Newsletter

This newsletter includes:

• • Obtaining Your Last IPL Details
  • Five Costly Mistakes that IBM i Companies Make
  • System Cleanup: My QUSRBRM/QA1ALI2 File is Large
  • iTech iTip Videos
  • Sips & Tricks: Coffee with iTech
  • iBasics: IBM i Education for the Beginner System Administrator
  • Watch Replay: Tactical Security Day
  • Register Now: iAdmin Fall 2022
  • iPOWER Hour Episode 40: Security Vulnerabilities on Your IBM i(NEW!)
  • Upcoming Events
  • IBM i, FSP, and HMC release levels and PTFs (September 2022)

I guess it was just a matter of time as we all knew it was coming, eventually.  IBM i 7.3 is going out of support next year, Sept 30, 2023.  I guess the handwriting was on the wall when IBM came out with 7.5 in the spring, as they don’t normally support 3 releases of the operating system at once.  Quite honestly, I was a little surprised they kept the support that long, as I had expected once 7.5 was announced that they would drop the support for 7.3.…

This newsletter includes:

• • Getting Lots of Information Quickly – The Handy QLZARCAPI Tool
  • Utilizing Leasing for Technology Acquisitions
  • Setting a User Profile’s Job Description to Produce a Job Log
  • IT Infrastructure – Hardware and Software Maintenance Considerations
  • iTech iTip Videos
  • Webinar Replay: The Value of Staying Current 
  • Sips & Tricks: Coffee with iTech
  • iBasics: IBM i Education for the Beginner System Administrator
  • [Register Now] Tactical Security Day – September 21st
  • Save the Date: iAdmin Fall 2022
  • iPOWER Hour Episode 39: The Value Of Working With a Managed Service Provider (NEW!)
  • Upcoming Events
  • IBM i, FSP, and HMC release levels and PTFs (August 2022)

Did you ever hear the saying “The more things change, the more they remain the same”?  Well, that has pretty much been our first two months as part of Service Express. Same iTech Staff, same iTech procedures, same iTech customers, and same iTech commitment to IBM i.  Don’t get me wrong, we are looking at some cool new tools to help us become more productive and efficient, but our commitment to IBM i hasn’t changed.…

This newsletter includes:

• • Four Reasons to Implement MFA For Your IBM i
  •  SMB Version Support for IBM i NetServer 
  • Are YOU Staying Current?
  • Do You Want It All In Life? You Probably Already Do
  • iTech iTip Videos
  • Webinar Replay: The Value of Staying Current 
  • Sips & Tricks: Coffee with iTech
  • iBasics: IBM i Education for the Beginner System Administrator
  • Let iTech Take You Out to the Ballgame  ⚾
  • iPower Hour Podcast: The Value of Staying Current (NEW!)
  • Upcoming Events
  • iTech Spotlight
  • IBM i, FSP, and HMC release levels and PTFs (July 2022)

Well to say July was the month of all months combined would be an understatement.  First, and foremost iTech Solutions was acquired by Service Express, a leader in global data center and infrastructure solutions, announced the acquisition on July 1^st of managed services provider iTech Solutions Group and cloud hosting provider iInTheCloud.…

This newsletter includes:

• • Reimagining Your IBM i Backup Strategy With External Storage
  • Deploying Access Client Solutions Centrally with Java Included
  • Economic Cost of Falling Behind
  • How Do We Fix The Great IBM i Resource Shortage?
  • iTech iTip Videos
  • Webinar: The Value of Staying Current 
  • Sips & Tricks: Coffee with iTech
  • iBasics: IBM i Education for the Beginner System Administrator
  • Let iTech Take You Out to the Ballgame  ⚾
  • Upcoming Events
  • iTech Spotlight
  • IBM i, FSP, and HMC release levels and PTFs (June 2022)

As we approach the end of June, I just wanted to thank all of our customers for another great record-setting first half here at iTech Solutions. We thank you for allowing us into your environment, we know you had a choice and we are so happy you have chosen us. We take pride in our work, we love helping our customers, and we value the relationships we have with you…

This newsletter includes:

• • Do You Know Where Your Audit Journals Live On Your System?
  • Protecting your IFS with Anti-virus and Anti-ransomware Solutions
  • Information Technology – Proactive or Reactive Perspectives
  • iTech iTip Videos
  • Sips & Tricks: Coffee with iTech
  • iBasics: IBM i Education for the Beginner System Administrator
  • Let iTech Take You Out to the Ballgame  ⚾
  • Upcoming Events
  • iTech Spotlight
  • IBM i, FSP, and HMC release levels and PTFs (May 2022)

IBM announced IBM i 7.5 with a host of new features and functions at the beginning of the month.   Plenty of security enhancements, DB2 for i enhancements, general OS improvements, DB2 Mirror for i, and of course Merlin.  Merlin stands for Modernization Engine for Lifecycle Integration.…

This newsletter includes:

• • Consuming Journal Receiver Data Easily with SQL
  • Yes or No to Managed Service Providers?
  • Securing Spool Files
  • iTech iTip Videos
  • Sips & Tricks: Coffee with iTech
  • iBasics: IBM i Education for the Beginner System Administrator
  • Let iTech Take You Out to the Ballgame  ⚾
  • Upcoming Events
  • iAdmin Spring 2022 – Register Now!
  • iTech Spotlight
  • IBM i, FSP, and HMC release levels and PTFs (April 2022)

Well from reading Steve Will’s blog this month, we know the next release of IBM i is very, very close to being announced. That is great news for IBM i customers. There are a lot of really cool features that have been added to this next release, and I can’t wait to tell you all that I know on Announcement day. In fact, we will show you just how easy it is and everything you need to know to upgrade to the next release of IBM i as soon as it is announced. I think the other benefit for the whole community, is that the roadmap gets updated and we will still have at least 2 more releases of IBM i still to come out after the one this year. That pushes IBM i support probably out to around 2035ish by simple math applied to the current schedule.…

This newsletter includes:

• • Perform VIOS Backups to Your HMC
  • Lock Into the Future of Power10
  • What is a “UAK”, Why Do I Need One, and How Do I Update It?
  • iTech iTip Videos
  • Sips & Tricks: Coffee with iTech
  • iBasics: IBM i Education for the Beginner System Administrator
  • Let iTech Take You Out to the Ballgame
  • Upcoming Events
  • iAdmin Spring 2022 – Register Now!
  • iTech Spotlight
  • IBM i, FSP, and HMC release levels and PTFs (March 2022)

March Madness is certainly going on here at iTech.   Let me tell you what I mean by that.

First, we have had a record number of POWER Systems and SAN Storage happen this month.  We have our team all over the US installing new Power Systems and SANs.  I can see it just looking at my team’s calendars, but also in all our project plans we do with each customer during the installation process.  Depending on the configuration, options, number of partitions, etc that checklist can be anywhere from 100 to 300 steps for an installation. Each installation has its own unique project plan.  So, it’s not just the installers, it’s the project managers and the rest of the technical team.…

With the armed conflict in Ukraine developing, we forecast Russian and Belarussian cyber-attacks against Western nations to escalate imminently. This page will be updated as the situation unfolds.

While critical infrastructure customers are likely the most obvious targets, you need to be prepared to defend against cyber-attacks and protect your business no matter your industry. Every organization is at risk.

The following is a quick cheat sheet of proactive advice for your IBM i:

• Ensure you have a recent and successful full system save readily available
  • On the GO SAVE menu, this happens when you take option 21.
  • If you run Backup and Recovery Media Services, ensure you have a good *SYSTEM backup.
  • If you don’t have a recent full system save then please schedule it ASAP. We can only recover what you save.
• Download the latest Licensed Internal Code resave for all IBM i releases you are running in case the need arises for a bare-metal recovery
• Ensure you are auditing security events on your IBM i
  • Run command DSPSECAUD to check your security auditing status
  • Federal law enforcement will want extended logging that QHST and the QSYSOPR message queues do not provide
• Reduce the amount of read/write-capable file shares
• Stop sharing critical IBM i directories such as
  • Root (/)
  • /QIBM
  • /QOpenSys
  • /QDLS
• Do not share critical user data directories if at all possible
• For all user directory file shares, ensure that proper object security is in place
  • Exclude *public
  • Only allow the users you want to allow access
• Considerably reduce the number of users with special authorities, especially *ALLOBJ.
• Ensure you have minimal to zero Network Address Translation rules that directly forward port traffic from your firewall to your IBM i. Do not assume. Have your network team prove this out to you well in advance.
• Ensure you are up to date on Program Temporary Fixes (PTFs)

More generally speaking:

• Educate your users that:
  • Foreign cybersecurity attacks are imminent and likely.
  • Any suspicious activity must be reported immediately.
  • Take precautions when opening email attachments or if asked to provide secure information over the phone/Internet

If you suspect you’ve been breached, please contact one of the following federal authorities:

• United States:
  • Department of Homeland Security
    • Cybersecurity and Infrastructure Security Agency (CISA)
    • United States Secret Service
  • Department of Justice
    • FBI
  • If you notify any single DOJ or DHS entity, the other two are notified on your behalf. There is

This newsletter includes:

• • Permanently Applying PTFs & Why Doing So is Important
  • How Does Power Systems Fit in My Organization?
  • A Simple IBM i Penetration Test Lesson – Part 2
  • How To Explain Cloud Services To Your Mother
  • IBM i Journaling Management 
  • iTech iTip Videos
  • Sips & Tricks: Coffee with iTech
  • iBasics: IBM i Education for the Beginner System Administrator
  • Let iTech Take You Out to the Ballgame
  • Upcoming Events
  • iAdmin Spring 2022 – Save the Date!
  • iTech Spotlight
  • IBM i, FSP, and HMC release levels and PTFs (February 2022)

We received some great Valentine’s Day gifts from our IBM i’s all over the world, I think it was how we treated them, but is it because at iTech Solutions we know what to do, when to do it, and how to do it when it comes to IBM i? That is a good reason. Just so you know, our feelings are mutual, as we love our IBM i machines as well. Maybe it was our red shirts for valentine’s day?  In either case, you know when dealing with iTech Solutions your IBM i will be in good hands.…

This newsletter includes:

• • BRMS – Omitting Constantly Locked Files
  • What is Zero Trust?
  • Shut Down Those /QIBM Shares
  • Understanding Storage Options for IBM i
  • IBM i Security Resource Page
  • iTech iTip Videos
  • Sips & Tricks: Coffee with iTech
  • iBasics: IBM i Education for the Beginner System Administrator
  • iPOWER Hour Episode 36: Log4j2 Vulnerability: Are You Affected?
  • Upcoming Events
  • iTech Spotlight
  • IBM i, FSP, and HMC release levels and PTFs (January 2022)

Well, I thought by 2022, we would be back to normal life, but unfortunately, it doesn’t seem that the start of 2022 is any different than the start of 2021. By now it is clear that both 2020 & 2021 were unprecedented years, and 2022 has already been eventful. Let’s hope that with people getting vaccines and boosters, plus with everyone catching Omicron, getting back to normal is right around the corner.  I said this last year, “It is hard to say what will happen a month from now, much less a whole year!” boy was that ever true.…

Updated as of January 10, 2022 for the affected Products and Versions

On December 2021, CVE-2021-44228 was announced as a critical zero-day vulnerability and detailed the capability of remote code execution on systems using Log4j versions 2.0 through 2.15. This was one of the largest patch updates efforts in history.

IBM is regularly releasing new information on Log4j vulnerabilities and related mitigation recommendations. Other vulnerabilities have been since released, such as CVE-2021-45105, CVE-2021-4104 and CVE-2021-45046, which will also be continued to be investigated with remediation recommendations.

IBM has been publishing subsequent remediation recommendations in their PSIRT blog and security alerts.

Given that Log4j architecture has been continuously investigated over the last month there’s a lot of noise on the subject. People may think that they’re “one and done.” That is not necessarily the case. iTech Solutions will provide more clear insight on risk and remediation as new information becomes available. This blog entry will be a living document, outlining each Log4j CVE and remediation requirements as per IBM for their products.

For customers using versions of Log4j in custom applications, we would encourage you to either upgrade to the latest version of Log4j if possible or investigate different options for logging solutions for those custom applications.

There are a few different ways to determine what versions of Log4J are installed on your system:

1. Scott Forstie has posted a handy script using IBM i Services located here. Please note that this works for IBM i 7.3 and higher. https://gist.github.com/forstie/9662d4c302f5224c66b7a4c409141a2c
2. For 7.2 or lower, you can use the following shell script. The script posted the other day did not account for case sensitivity whereas this does:

qsh
cd /
find . -type d \( -path ./QDLS -o -path ./QFileSvr.400 -o -path ./QIMGCLG -o
-path ./QNTC -o -path ./QOPT -o -path ./QSYS.LIB -o -path ./QSYS.LIB \) -prune -o -name ‘*[lL][oO][gG]4[jJ]*’ -print

Vulnerability: CVE-2021-45105
Type: DoS
Description: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Severity Score: 4.3
Published: 2021-12-18
Affects IBM i: Yes
Affected Products: DB2 Web Query versions 2.2.1 and 2.3.0. IBM WebSphere Application Server versions 8.5 and 9.0.
Remediation:  https://www.ibm.com/support/pages/node/6537454, https://www.ibm.com/support/pages/node/6538148

Vulnerability: CVE-2021-45046…

These last two years have been years like no other, yet we hope this finds you and your family safe from the virus that has uprooted our daily lives.  Who really knows what the New Year has in store for us all, but just know you will be able to count on us yet again. As 2021 comes to a close, we wish to thank you for allowing iTech Solutions to be part of your team. We hope that our IBM i newsletters, Blogs, Webinars, Sips & Tricks, iTip Videos, Two-Day iAdmin Conferences, iBasics seminars, Slack Channel, and Podcasts have been educational and informative for you and that you have learned from them. We encourage your feedback on what other things we can add to make them more helpful to our customers, and others who read them. Look for even more to come this year in 2022.

We have continued our growth this year adding additional employees to improve our services as well as the breadth of our IBM i offerings. We hope that you have a happy holiday season, with good health, happiness, and prosperity in the New Year.  All of us at iTech thank you for your business, and for the confidence you have placed with us over the years.  We look forward to working together in the coming year, and we will continue to strive to exceed your expectations. Whenever we don’t, please reach out directly to me.…