A Word from iTech Solutions President, Pete Massiello.
As Halloween is approaching us, and we are thinking of scary things, trick or treats, and grave yards, I thought that would be the perfect way to start my article.
So, one scary thing that we have come across lately is customers who aren’t doing a full backup of their machines, and could never restore their system. Steve will have an article below on a recent scenario where we had to help a customer out with restoring their system to the cloud because their old system just died. When was the last time you tried to do a restore? If you don’t have the extra hardware to do this, we can help you with the entire process. Contact us for more details.
The second scary thing that I keep coming across lately is customers who are not getting the service and support of their business partners. Over the last month, we have met with 6 new customers who have come to us complaining that their business partners don’t have the IBM i skills they require.
In each case, I am happy to report we have been able to help the customer out and exceed their expectations based upon the skills of the people here at iTech Solutions (Both sales and technical). If you aren’t getting the support and skills from your business partner, give us a call and let us show you what we can do for you.
As for Tricks or Treats, below we have some real treats with articles:
We hope that you find these extremely valuable in helping to manage your IBM i. Imagine, if the articles are that helpful, how much help a business partner like iTech Solutions could be for you.
Grave Yards (End of Support)
Grave yards? Well, that is easy. If you are still on IBM i 7.1, it is now out of regular support. If you want to pay for extended support, you will pay double your software maintenance. Why not contact us and have us upgrade you to a supported release?
The cost of the upgrade for a P10 tier machine would be the same as 1 year of extended support, so a 1 year payback, and you are on a supported release. That is like rising from the grave.
The other grave yard to discuss for Halloween is that POWER7 machines are coming to an end of support as well, and now is the time to look at a new POWER9 processor. In addition, IBM recently announced that IBM i Next (the release after 7.3) will not run on POWER7 hardware. If you are on POWER7, we can probably install a POWER9 for the same price as what you are paying for 3 years of maintenance on your POWER7. The nice thing is it will also be about twice the performance for the same cost of ownership. Don’t forget to watch our video of how to install and un-package a POWER9 and HMC.
IBM (Lotus) Domino License Renewals
iTech Solutions is now able to resell your yearly IBM (Lotus) Domino license renewals. Rather than paying your IBM Passport Advantage renewal direct to IBM, feel free to send your IBM Passport Advantage renewal letter to an iTech Solutions account executive who will help reduce your yearly Domino renewal cost.
I was on a machine earlier this week and the PTFs were five years old. Five years is a long time, especially if you look what has happened in the world around us in five years. If you think about security in the last five years, you have to be proactive. Putting the patches (or PTF’s) on that fix problems will help you become more secure and give you more functionality. Your machine will run better, and you will probably sleep better at night as well.
Did you know that iTech Solutions has a 24 month PTF and OS Subscription service for just $295 a month? We will install PTFs 3 times on your machine/partition, and perform one OS upgrade during that 24 month period. That is only $295 a month for 24 months. You probably spend more on ink for your printers per month.
For $295 a month, we will help you become more secure, ensure you have have the latest fixes, and keep you up to date on all of the technology refreshes. At only $295 a month, I definitely recommend jumping on this.
[VIDEO] POWER9 & HMC: Unpacking, Racking, Installation, and Setup
What happens when a POWER9 arrives to your office? How’s it packaged? What does it look like? How do you even begin to install it?
We recently received our brand new POWER9 and Power based HMC in our office, and thought we would show you how to unpack, rack, and install them together.
Nathan Williams and I do these all the time, so we thought we would make a video for those of you who may get a new POWER9 server and needs some instructions.
There is an audit log to monitor service function use by service tools users. You can monitor the use of service functions through the dedicated service tools (DST) security log or through the IBM i security audit log. These logs help you trace unusual access patterns or potential security risks. Below is information on how to access these logs for reference and use.
To work with the Service Tools security log, complete the following steps:
1) Access service tools using DST on the console (To force a Dedicate Service Tools (DST) sign on for a partition), you have 2 ways depending on how your console is connected.
On an HMC (Version 7 & 8) managed system, do the following:
Step 1: Open the console session.
Power on and connect the device used as the console, (Be on the console sign on screen).
Step 2: On the HMC, expand Systems Management > Servers. Click on the Select column on the target partition.
Step 3: In the Tasks panel (or Tasks button), expand Serviceability > Control Panel Functions. Click on (21) Activate Dedicated Service Tools.
Step 4: Click OK when the status window appears.
The partition console session will now have the DST log-in panel.
If you’re looking to make improvements to your IBM i security, then you need to be able to get your whole team on the same page, which sometimes can mean common oppositions.
But, does your team know the scary truth on the other side of those rebuttals?
Here are a number of counterpoints to help you make security a priority in your shop.
1. We trust our employees
It is important to hire those you trust and to maintain relationships to continuing to vet security worthiness. However, realism is called for as well.
Do you give all employees full access keys to your manufacturing facility? Do you give them all company credit cards? How about full access to your financial systems?
Of course not, unless you give them *ALLOBJ special authority and therefore they own the system. Do you really think somehow a menu system is going to keep them out of the sensitive stuff?
Look at the corollary. Should your employees trust you?
When they give you their social insurance number, date of birth, legal name, banking information for direct deposit, you are responsible for protecting that data. I would imagine that any employee would assume you have proper data controls in place. Furthermore, I would assume as someone who is security literate, if I give anyone my information, it is properly controlled and also encrypted so that it can’t be read easily when exported to a USB drive, sent to tape or intercepted in transit.
2.We have a firewall
And so does everybody else.
When was the last time your firewall was taken down for software patching? Whether personal or corporate, firewalls are just one of those devices that never gets updated because of two reasons:
The system bezel said that it couldn’t find the disk drives which could’ve been a number of failing parts. This system had a single disk drive mirrored to another. The backup was questionable (i.e., the customer couldn’t guarantee what was on it) on ¼ inch tapes so it was not really compatible with current technology. Also, the customer did not have an active hardware/software maintenance contract. The system was set up for operations console but there was no cable nor operations console PC in the building. No LIC DVD was available either. These are the facts of the situation.
Settling on a plan:
An IBM customer engineer (CE) was dispatched at their hourly rate with a four-hour minimum and a purchase order required up front. That’s standard. IBM arrived on-site at 2 PM as they were a 90-minute drive away. Since there was no available console and no LIC DVD present, plus the CE didn’t bring a 5.4 LIC DVD, there’s not much they could do that late in the day. When you’re paying IBM time and materials, they don’t necessarily work on the weekend. Time and materials mean when they have the time and if they have the materials, within a 9 to 5 window during the business day. Customers with 24×7 maintenance contracts come first so we contemplated the scenarios with IBM about how to move forward.
We settled on a two-prong approach: we would prepare a cloud recovery and IBM will continue diagnosing the problem locally.
There are two ways of using this UAK management feature:
Manual: A system administrator can manually kick off the process of checking UAK’s expiration date, downloading UAK, and applying UAK. This is accomplished by running the WRKSRVAGT TYPE(*UAK) command. This can also be accomplished by running the go service command to access the Electronic Service Agent on IBM i main menu, then selecting option 20 (Check and refresh Update Access Key).
Automatic: By default, there is no automatic UAK checking. The Change Service Agent Attribute (CHGSRVAGTA) command can be used to enable automatic checking, which creates or causes the creation of the job scheduler entry. The CHGSRVAGTA command parameter (REFRESHUAK) can be used to establish automatic UAK management. By default, a job will be run every Sunday, but can be easily customized.
Step-by-Step guide to creating Virtual i Partitions hosted by IBM i – 11:30, Pete Massiello
Update your IBM i Modernization Mindset – 13:15, Steve Pitcher
Cool Things in Navigator to be a Rockstar System Administrator – 14:30, Pete Massiello
WMCPA User Group Meeting Dec 13th Milwaukee, WI
Richie Palma will be speaking on:
Understanding your licensing and what you are entitled to on POWER Systems
IBM i a Corner Office Perspective: Articulating the business value of IBM i
Release levels and PTFs
People are always asking me how often they should be performing PTF maintenance, and when is the right time to upgrade their operating system. I updated this article from last month with the current levels of PTFs. Let’s look at PTFs. First, PTFs are Program Temporary Fixes that are created by IBM to fix a problem that has occurred or to possibly prevent a problem from occurring. In addition, some times PTFs add new functionality, security, or improve performance. Therefore, I am always dumbfounded as to why customers do not perform PTF maintenance on their machine at least quarterly.
If IBM has come out with a fix for your disk drives, why do you want to wait for your disk drive to fail with that problem, only to be told that there is a fix for that problem, and if you had applied the PTF beforehand, you would have averted the problem. Therefore, I think a quarterly PTF maintenance strategy is a smart move. Many of our customers are on our quarterly PTF maintenance program, and that provides them with the peace of mind of knowing their system is up to date on PTFs. Below is a table of the major group PTFs for the last few releases. This is what we are installing for our customers on iTech Solutions Quarterly Maintenance program.
Managed Services can be tailored to fit the needs of your business, which means you need to evaluate where a third party provider can provide you with the most benefits. Identifying where you have vulnerabilities or gaps with your system administration is the easiest place to start.
Using TRCINT to find detailed encrypted connection information
Here you’ll find a detailed method to determining the strength of each encrypted connection to your IBM ipartition. Commands used: TRCINT SET(*ON) TRCTBL(‘All-encrypted’) TRCTYPE(*SCKSSL) SLTTRCPNT((17000 17004)). TRCINT SET(*OFF) TRCTBL(‘All-encrypted’…[Read More]
Set up a LIC macro for summarizing encrypted information
If you’re currently using any type of network encryption and want to understand the protocols in use, you can easily do this with a LIC macro. This is quite handy especially if you’re looking at turning off a less secure protocol like TLS 1.0….[Read More]
Using Run SQL Scripts to get a high level user profile security summary
Need a way to get a high level understanding of your user profile security? Look no further. This simple script will allow you to summarize key aspects of your user profile security, from special authorities to group profiles with passwords. [Read More]