iTech
In This Issue
iTech Newsletter - November 2015

iTech Solutions because IBM i (AS/400, iSeries) didn't come with a System Administrator.

Greetings iTech Fan,

i can do anything with iTech Solutions 

It's Thanksgiving here in the US, where did the year go?  It's been a great year here at iTech Solutions. We have increased our IBMi services and offerings, increased our staff, and we are working with many new customers and helping our existing customers.  We have a lot to be thankful for, and are glad that you gave us the opportunity to work with you.  If there is anything that we do that doesn't exceed your expectations, please contact me directly. I hope with the upcoming holidays approaching you are able to spend it with your family and friends, and that you have much to be thankful for as well.  As many of our readers over the years know, this will be our last newsletter of the year.  In December, we publish the much anticipated How iTech Solutions helped Santa save Christmas newsletter.  I hear there are some new POWER8 stories to be told, so get your stockings hung by the fire and the December issue will be out within a month.

Last week, IBM delivered Technology Refresh 3 for IBMi 7.2, and Technology Refresh 11 for IBMi 7.1, Called TR3 and TR11 respectively. Our fourth article has all the details of both Technology Refreshes. For all those customers on iTech PTF Maintenance, you will be getting the new TRs over the next 2 months.   

Would you like a presentation on the benefits of Power8 or IBM i 7.2?  Then contact iTech Solutions and we can schedule a presentation and discussion on how we can help you get the benefits of this new hardware and operating system.  We have been putting new systems in or helping customers get more power and performance for many times less money than they are currently paying.

This issue of our newsletter has 6 articles. In the first article we discuss how to determine if you really applied those WebSphere Application Server PTFs correctly. The second article is about Electronic File Transfer for your protection.  The third article is on SMTP not working after an OS upgrade. The fourth is on details of TR3 and TR11. The fifth article lists some of the upcoming events in which iTech Solutions will be participating. The last article is for your reference with updated PTF information. Please note that for all 7.1 customers that are on the Quarterly or Semi-annual iTech Solutions PTF maintenance plan, we will be installing 7.1 Technology Refresh 11 for you on your next application of PTFs. For the 7.2 customers, we will be installing 7.2 Technology Refresh 3. 

Having a business partner isn’t the same as having iTech Solutions. If you are not getting the support, the help, the guidance, and the advice you need to succeed, then you owe it to yourself to contact iTech Solutions for all your IBM Power Systems running IBM i needs. We can help you upgrade your AS/400 or iSeries to a Power Systems running IBM i, or even your existing POWER5, POWER6, or POWER7 machines to POWER8.

 

pmassiello_BPMark_web_base

iTech Solutions vast experience can help you improve performance, perform security audits; implement a high availability solution, perform health checks, systems management, remote administration, PTF management, blade installations, cloud-based systems, hosting, replication, and backup/recovery; upgrade an existing machine; or upgrade to a new machine.  If you are thinking of LPAR or HMC, then think iTech Solutions.  We have the skills to help you get the most out of your IBM i.



 

For more information on any of the articles below please visit us on the web at iTech Solutions or email iTech Solutions. We would love for you to let us know any articles that you wish for the future, or if you enjoy any of the articles in the current newsletters.

___________________________________________________________________________

Determining the true PTF level of WebSphere.   iStock_000019030607XSmall.jpg

As we  do so many IBMi OS upgrades, we always come across during our preparation items of concern.  No matter upgrading to IBMi 7.1 or 7.2, there are versions of Java and WebSphere that you must be at a minimum for each release of IBMi. What we find with WebSphere Application Server (WAS) is that people load and apply the WAS PTF group but forget there is a second part to installing the fixes.  I am not going to get into how to run the UPDI process to put the actual package onto your WAS software.  I want to instead make sure you can determine what level that WAS is really running.  Then you will know if the latest group level and the version of PTFs applied to WAS are the same.

WebSphere Application Server V8.5 for IBM i group PTF contains PTFs required to run the product. You can find out the current version of WAS V8.5 for IBM i product on your i system by issuing the following command in the QSH environment:

/QIBM/ProdData/WebSphere/AppServer/V85/edition/bin/versionInfo, where edition is:

  • Express if you have WebSphere Application Server - Express installed
  • Base if you have WebSphere Application Server for Developers, or WebSphere Application Server installed
  • ND if you have WebSphere Application Server Network Deployment installed

If you are on WAS version 7, then change the V85 above with V70. If you are on WAS version 8, change the V85 to V8.

You will now see what level that WAS has been patched up to (Meaning you have loaded and applied the PTFs,and then ran the UPDI process). Remember, WAS V7.0 will not work with IBMi 7.2  You must upgrade to either WAS V8.0 (fix pack 8 which is 8.0.0.8) or V8.5 (fix pack 2 which is 8.5.5.2) or later. You need those fix packs on, therefore it is important to insure the fix packs are applied by running the versioninfo script.

I can tell you from experience, it is easier to keep everything up to date, than to have to catch up when someone hasn’t been keeping up to date with any of these updates. If you would prefer for iTech Solutions to apply your PTFS, then send us an email to sales@itechsol.com.


Is your current File Transfer System holding you back?

lightbulb

 iTech Solutions has teamed with Globalscape to automate and secure your file transfer issues.

We have seen vulnerabilities in many customers when it comes to file transfers. Ask yourself, who is connecting to your system? What are they downloading or uploading? Is your data secure at rest or in transit?  This was an issue with many of our clients so we found a solution with Globalscape with Electronic File Transfer.  EFT enhances network visibility, increases the security of your data at rest and in transit, and increases overall employee productivity and efficiency; all while helping to facilitate compliance.Yes,compliance must always be a concern for many of you.

Incomplete file transfers, system downtime, and increasing overhead costs are warning signs that your organization may be using an ineffective file transfer system.      

In a recent post Globalscape talks about automating your file transfer processes. Read more to learn:

  1. When it's time  to switch file transfer systems
  2. How to increase file transfer efficiency and security
  3. Strategic ways to streamline processes and workflows

Read More →

 

Managed File Transfer To The Rescue

Are you experiencing any of these scenarios?

  • Using FTP or a legacy homegrown file transfer system to move data
  • At risk of failing a compliance audit 
  • Not meeting service level agreements tied to data exchange
  • Lost visibility into data exchanges 

 

If you're experiencing any of these situations, our managed file transfer solution, Enhanced File Transfer can help solve your challenges.  Globalscape is an enterprise MFT solution that can help your organization with its biggest information exchange woes.

Read More →

 

If you would like additional information or a demo to get you on the right track.  contact us via email,


IBM i Email and SMTP stop working after IBMi upgrade to 7.1 or 7.2.   .

iStock_000019030607XSmall

We see this with many IBM i upgrades, but since we do so many upgrades we know exactly what to do.  So, I thought this would be a good article for others doing their own upgrades. It isn't that anything is broken, it is that things change when upgrading from V5R4 to 7.1, or 6.1 to 7.1 or 7.2.

If you are using IBM SMTP to send Emails from your IBM i and after upgrading IBM i to 7.1 or 7.2 email stops working, it could be due to changes IBM has made to the configuration of SMTP. All of which are documented in the memo to users. Yes, you should be reading the memo to users so you are aware of the changes in the new release. Remember, if you are skipping a release, you should read the memo to users that you are skipping as well, as these books are not cumulative.

To fix the problem we need to end the mail server, with the command ENDTCPSVR SERVER(*SMTP)

Then run the command CHGSMTPA and press F4. Change the Forwarding mailhub server parameter (FWDHUBSVR on the last page) from *NONE to be the same as Mail router parameter (MAILROUTER). That is the fix. Then don’t forget to restart SMTP with the command STRTCPSVR SERVER(*SMTP)

The information below is from the IBM i 7.1 Memo to users, Page 45:

MAILROUTER feature changes

This feature can be used either by using the Change SMTP attributes (CHGSMTPA) command parameter MAILROUTER or through the IBM i Navigator SMTP server properties general tab under Mail router. The MAILROUTER feature before i 7.1 would in some instances, forward all mail to the mail router even if the e-mail address could be resolved. In i 7.1, MAILROUTER correctly forwards to the mail router only when the e-mail address does not resolve.

The FWDMAILHUB feature was added in i 6.1 that allowed the forwarding of e-mail to a single address. This feature can be used either by using the CHGSMTPA parameter FWDMAILHUB or through the IBM i Navigator SMTP server properties general tab under Forwarding mailhub domain. FWDMAILHUB always forwards the e-mail and does not attempt a resolve. MAILROUTER only supports A and AAAA records, while FWDMAILHUB supports MX, CNAME, AAAA, and A.

For those customers that expect all e-mail to be forwarded to their mail router then copy the value of MAILROUTER to FWDMAILHUB, and set MAILROUTER to *NONE as this is a mail hub. For those that expect only e-mail that cannot be resolved to be forwarded to their mail router leave the configuration as-is. Customers that want the SMTP server to resolve an address before forwarding to the mail hub, must use MAILROUTER, as FWDMAILHUB does not resolve the address. Changing these values may require a SMTP server restart.

The resolve path is now:

  • Forwarding Mail hub(if defined)
  • Absolute Address/First part of source route
  • mailrouter(if same domain)
  • mailrouter(different domain) if FIREWALL(*YES).

Perhaps this is why we do more IBM i OS upgrades than anyone else.  If you don't want to go at this alone, and want a trusted, knowledgeable, and experienced partner, contact iTech Solutions.

 

Technology Refresh 3 for 7.2 and Technology Refresh 11 for 7.1?   IBM i

IBM continues to make major enhancements and improvements to features and functions in IBM i with two new Technology Refreshes (TR).   A TR has been released for both IBMi 7.1 and for 7.2.  In the past, this would be a new release of the operating system.  I think this is good evidence of IBM's continued support of IBM i. If you need help installing these TRs, we have the experience, knowledge, and know-how to do it right.  Let iTech Solutions help you, so you can concentrate on running your business while we concentrate on running your machine.  Here are some of the details of the announcements:

DB2 for i

DB2 for i enhancements

DB2 for i and SQE are improved to facilitate enhanced query performance.

Database application developers can construct advanced SQL solutions using the following enhancements:

  • The SQL Integrated Language Environment® (ILE) RPG precompiler is enhanced to remain in sync with ILE RPG language enhancements.
  • New SQL language support enables better database application solutions for mobile and social computing.
  • New built-in functions allow for improved ability to achieve data-centric solutions. SQL Global variables can be used in new ways, extending the flexibility and usefulness of SQL views.

These and other enhancements are described in developerWorks®. Refer to the developerWorks website later in this section.

Security and compliance officers can use the following enhancements from IBM Guardium software products to enable effective database and operating system security governance:

  • The Guardium Vulnerability Assessment (VA) product now works with IBM i. VA with IBM i includes scans of database infrastructures to detect vulnerabilities and suggestions for remedial actions. VA identifies exposures such as missing security and HIPER PTFs, weak passwords, unauthorized changes, misconfigured privileges, and other vulnerabilities.
  • The Guardium Database Activity Monitor (DAM) product is enhanced to improve the ability, reliability, and availability of activity monitoring of DB2 for i users. Audit server filtering is enhanced to allow equal and not-equal operators to be used; multiple policy support makes it possible to capture complete activity details without excess auditing noise

IBM i SQL Services

In the tradition of recent technology refreshes, new IBM i Services deliver useful SQL-based alternatives to IBM i commands and APIs:

  • Work with Object Locks (WRKOBJLCK) detail enables application developers and system administrators to capture, understand, and resolve sporadic timing issues.
  • Work with System Status (WRKSYSSTS) detail provides critical systems management insight.
  • Work with Output Queues (WRKOUTQ) detail enables improved systems management solutions.
  • Work with TCP/IP Network Status (NETSTAT) provides the critical information about the system network health.
  • Work with System Activity (WRKSYSACT) details provide critical system activity insight.
  • Work with License Information (WRKLICINF) provide key details on licensing information on the system.
  • Work with Media Library Status (WRKMLBSTS) provides details on the media library status on the system.

For these and other IBM i services that are described in developerWorks, visit

http://ibm.biz/DB2foriServices

These and other enhancements are delivered with the DB2 PTF Group SF99701 and SF99702. Visit the IBM i Technology Updates wiki on developerWorks to learn more about these and other DB2 for IBM i enhancements.

http://www.ibm.com/developerworks/ibmi/techupdates/db2

To see the DB2 for IBM i PTF Group details, visit

http://www.ibm.com/developerworks/ibmi/techupdates/db2/groupptf

IBM i

Application development for IBM i

IBM i Integrated Web Services Server

IBM i users can deploy ILE programs and services programs as web services based on the SOAP protocol using the Integrated Web Services (IWS) server support that is part of the operating system. Users can deploy ILE programs and service programs as RESTful web services. The IWS support has been updated to include many new enhancements that eliminate some of the nuances and limitations when deploying an ILE program object as a web service to an IWS server.

Updates include the following:

  • Support for nested output arrays
  • Improved processing of very large output character fields
  • Preserving case sensitivity of identifiers
  • Preserving field ordering
  • Enabling of RESTful services to return user-defined media types
  • New transport metadata values
  • Installation of web service script updated for SOAP services
  • Enabling Java-based web services

To get the updates, you will need to load the latest HTTP Group PTF.

Details can be found on the Integrated Web Services Product page

http://www-03.ibm.com/systems/power/software/i/iws/

New API Retrieve Space User Data

A new API called Retrieve Space User Data (QbnRetrieveSpaceUserData) enhances the usability of the compiler preprocessor APIs. The preprocessor APIs provide a method to store *USERDATA with module, program, and service program objects at compile time. Previously, *USERDATA could only be retrieved from program and service program objects active on the call stack. The new API provides a means to retrieve *USERDATA from objects that are not active in the call stack. ISV tool developers will find this new API useful to access information that can be stored with an object using the existing QbnAddAssociatedSpaceData API. Combining the new API with the existing compiler preprocessor APIs makes it possible to store data with and retrieve data from the object, rather than keeping the data in a separate location. This can be important to satisfy auditing requirements. This API is already available via PTFs for both IBM i 7.2 and IBM i 7.1.

IBM i debugger enhancements

IBM i debugger is enhanced to better support SQL programming and debugging. Also, RPG free format is fully supported, including the removal of the 8 to 80 column restrictions.

IBM i program products

IBM i Access Client Solutions (5733-XJ1)

IBM i Access Client Solutions, the new strategic interface for accessing and managing your IBM i from virtually any end-user device, now includes the SQL Performance Center and Run SQL Scripts interface. These tools offer the database and system administrator the tools they need to quickly review and understand how to ensure DB2 on i is working optimally. This is the first delivery of many new features to come. This new support will be delivered as a service pack update for the Access Client Solutions product. It can easily be downloaded from the FTP website

ftp://public.dhe.ibm.com/as400/products/clientaccess/solutions/updates/

You no longer are required to obtain these updates from the ESS website.

Details can be found on the Access Client Solution product page

http://www-03.ibm.com/systems/power/software/i/access/solutions.html

or

http://www.ibm.com/developerworks/ibmi/techupdates/db2

Open Source for IBM i (5733-OPS)

Open Source for IBM i continues making IBM i fully available to the open source community. Option 3 now offers utilities to enable the download and installation of readily available open source packages from the Internet. These packages include a wide array of useful tools and languages like perl, Python 2.x, git, and the GCC compiler. The GCC compiler is often the standard in the open source ecosystem. These utilities can be run on IBM i in QSH or from a PC. For details visit the IBM i open source developerWorks site

http://www.ibm.com/developerworks/ibmi/techupdates/opensource .

For technotes, visit

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020583
or
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020591

IBM HTTP Server Power by Apache (5770-DG1)

IBM HTTP Server Power by Apache has been updated to the latest levels of support by the Apache Foundation 2.4.12. This ensures that IBM remain compliant. Important updates include the following:

  • PCRE regular expression is supported in directives.
  • A new module mod_proxy_wstunnel enables support for the tunneling of web socket connections to a backend web sockets server.
  • A new module mod_proxy_html enables an output filter to rewrite HTML links in a proxy situation to ensure the links work for users outside the proxy.
  • A new module mod_macro enables specify macro in HTTP configurations.
  • SNI implementation is optimized.
  • Updates in serviceability include adding CGI job information and thread id in log.

The Web Admin GUI shipped with the DG1 product for creating and managing all aspects of your web-based servers delivers a new wizard to enable you to simply update Liberty-based server with SSL. This includes both a user-installed Liberty server and the Integrated Application Server support.

Details can be found on the HTTP Server product web page

http://www-03.ibm.com/systems/power/software/i/http/

Backup, Recovery, and Media Services (5770-BR1) (IBM i 7.2 only)

The modernization of storage tiering is implemented as an enhancement to the existing BRMS migration function, which allows libraries to be moved among the user Auxiliary Storage Pools (ASPs) based on policies for frequency of use. By extending the migration function to support Independent ASPs (IASPs) and *LNK lists, and also allowing individual database files to be migrated within an ASP, the system administrator now has increased control to ensure the most frequently accessed files have priority placement on a faster tier of storage. For example, a migration policy can be set up so that once a file has not been viewed for a period of time (for example: a week or a month), it can be automatically migrated to slower storage, and after a period of time (perhaps a couple months) of being dormant, it can automatically be archived out to tape. With dynamic retrieval from archive storage, when the file is needed again, it can be automatically brought back in to disk storage.

Similar to the IBM Storage Easy Tier function, the BRMS storage tiering function within an ASP responds to the presence of Flash or SSD drives in a storage pool that also contains hard disk drives (HDDs). Those drives can be either internal or external disk drives. Unlike IBM Storage implementations of Easy Tier, which move small pieces of data to and from faster storage based on patterns of usage, the BRMS migration function operates at a file or library level to automatically migrate frequently accessed database files in their entirety from HDDs to Flash or SSDs, thus placing such files in a faster tier of storage, and vice versa. A system administrator can choose to move a file or library to SSD even if it does not qualify for fast storage, because of the knowledge that the whole file or library will be needed in the future. This aspect can be useful for month-end or quarter-end processing by moving the necessary files that are only periodically having frequent accesses into faster storage. In this dynamically tiered environment, the file movement is seamless to the application, regardless of the storage tier in which the file resides.

This modernization of BRMS storage tiering is provided with IBM i 7.2 in the December 2015 BRMS PTF Group, scheduled for availability on or before December 15, 2015.

For more information about this and other BRMS enhancements, visit

https://www.ibm.com/developerworks/community/wikis/home?lang=en#/wiki/IBM%20Backup%2C%2 0Recovery%20and%20Media%20Services%20%28BRMS%29%20for%20i/page/Enhancements

Technology preview for IBM PowerHA SystemMirror for i support of DS8870 HyperSwap with IASPs (IBM i 7.2 only)

A technology preview of the new IBM PowerHA SystemMirror for i function, DS8870 HyperSwap support with IASPs is available. Full system HyperSwap was made available in the Express® Edition of PowerHA in IBM i 7.2. Now HyperSwap can be combined with IASP replication to minimize downtime for all planned and unplanned outages. Storage server planned and unplanned outages will utilize the HyperSwap technology for a near-zero recovery point objective. Other planned and unplanned outages can use the other technologies available within PowerHA for a minimized downtime.

For more information about PowerHA technology updates and to learn how to participate in the Technology Preview, visit

http://www.ibm.com/developerworks/ibmi/ha/techupdates

Zend Server for IBM i

The PHP server distribution media has been updated to the 8.5 version of the Zend Server for IBM i. This updated version of PHP contains many enhancements and improvements over previous versions. For the latest details on Zend and PHP for IBM i visit

http://www.zend.com/en/solutions/modernize-ibm-i

Other Power offerings

PowerVM

PowerVM supports SR-IOV-optimized, dedicated vNIC, Large Send Offload on Virtual Ethernet, and improvements to HMC and LPM.

PowerVC for i enhancements

A new release of Power Virtualization Center (PowerVC) contains multiple capabilities and enhancements for IBM i to help users to manage the cloud and virtualized environments. For more information, visit

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Techno logy%20Updates/page/IBM%20Power%20Virtualization%20Center%20%28PowerVC%29%20for%20IBM%2 0i

Software updates

Rational Development Studio

A significant update has been made to the RPG IV language delivered in 5770-WDS. In the continuing effort to ensure RPG as a modern business language, the restriction that requires free-form RPG to be coded between columns 8 and 80 has been removed. Now, RPG programmers writing free-form code can use the entire source line with no restrictions from column 1 to the end of the line with no regard to any columns when **FREE is specified at the beginning of the first line in the source. Developers trained in other languages will more easily pick up the RPG language for writing modern applications.

This new enhancement will be delivered through PTFs that can be applied to RPG IV V7.1 or V7.2. Full documentation for the enhancement can be found starting from the What's New section of the ILE RPG Reference in the 7.2 Knowledge Center. The 7.1 Knowledge Center will not be updated. This new enhancement will also be documented in the RPG Cafe in developerWorks at

https://www.ibm.com/developerworks/mydeveloperworks/wikis/communitywiki?communityUuid=b 542d3ac-0785-4b6f-8e53-f72051460822

Rational Developer for i V9.5

The industry-leading development tooling continues to be enhanced to improve developer productivity and now supports the latest RPG updates.

Updates include:

  • Addition of a built-in 5250 emulator
  • RemovaI of the 80-column restriction in the RPG code editor to enable fully free-form RPG
  • Addition of snippet support in the Push-to-Client feature
  • Enhanced ability to rearrange Remote System Explorer (RSE) filters
  • Improvements to free-form RPG formatting (indentation support) in the RPG code editor
  • Improved RPG Content Assist
  • General improvements to code coverage analysis capabilities, including significantly improved performance; (approximately 20x speed improvement is observable for most programs, but not formally benchmarked)

Rational Developer for i V9.5 + Java™ Edition includes many updates for the Java developer on IBM i. This package offers all the above mentioned updates as well as many Java-centric features including:

  • Tools and toleration for Java 8 (example of "tools": editor recognizes syntax for Lambda expressions; example of "toleration": Java profiling will not "choke" on code that uses Lambda expressions)
  • Supports and includes the latest WebSphere Application Server Liberty Profile (with support for Java EE 7 Full and Web profile). Full traditional WebSphere Application Server test environments also continue to be supported at version levels 7.0, 8.0, and 8.5.5. Test Environment installable images are included for 8.0 and 8.5.5.
  • New and enhanced Liberty Profile tools, such as:
    • Improved Liberty Profile repository integration through proxy
    • Remote debug session support
    • Automatic detection and resolution of feature conflicts
    • Use of on premise Liberty Profile repository
    • Ability to use new configuration drop-ins to customize or override an existing server configuration
  • Tools for JavaEE 7, such as:
    • Ability to publish Java EE7 enterprise archives (EARs) to WebSphere Application Server Liberty profile server (V8.5.5.6 or later)
    • Support for EJB Lite/Full (with validation) and stand-alone EJB modules (for example, in a JAR)
    • Java Batch tools supporting JSR 352
    • Bean Validation 1.1 tools supporting JSR 349
    • Java API for WebSocket 1.1 tools supporting JSR 356
    • A new deployment descriptor editor for Java EE security permissions
    • CDI tools enhancements that support CDI 1.2 (JSR 346) and JPA 2.1 (EclipseLink)
  • New support for JSF 2.2 including ability to create JSF 2.2 portlet projects for Liberty profile. This enables use of Rational Application Developer for WebSphere Software to use new JSF features, such as Faces Flow and Resource Library Contracts, as well as the ability to enable interactivity between HTML5 and JSF, It takes advantage of the new features in HTML5 while maintaining the features and characteristics of a mature and robust web framework.
  • A Java EE Specification Upgrade wizard for migrating projects and the modules they contain from older versions to Java EE6 and Java EE7.
  • Support for portlets on Liberty profile.
  • A new integration with the open source Jasmine framework for JavaScript™ unit testing.
  • Currency: updated with latest version of Cordova; support for the latest version of the Liberty profile.

IBM WebSphere MQ

  • V7.0.1 as of September 15 2015, is out of service for IBM i (all releases)
  • WebSphere MQ V7.1 and 8.0 have been updated to no longer allow the configuration of SSL cypher keys that have been determined to be weak. Changes have been made to the IBM MQ queue manager to disallow the configuration of CipherSpecs that use cryptographic algorithms or protocols that are now considered to be weak:
SSL v3

All CipherSpecs are disabled by default

TLS 1.0

LS_RSA_EXPORT_WITH_RC2_40_MD5
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_NULL_MD5
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_RC4_128_MD5

TLS 1.2

CDHE_ECDSA_NULL_SHA256
ECDHE_ECDSA_RC4_128_SHA256
ECDHE_RSA_NULL_SHA256
ECDHE_RSA_RC4_128_SHA256
TLS_RSA_WITH_NULL_NULL
TLS_RSA_WITH_NULL_SHA256
TLS_RSA_WITH_RC4_128_SHA256

These CipherSpecs are by default not allowed to be specified on a channel definition returning MQRCCF_SSL_CIPHER_SPEC_ERROR in PCF and displaying message AMQ8242: SSLCIPH definition wrong. Channels attempting to start with a deprecated CipherSpec are not allowed to start, returning MQCC_FAILED (2) and a Reason of MQRC_SSL_INITIALIZATION_ERROR (2393) to the client. You can re-enable one or more of the deprecated CipherSpecs for defining channels at runtime on the server by setting an environment variable AMQ_SSL_WEAK_CIPHER_ENABLE. The environment variable accepts a single CipherSpec name, or a comma-separated list of MQ CipherSpec names to re-enable, or alternatively, a special value of ALL, representing all CipherSpecs.

The new set of default CipherSpecs now allow only the following 17 values:

TLS 1.0

LS_RSA_WITH_AES_128_CBC_SHA (AES_SHA_US on IBM i)
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

TLS 1.2

CDHE_ECDSA_AES_128_CBC_SHA256
ECDHE_ECDSA_AES_256_CBC_SHA384
ECDHE_ECDSA_AES_128_GCM_SHA256
ECDHE_ECDSA_AES_256_GCM_SHA384
ECDHE_ECDSA_3DES_EDE_CBC_SHA256
ECDHE_RSA_AES_128_CBC_SHA256
ECDHE_RSA_AES_256_CBC_SHA384
ECDHE_RSA_AES_128_GCM_SHA256
ECDHE_RSA_AES_256_GCM_SHA384
ECDHE_RSA_3DES_EDE_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
IBM i support for TLS 1.2 CipherSpecs

IBM MQ for IBM i now supports the  following CipherSpecs:

TLS_ECDHE_ECDSA_WITH_NULL_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_NULL_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Hardware enhancements

DUPOPT of IPL capable media enhancement (IBM i 7.2 only)

Support has been added to IBM i 7.2 TR3 to duplicate IPL-capable optical media to optical media with different physical characteristics. Specifying a special value of *BOOT on the DUPOPT To volume identifier (TOVOL) parameter indicates that the boot area and all files from the source media are to be copied to the mounted target media, even if the physical characteristics of the target optical volume do not match the physical characteristics of the source optical volume. This enables duplicating an existing IPL-capable DVD or distributed media image to RDX or flash media. System administrators will find this useful when transitioning to the use of newer media types. ISVs will find this especially convenient for condensing a bootable install image onto a flash drive that can be carried in one's pocket. For more information visit

http://www.ibm.com/developerworks/ibmi/techupdates/hw

Automatic fail-over for tape multi-path (IBM i 7.2 only)

In IBM i 7.2 TR2, support was added to enable configuration of multiple paths to certain tape drives attached using Fibre Channel technology. With the new IBM i 7.2 TR3 PTF group, in most situations the system will be able to automatically move the active path when an operation fails, allowing the tape to complete the operation without user intervention. This enhancement increases the number of scenarios where unattended backups can complete in a timely manner, even after a path failure in a SAN configuration.

Support for IBM i virtualization configurations with little endian Linux client partition

Little endian Linux partitions can now be run on Power systems. To better fit Linux workloads with IBM i workloads, a little endian Linux partition can be configured as a client that uses an IBM i partition as an I/O server partition.

IBM Power hardware enhancements

IBM i 7.1 TR11 and IBM i 7.2 TR3 now support the PurePower System Solution and the IBM Power System S822 (8284-22A) server. IBM i support requires VIOS (no native I/O). The Power S822 software tier is P10.

Additional IBM i support for hardware-related enhancements includes:

  • Support for LTO7 tape technology
  • Systems with POWER8 technology and PCIe I/O drawer enhanced with concurrent maintenance options
  • RAID Array Start Time Reduction (IBM i 7.2 only)
  • VLAN tag support for network boot and install (IBM i 7.2 only)

IBM Storage (IBM i 7.2 only)

IBM i 7.2 TR3 now supports the HyperSwap function of the IBM SAN Volume Controller (SVC) and IBM Storwize® line of products. The HyperSwap function enables highly available disk volumes accessible through two sites that are located miles apart.

More information

These and other hardware-related enhancements are delivered with the Technology Refresh PTF Group SF99717 or SF99707. For more information about these enhancements visit

http://www.ibm.com/developerworks/ibmi/techupdates/hw

Withdrawals

Move up to Power

Effective December 15, 2015, IBM will withdraw from marketing the Move up to Power Offering.

IBM Toolbox for Java V7.1 (5761-JV1)

Effective immediately, IBM will no longer provide fixes for the following IBM Toolbox for Java V7.1 options:

  • Option 8 - IBM Technology for Java 5.0 32-bit
  • Option 9 - IBM Technology for Java 5.0 64-bit
  • Option 13 - IBM Technology for Java 1.4.2 64-bit

Clients can move to one of the following IBM Toolbox for Java options:

  • Option 11 - IBM Technology for Java 6 32-bit
  • Option 12 - IBM Technology for Java 6 64-bit
  • Option 14 - IBM Technology for Java 7 32-bit
  • Option 15 - IBM Technology for Java 7 64-bit
  • Option 16 - IBM Technology for Java 8 32 bit
  • Option 17 - IBM Technology for Java 8 64 bit
If you need the latest TR installed, then contact iTech Solutions.

Upcoming Events 

Some of the events that we will be speaking at or exhibiting at are listed below. Don't forget the iTech Solutions web site at http://www.itechsol.com.
  NewsletterApril2013

 

December 15 - COMMON Virtual Conference www.common.org 
  • Cool things in Navigator for IBM i to make you a Star Administrator
January 21, 2016 1:00pm EST IBM i hosting IBM i webinar - more details to follow.







Release levels and PTFs 

People are always asking me how often they should be performing PTF maintenance, and when is the right time to upgrade their operating system. I updated this article from last month with the current levels of PTFs. Let's look at PTFs. First, PTFs are Program Temporary Fixes that are created by IBM to fix a problem that has occurred or to possibly prevent a problem from occurring. In addition, some times PTFs add new functionality, security, or improve performance. Therefore, I am always dumbfounded as to why customers do not perform PTF maintenance on their machine at least quarterly. If IBM has come out with a fix for your disk drives, why do you want to wait for your disk drive to fail with that problem, only to be told that there is a fix for that problem, and if you had applied the PTF beforehand, you would have averted the problem. Therefore, I think a quarterly PTF maintenance strategy is a smart move. Many of our customers are on our quarterly PTF maintenance program, and that provides them with the peace of mind of knowing their system is up to date on PTFs. Below is a table of the major group PTFs for the last few releases. This is what we are installing for our customers on iTech Solutions Quarterly Maintenance program.

 7.27.1 6.1V5R4V5R3
Cumul Pack 15310 15317 15063 12094 8267
Tech. Refresh 3 11      
Grp Hipers 50 154 210 204 169
DB Group 9 38 33 33 24
Java Group 7 22 33 34 23
Print Group 3 12 31 49 20
Backup/Recov. 17 52 61 57 33
Blade/IXA/IXS 1 16 30 15 -
HTTP 11 36 46 36 17
TCP/IP 2 9 17 22 16
Security 23 48 60 32  
High Availability 2 8 5    
Hardware 12 22 17    



The easiest way to check your levels is to issue the command WRKPTFGRP. They should all have a status of installed, and you should be up to the latest for all the above, based upon your release. Now there are more groups than the ones listed above, but these are the general ones that most people require. We can help you know which group PTFs you should be installing on your machine based upon your licensed programs. Here is a nice tidbit. The Cumulative PTF package number is broken down as YDDD, where Y is the year and DDD is the day it was released. Therefore, if we look at the cumulative package for V7R1, the ID is 13287. We can determine that it was created on the 287th day of 2013, which is October 14, 2013. Look at your machine and this will give you a quick indication of just how far out of date in PTFs you may be. I left V5R1 & V5R2 off the list, because if you are on V5R1 or V5R2, you don't need to be worrying about PTFs, you really need to be upgrading your operating system. The same can be said for V5R3 & V5R4, but there are still customers who are on those releases.

HMCs

If you have a Hardware Management Console (HMC,) you should be running:

ModelReleaseService Pack
HMC V8R8.4

MH01559, then MH01560

HMC V8R8.3

SP1 MH01540, and then MH01565

HMC  V8R8.1

SP 2 MH01452, then MH01550

HMC (CR4 last release) V7R7.9

SP 2 MH01451

HMC V7R7.8

SP1 MH01397 then

SP 2 MH01432, then MH01548

or V7R7.7

SP 3 MH1397, then SP 4 MH01415,

then MH01516
HMC C03 V7R3.5 SP4

If we have a model listed above in the HMC column that is the highest level of firmware that model of the HMC can be upgraded to.

  • Note that release 8.8.x does not support any POWER5 servers.
  • Version 7.7.9 is not supported and cannot be installed on HMC models C03, C04 or CR2.
  • If an HMC is used to manage any POWER7 processor based server, the HMC must be a model CR3 or later model rack-mount HMC or C05 or later desk side HMC.
  • HMC V8R8.1 is supported on rack-mount models CR5, CR6, CR7 and CR8; and on desktop model C08. These listed models meet or exceed the V8R8.1 minimum memory requirement of 2GB however 4GB is recommended.
  • If you want to manage a POWER8 machine, you need to be on at least HMC 8.8.1

 

If you have an Flexible Service Processor (FSP) your firmware should be:

Machine ProcessorModelVersionNotes
Power5 or 5+ 520, 515, 525, 550, 570 SF240_418_382 last
Power6 940x, M15, M25, M50 EL350_166_074 last
  8203-E4A, 8204-E8A, 8204-E4A EL350_166_074 last
  MMA, 560, 570 EM350_166_074 last
  9119-FHA EH350_166_074 last
Power7 8231-E1B, 8202-E4B, 8231-E2B, 8205-E6B, 8233-E8B, 8236-E8C AL730_149_035  
  9117-MMB, 9179-MHB AM780_071_040  
  8231-E1C, 8202-E4C, 8205-E6C AL740_159_042  
  9117-MMC, 9179-MHC AM770-109_032  
Power7+ 8231-E1D, 8202-E4D, 8231-E2D, 8205-E6D AL770_109_032  
  8408-E8D, 9109-RMD AM770_109_032  
  9117-MMD, 9179-MHD AM780_071_040  
Power8 8247-21L, 8247-22L, 8284-22A, 8286-41A, 8286-42A SV830_075_048  

 

If you need help with upgrading your HMC or FSP just give us a call. We will be happy to perform the function for you or assist you in doing it. Contact Pete Massiello.

 
IBM