kubernetes platform on which open-source retrieval components run. The platform is the value — but the platform is Layer 2A, not Layer 1B. The structural seam Gemini correctly identifies: context management exists as a distinct software layer on top of storage, not inline with data writes. IBM's architecture requires explicit pipeline configuration for embeddings. VAST's architecture makes embeddings structural. Dell's MetadataIQ makes metadata indexing structural. IBM has no structural retrieval integration — it's all application-layer assembly. InstructLab is IBM's most distinctive contribution — but it's a governance innovation (who controls what the model knows?) rather than a retrieval innovation. It's also Apache 2.0 and runs on any platform. The distinction matters: InstructLab is IBM-led community innovation, not IBM-owned defensible IP. watsonx.data's Context layer (private preview) may change this assessment. If contextual metadata becomes natively queryable for RAG within the governed lakehouse, IBM would have a proprietary retrieval integration point. But private preview is not production.
High — the highest borrowed judgment of any IBM layer. IBM borrows retrieval intelligence entirely from open-source communities (Milvus, Elasticsearch, pgvector), embedding models from NVIDIA (NeMo Retriever) or open-source (sentence-transformers), and search acceleration from NVIDIA (cuVS). IBM provides no proprietary retrieval logic, no proprietary vector indexing, and no proprietary search intelligence. This is not a criticism of the architecture — open-source retrieval works. It is a DAPM observation: the enterprise's retrieval pipeline at Layer 1B has no IBM authority in it. The judgment is borrowed entirely from open-source communities and NVIDIA. If Milvus changes its indexing heuristics, IBM inherits the change. If NVIDIA changes NeMo Retriever's embedding strategy, IBM inherits that too. IBM provides packaging, not judgment. Compare to VAST (low — owns InsightEngine, DataBase, Catalog, vector search) or Dell (moderate — owns MetadataIQ, delegates search to Elastic, depends on NVIDIA for acceleration).
InstructLab is IBM's most distinctive contribution at this layer — and it's deliberately positioned as an open-source community project rather than proprietary IP. InstructLab allows enterprises to contribute domain knowledge to model training through a structured taxonomy, reducing the enterprise's dependency on model providers for domain-specific retrieval quality. This is a governance innovation (who controls what the model knows?) rather than a retrieval innovation. The Granite Guardian models (safety and guardrails) operate at the boundary between Layer 1B and 2B — filtering retrieved content before it reaches the model. This is a retrieval governance function that Dell's Elastic and VAST's InsightEngine don't address at the retrieval layer.
Data lifecycle automation — ingestion, transformation, pipeline orchestration
IBM-defensible IP. Real-time data streaming platform. Kafka for event streaming, Flink for stream processing, Tableflow for zero-copy integration with watsonx.data Iceberg tables. $11B acquisition. Enables AI agents to reason over live event streams without ETL. No other infrastructure vendor owns a real-time streaming substrate.
IBM-defensible IP. Enterprise data integration engine with decades of maturity. Graphical and code-first pipeline building. Automated data cleansing, tokenization, formatting for LLM consumption. Comprehensive lineage tracking — trace which raw document fed into a specific fine-tuning or RAG dataset. Data sanitization (PII, hate speech, copyrighted content) reduces Layer 2C compliance burden.
Kubernetes-baseline capability. Open-source ML lifecycle on OpenShift AI. Kubeflow for pipeline orchestration, Ray for distributed training, MLflow for experiment tracking, Spark for data processing, Tekton for CI/CD. All run identically on VMware Tanzu, EKS, or bare Kubernetes. IBM provides enterprise packaging, not proprietary capability.
IBM-defensible IP. Zero-copy query federation to external data platforms: Confluent Tableflow, Databricks Unity Catalog, Snowflake Open Catalog, Salesforce Data Cloud. Presto and Spark engines query data where it resides without copying. The federation logic is IBM-specific integration.
GPU-accelerated Spark on watsonx.data for pipeline processing. Same RAPIDS integration available across vendor platforms.
Applying the Kubernetes-baseline test, Layer 1C splits cleanly into IBM-defensible IP and open-source commodity — and the defensible half is genuinely strong. IBM-defensible IP (not replicable on Tanzu or bare Kubernetes): (1) Confluent (Kafka + Flink + Tableflow): IBM-owned post-$11B acquisition. Real-time streaming as infrastructure, not batch ETL. Tableflow zero-copy integration with watsonx.data Iceberg tables is IBM-specific. Kafka itself is open-source but the governed integration with the IBM lakehouse is proprietary. This is the most significant data-layer acquisition from any vendor in this assessment — no other infrastructure vendor owns a real-time streaming substrate. (2) DataStage (watsonx Edition): IBM proprietary enterprise data integration engine. Decades of maturity. Graphical and code-first pipeline building with automated data cleansing, tokenization, formatting for LLM consumption, and comprehensive lineage tracking. Enterprises can trace which raw document fed into a specific fine-tuning or RAG dataset. Compare to Dell's Dataloop (~$120M acquisition, less mature) or HPE's Airflow packaging (open-source, no proprietary lineage). (3) watsonx.data query federation: Zero-copy federation to Confluent Tableflow, Databricks Unity Catalog, Snowflake Open Catalog, Salesforce Data Cloud. IBM-specific integration logic. Kubernetes-baseline (replicable on any CNCF-compliant cluster): • Kubeflow — CNCF, pipeline orchestration, runs on any Kubernetes • Ray — open-source, distributed compute, runs anywhere • MLflow — open-source, experiment tracking, runs anywhere • Spark — open-source, data processing, runs anywhere • Tekton — CNCF, CI/CD pipelines, runs on any Kubernetes The 'Strong' classification is earned by the defensible half: Confluent + DataStage + watsonx.data federation. The open-source pipeline tools are commodity packaging — identical to HPE Ezmeral's approach, and replicable by any competent platform engineering team on any Kubernetes distribution. The architectural gap: unlike VAST's DataEngine (where pipeline functions execute directly on storage with CRDs — compute moves to data), IBM's pipelines run on OpenShift as separate containerized workloads — data moves to compute. For large-scale AI training pipelines, this creates more data movement than VAST's architecture. For real-time inference pipelines consuming Confluent streams, the data velocity advantage compensates. The resource overhead concern (correctly identified by Gemini's assessment): DataStage and Tekton are heavy enterprise platforms designed for complex corporate data architectures. For agile AI teams accustomed to Python scripts and LlamaIndex, IBM's data movement layer can feel over-engineered. This is a real practitioner concern — IBM's Layer 1C is enterprise-grade but not lightweight.
Low for defensible components. IBM now owns the streaming substrate (Confluent), the enterprise data integration engine (DataStage), and the lakehouse federation (watsonx.data). These are IBM IP with no external authority dependency. Moderate for open-source components. Kubeflow, Ray, MLflow, Spark, and Tekton are community-governed. IBM packages and supports them but inherits community judgment on architecture, performance, and API design. This is the same pattern as HPE's Ezmeral — enterprise packaging of open-source pipelines. NVIDIA provides GPU acceleration for Spark (RAPIDS) but the pipeline orchestration, streaming, data integration, and lifecycle are IBM-owned or community-governed. NVIDIA's authority at Layer 1C is limited to acceleration, not orchestration. Compare to Dell: Dell owns Dataloop (Retained) but depends on Starburst, NVIDIA, and ISV partners for the broader pipeline. Four authority boundaries. Compare to VAST: VAST owns everything at Layer 1C. One authority, total vendor dependency. IBM's model is distinctive: own the streaming substrate and enterprise data integration (defensible IP), package the open-source pipeline tools (commodity), federate across external data platforms (defensible integration). The enterprise retains more substitutability than VAST offers (can swap Kubeflow for Airflow without touching Confluent) but less than pure open-source (Confluent streaming integration is IBM-specific).
The Confluent acquisition creates a unique data velocity advantage. Dell, HPE, and VAST focus on data at rest (storage) and data in batch motion (pipelines). IBM now owns data in continuous motion (streaming). For agentic AI where agents need to reason over current events, current transactions, current sensor data — not yesterday's batch export — this is an architectural differentiator that no other infrastructure vendor possesses. Whether IBM can integrate Confluent deeply enough with watsonx.data to deliver on the 'zero-copy' promise is the execution question. The technology exists; the integration maturity is early. DataStage's data sanitization capabilities (removing PII, hate speech, copyrighted content prior to model training) are a crucial data-plane capability that directly reduces the compliance burden on Layer 2C downstream. This is the pipeline-to-governance connection that the 4+1 model identifies as critical: clean data in the pipeline means fewer governance exceptions at the reasoning plane.
Lifecycle management, scheduling, multi-tenant isolation, capacity management
Enterprise Kubernetes platform. Hybrid cloud consistency across on-prem, AWS (ROSA), Azure (ARO), GCP, IBM Cloud, edge. Lifecycle management, security (SELinux, FIPS), multi-tenant isolation. The universal substrate for IBM's AI stack.
MLOps + GenAIOps + AgentOps on OpenShift. Models-as-a-Service with token quotas, rate limiting, API key self-service, showback dashboards. AI gateway via Connectivity Link (Envoy/Kuadrant/Istio). Multi-accelerator model serving (NVIDIA, AMD, Intel Gaudi, IBM Spyre).
Public preview (Think 2026). Agentic operations platform: Concert Observe (Instana), Concert Optimize (Turbonomic), Concert Protect (security/Secure Coder), Concert Operate (cross-domain incident response). Shared operational data layer across applications, infrastructure, networks, security. Graph-driven operations model.
Infrastructure automation across hybrid environments. Ansible Lightspeed with IBM watsonx for AI-assisted automation content creation. Established enterprise automation authority — the bridge between AI platform operations and existing IT operations.
GPU scheduling, fractionalization (MIG), workload management on OpenShift clusters. Run:ai now included in NVIDIA AI Enterprise for OpenShift deployments.
Layer 2A requires careful separation of Kubernetes-baseline capabilities from IBM-defensible IP. Kubernetes-baseline (replicable on Tanzu, EKS, or bare K8s): Container orchestration, namespace isolation, multi-tenancy, RBAC, lifecycle management, GPU scheduling via NVIDIA GPU Operator, model serving via KServe, distributed compute via Ray, CI/CD via Tekton. These are CNCF-ecosystem capabilities that IBM packages with enterprise support but does not own. VMware Tanzu provides the same primitives through VCF 9.1. An enterprise could switch from OpenShift to Tanzu without losing these capabilities — the same way enterprises switch SAP BASIS support from IBM to Accenture without touching SAP. IBM-defensible IP above the Kubernetes baseline: • NVIDIA bracketing: IBM is the only vendor in this assessment that makes NVIDIA AI Enterprise optional at Layer 2A. OpenShift AI's Kueue integration provides Kubernetes-native multi-tenant GPU queue management, quota enforcement, and fair-share scheduling without Run:ai. Dell's Layer 2A is 'Gap — Ceded to NVIDIA Run:ai.' HPE has the same NVIDIA GPU scheduling dependency. VMware depends on NVIDIA GPU Operator. IBM's platform team can dictate exactly how GPUs are carved up, queued, and billed using native OpenShift primitives, rendering NVIDIA's commercial scheduling layer optional. The enterprise can still use Run:ai on OpenShift — but it doesn't have to. This is a structurally significant Layer 2A differentiator. • Concert platform (Instana + Turbonomic + security modules): Cross-domain observability spanning applications, infrastructure, networks, and security with a graph-driven operations model. No CNCF equivalent. Datadog and Dynatrace compete at the product level but Concert's six-module integrated architecture (Observe, Operate, Optimize, Protect, Secure, Resilience) is IBM-specific. • Ansible Automation Platform: Established enterprise automation authority with Ansible Lightspeed (AI-assisted automation). Red Hat-owned IP with no Kubernetes-native equivalent. • OpenShift AI 3.4 Models-as-a-Service: Token quotas, rate limiting, self-service API keys, showback dashboards built as Kubernetes CRDs on Envoy/Kuadrant/Istio. The underlying components are open-source, but the composition and integration is IBM-specific packaging. An SI could replicate this on Tanzu with sufficient engineering — but IBM provides it out of the box. • Hybrid consistency: Same OpenShift control plane across on-prem, AWS (ROSA), Azure (ARO), GCP, IBM Cloud, edge. No other assessed vendor provides the same AI platform management plane across all major clouds. This is genuine differentiation — but OpenShift-specific, not a capability the enterprise retains if they move to Tanzu. The 'Strong' classification is justified by two structural differentiators that no other on-prem vendor matches: NVIDIA bracketing (making Run:ai optional through native Kueue scheduling) and hybrid consistency (same control plane everywhere). These are competitive advantages in the Kubernetes platform market. Concert and Ansible add IBM-specific observability and automation above the Kubernetes baseline. But the core orchestration primitives remain CNCF-baseline — maturity in Kubernetes packaging is a competitive advantage, not a structural moat.
Requires disaggregation: For Kubernetes-baseline capabilities: the enterprise borrows Kubernetes community judgment (scheduling, networking, storage orchestration) and NVIDIA judgment (GPU Operator, Run:ai). This borrowed judgment is identical regardless of whether the enterprise runs OpenShift, Tanzu, or EKS. It is not IBM-specific. For IBM-defensible IP: Low. Concert (Instana, Turbonomic), Ansible, and the OpenShift AI MaaS packaging are IBM-owned. The enterprise Cedes observability and automation authority to IBM when it adopts these — but can substitute with Datadog (observability) or Terraform (automation) without re-architecting the AI platform. The structural comparison requires a new framing: Dell's 2A (OpenManage) manages Dell hardware only. HPE's 2A (GreenLake) manages HPE infrastructure. VAST's 2A (Polaris) manages VAST clusters. VMware's 2A (VCF) manages virtualized infrastructure. IBM's 2A (OpenShift) manages any hardware — but so does any Kubernetes distribution. The scope is broad; the defensibility is in the packaging maturity and hybrid consistency, not in the orchestration primitives themselves.
The Models-as-a-Service architecture in OpenShift AI 3.4 is worth close attention. Token quotas, rate limiting, self-service API keys, and showback dashboards are Layer 2A functions that border on Layer 2C territory. When the platform decides which team gets how many tokens from which model — that's a placement decision. IBM positions these as 2A (resource management) rather than 2C (policy-driven placement), but the line is thin. LLMD (referenced in Summit sessions for intelligent resource orchestration) suggests IBM is building model-aware scheduling capabilities within OpenShift AI. If LLMD makes placement decisions based on model characteristics, load patterns, and cost constraints, it's a Layer 2C signal from the platform layer. Concert's six-module architecture (Observe, Operate, Optimize, Protect, Secure, Resilience) is the most comprehensive infrastructure operations platform in this assessment. Whether it constitutes a Layer 2C decision surface or a sophisticated Layer 2A monitoring/management system depends on whether Concert makes autonomous placement decisions or surfaces recommendations for human action.
Model serving, agent execution, inference APIs, distributed inference
Kubernetes-baseline capability. vLLM-based inference serving with KServe orchestration. OpenAI-compatible APIs. Models-as-a-Service architecture with enterprise authentication, token management, and showback. Supports NVIDIA, AMD, Intel Gaudi, IBM Spyre accelerators. vLLM and KServe are open-source — run identically on Tanzu or bare Kubernetes. IBM provides packaging and integration, not proprietary runtime.
IBM-shaped open-source. Red Hat co-engineering with NVIDIA on sandboxed agent runtime. Infrastructure-level policy enforcement for autonomous agents. Governs agent execution, tool access, and inference routing. Key Red Hat contribution to upstream open-source project. Feeds into Layer 2C vision.
IBM-defensible IP. Technology Preview: NVIDIA Confidential Computing within OpenShift sandboxed containers. Hardware-enforced agent isolation — protects against runtime compromise even if another agent is breached. Zero-trust architecture: SELinux + FIPS + DOCA runtime protection. Most comprehensive agent security architecture in this assessment. Not replicable on vanilla Kubernetes or Tanzu without significant engineering.
Kubernetes-baseline capability. LLM call tracing, tool execution tracking, reasoning step auditability. MLflow is open-source — runs on any platform. IBM provides integration with OpenShift AI and the watsonx governance stack. The auditability is enterprise-critical; the tooling is commodity.
IBM-defensible legal wrapper on open-source models. Granite 4.1 (3B, 8B, 30B dense models, Apache 2.0). ISO 42001 certified. Cryptographic model signing. Uncapped IP indemnity on watsonx.ai. Optimized for agentic workflows: tool calling, instruction following, function calling. Granite Guardian for safety guardrails. Models run anywhere (Hugging Face, Ollama, Dell Enterprise Hub, NVIDIA NIM). IP indemnity is IBM-specific — the only defensible element.
Model serving, training, and inference runtime on OpenShift. Same NVIDIA runtime available across Dell, HPE, and Lenovo deployments.
NVIDIA open-source project for sandboxed autonomous agent execution. Red Hat is a key contributor to upstream. Joint engineering underway to integrate with Red Hat's full-stack AI platform for infrastructure-level policy and oversight.
Integrated into Red Hat AI Factory with NVIDIA for building autonomous agents. NemoClaw/OpenClaw agent runtime available on OpenShift.
Applying the Kubernetes-baseline test at Layer 2B reveals the same pattern as Layer 1B: the execution runtime is entirely open-source commodity, and IBM's defensible value is the governance and security wrapper around it. Kubernetes-baseline (replicable on Tanzu, EKS, or bare K8s): • vLLM — open-source inference engine, runs on any Kubernetes with GPU Operator • KServe — CNCF model serving orchestration, runs on any Kubernetes • MLflow — open-source lifecycle management, runs anywhere • Ray — open-source distributed compute, runs anywhere • NVIDIA NIM — containerized model serving, runs on any Kubernetes with NVIDIA AI Enterprise IBM-defensible IP above the baseline: • Confidential containers + agent security: SELinux, FIPS, sandboxed containers with NVIDIA Confidential Computing (Technology Preview). Hardware-enforced agent isolation protecting against runtime compromise even if another agent is breached. Red Hat's security hardening is genuine IP that vanilla Kubernetes and Tanzu don't match out of the box. This is the most comprehensive agent security architecture in this assessment. • OpenShell co-engineering: Red Hat contributing to upstream agent governance standards — infrastructure-level policy enforcement for autonomous agents. Not proprietary IP but IBM-shaped open-source that feeds into the 4+1 model's Layer 2C vision. • Granite IP indemnity: The models are Apache 2.0 and run anywhere. The uncapped IP indemnity is IBM-specific legal protection available only through watsonx.ai. The model is portable; the legal wrapper is not. • Granite Guardian: Safety guardrails, Apache 2.0. IBM-led but runs on any platform. One observation Gemini makes correctly: IBM deliberately treats the model runtime as a portable commodity layer. By standardizing on vLLM + KServe, IBM eliminates the runtime fragmentation seen in Dell's stack (NemoClaw, OpenShell, NeMo Guardrails, Dynamo, NIMs — five NVIDIA components creating a tightly coupled runtime). IBM's runtime simplicity is the strategy: fewer components, fewer dependencies, more portability. The trade-off is that IBM cannot achieve the extreme custom-silicon optimization of Google's Pathways/TPU integration or AWS's Trainium-optimized stack. The 4+1 model distinction: IBM's Layer 2B borrowed judgment is in execution (how models run — entirely from open-source and NVIDIA). IBM's Layer 2B authority is in governance (how model execution is constrained, audited, and secured — from Red Hat security hardening and confidential containers). This is the inverse of Dell's profile: Dell borrows governance at 2B, IBM borrows execution at 2B. The vendor comparison at 2B: • Dell: NVIDIA runtime + ISV blueprints (Cohere North, DataRobot, ClearML). Dell adds services, not runtime IP. Runtime is Ceded to NVIDIA. • HPE: NVIDIA runtime + Kamiwaza agent coordination + CrewAI/ISV frameworks. Three sources, three authorities. • VAST: AgentEngine provides a unified proprietary agent runtime. One authority. The strongest 2B defensibility in the assessment. • IBM: Open-source runtime (vLLM/KServe) + NVIDIA acceleration + Red Hat security wrapper + IBM governance overlay (watsonx.governance). IBM's value is not the runtime itself but the governance and security wrapper around an open-source runtime. The runtime is commodity; the wrapper is defensible.
Requires disaggregation: For execution runtime: High. vLLM, KServe, NVIDIA NIM, Triton are open-source or NVIDIA-controlled. IBM borrows all execution judgment from open-source communities and NVIDIA. This borrowed judgment is identical regardless of whether the runtime runs on OpenShift, Tanzu, or EKS. For governance and security: Low. Confidential containers, SELinux/FIPS hardening, OpenShell co-engineering, agent lifecycle auditability, and the Granite IP indemnity are IBM/Red Hat IP or IBM-led open-source. The enterprise Cedes security architecture to Red Hat when adopting OpenShift's agent security stack — but Red Hat's security opinions are the product. For model alignment: Variable. Granite models carry IBM's alignment choices (ISO 42001, rigorous data filtering, enterprise-focused tuning). If the enterprise swaps Granite for Llama or Mistral, it inherits those providers' alignment choices — but the execution fabric remains under the enterprise's authority regardless. The model is a Layer 3 choice; the runtime is a Layer 2B choice. IBM correctly separates them.
The Red Hat Advanced Developer Suite — trusted software factory, Trusted Libraries (SLSA Level 3), AI-driven exploit intelligence — adds a software supply chain governance layer that no other assessed vendor addresses at this depth. This is not traditional Layer 2B (model serving) but it's a critical enterprise concern: is the code that builds and deploys AI models itself trustworthy? OpenShift Dev Spaces supporting AWS Kiro, Microsoft Copilot, Claude CLI, Cline, Continue, and Roo from a single governed runtime is an underappreciated capability. Multi-assistant coding from one governed workspace means the developer's AI tools inherit OpenShift's security and governance posture — a concrete example of infrastructure-level governance applied to AI-assisted development. The three control points from Red Hat Summit 2026 (execution sandboxing, artifact provenance, short-lived agent identity) represent a governance-first approach to agent execution that aligns directly with the 4+1 model's Layer 2C thesis. The question: are these control points sufficient to constitute a Layer 2C function, or are they Layer 2B governance primitives that a separate Layer 2C must consume?
Policy-driven placement and resource coordination — the Autonomy Layer
Private preview (Think 2026). Multi-agent governance: manages agents from IBM native, LangFlow, LangGraph, and A2A protocol. Centralized identity/credential management, policy enforcement, audit logging. Agent catalog for discovery and lifecycle. AgentOps for real-time observability and cost tracking. Over 100 domain agents and 400+ prebuilt tools.
GA. Agentic developer assistant with multi-model routing: dynamically routes tasks to Claude, Mistral, Granite based on accuracy, latency, cost. Pass-through pricing. 80,000 internal IBM users, 45% average productivity gain. Demonstrates practical multi-variable placement decisions.
GA May 2026. Four sovereignty pillars: operational, data, technology, AI. AI sovereignty enforced at runtime — governing where inference happens, who controls models, how decisions are logged/traced/reviewed. Built on OpenShift + Red Hat AI. Mistral AI first certified model partner.
Governance Graph mapping AI assets through policies, risks, and regulatory requirements. Agentic monitoring and security capabilities. Cross-platform: governs IBM, OpenAI, AWS, Meta. Continuous compliance monitoring, not periodic audits. The governance query surface that a 2C control plane needs.
Governs agent execution, tool access, inference routing. 2B constraint enforcement with 2C policy potential. Same OpenShell available across NVIDIA partners.
The Kubernetes-baseline test produces its most significant finding at Layer 2C: this is the only layer where IBM provides 100% defensible IP. There is no CNCF equivalent for cross-framework agent governance, no open-source multi-variable model routing, no community-driven runtime sovereignty enforcement, no Kubernetes-native cross-platform AI lifecycle assurance. Every component at Layer 2C is IBM proprietary. Nothing here runs on Tanzu without IBM licensing. This finding validates IBM's entire strategic architecture. Layers 0 through 2B are progressively commodity — open-source packaging on delegated hardware. Layer 3 is consulting and models in a competitive services market. Layer 2C is the narrow band where IBM provides capabilities that cannot be replicated without IBM. The moat is here. IBM is the only vendor in this assessment that explicitly names its agent orchestration layer a 'control plane.' watsonx Orchestrate's next generation (private preview, Think 2026) is positioned as an 'agentic control plane for scaling and governing your AI' — and the capabilities described map directly to what the 4+1 model defines as Layer 2C. Applying the Intelligence 2C vs. Infrastructure 2C split established in the AWS assessment: Intelligence 2C (productized and portable): watsonx.governance provides continuous model monitoring, bias detection, drift tracking, regulatory compliance enforcement, and the Governance Graph mapping AI assets through policies, risks, and regulatory requirements. watsonx Orchestrate provides cross-framework agent governance — managing agents from IBM native, LangFlow, LangGraph, and A2A protocol with centralized policy enforcement, identity/credential management, and audit logging. IBM Bob demonstrates practical multi-model routing: tasks dynamically routed to Claude, Mistral, or Granite based on accuracy, latency, and cost — a multi-variable placement decision, not single-variable optimization like NVIDIA Dynamo's KV-aware routing. Sovereign Core enforces sovereignty as a runtime requirement, governing where inference happens, who controls models, and how decisions are logged within sovereign boundaries. IBM's Intelligence 2C is the strongest in this assessment for on-premises deployments. Four capabilities that no other on-prem vendor matches: (1) Cross-framework agent governance (watsonx Orchestrate) — manages agents regardless of which framework built them. Dell has no equivalent. HPE delegates to Kamiwaza. VAST's AgentEngine governs VAST-native agents only. (2) Cross-platform AI assurance (watsonx.governance) — governs models running on IBM, OpenAI, AWS, or Meta. No other governance solution spans vendor boundaries. (3) Multi-variable model routing (IBM Bob) — 80,000 internal users, demonstrated accuracy/latency/cost optimization. Production evidence at scale. (4) Runtime sovereignty (Sovereign Core) — sovereignty enforced at infrastructure runtime, not as a policy checkbox. No equivalent from any assessed vendor. Infrastructure 2C (absent/manual): watsonx Orchestrate governs agent behavior but does not autonomously calculate: 'Based on real-time token cost, data residency tags in watsonx.data, and current GPU cluster queue times, route this inference to on-prem PowerEdge versus burst to Azure.' That infrastructure placement coordination remains a manual configuration task for the platform architect. No productized engine queries Layer 1A governance metadata to make multi-variable infrastructure placement decisions in real time. This is the same split AWS exhibits: Intelligence 2C is productized (AgentCore Policy, Guardrails), Infrastructure 2C is implicit inside managed services. IBM's Intelligence 2C is more portable than AWS's (runs on-prem, multi-cloud). IBM's Infrastructure 2C is equally absent. Six-vendor Layer 2C comparison: • Dell: Absent. No productized control plane. • HPE: Retained (IT infrastructure ops via GreenLake Intelligence) + Delegated (AI workloads via Kamiwaza). • VAST: Retained/Emerging (PolicyEngine + Polaris — middle-out from data layer, GA end 2026). • AWS: Intelligence 2C Delegated (AgentCore/Guardrails) + Infrastructure 2C Ceded/Implicit within managed services. • Google: Full 2C — Agent Platform with Inference Gateway + DWS. Most production-proven. Entirely Ceded to Google. • IBM: Intelligence 2C Retained/Ceded (watsonx.governance + Orchestrate — highly portable, productized, multi-cloud) + Infrastructure 2C Absent/Manual. The production maturity gap: watsonx Orchestrate next-gen is in private preview. The capabilities are described, the architecture is sound, Bob provides production evidence of multi-model routing at scale (80,000 users). But the full agentic control plane is not GA. Compare to Google's Agent Platform (GA, production-deployed) and AWS's Bedrock AgentCore (GA). IBM's 2C is the most explicitly named, the most framework-agnostic, and the least production-proven as a complete system.
Low — the lowest borrowed judgment of any IBM layer, because every component is IBM proprietary IP. watsonx Orchestrate, watsonx.governance, Sovereign Core, and Bob are all IBM-owned. No open-source dependency, no NVIDIA dependency, no partner dependency at this layer. The framework-agnostic approach means IBM borrows less agent-level judgment from any single framework vendor — but it also means IBM's orchestration authority depends on integration quality with frameworks it doesn't control (LangFlow, LangGraph, A2A). If LangGraph changes its execution model, IBM must update the integration. This is a different kind of dependency than NVIDIA runtime dependency — it's integration maintenance, not architectural dependency. The DAPM classification requires the Retained/Ceded distinction established in the series: • watsonx Orchestrate: Ceded to IBM. The enterprise consumes IBM's control plane — configures policies within it, but cannot replace it without re-architecture. Portable across clouds but not substitutable. • watsonx.governance: Retained by the enterprise. The enterprise defines its own governance policies, ethical thresholds, and compliance constraints. IBM provides the framework; the enterprise provides the judgment. The closest to genuinely Retained authority in IBM's stack. • Sovereign Core: Retained by the enterprise. The enterprise defines sovereignty boundaries; IBM enforces them at runtime. • Bob: Ceded to IBM. Multi-model routing logic is IBM's — the enterprise configures preferences but IBM's software makes the placement decisions. Compare to Google: Agent Platform provides 2C as a deeply integrated platform capability. More production-proven but less framework-agnostic. Entirely Ceded to Google — no on-prem option. Compare to HPE/Kamiwaza: Kamiwaza provides similar agent coordination but as a partner (Delegated). IBM provides it as owned IP. Compare to VAST: PolicyEngine provides data-layer governance with 2C ambitions. VAST builds 2C from data up; IBM builds 2C from platform out. Different architectural vectors toward the same Layer 2C function.
The Kubernetes-baseline finding at Layer 2C is the structural justification for IBM's entire AI strategy. Every layer below 2C is progressively more commodity — open-source runtime, open-source pipelines, open-source retrieval, delegated hardware. IBM's bet is that the narrow band of defensible IP at Layer 2C (governance + orchestration + sovereignty) captures more strategic value than the broad commodity layers beneath it. The 4+1 model suggests this bet is architecturally sound — Layer 2C is where authority concentrates. The ECI Research finding — two-thirds of enterprise AI leaders have already implemented multi-agent collaboration — validates the urgency. The problem watsonx Orchestrate addresses (governing hundreds of agents from different frameworks with consistent policy) is real and growing. The A2A protocol support is strategically important. If A2A becomes the standard for agent-to-agent communication (analogous to MCP for tool use), IBM's early support positions watsonx Orchestrate as the governance layer above the protocol — the control plane that governs A2A interactions. This is the platform-layer bet: don't own the protocol, govern the protocol. The Intelligence 2C vs. Infrastructure 2C gap is the open question for IBM's roadmap. If Concert's Turbonomic module (GPU cost optimization, workload placement recommendations) evolves from recommendations to autonomous placement decisions informed by watsonx.data governance metadata, IBM would close the Infrastructure 2C gap from the observability layer. The data to make infrastructure placement decisions exists across Concert (infrastructure telemetry), watsonx.data (data governance metadata), and Confluent (real-time operational data). The placement engine that consumes all three does not yet exist as a productized capability.
AI-powered business capabilities — business logic, workflow automation
~160,000 consultants with AI practice. Vertical industry solutions: banking (Banco Bradesco on ARO), healthcare, government, manufacturing. Competitive advantage in implementation services — but substitutable. Enterprise retains authority to select any SI (Deloitte, Accenture, Wipro, boutique firms) for platform implementation without architectural impact. The SAP BASIS pattern: platform IP is the moat, implementation services are a market.
Granite 4.1 (3B/8B/30B, Apache 2.0), Granite Guardian (safety), Granite Code, Granite Time Series. Available on watsonx.ai, Hugging Face, Dell Enterprise Hub, NVIDIA NIM, Docker Hub, Ollama, LM Studio. Multi-platform model family with strongest governance posture: ISO 42001, cryptographic signing, uncapped IP indemnity.
watsonx.ai supports Granite, Llama, Mistral, GPT-OSS, Nemotron. OpenShift AI serves any model via vLLM/KServe. watsonx Orchestrate manages agents from IBM native, LangFlow, LangGraph, A2A. The platform is model-agnostic and framework-agnostic by design.
OpenShift ISV ecosystem across industries. Microsoft (Platform Modernization Partner of the Year 2026), AWS (ROSA + Kiro integration), Salesforce (Agentforce reference architecture). Multi-cloud deployment: build on OpenShift, deploy across AWS/Azure/GCP/on-prem.
IBM Z16 Telum on-chip AI accelerator for real-time transactional inference co-located with enterprise ledgers — banking fraud detection, insurance claims, government transactions. This is a Layer 3 application advantage (AI adjacent to business data on proprietary hardware) not a Layer 0 infrastructure capability. Analogous to SAP HANA on dedicated hardware: the value is application adjacency, not compute fabric. watsonx Code Assistant for Z (IBM Bob Premium for Z) provides AI-assisted COBOL-to-Java modernization — 10x productivity gains in early users.
NVIDIA NIM microservices and Agent Blueprints deployable on Red Hat AI Factory with NVIDIA. Same blueprints available across NVIDIA partners.
IBM's Layer 3 requires the same defensible-IP-vs-substitutable-services analysis applied throughout this assessment. IBM Consulting (~160,000 consultants) is a competitive advantage in a substitutable services market, not a structural platform dependency. Enterprises switch AI platform implementation partners the same way they switch SAP BASIS support: IBM to Accenture, Accenture to Deloitte, Deloitte to Wipro. The platform doesn't notice. The open-source components (OpenShift, vLLM, KServe, Kubeflow) run identically regardless of which SI assembled them. IBM Consulting's advantage is scale and experience, not lock-in. This is structurally different from every other vendor's services model: • Dell's Accelerator Services are additive — the NVIDIA runtime works without Dell's humans. • HPE's Kamiwaza partnership is structural — remove Kamiwaza and HPE loses Layer 2C orchestration. • VAST requires minimal consulting because the platform makes architectural decisions for you. • IBM's consulting is the primary go-to-market motion for a platform built from open-source components. The components are free. The assembly expertise is what IBM sells. But any competent SI can provide the assembly expertise. IBM Consulting competes for the engagement; it doesn't own the engagement by virtue of platform architecture. The Granite model family occupies a unique position: open-source (Apache 2.0), enterprise-grade, with the strongest governance posture of any model family (ISO 42001, cryptographic signing, uncapped IP indemnity). Granite is not competing with Claude or GPT-4 on raw capability — it's competing on trustworthiness, efficiency, and enterprise deployability. Critically, Granite runs on any platform — Dell Enterprise Hub, NVIDIA NIM, Hugging Face, Ollama. The model is portable; the IP indemnity is IBM-specific. IBM Z/Power transactional AI (Telum on-chip inference for banking, insurance, government) is a genuine Layer 3 application advantage. AI inference co-located with enterprise ledgers is not replicable on Dell or HPE hardware because the value is in the application adjacency to mainframe data, not in the compute architecture. watsonx Code Assistant for Z (Bob Premium for Z) with 10x productivity for COBOL modernization reinforces this — it's an AI application that only makes sense on IBM Z hardware. The ISV ecosystem comparison: • Dell's ecosystem is broad and horizontal: 5,000+ customers, OpenAI, Palantir, Google, ServiceNow, SpaceXAI. • HPE's ecosystem is curated and vertical: 26+ ISVs through Unleash AI. • IBM's ecosystem is consulting-driven and multi-cloud: IBM Consulting partnerships with SAP, Salesforce, Adobe, ServiceNow, plus the OpenShift ISV ecosystem deployable across all major clouds. • The multi-cloud deployment model (build on OpenShift, deploy across AWS/Azure/GCP/on-prem) is genuine differentiation at Layer 3 — ISVs building on OpenShift get portability that Dell and HPE can't match.
Distributed across ISV partners and model providers, which is architecturally correct at Layer 3. The consulting question is critical for DAPM: IBM Consulting is NOT a borrowed-judgment dependency. The enterprise retains full authority to select any SI for platform implementation, customization, and ongoing support. Switching SIs does not change the platform architecture, does not require re-engineering, and does not break running workloads. This is the SAP BASIS pattern: the platform IP (watsonx.governance, Orchestrate) is the structural dependency; the implementation services are a competitive market. The structural comparison: • Dell's ecosystem is load-bearing: ISV partners provide infrastructure-level functions. Remove Cohere North and Dell loses agent orchestration. • HPE's ecosystem is curated: partners provide domain applications. Remove Deloitte Zora AI and HPE loses a finance use case, not a platform function. • IBM's consulting is competitive: remove IBM Consulting and the enterprise hires Accenture. The platform remains intact. The adoption motion may slow but the architecture doesn't change. • VAST's ecosystem is additive: platform is self-sufficient. Partners add vertical use cases.
IBM's Layer 3 strategy is tightly focused on high-value, unglamorous enterprise utility — code modernization, automated compliance, legacy IT orchestration, mainframe fraud detection — rather than broad consumer-facing generative applications. Dell's Layer 3 partners are flashy (OpenAI, Palantir, SpaceXAI). HPE's Unleash AI partners target emerging AI use cases (video AI, geospatial, vision). IBM's Layer 3 targets the work enterprises actually need done: converting COBOL to Java, generating Ansible playbooks, detecting fraud in real-time transaction streams, modernizing mainframe applications. Nobody puts COBOL modernization on a keynote slide, but it's where regulated enterprise budgets concentrate. The watsonx application surfaces reinforce this enterprise utility focus: watsonx Assistant (conversational AI for customer service, HR, operations), watsonx Code Assistant / IBM Bob (AI-assisted development across the software lifecycle), watsonx Orchestrate applications (workflow automation binding agents to enterprise processes). These are not general-purpose AI platforms — they are purpose-built for specific enterprise operational domains. The 80,000 internal IBM Bob users represent the largest internal AI deployment from any vendor in this assessment. IBM is eating its own cooking at scale — and the 45% productivity gain claim, if sustained across production workloads, validates the agentic AI thesis more concretely than any vendor keynote. The EY tax technology partnership (Bob in private beta, described as 'closer to a collaborative agent than a simple coding tool') signals enterprise validation from a major professional services firm. Granite's Apache 2.0 licensing + uncapped IP indemnity is a distinctive governance posture. No other model family provides both open-source freedom AND vendor-backed legal protection. This addresses a specific enterprise concern: 'I want to run this model anywhere, and I don't want to worry about IP claims.' Neither OpenAI (closed-source, no indemnity) nor Meta (open-source, no indemnity) nor Google (Gemma open-weight but limited indemnity) matches this combination. The Kubernetes-baseline test at Layer 3: applications are inherently above the platform baseline, but IBM's distribution model matters. Granite models are Apache 2.0 — run on any platform. IBM Consulting is substitutable. The OpenShift ISV ecosystem targets any Kubernetes. IBM's defensible Layer 3 assets are narrow: Z/Power transactional AI (hardware adjacency), Granite IP indemnity (legal wrapper), watsonx Code Assistant for Z (mainframe-specific), and the watsonx application surfaces that integrate with Layer 2C governance (watsonx.governance integration creates application-level governance that doesn't port to Tanzu). The governance integration is the subtle lock-in: applications built to leverage watsonx.governance's Governance Graph inherit a dependency on IBM's governance architecture.
IBM / Red Hat is the only vendor in this assessment series attempting to build an enterprise AI operating model from middleware outward. Where Dell builds upward from hardware, VAST builds upward from storage, and Google builds downward from model intelligence, IBM builds from the platform layer — Red Hat OpenShift as the universal substrate — and extends authority in both directions: downward into infrastructure governance (Sovereign Core, Concert) and upward into agent orchestration (watsonx Orchestrate). The platform is the distribution vehicle, not the value. The value is the governance and orchestration intelligence that rides on top.
The critical analytical lens for IBM is separating defensible proprietary IP from open-source packaging. The majority of IBM's AI platform capabilities — OpenShift (Kubernetes), vLLM (inference), KServe (model serving), Ray (distributed compute), Kubeflow (ML pipelines), MLflow (experiment tracking), Tekton (CI/CD), even InstructLab (model customization) — are open-source projects that run identically on VMware Tanzu, Amazon EKS, or bare Kubernetes. An enterprise could replicate most of IBM's Layer 2A/2B capabilities on any CNCF-compliant Kubernetes distribution. IBM's structural moats — capabilities that cannot be replicated without IBM — are concentrated in a narrow but strategically critical band: watsonx.governance (cross-platform AI assurance), watsonx Orchestrate (agentic control plane), Confluent integration with watsonx.data (governed real-time streaming), and Sovereign Core (runtime sovereignty). These are the components where IBM provides genuine authority above the Kubernetes baseline.
IBM does not own compute silicon, does not own GPU scheduling, does not own networking fabric, does not own a high-performance AI-optimized storage platform, and does not own a frontier foundation model. Layer 0 is entirely Delegated or Absent — IBM provides no compute hardware, no server chassis, no networking switches, no cooling infrastructure, and no GPU fabric interconnect. IBM would be perfectly content for customers to run Layers 1A through 3 on a Dell AI Factory, HPE Private Cloud AI, or any OEM hardware. IBM's business model depends on someone else solving Layer 0.
The consulting and services model reinforces the open-source strategy. IBM Consulting (~160,000 consultants) provides implementation expertise for the AI platform — but consulting is a competitive services market, not a platform dependency. Enterprises switch from IBM Consulting to Deloitte or Accenture for platform support the same way they switch SAP BASIS support providers: the structural moat is the platform IP (watsonx.governance, Orchestrate), not the services engagement. IBM Consulting is a competitive advantage in the services market, not a structural advantage in the platform architecture.
The structural question for IBM is whether governance and orchestration authority — owning the narrow band of non-substitutable AI control plane software while everything else is open-source — is more durable than infrastructure authority (Dell, HPE), storage authority (VAST), or model authority (Google). The 4+1 model suggests this bet is architecturally sound — Layer 2C is where authority concentrates — but IBM must prove that watsonx Orchestrate's control plane is substantive, not just well-named, and that watsonx.governance's cross-platform assurance creates sufficient switching costs to justify the subscription when the rest of the stack is free.