IBM Power Systems are the most reliable, available, and securable systems in the world, and IBM i is hands down the best Operating System. This is why the IBM i is the backbone of many critical business processes, including financials, payroll, warehousing, distribution, and logistics, to name a few. Yet despite being responsible for running the world, the IBM i is often neglected, leading to costly mistakes.
Just because the hardware and software can run for a long time without any maintenance doesn’t mean you should let it. You know the saying, “the squeaky wheel gets the grease,” well, since the platform is so stable and reliable, it rarely squeaks. For this reason, some companies tend to ignore their IBM i. Chatty Windows environments get all the time and attention because, without it, they fail.
You’re better off spending some time and money to keep your IBM i system more current as this will help you avoid these common, costly mistakes that IBM i companies make.
#1 Assume their IBM i Secure
One of the top concerns for CIOs continues to be security year after year. The threat from ransomware and viruses continues to grow. iTech has helped over twenty companies recover from Ransomware attacks on their IBM i over the past year and a half. All these companies had one thing in common, a false sense of security regarding their IBM i platform.
This false sense of security is the biggest threat to IBM i shops because they assume they are not a risk. We know the IBM i can’t execute a program, which means you can’t infect your DB2 database with a virus, but IFS file shares can expose your IBM i OS to ransomware attacks that can encrypt your data. Users with default passwords expose your system to a potential breach and combine that with users with excess authority, and your system is a hacker’s dream.
Just because your system was secure ten years ago doesn’t mean it is today. We can no longer assume our IBM i is secure. Like your network and other platforms, you should review your IBM i security controls regularly to ensure they are still adequate.
#2 Lack of Disaster Recovery Testing
Given the increased level of threats of ransomware on IBM i, you need to have a good disaster recovery plan in place. Not only do you have to have a disaster recovery plan, but you really need to test it. I’ve talked to many customers who have an old Power system that they keep for disaster recovery purposes, but when I ask when they last tested it, they say never. While they have redundant hardware that they can use in the event of a disaster, I would argue that there isn’t a disaster recovery plan because they don’t know if it will work. The last thing you want to happen during a disaster is to find out that your recovery plan is incomplete. That’s why it’s so important to test your recoverability.
#3 No regular OS and PTF Maintenance
One of the issues with not doing regular maintenance is that you end up with more security vulnerabilities. As parts of the Operating System are deemed insecure such as ciphers or protocols, it’s essential to upgrade to a secure version. If you must comply with any regulations, you should keep your OS current for this reason alone, as every regulation I’ve read requires you to apply updates regularly.
Today’s digital world means that IT has to deliver high availability. Companies have one issue with regular maintenance: scheduling the downtime needed to accomplish it; this is where you need to negotiate with the business. Would they rather have a regular maintenance downtime window that they can communicate to their users and customers? Or would they rather have a disaster and have to recover?
IBM offers extended support for 7.2, which comes at a premium of two times your software maintenance. You are exposed to the security vulnerabilities in 7.2, and you now have double the cost for Software Maintenance. That doesn’t seem like a good thing.
#4 Keeping old hardware
Keeping your Operating system on a current version puts you in a great position to upgrade to new hardware when the time comes. Keeping hardware for too long means you may have to introduce a new operating system version when moving to new hardware. Migrating to new hardware is simpler when you keep the OS versions the same between systems, and your risk is significantly reduced.
Another issue is that as hardware ages, the mean time between failure gets shorter and shorter. You are at higher risk of incurring unplanned downtime with old hardware. If you are running on extended hardware support, your risk is even more significant, as there is no guarantee that parts will be available to fix your hardware failure.
#5 Not modernizing source code
It’s been more than five years since the IBM i can run open source languages such as PHP, Python, and Nodejs. These are the languages that are taught today. It only makes sense that IBM shops would start incorporating more open source into their IBM i code.
Finding local RPG developers is like finding a needle in a haystack. The reason is that the people taught RPG are now aging and retiring. RPG code can be complex for someone unfamiliar, but tools make it easier for them to understand. A great solution is to bring a developer with open source experience and have them work with your RPG developer before they retire. Shops taking this approach are successfully hiring new developers and modernizing their code.
As you can see, while you may think you’re saving money by ignoring your IBM i and Power system, you could be setting yourself up for a disaster. The threat to your security, availability, and reliability is real if you ignore your IBM i environment. If you lack the resources or knowledge to undertake these tasks, don’t hesitate to contact us for assistance.
More from this month:
- Obtaining Your Last IPL Details
- Five Costly Mistakes that IBM i Companies Make
- System Cleanup: My QUSRBRM/QA1ALI2 File is Large
- iTech iTip Videos
- Sips & Tricks: Coffee with iTech
- iBasics: IBM i Education for the Beginner System Administrator
- Watch Replay: Tactical Security Day
- Register Now: iAdmin Fall 2022
- iPOWER Hour Episode 40: Security Vulnerabilities on Your IBM i(NEW!)
- Upcoming Events
- IBM i, FSP, and HMC release levels and PTFs (September 2022)