What are the True Costs of Staying on Old Hardware?

We all know that one of the major benefits of our beloved IBM i is that it runs and runs well.  We don’t reboot the IBM i to correct application errors.  Our users don’t get a blue screen of death.  The hardware is designed to support businesses with high availability needs.  This also makes it possible to keep hardware running for 10 years or more.

While this may seem like a benefit, you certainly can’t keep a Windows server running for 10 years with little maintenance, it can be a determinant.  We run across companies every day who are running POWER5 and POWER6 hardware and they have no complaints about performance.  They ask us why they should consider purchasing new hardware when what they have is supporting their business.

The argument is often that since there are no performance issues that there isn’t really any reason to spend money on a new system.  The truth is that there are a lot of costs associated with staying with the old hardware that you may not be considering.  In order to truly determine the true cost of ownership of new hardware, we have to compare the cost of increased maintenance fees, the increased risk to the business, the increased cost of migration and potentially increased costs for testing prior to migration.

Increased Maintenance Costs

It’s not news that keeping old hardware will cause your maintenance fees to increase.  Not only does your hardware maintenance costs increase with each renewal, your software maintenance increases right beside it.  If you also keep old OS releases around for a long time, you are probably paying extended support for your software maintenance.

With 7.1 going end of life on April 30, those with old hardware that can’t support 7.2 are going to be charged extended service fees.  In the case of 7.1, with the exception of the P05 group, software maintenance will double.  For a P10, your maintenance will increase by over $4,000 a year.  That’s more than iTech charges for an OS upgrade.

Not only will you pay more money for extended support, you actually get less for that increased costs. You can call IBM Support for problems but, if the problem can’t be fixed with your version of the OS, you are out of luck.  You will be told that the only way is to upgrade, but if your hardware can’t support a new release you’re in trouble.  You may get a few patches but you won’t get any new features or functions, so why pay more and get less?

Increased Risk

IBM has announced the end of support for several POWER6 and POWER7 systems.  The POWER6 systems on the list will reach end of support on March 31, 2019.  The POWER7 systems reach end of support on September 30, 2019. When hardware reaches its end of life you are no longer charged the hardware portion of your maintenance, which does save you money.  We won’t argue this point, but it also increases your risk.

If you are running hardware that is no longer supported by IBM and you are just paying software maintenance, than the potential for hardware failure increases.  With no backup from IBM you could be down for days or longer.  Sourcing used parts can be time consuming and difficult.  Can your business afford to be down due to a hardware failure? Do you know what an hour of downtime costs your company?  What about a day or more?

Security is important no matter what line of business you are in.  You may not have to comply with regulations but, that doesn’t mean that you should just let your data be exposed.  Older OS releases are not as secure, as current releases.  Spectre and Meltdown won’t be patched on your Power5 or Power6 at all. In 7.1, the ciphers are out of date.  Equifax was breached because they didn’t apply PTF’s.  It happens, and it can happen to you.

Increased Migration Costs

When migrating to new hardware you really should make sure that your old hardware and new hardware are on the same OS release.  This makes it easier to migrate, which means it costs you less money.  Not only is a mixed OS migration more time consuming, but it also is risky.

When migrating to different release levels your introduce another problem which is if something fails what was it?  The OS or the hardware?  This means problem resolution could take twice as long.  You have a 50/50 chance of starting with the actual issue.  If you have a migration deadline to meet, to keep downtime to a minimum, you might not be able to meet the expectation. This goes back to increased risk.  This leads me to the next point.

Increased Testing Costs

If you are forced to migrate from old hardware that cannot support 7.2 then you really should test what will happen when you do migrate, before you migrate.  If you don’t have a second LPAR or environment then the costs to test must be included in your considerations of costs.

iTech Solutions often provides hardware to our customers for testing their restore and OS upgrade prior to migration.  We do the restore and OS upgrade for you and give you access to the system for a period of time to test what breaks.  The idea is then to know what we need to fix before we do the migration.  This helps reduce the risk of issues during the migration process, but increases the cost of moving to a new system.

Are you really Saving Money?

The big question is are you really saving money by keeping old hardware and the answer is NO.  You may save some money for a short period of time, but quickly you get to the point where you think you are spending less, but you will really spend more.  Not only will you spend more money on the old hardware, you also lose the opportunity that new OS versions offer you for innovation.  We can help you get the most out of your IBM i investment by helping you leverage what the platform has to offer.  Click here to request your quote today.

 

Moving IBM i to POWER9

It’s always exciting when IBM announces new hardware and today is no exception! We have been hearing about the new POWER9 Chip for several months. In December IBM released the first set of LINUX machines powered by P9.  Now the next set of servers on the POWER9 chip is announced – the Scale-out line.  IBM i has been running POWER chips since the POWER5 introduction in 2004 and the roadmap below illustrates the history and future of this powerful technology. Welcome POWER9!

While the new servers are similar to the POWER8 Scale-out from a model perspective these new babies are all about performance.  The estimated performance is approximately 1.5x theperformance of their POWER8 counterparts.  This is the infrastructure needed to move into the future.  IBM is describing these as Cloud and Artificial Intelligence ready meaning the hardware is ready for IBM i to take advantage of crucial business directions.  Security is at the forefront of everyone’s mind and POWER9s are pre-loaded with the firmware and operating system security patches that mitigate known Meltdown and Spectre vulnerabilities. This combination makes POWER9 running IBM i the best option for mission critical operations. For those currently on a POWER6 or POWER7 server the POWER9 is going to be like greased lightning. In fact, I recommend ordering a seatbelt with your new server as you are going to need to be strapped in when you start running your IBM i on POWER9. Here is your first look at this beauty, below you see a S924. Quite impressive, personally I’m ready to move my partitions. Now, let’s see how easy doing so can be.

We know integration is what IBM i on POWER is all about. Starting with the hardware and progressing through firmware, license internal code, operating system, security, and database. With all of this designed and delivered by IBM the IBM i on POWER9 is the most integrated data platform for business. Truly apart from the rest. Moving IBM i environments from POWER7 or POWER8 servers to the new POWER9 machines reflects this in the ease of migration. Yes, this is easy, truly. Let’s get into the details.

There are going to be various ways to accomplish moving onto a POWER9, let’s start with the one which will be used by most people. By simply putting the latest Technology Refresh (TR) onto your system running 7.2 or 7.3 you are done. BAM! Ready to migrate to new hardware just like that. Of course, this is what I have been professing for years – the value of staying current. POWER9 will only support IBM i 7.2 or 7.3 and requires the latest TR. If for some reason you thought there was a chance IBM was going to give 7.1 a last lifeline, it won’t. It’s too old and you need to move forward. For those who have been staying current with your operating systems in conjunction with IBM recommendations and are up to date with PTFs all that is needed is applying TR4 for 7.3 or TR8 for 7.2 to move to the POWER9 hardware. It really couldn’t be any easier. A summary of the steps are:

  • Be on IBM i 7.2 or 7.3.
  • Install TR8 for 7.2 or TR4 for 7.3
  • Permanently Apply your PTFs.
  • Perform a full system save.
  • Restore to your new POWER9 server.
  • Enter your new license codes.

The above is relatively simple and can be done over a weekend. I once heard the only truly open system was an automobile, you get a new car and everything is in the same place – steering wheel, brake and gas pedals, turn signals – clean the “stuff” out of the glove compartment and move it to the new car and away you go. Well, going from POWER7 or POWER8 to a new POWER9 is just as seamless. IBM i is as open as your automobile.

Another common way of migrating uses Live Partition Mobility. This technique requires PowerVM Enterprise Edition, running your IBM i partition on top of VIOS, and using an external SAN for storage.  New POWER9 servers come with PowerVM Enterprise already built in on every machine giving you this capability.  Plus, you can get 60 days of PowerVM Enterprise for your existing POWER7 or POWER8 when you purchase your new POWER9 at no charge, as I understand it. For those with downtime concerns this is a great way to have no interruption as you migrate your IBM i workload to POWER9.

At this point we know POWER9 is easy to move to for those current with their operating systems. Seriously, if you aren’t on IBM i 7.2 or 7.3 remember, that 7.1 goes out of regular support on April 30, 2018, requiring Extended SWMA after that date. It’s time to move forward and if you are further back in operating systems releases, it is way overdue.

The POWER9 line is a full family of servers IBM will be announcing throughout this year. Here are some of the highlights:

  • CPU SCM packaging for all 2-socket and 4-socket systems
  • Eliminates SW licensing issues associated with DCM designs
  • Lowers latency for CPU to CPU transfers due to simpler CPU fabric topology
  • Up to 4x increased CPU fabric bandwidth for max scalability
  • Embedded Analytics and Algorithms on the chip help run POWER9 at an always optimized frequency
  • Increased Memory capacities over POWER8 (2x and 4x on certain models)
  • Leveraging IS DIMMs to provide more competitive offerings in 2-socket and 4-socket space
  • Increased I/O bandwidth with PCIe GEN4 Slots and future PCIe GEN4 Expansion Drawer
  • 25Gb ports for High Speed GPU/OpenCAPI acceleration
  • Integrated NVMe Flash device support (Not yet for IBM i)
  • Basic form factors and power requirements remain the same
  • External DVD only, no internal DVD.

Now it is time to review what is being announced today which is the POWER9 Scale-Out Family of servers:

There is much to be said about each of these and I look forward to writing about them in future blogs. For this installment I’m going focus on the S914 as many IBM i customers will be upgrading from their S814 to the S914, it makes sense to start with this gem.

The POWER9 4U Scale Out Server is known as the S914 or machine 9009-41A and the specifications are as follows:

  • 4U server – 19” Rack enclosure
  • POWER9 Scale-Out SMT8 processor (4-core, 6-core, 8-core offerings)
  • Up to 1TB Total DDR4 Industry Standard memory RDIMMs
    • Up to 172 GB/s total system memory bandwidth
    • 16 IS RDIMM slots (no Risers)
    • 4-core offering limited to 64GB max memory
  • 8 PCIe Gen3/Gen4 slots, Full Height, Half Length
    • Two PCIe GEN4 slots (CAPI enabled)
    • Six PCIe GEN3 slots (1 reserved for Ethernet adapter)
  • High Speed 25Gb/s port for OpenCAPI / GPU Acceleration
  • 12 or 18 SFF (2.5”) bay options
  • Two internal storage controller slots
    • Single or Split backplane or Dual RAID write cache support
    • 2 Internal NVMe Flash boot adapters (two M.2 devices per card)
  • Internal RDX Media Bay (DVD External)
  • I/O Expansion Drawer support (for 6 or 8 core offerings)

This is the comparison between POWER8 and POWER9:

As we have mentioned up to date OS versions are needed for POWER9 installations, here are highlights of IBM i 7.3 TR4. It is important to note that some features are also available in IBM I 7.2 TR8 (especially those that pertain to the hardware.)`

Support for POWER9 Scale-Out Servers

  • Support for native and VIOS configurations on IBM S914 and IBM S924 servers
  • Support for native and VIOS configurations on IBM H924 server
  • Support for VIOS configurations on IBM S922 server
  • Support for VIOS configurations on IBM H922 server

Install Options Expanded

  • Extensions to the new installation process for LIC using USB 3.0 media

Expanding the Secure-ability of IBM i

  • IBM i Integrated Web Services will add advanced features to help administrators and programmers leverage APIs in a more secure environment

Increasing Productivity of Developers & Administrators

  • CL commands can be stored in the IFS with full edit and compile capability
  • New RPG IV Operation (DATA-INTO) allows programmers to parse structured data in most formats into an RPG variable
  • IBM i Access Client Solutions continues to evolve meeting the needs of our IBM i user community

IBM Software Currency

  • IBM Notes/Domino 901 Feature pack 10 (including IBM Traveler) provides security enhancements delivered for IBM i installations

I would be remiss without ending on the IBM i Support Roadmap. One of the most important charts we have for planning our technological future. Everywhere I speak I am asked about the life expectancy of IBM i.  This chart tells us all we need to know. Is there any other operating system known which currently has support through 2028?  Further while knowledge of support past 2028 isn’t known I doubt it ends after this. There is every reason to believe there are more rows below IBM i Next + 1 leading to more columns past 2028.  If not why would the edges of the paper be ripped?

Today contained many cool things for the IBM i community including two new Technology Refreshes and a new family of POWER9 based servers.  More information will become available in the upcoming weeks as these advances release on March 20, 2018.  You’ll have plenty of time to ready your machine for migration to POWER9.  Now is a good time to permanently apply existing PTFs,,so when new TRs come out you are ready to apply them.  Once that is done get in line for your POWER9 Server and prepared to move to this exciting hardware as soon as it is available.

iTech Solutions Group, LLC. Introduces New IBM i Security Framework and Onboarding Service at Regional Seminar Series in February 2018

DANBURY, CT — iTech Solutions Group, LLC. Introduces new IBM i Security Monitoring Service

At an upcoming regional seminar series, iTech Solutions Group will unveil a service unlike anything else in the industry. This new framework covers in detail all the mandatory and advisory security controls needed, with a dominant focus on the IBM i Server. This new Framework provides a security baseline for the community.. To complement this, iTech has built an onboarding methodology centered on best practice IBM iSecurity Controls Policies, which sets out the terms under which your system will be protected. The methodology also describes the procedures governing how you will achieve compliance and ongoing change control.

The seminar schedule dates are:
February 5 – Providence, RI
February 6 – Framingham, MA
February 7 – Waitsfield, VT
February 8 – Manchester, NH
February 12 – Westbury, LI
February 13 – Norwalk, CT
February 14 – New York City
February 15 – Fairfield, NJ

Pete Massiello, President and CEO of iTech Solutions Group, said “One of the key principles of the new service is to create momentum to drive improvements in security and risk management. Using this service will allow clients to drive their business forwards without worrying about a lack of inside skills, multiple tool configurations and increasingly more stringent legislation. This service is 100% designed to support clients’ current cyber-risk management processes and enhance where appropriate.”

Key Features of the new iTech IBM i Security Service:

    • Monitor the system security: To identify any security breaches and threats and unwanted/unauthorized access or access attempts.
    • Fully control and apply all the security needs and recommendations: To have full control on all security areas and to be able to close any breaches or potential threats from inside and outside the system.
    • Control access to the server: Especially through TCP/IP connections (ODBC, .NET, DDM, FTP…etc).
    • Event Monitoring: Monitor any critical system aspects that may lead to major system crash or performance degradation and send direct alerts to concerned people via SMS and e-mail to be able to take quick actions in order not to affect business continuity.
    • Reporting: Customizable, user-friendly reports bringing all security events to the forefront
    • Capability to close all major audit findings related to security and system monitoring on IBM i.
    • Compliance Reporting: Compliance policies configured and violations reported.

According to Phil Pearson, Chief Information Security Officer, “iTech is hosting customer security workshop sessions entitled Taking Back Control of your IBM i in order to guide and support IBM i customers in understanding how to better improve their security posture and help prepare for compliance and audit reporting”. To register for an upcoming seminar, please refer to the Events section of the website at: https://www.itechsol.com/events/

ABOUT ITECH SOLUTIONS GROUP, LLC.

iTech Solutions Group, LLC. Is an IBM Premier Business Partner helping its clients achieve the highest performance, utilization from their IBM POWER Systems (AS/400, iSeries) running IBM i. As an IBM Premier Business Partner, it delivers solutions and services to IBM i clients throughout the world. The company’s President and CEO, Mr. Pete Massiello, has been working with the AS/400, iSeries, and IBM i since 1989, focusing on systems management and technical support. He is a member of IBM’s certification test writing team, an IBM Certified Systems Expert with certifications in IBM i design, administration, LPAR, virtualization, implementation, and HMC management.

Published on: http://www.prweb.com/releases/2018/01/prweb15091620.htm

Spectre and Meltdown – What Do You Do for IBM i?

Spectre And Meltdown Threats

The Spectre (Variant 1 & 2) and Meltdown (Variant 3) threats that target speculative execution on all CPU’s will affect IBM Power7, Power7+, Power8, and Power9 systems and IBM has stated that it will have firmware patches for Power Systems available but does not state if its patches will cover all three variants of the vulnerabilities. IBM has not issued fixes for Power6, Power6+, and Power7 systems.

What is not known at this time is what kind of performance impact the fixes for Spectre and Meltdown will have. It will probably depend on the nature of the CPU

architecture, the way the memories are isolated and checked to keep users out of kernel space, and the way the applications make use of speculative execution.

It is possible that systems that are CPU or memory bound are going to thrash after the fixes are applied. Our advice is to benchmark the throughput of your system for some period of time before applying the patches, apply the patches and then run the tests again so that you fully understand and can document the impact.

As of January 13th, IBM has released operating system patches for IBM i 7.1, 7.2 and 7.3 to compliment the firmware patches for POWER7+, and POWER8 processors already released. The specific PTF’s required by release are as follows: Release 7.1 – MF64553, Release 7.2 – MF64552, Release 7.3 – MF6 4551.  Both the IBM i and firmware patches must be applied in order to mitigate the Spectre and Meltdown vulnerabilities.

Don’t leave your keys in the lock!  Know how to protect your company from threats.

As well, please keep watching the PSIRT blog for further developments.

The good news is that you have to be an authorized user in order exploit these vulnerabilities. Security from the IBM i level to your firewall is more important than ever. While there has been no documented case of someone breaching IBM i security without a user ID and password, there are many ways to gain access to an IBM i partition if adequate security measures are not followed. Hardening IBM i isn’t just moving from QSECURITY level 30 to 40. A properly hardened system should include, but certainly not limited to, the following basic measures:

Password level security – Ensure your system can use up to 128 characters for a password. The default 10 character limit of QPWDLVL 0 is not good enough.

NetServer – Ensure that no guest account exists for IBM NetServer. This will allow anyone access to your IBM i partition file shares without a user ID and password. This, combined with sharing the root (/) of your IFS can be extremely dangerous. Furthermore, if you’re on 7.1 or older version of IBM i then you are using the SMB1 protocol for file sharing. SMB1 has been deemed insecure for many years now.

Encryption – If you communicate to and from your IBM i in plain text then the length of your password does matter. There is no excuse not to encrypt your IBM i communication for any service accessed over the network which passes user IDs, passwords or other confidential information.

PTF and operating system currency –Technology that has not been patched or updated runs the risk of being compromised. This is especially true if you use open technology such as Java, OpenSSL and Apache. Java 6 and Apache 2.2 went out of support two weeks ago…have you removed Java 6 yet? Have you upgraded to 7.2 to move to Apache 2.4?

The Spectre and Meltdown vulnerabilities are perhaps the biggest security problems in the history of modern computing, but if you’re not covering the basics you may have bigger and more pressing security problems to worry about.

iTech Solutions will be applying these PTF’s for all Managed Services and OS Subscription customers in their next PTF cycle.  If you need help with your PTF’s or OS upgrades please contact us.

Identifying the Real Threat in Today’s Cyber World

Everywhere we go these days the topics below are being discussed, not only in IT circles, everywhere.

  • Security
  • Hacking
  • On-Line confidentially
  • Malware and viruses
  • Ransomware

Who among us hasn’t been concerned about the Equifax breach and the subsequent fraudulent verification site? Remember a couple of years ago when Target and Home Depot POS systems were hacked within weeks of each other and during the holidays? I spent so much time without my credit and debit cards I actually was forced to regress into using cash (gasp!) at physical stores to complete Christmas shopping. It was not a heartwarming holiday experience to say the least especially in the grip of a typical New York December.

We have become smarter about data! Finally. The ramifications of our reliance on credit/debit cards and mobile devices have wrought implications on our personal identity security. In response many of us have made changes in how we divulge and store our personal data. We use stronger encryption on our home wireless networks, check for HTTPS and the lock icon before entering payment information, guard our SSN numbers, even refuse to allow our driver’s license to be copied without good cause. This awareness and proactive behavior is crucial as we allow electronic transactions to take over our financial lives.

Of course, these trends haven’t gone unnoticed by our employers or the businesses we deal with. Security was an overwhelming focus of many of the conferences I attended this year and I have been asked often about penetration testing and ethical hacking protocols. If you are an IBM i professional you are aware of the debate over the safety of the system. You have heard, “there has never been a single line of malicious code run on an i.” However, you probably have also heard about the security threats to our organizations and the adage that the system is the most “securable” not necessarily properly secured. Responsible and knowledgeable professionals are needed to configure, monitor, and respond to the threats we face on our platform.

As we look at the headline grabbing/fear inspiring stories recurrent patterns emerge. First and foremost, the greatest threat to our organization comes from within. Anyone reading this blog surely has at least one example from personal experience of using back doors and working around an application or system setting to achieve a goal that was prohibited. This is the same mentality we see in one of the most common data manipulation techniques. FTP files off the system, modify the data, FTP back altering the original tables. As FTP isn’t logged on the IBM i the way legitimate changes are in Db2 this is an easily exploited vulnerability. How often do we have a health check or a security assessment performed only to ignore the findings? We will change the settings or amend the authorizations just as soon as we have time. Or worse, we make recommended changes and jobs stop running properly, an important user gets locked out, or business is interrupted in some way and we change everything back quickly. This tends to lead to becoming fearful of trying to address security issues at all. No one wants to be responsible for interruptions and outages especially when it seems to indicate lack of ability or competence in our skill set. As a result default passwords remain unchanged while Bertha in the warehouse keeps her *ALLOBJ authority (in spite of being woefully ignorant of the implications and prone to walking away from her workstation while signed in with the screen unlocked.) We can’t even begin to implement best practices until we are honest about our own worst practices.

I doubt I was the only one who reviewed what happened at Equifax and had little difficulty seeing how easy it would be to have been involved. Whose responsibility was it to maintain the Apache Struts infrastructure? Obviously not upper management who couldn’t spell PTF much less know what was released and why, nor if applicable to their system. The developers in the trenches? Maybe, but if the task wasn’t assigned to someone specifically who would assume the responsibility? IT Management? They would have visibility to what is needed and relevance to the environment but how hard is it to prioritize routine updates? Especially when downtime and off hours effort is needed? How often do we say “After we catch up, after this deadline, when someone comes back from vacation…”

We need to educate ourselves about threat intelligence. One of the very foundations of quality assurance itself is the impossibility of eliminating risk entirely. We all accept varying degrees of exposure at all times in our connected culture. My kids are on line every night to complete homework and collaborate via Google Docs on an iPad provided from their school. I control the heating and air conditioning of my house from my smart phone regardless of where I am in the world although my mom can’t understand the interface well enough to control in person.  I share photos with far off friends and family creating a crystal clear indicator that I am on vacation and my home is empty. We – as business and individuals – trade security for efficient productivity and convenience every day. Using my above example involving FTP; how many would answer “there is a legitimate business need for transferring files and I have to get my orders/update inventory/allocate resources/etc.”? I take a risk every time I use a credit/debit card but remain as committed to Amazon Prime and paying at the pump when I buy gas as the next person.

So, what exactly is Threat Intelligence? Simply put it is knowledge based on evidence about risks, hazards, or menaces we face. More importantly it means using that insight to inform our responses to same. We can’t protect ourselves against a threat we can’t comprehend exists or deny affects us. We need to think about how current threats will evolve and impact business in the years to come. Further as we plan, design, andimplement security conscious secure systems with complimentary applications we need to be realistic.

The most potent opportunity for exploitation is the combination of inadequate measures in our infrastructure technically, an authorized user who is careless or disenfranchised, and a corporate culture that is blind to these factors and their ramifications.

Click here to get your guide

The experts at iTech have produced a new guide 5 Tips for Monitoring IBM i Critical Events to help you ensure that you are monitoring some of the most critical IBM i events.  Get your copy here.

Will your IBM i Be Ready When Disaster Strikes?

Mother Nature has been letting us know that she is in charge lately. With Hurricane Harvey’s recent destruction in Texas, we are reminded of how important it is to be prepared for a disaster. Today, Hurricane Irma is threatening Florida and we felt that now is the time for companies to be sure that they are prepared in the event of a disaster. As a result, we have created a guide with 25 steps to help ensure that you are prepared before a disaster strikes.

If you’re fortunate enough to not be in the path of Irma, now is a good time to verify that your disaster recovery plan is in good order. Mother Nature may not be a threat to your business today, but tornadoes, wild fires, and major snow storms can also wreak havoc on your availability. If you don’t have a plan, then how will you ever recover from a disaster? If you don’t test your plan, how do you know it will work?

Having high availability is by far the best way to protect your business and ensure that you can keep the business running in the event of a disaster. Companies often think that high availability is cost prohibitive, this isn’t the case anymore. iTech Solutions can offer high availability in our Tier III data center for a low monthly fee. This includes the software for replication.

You may think you have everything covered with your backups, but are you sure that you can recover from your existing backup tapes? When is the last time you did a full system save? If it’s been awhile you may be more exposed than you think. If you do a full system save regularly, you could still be exposed if your tapes are not stored offsite. If they are stored offsite, do you know how to get them in the event of a disaster?  

In the event that you don’t have high availability and can’t just do a role swap and keep the business running, we have created a guide with 25 tips to help you to be prepared in the event of a disaster. Here are a few of the topics we discuss:

  • Have a decision matrix
  • Access to tapes
  • Contact lists
  • Encryption
  • Alternative method for employees to charge their cell phones

Click here to get your guide

You can read all of our tips in our Will your IBM i Be Ready When Disaster Strikes white paper.  We want to help you be prepared before a disaster strikes, so you don’t have to worry about your IBM i when Mother Nature decides it’s time for a storm.  We want you to be able to focus on what is most important during these times, your family and your own safety. We hope all of our customers in Florida fair well from the storm and we’re thinking of those who have been affected by Harvey.  

If you need help to ensure that you are ready before disaster strikes contact iTech Solutions at sales@itechsol.com. We’re happy to help you develop a disaster recovery plan that works for your company.

3 Common Problems From Your OS Being Out of Date

We’ve recently written about how important it is to keep your IBM i current with OS releases and PTF’s in order to ensure that your system is secure, available and performing at its peak.

Through years of working with customers and prospects, we have found three things that tend to effect whether or not companies keep their OS current; time, knowledge and money.

Keeping these things in mind, we have developed different services that can help you to keep current.

A common problem we uncover when talking to companies is they don’t have the human resources to complete the tasks on a more regular basis.
When you have a small team of people supporting the platform, everyone is usually stretched thin with little time for other tasks.  Having a partner who you can offload these tasks to can be a huge benefit.

If you lack the knowledge or feel it’s just been too long since the last time you did an upgrade, you are not alone.
This is another common problem company’s face in regards to keeping their OS current. The good news is that iTech Solutions does 100’s of OS upgrades and PTF applications a year, which means we know exactly what needs to be done already. No need to stress over it, we can keep you current.

The final problem is the cost of having someone assist you with OS upgrades and PTF’s. 
Often the business thinks that if you are in IT, you should be able to handle the task without help. They don’t understand the time and effort required to ensure a smooth upgrade or PTF process. When IT requests to have a consultant do work, the business often pushes back.

Costs become an instant barrier and as a result the OS gets further and further behind. iTech Solutions offers a new service that can help you keep your OS current for a very low monthly fee. The best part is the monthly fee is so low, that the business can easily justify the cost of the service.

Contact iTech about an OS Upgrade or PTFs

The good news is that regardless of which problem you face when trying to keep your OS current, iTech Solutions can help you. 

We’ve developed a process that makes it easy for us to assist our customers with OS upgrades and PTF maintenance.  We can offer these services either on an as requested basis or through our proactive subscription offering. Regardless of which option works best for you, we can help your company to take advantage of the benefits of paying SWMA. Why wouldn’t you want to improve security, ensure availability and take advantage of new features?

What the End of IBM i 7.1 Support Means For You

ibmi_graveyard

IBM i 7.1 is going to be headed for the IBM i support graveyard very soon.  IBM recently announced that IBM i 7.1 will be end of life on April 30, 2018, which means it’s time to move to 7.2 or 7.3.  We all know that you can stay on 7.1 and pay the service extension fees to IBM, but I’m not sure why you would throw your money away on that.

IBM i 7.3 has been GA for over a year and it is a stable release. In fact, iTech was a beta site for 7.3 and this release has been rock solid since the beta release. We’ve been busy helping our customers move to this release for a year now and we’re hearing from more and more of them every day that they want us to move them to 7.3.

The biggest challenge to every upgrade is the planning.  It’s not just about what version of Java you are running, or whether or not you have WebSphere, LAN Console, size of the load source, expanding the license internal code space, or having the correct preparation PTFs on. You have to be worried about vendor applications.  By now your vendors should have their applications supported on 7.3.

Should you go to IBM i 7.2 or skip to IBM i 7.3?

The answer should be to get to the latest and greatest version, if at all possible. You can make the move from 7.1 directly to 7.3, so that won’t be an issue. If your vendor applications can go to 7.3 then you really should make that jump now. We also have to insure that your hardware is capable of supporting 7.3

Upgrading will allow you to take advantage of the new features in 7.3 and will prevent you from having to make another upgrade when 7.2 is end of life. Also, the features in 7.3 that support temporal support and row and column access control can help you to provide the business with improved business intelligence and increased security.

When’s the last time you performed an upgrade?

How long has it been since you’ve done an OS upgrade?  If there answer is, it’s been a while, than we suggest you contact us for help.  We do multiple OS upgrades every week.  So, chances are we have encountered any issues your upgrade may encounter before, which means we already know what to do to solve it.

Why do I need to keep Current with OS Release and PTFs?

The rate of change in IT is staggering.  We all know that the IBM i is a solid platform, which is why people often are not as concerned with updating their OS levels.  The mentality has become, if it’s not broken then don’t fix it. This attitude has caused a lot of misconceptions about IBM i. Those who are not familiar with the platform think it is dead, old technology that needs to be replaced. They don’t realize all the new things that you can do with IBM i. They think it’s a green screen platform that has nothing new to offer to the business. This can’t be further from the truth. By not keeping your OS current, you could actually be working yourself right out of a job.

IBM has invested in support for Open Source, which offers you the ability to modernize your user interfaces utilizing modern programming languages like PHP, Java, Node.js, Python, Chroot with gcc, Git, along with various open source tools. This allows you to provide modern interfaces through multiple devices. It also allows you to bring in young programmers who can breathe new life into your applications.

Security is another major concern. A lot has changed since 2010 and you need to keep your OS current to ensure that your system is as secure as it can be.  Row and column access controls add a new layer of security to your data, which allows users to have access to information they need, while masking information they should not see. If you are using encryption, it’s even more important to stay current, as the new ciphers are maintained in the most current release of the OS only.

If you’re not keeping up, then you are behind. If you’re behind, then Management may think that the IBM i isn’t offering a new business value. This couldn’t be further from the truth. Protect your company’s investment in IBM i by ensuring that management understands what the platform has to offer. Educate them on everything they can do with today’s versions of the software and hardware. Invite them to attend conferences like COMMON, NEUGC, and others.

We are happy to be a resource. Contact us to provide an executive briefing to your management team.  If we’re not promoting the platform, the mentality that it is old and should be replaced will continue, despite the fact that it is the best business computer available!

 

Ensuring that your IBM i isn’t Vulnerable to Attacks

data_breachIf you believe your IBM i is 100% secure from attacks both inside and outside the firewall, then you are probably at risk. Many companies are under a false sense of security that their data is safe just because it resides on IBM i. A good IBM i administrator should be able to demonstrate that their systems are being proactively assessed and interrogated to minimize the risk of security vulnerabilities. Regardless of architecture, no system is 100% secure. However, when security is viewed as an operating strategy rather than a goal the chances of a breach with data loss is reduced substantially.

[Get 5 Tips to Improving Your IBM i Security]

Where is your system vulnerable?

The IBM i is probably the most securable system available, but it doesn’t come that way.  You have to know how to configure the system properly to make it secure.  This requires knowledge about proper security levels, password levels, authorities and more. Even a well-managed system may still be exposed, without you realizing it. Having your IBM i assessed by an IBM i Security expert can help ensure that your system is as protected as it can be.

Passwords
Poorly implemented password policies are one of the most prevalent risks faced by IBM i shops. Limiting password lengths to only 10 characters is extremely risky.  It makes it easier for someone to hack into your system, therefore putting your data and business at risk. In addition to not requiring strong enough passwords, too many shops still have users with default passwords.  If you still have users with default passwords, you really should take the time to change them.  You’re not the only one who knows what the default passwords are, it’s like leaving your front door wide open.  Anyone can get it and harm your system.

Authorities
Almost every system has users with elevated authorities, but the question is do they need that level of authority to perform their job on a day to day basis?  If the answer is no, then you should really reset their authority to the most appropriately level.  Too many users’ with *ALLOBJ authority or *SECADM rights expose your system to harm or loss.  Do you know how many users have elevated authorities on your system?

IBM i applications are notorious for having more authority granted to their objects than what is really necessary to execute the application functions.  Sometimes when trouble shooting a problem, the solution is to decrease the object level security and sometimes people forget to go back and reset it to the higher level. Excessive object level authorities really expose your system to threats.  It’s important to assess your object level security and set it to the lowest level possible in order to protect your business.

IFS
Another potential threat is due to the fact that the IFS is not secure out of the box.  It is up to you to ensure that your IFS directory is secure from external and internal threats. Defining access rights properly is crucial to protecting your companies IFS data.  Not only is your data exposed to loss, your IFS is exposed to infected files.  While it’s true that the IBM i can’t get infected by a virus, the IFS can carry a virus which can spread. It’s important to secure your IFS properly, so that you’re not at risk of losing critical company data or spreading a virus.  

These are just a few of the things you need to check in order to assess your system for security vulnerabilities.  There are others you need to consider such as, the version of Java you are running, whether or not your ciphers are current, is TELNET unencrypted and are you logging FTP access.

iTech Solutions offers a Security Assessment that will check these things and more. We can help you to determine which items put you at the most risk, so you can mitigate your vulnerabilities quickly.

Security is not set it and forget it

Companies often set their IBM I security and forget about it, thinking their job is done. The truth is you should be reviewing your security on a regular basis to ensure that things haven’t changed.  An administrator can change a system value or provide a user with elevated authorities to solve a problem and may not go back and clean up. Having a second set of eyes reviewing the state of your system security and providing you with a detailed report and in depth review, will improve your security and protect your data.

Download iTech’s “Five Tips for Improving your IBM i Security for some tips on how to improve your security.

New Call-to-action

 

How to Conquer the Challenge of IBM i Staffing

IBM_i_staffing

The use of Managed Services are predicted to continue to increase in 2017. Companies are realizing that focusing on what they do best can provide them with a competitive edge. This is especially true in IT. Whether you want to supplement your staff, become more proactive with your system maintenance or shorten your problem resolution time, Managed Services can help.

Supplementing your existing staff with an IBM i Certified Systems Administrator will allow your team to focus on core business strategies and innovation.

Often small companies don’t have a dedicated system administrator, instead a programmer has to pull double duty. This isn’t good for business because you’re getting the bare minimum for administration and that time is taken away from development activities. Focusing your existing resources where they have the biggest impact on your business, will help you to get the most out of your team.

Since the IBM i is so reliable and just seems to run, companies have been lax in replacing staff in some cases.  Whether someone retires or they leave the company for a new opportunity, some of those people are not replaced. Eventually, shops have no one who is actively managing the IBM i, instead they are just reacting to problems. Problem resolution times are increased when you wait for the users to report problems, which can have a negative effect on your business.

This leads to another issue; putting all your eggs in one basket. When you have one resource who has the knowledge and the skills to maintain your IBM i, you are at risk. If that person leaves for any reason, you have to try to transfer the knowledge to another resource, if that is even possible. With Managed Services you have a team of people who are familiar with your environment and you never have to worry about someone leaving.

Without a real time monitoring solution, your staff has to either react to user complaints or spend their time manually looking through logs to ensure that everything is working as expected. Sometimes, not even finding the problems. None of these options are good.  With Managed Services companies you gain the benefit of having proactive monitoring, without the cost of licensing and maintaining a monitoring solution.

Proactive monitoring notifies the Provider when a problem occurs and allows them to take action or notify the right person. 

With a Certified IBM i Administrator receiving the alerts, you also gain the benefit of the experience the provider has from solving problems for other customers. Both of these benefits allow for faster problem resolution, increasing system performance and availability.

System Maintenance tasks like IBM i OS upgrades and PTF Maintenance are things that usually have to be done after hours, and they require tons of planning. When you are already short staffed, or you have your programmer doing system maintenance, it seems like updates get further and further apart.  If at all. Having a regular maintenance schedule performed by a Managed Services provider helps ensure that your system remains healthy, optimized, and secure.

If you are in one of these situations, you’re not alone. That’s why Managed Services will continue to grow this year. The good news is that iTech Solutions can help you.

Learn more about our MSP services by getting a copy of the MSP benefit guide




Benefit_guide_CTA