Will your IBM i Be Ready When Disaster Strikes?

Mother Nature has been letting us know that she is in charge lately. With Hurricane Harvey’s recent destruction in Texas, we are reminded of how important it is to be prepared for a disaster. Today, Hurricane Irma is threatening Florida and we felt that now is the time for companies to be sure that they are prepared in the event of a disaster. As a result, we have created a guide with 25 steps to help ensure that you are prepared before a disaster strikes.

If you’re fortunate enough to not be in the path of Irma, now is a good time to verify that your disaster recovery plan is in good order. Mother Nature may not be a threat to your business today, but tornadoes, wild fires, and major snow storms can also wreak havoc on your availability. If you don’t have a plan, then how will you ever recover from a disaster? If you don’t test your plan, how do you know it will work?

Having high availability is by far the best way to protect your business and ensure that you can keep the business running in the event of a disaster. Companies often think that high availability is cost prohibitive, this isn’t the case anymore. iTech Solutions can offer high availability in our Tier III data center for a low monthly fee. This includes the software for replication.

You may think you have everything covered with your backups, but are you sure that you can recover from your existing backup tapes? When is the last time you did a full system save? If it’s been awhile you may be more exposed than you think. If you do a full system save regularly, you could still be exposed if your tapes are not stored offsite. If they are stored offsite, do you know how to get them in the event of a disaster?  

In the event that you don’t have high availability and can’t just do a role swap and keep the business running, we have created a guide with 25 tips to help you to be prepared in the event of a disaster. Here are a few of the topics we discuss:

  • Have a decision matrix
  • Access to tapes
  • Contact lists
  • Encryption
  • Alternative method for employees to charge their cell phones

Click here to get your guide

You can read all of our tips in our Will your IBM i Be Ready When Disaster Strikes white paper.  We want to help you be prepared before a disaster strikes, so you don’t have to worry about your IBM i when Mother Nature decides it’s time for a storm.  We want you to be able to focus on what is most important during these times, your family and your own safety. We hope all of our customers in Florida fair well from the storm and we’re thinking of those who have been affected by Harvey.  

If you need help to ensure that you are ready before disaster strikes contact iTech Solutions at sales@itechsol.com. We’re happy to help you develop a disaster recovery plan that works for your company.

3 Common Problems From Your OS Being Out of Date

We’ve recently written about how important it is to keep your IBM i current with OS releases and PTF’s in order to ensure that your system is secure, available and performing at its peak.

Through years of working with customers and prospects, we have found three things that tend to effect whether or not companies keep their OS current; time, knowledge and money.

Keeping these things in mind, we have developed different services that can help you to keep current.

A common problem we uncover when talking to companies is they don’t have the human resources to complete the tasks on a more regular basis.
When you have a small team of people supporting the platform, everyone is usually stretched thin with little time for other tasks.  Having a partner who you can offload these tasks to can be a huge benefit.

If you lack the knowledge or feel it’s just been too long since the last time you did an upgrade, you are not alone.
This is another common problem company’s face in regards to keeping their OS current. The good news is that iTech Solutions does 100’s of OS upgrades and PTF applications a year, which means we know exactly what needs to be done already. No need to stress over it, we can keep you current.

The final problem is the cost of having someone assist you with OS upgrades and PTF’s. 
Often the business thinks that if you are in IT, you should be able to handle the task without help. They don’t understand the time and effort required to ensure a smooth upgrade or PTF process. When IT requests to have a consultant do work, the business often pushes back.

Costs become an instant barrier and as a result the OS gets further and further behind. iTech Solutions offers a new service that can help you keep your OS current for a very low monthly fee. The best part is the monthly fee is so low, that the business can easily justify the cost of the service.

Contact iTech about an OS Upgrade or PTFs

The good news is that regardless of which problem you face when trying to keep your OS current, iTech Solutions can help you. 

We’ve developed a process that makes it easy for us to assist our customers with OS upgrades and PTF maintenance.  We can offer these services either on an as requested basis or through our proactive subscription offering. Regardless of which option works best for you, we can help your company to take advantage of the benefits of paying SWMA. Why wouldn’t you want to improve security, ensure availability and take advantage of new features?

What the End of IBM i 7.1 Support Means For You


IBM i 7.1 is going to be headed for the IBM i support graveyard very soon.  IBM recently announced that IBM i 7.1 will be end of life on April 30, 2018, which means it’s time to move to 7.2 or 7.3.  We all know that you can stay on 7.1 and pay the service extension fees to IBM, but I’m not sure why you would throw your money away on that.

IBM i 7.3 has been GA for over a year and it is a stable release. In fact, iTech was a beta site for 7.3 and this release has been rock solid since the beta release. We’ve been busy helping our customers move to this release for a year now and we’re hearing from more and more of them every day that they want us to move them to 7.3.

The biggest challenge to every upgrade is the planning.  It’s not just about what version of Java you are running, or whether or not you have WebSphere, LAN Console, size of the load source, expanding the license internal code space, or having the correct preparation PTFs on. You have to be worried about vendor applications.  By now your vendors should have their applications supported on 7.3.

Should you go to IBM i 7.2 or skip to IBM i 7.3?

The answer should be to get to the latest and greatest version, if at all possible. You can make the move from 7.1 directly to 7.3, so that won’t be an issue. If your vendor applications can go to 7.3 then you really should make that jump now. We also have to insure that your hardware is capable of supporting 7.3

Upgrading will allow you to take advantage of the new features in 7.3 and will prevent you from having to make another upgrade when 7.2 is end of life. Also, the features in 7.3 that support temporal support and row and column access control can help you to provide the business with improved business intelligence and increased security.

When’s the last time you performed an upgrade?

How long has it been since you’ve done an OS upgrade?  If there answer is, it’s been a while, than we suggest you contact us for help.  We do multiple OS upgrades every week.  So, chances are we have encountered any issues your upgrade may encounter before, which means we already know what to do to solve it.

Why do I need to keep Current with OS Release and PTFs?

The rate of change in IT is staggering.  We all know that the IBM i is a solid platform, which is why people often are not as concerned with updating their OS levels.  The mentality has become, if it’s not broken then don’t fix it. This attitude has caused a lot of misconceptions about IBM i. Those who are not familiar with the platform think it is dead, old technology that needs to be replaced. They don’t realize all the new things that you can do with IBM i. They think it’s a green screen platform that has nothing new to offer to the business. This can’t be further from the truth. By not keeping your OS current, you could actually be working yourself right out of a job.

IBM has invested in support for Open Source, which offers you the ability to modernize your user interfaces utilizing modern programming languages like PHP, Java, Node.js, Python, Chroot with gcc, Git, along with various open source tools. This allows you to provide modern interfaces through multiple devices. It also allows you to bring in young programmers who can breathe new life into your applications.

Security is another major concern. A lot has changed since 2010 and you need to keep your OS current to ensure that your system is as secure as it can be.  Row and column access controls add a new layer of security to your data, which allows users to have access to information they need, while masking information they should not see. If you are using encryption, it’s even more important to stay current, as the new ciphers are maintained in the most current release of the OS only.

If you’re not keeping up, then you are behind. If you’re behind, then Management may think that the IBM i isn’t offering a new business value. This couldn’t be further from the truth. Protect your company’s investment in IBM i by ensuring that management understands what the platform has to offer. Educate them on everything they can do with today’s versions of the software and hardware. Invite them to attend conferences like COMMON, NEUGC, and others.

We are happy to be a resource. Contact us to provide an executive briefing to your management team.  If we’re not promoting the platform, the mentality that it is old and should be replaced will continue, despite the fact that it is the best business computer available!


Ensuring that your IBM i isn’t Vulnerable to Attacks

data_breachIf you believe your IBM i is 100% secure from attacks both inside and outside the firewall, then you are probably at risk. Many companies are under a false sense of security that their data is safe just because it resides on IBM i. A good IBM i administrator should be able to demonstrate that their systems are being proactively assessed and interrogated to minimize the risk of security vulnerabilities. Regardless of architecture, no system is 100% secure. However, when security is viewed as an operating strategy rather than a goal the chances of a breach with data loss is reduced substantially.

[Get 5 Tips to Improving Your IBM i Security]

Where is your system vulnerable?

The IBM i is probably the most securable system available, but it doesn’t come that way.  You have to know how to configure the system properly to make it secure.  This requires knowledge about proper security levels, password levels, authorities and more. Even a well-managed system may still be exposed, without you realizing it. Having your IBM i assessed by an IBM i Security expert can help ensure that your system is as protected as it can be.

Poorly implemented password policies are one of the most prevalent risks faced by IBM i shops. Limiting password lengths to only 10 characters is extremely risky.  It makes it easier for someone to hack into your system, therefore putting your data and business at risk. In addition to not requiring strong enough passwords, too many shops still have users with default passwords.  If you still have users with default passwords, you really should take the time to change them.  You’re not the only one who knows what the default passwords are, it’s like leaving your front door wide open.  Anyone can get it and harm your system.

Almost every system has users with elevated authorities, but the question is do they need that level of authority to perform their job on a day to day basis?  If the answer is no, then you should really reset their authority to the most appropriately level.  Too many users’ with *ALLOBJ authority or *SECADM rights expose your system to harm or loss.  Do you know how many users have elevated authorities on your system?

IBM i applications are notorious for having more authority granted to their objects than what is really necessary to execute the application functions.  Sometimes when trouble shooting a problem, the solution is to decrease the object level security and sometimes people forget to go back and reset it to the higher level. Excessive object level authorities really expose your system to threats.  It’s important to assess your object level security and set it to the lowest level possible in order to protect your business.

Another potential threat is due to the fact that the IFS is not secure out of the box.  It is up to you to ensure that your IFS directory is secure from external and internal threats. Defining access rights properly is crucial to protecting your companies IFS data.  Not only is your data exposed to loss, your IFS is exposed to infected files.  While it’s true that the IBM i can’t get infected by a virus, the IFS can carry a virus which can spread. It’s important to secure your IFS properly, so that you’re not at risk of losing critical company data or spreading a virus.  

These are just a few of the things you need to check in order to assess your system for security vulnerabilities.  There are others you need to consider such as, the version of Java you are running, whether or not your ciphers are current, is TELNET unencrypted and are you logging FTP access.

iTech Solutions offers a Security Assessment that will check these things and more. We can help you to determine which items put you at the most risk, so you can mitigate your vulnerabilities quickly.

Security is not set it and forget it

Companies often set their IBM I security and forget about it, thinking their job is done. The truth is you should be reviewing your security on a regular basis to ensure that things haven’t changed.  An administrator can change a system value or provide a user with elevated authorities to solve a problem and may not go back and clean up. Having a second set of eyes reviewing the state of your system security and providing you with a detailed report and in depth review, will improve your security and protect your data.

Download iTech’s “Five Tips for Improving your IBM i Security for some tips on how to improve your security.

New Call-to-action


How to Conquer the Challenge of IBM i Staffing


The use of Managed Services are predicted to continue to increase in 2017. Companies are realizing that focusing on what they do best can provide them with a competitive edge. This is especially true in IT. Whether you want to supplement your staff, become more proactive with your system maintenance or shorten your problem resolution time, Managed Services can help.

Supplementing your existing staff with an IBM i Certified Systems Administrator will allow your team to focus on core business strategies and innovation.

Often small companies don’t have a dedicated system administrator, instead a programmer has to pull double duty. This isn’t good for business because you’re getting the bare minimum for administration and that time is taken away from development activities. Focusing your existing resources where they have the biggest impact on your business, will help you to get the most out of your team.

Since the IBM i is so reliable and just seems to run, companies have been lax in replacing staff in some cases.  Whether someone retires or they leave the company for a new opportunity, some of those people are not replaced. Eventually, shops have no one who is actively managing the IBM i, instead they are just reacting to problems. Problem resolution times are increased when you wait for the users to report problems, which can have a negative effect on your business.

This leads to another issue; putting all your eggs in one basket. When you have one resource who has the knowledge and the skills to maintain your IBM i, you are at risk. If that person leaves for any reason, you have to try to transfer the knowledge to another resource, if that is even possible. With Managed Services you have a team of people who are familiar with your environment and you never have to worry about someone leaving.

Without a real time monitoring solution, your staff has to either react to user complaints or spend their time manually looking through logs to ensure that everything is working as expected. Sometimes, not even finding the problems. None of these options are good.  With Managed Services companies you gain the benefit of having proactive monitoring, without the cost of licensing and maintaining a monitoring solution.

Proactive monitoring notifies the Provider when a problem occurs and allows them to take action or notify the right person. 

With a Certified IBM i Administrator receiving the alerts, you also gain the benefit of the experience the provider has from solving problems for other customers. Both of these benefits allow for faster problem resolution, increasing system performance and availability.

System Maintenance tasks like IBM i OS upgrades and PTF Maintenance are things that usually have to be done after hours, and they require tons of planning. When you are already short staffed, or you have your programmer doing system maintenance, it seems like updates get further and further apart.  If at all. Having a regular maintenance schedule performed by a Managed Services provider helps ensure that your system remains healthy, optimized, and secure.

If you are in one of these situations, you’re not alone. That’s why Managed Services will continue to grow this year. The good news is that iTech Solutions can help you.

Learn more about our MSP services by getting a copy of the MSP benefit guide


7.3 Items to Be Aware of When Upgrading to IBM i 7.3 – Part 4

This is part 4 of a 4 part series on the new IBM i 7.3 Upgrade. See the first posts in this series below:

know the minimum releases to run on IBM i 7.37. Supported Versions

There are certainly Licensed Program Products (LPPs) which will need to have minimum releases to run on IBM i 7.3, and some releases are no longer supported on IBM i 7.3.  In either case, how did you think I was going to provide 7.3 items to consider? This next item is the seventh item, Supported Versions, and I have 3 points under this last highlight.

  1. Java.  IBM Developer Kit for Java 5770-JV1 will be removing IBM Technology for Java 6.0 (options 11 and 12) on IBM i 7.3.  Therefore, before upgrading use the WRKJVMJOB command to ensure that all your jobs are using a newer version of a JVM.  By the way, the default JVM for IBM i 7.3 is Java 8.0 32bit, which is option 16.
  2. Domino.  For 7.3 the minimum release of Domino has yet to be published by IBM, we know the minimum release for IBM i 7.2 is Domino 9.0.1.  Most of the time the compatibility is related to the dependent release of Java.  If you are below version 9.0.1, you will need to be looking at an upgrade, and we are waiting for IBM to update the website. (Collaboration and Social(Lotus) Software for IBM i Compatibility Guide)
  3. IBM WebSphere Application Server.  Versions 8.0 and earlier versions are not supported and will not function on IBM i 7.3.  You will need to be on version 8.5 or later of WebSphere Application server, with fix pack You must upgrade to a supported version before upgrading to 7.3.

This isn’t the actual upgrade guide, but some of the issues that people may run into during an upgrade which they have to address prior to the upgrade in their planning process.  There are other issues like with iSCSI, WebSphere MQ minimum releases, IBM Content OnDemand minimum releases, and changes to Universal Connection hostnames.

In any upgrade, planning is one of the most important steps and should never be rushed or glossed over.  If you need help, would like iTech to do the upgrade for you, or just want to have peace of mind knowing that a company that does more upgrades in a week than you will do in a decade is working for you, then contact sales@itechsol.com to enlist our help.

Don’t forget to grab your copy of The IBM i State of the Union, Pete’s Predictions for 2016.

Have questions about your next upgrade? Schedule an Upgrade Assessment with the iTech Solutions team.


7.3 Items to Be Aware of When Upgrading to IBM i 7.3 – Part 3

This is part 3 of a 4 part series on the new IBM i 7.3 Upgrade. Links to the rest of the series are listed a the bottom of this article.

5. IBM i NetServer Shared Printer Changes

be prepared for the IBM i 7.3 upgradeNetServer Shared Printers will behave differently after upgrading to IBM i 7.3. There is a new version of the Server Message Block (SMB) protocol. Version 2 (SMB2) has been added and is now the default that is negotiated with IBM i NetServer clients. The new protocol handles printing differently and printer functions will no longer work as they did in prior releases. Documents can still be printed to shared printer queues from Windows clients, but additional steps are required to configure the printer.

SMB2 support can be disabled on the system if the printing limitations are incompatible with existing network printer use.

6. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Changes

It may seem that you have issues every day on your PC when using Java and your browser, especially when it comes to SSL and TLS. There are so many vulnerabilities that what we thought was once secure, just is no longer.  So, for IBM i 7.3, only cipher suites considered secure are included.

The system value QSSLCSL cipher specification list generated when system value QSSLCSLCTL is *OPSYS has changed from the previous release. The IBM i 7.3 list contains only cipher suites considered okay for use by security compliance definitions at the time 7.3 was released. It is impossible for an application using System SSL/TLS to use a cipher suite not listed in QSSLCSL. Administrators can control the ciphers supported by System SSL/TLS via the system value QSSLCSL when QSSLCSLCTL is set to *USRDFN.(Learn more about SSL/TLS changes for IBM i 7.3 here.)

List change highlights:

  • The Rivest Cipher 4 (RC4) 128-bit ciphers are removed.
  • The Galois/Counter Mode (GCM) ciphers are now listed first, which makes them preferred over the Cipher Block Chaining (CBC) ciphers.
  • All ciphers with less than 128-bit are removed.


This was Part 3 of a four part series. See the following posts below:

7.3 Items to Be Aware of When Upgrading to IBM i 7.3 – Part 2

This is part 2 of a 4 part series on the new IBM i 7.3 Upgrade. Links to the rest of the series are listed a the bottom of this article.

things to know before you upgrade to IBM i 7.33. Increase the Licensed Internal Code space

If you are upgrading from 7.1 to 7.3 you need to increase the Licensed Internal Code space on the load source disk.  All server models with IBM i 7.1 or earlier releases require more reserved storage before IBM i 7.2 or 7.3 can be installed. Your upgrade will stop during the installation if you do not allocate the additional space.

You can do this by issuing the GO LICPGM on the command line, selecting option 5 on the menu to Prepare for upgrade, and then selecting the option to increase License Internal Code space.  Remember, your load source will need to be at least 70GB for a physical disk drive and 35GB for a virtual disk drive.

4. Required PTFs

While I think it goes without saying that you should always get to the latest PTFs on the release you are upgrading from before starting your upgrade, this release of IBM i 7.3 is no different.  As you plan for your IBM 7.3 installation or upgrade ensure that you review the “Required PTFs for upgrading to IBM 7.3” topic within the IBM i and Related Software section of the IBM developerWorks® wiki.

To review the “Required PTFs for upgrading to IBM i 7.3”, go to this wiki and select Updates and PTFs.

If you are upgrading from IBM i 7.1 for example, you need to load and apply certain PTFs to be able to accept online software agreements. If you are using image catalogs to upgrade from either IBM i 7.1 or IBM i 7.2 certain PTFs are required. Both of these preparation steps are included in the Installing, Upgrading, or Deleting IBM i Guide. You always want all the IBM i fixes that have resolved known problems installed before you start the upgrade.

This was Part 2 of a four part series. See the following posts below:


7.3 Items to Be Aware of When Upgrading to IBM i 7.3 – Part 1

Four part series on Upgrading to IBM i 7.3As with any upgrade, the success is in the preparation. Reading the IBM i Memo to Users and the upgrade guide will help ensure you are on the right path to a successful upgrade. We want to bring to your attention a few items and pre-requisites that you need to consider before you start your upgrade to 7.3. While IBM i 7.3 contains many cool new features and functions, the upgrade has several points that you need to be aware of. These are a few of the items that I want to bring to your attention, and certainly not all the concerns that must be examined before an upgrade.  Every company’s IBM i environment is unique, and careful consideration and planning must be done for each upgrade to ensure there is no interruption to the business.

1. Power6

IBM i 7.3 is not supported on Power6 systems.  This includes Power 520, 550, 560, 570, 595, M15, M25, E4A, E4S, M50, E8A, EMA, MMA, or FHA Machines.  In addition, Power6 BladeCenter models JS12, JS22, JS23, and JS43 machines can’t run 7.3.  Also, IBM i 7.3 isn’t supported on the IBM Flex System p260 and p460 Compute nodes for POWER7 or POWER7+ (Make sure you understand this is just IBM Flex Systems), nor Blades PS700, PS701, PS702, PS703, or PS704.  While we are on the subject of hardware, if you are using iSCSI IBM i 7.3 will not support iSCSI connected System x hardware, as that product has been stabilized.

2. LAN Console

It has always been the recommendation that administrators upgrade the LAN Console software on the PC being used as the console prior to upgrading the OS.  This release is no different but you need to go another step.  You must upgrade to the new Java based Access Client Solutions product before upgrading to 7.3.

Note: The LAN console feature in the IBM i Access for Windows client will work for a D-mode install because SSL ciphers aren’t used during the D-mode IPL but on the following A-mode IPL the IBM i Access for Windows LAN console will fail to connect. The IBM i Access for Windows client doesn’t need to be removed from the PC but be aware the IBM i Access for Windows console will not continue working if the system is upgraded to 7.3. If you are upgrading to 7.3 and you want to replace an existing console with a LAN attached Operations Console, upgrade the system before you migrate the console. This prevents any conflict between the existing console and the Operations Console.

Your choice since 7.2 has been one of two consoles, HMC or LAN Console.  You need to ensure that you have the latest version of the JAVA based IBM i Access Client Solutions product on your PC before starting the upgrade to 7.3.

This was Part 1 of a four part series. See the following posts below:


Migrating to IBM i Access Client Solutions

Last month, we discussed how to find and download IBM i Access Client Solutions, the new Java-based client software that is intended to replace the older platform-specific IBM i Access family offerings. Now that you’ve solved the maze IBM wants you to navigate in order to download the product, let’s talk about what’s next.

Note: This assumes you are on a Windows PC and are moving from IBM i Access for Windows, but most of these concepts work the same on other platforms.

Client Solutions comes as a single .zip file from the ESS website. As a Java-based program, installation is as simple as extracting the contents of the archive. You can place the software anywhere you like, but extractfor a single-PC installation the easiest option is to place it into a new folder on your C: drive.

The best way to start Client Solutions is to use one of the startup programs IBM has supplied in the download package. These programs make sure that Java starts with the right options to support the software and they provide a target for file associations, which we will discuss later. Open the location where you extracted the .zip file earlier and look inside the Start_Programs folder for the one that matches your system (use Windows 32-bit if you’re not sure). These programs need to stay where they are to work properly, but you can create a shortcut to the correct one to make it easier to start Client Solutions.

The main screen for Client Solutions provides a drop-down box to select a system to work with and a list of actions and tools you can launch. Hovering over each link will cause a brief description of that tool to appear in the right-hand panel. You’ll need to tell Client Solutions about a system before you can connect to it. copyconnectionsFortunately, a connection migration utility is included to copy your existing Access for Windows connections over into Client Solutions in one easy step. To access it, select “Copy Connections” from the File menu. Client Solutions will display a list of your Access for Windows environments and the systems defined within them. Use the arrow buttons in the middle to copy connection profiles back and forth between the two products. Once your connections are migrated and you are back on the main screen, starting your first 5250 session is as simple as selecting the target system from the drop-down and clicking the “5250 Emulator” link.

selectextensionsClient Solutions has its own session profile format (.hod), which it will use to save emulator sessions. It can also read the .ws format which Access for Windows uses (but keep in mind that AfW cannot open .hod files). If you used the Windows startup program earlier to start Client Solutions, then you will find a “File Associations” link on the Tools menu which you can use to associate these file types with Client Solutions. Setting the associations will allow you to start a 5250 emulator session directly by double-clicking a profile, bypassing the main menu.

As a relatively new product, Client Solutions is still growing. While it does provide a complete replacement for all of the core Access for Windows functionality, you may find a few places where you need to re-learn how to do things. For example, the Excel plug-in has been replaced with an option in Data Transfer to import directly into the active Excel sheet, so anyone using this feature will now need to open Excel, switch over to Client Solutions to perform the transfer, and then switch back to Excel. Another change is the lack of System i Navigatordatatransfer, which has been dropped in favor of Navigator for i (although Client Solutions does provide a link to Navigator for you). While no one likes change very much, it seems IBM is determined to force this one upon us since Access for Windows will not be supported past Windows 8.

By now you’ve probably noticed that there is a lot more in the download package than just the Java program and a few launchers; IBM provides quite a bit of documentation as well as other bits and pieces which come in handy if you’re interested in deploying the program across a network or customizing your installation. The team here at iTech has been using Client Solutions since it was available as a technology preview back in 2012, so we can tell you from experience that green screen is just scratching the surface of what it can do! If you would like us to help you with the migration, please send us an email.