October 2018 Newsletter

A Word from iTech Solutions President, Pete Massiello.

Greetings Mike

Pete_cropped-1

As Halloween is approaching us, and we are thinking of scary things, trick or treats, and grave yards, I thought that would be the perfect way to start my article.

So, one scary thing that we have come across lately is customers who aren’t doing a full backup of their machines, and could never restore their system. Steve will have an article below on a recent scenario where we had to help a customer out with restoring their system to the cloud because their old system just died. When was the last time you tried to do a restore? If you don’t have the extra hardware to do this, we can help you with the entire process. Contact us for more details.

The second scary thing that I keep coming across lately is customers who are not getting the service and support of their business partners. Over the last month, we have met with 6 new customers who have come to us complaining that their business partners don’t have the IBM i skills they require.

In each case, I am happy to report we have been able to help the customer out and exceed their expectations based upon the skills of the people here at iTech Solutions (Both sales and technical). If you aren’t getting the support and skills from your business partner, give us a call and let us show you what we can do for you.

As for Tricks or Treats, below we have some real treats with articles:

We hope that you find these extremely valuable in helping to manage your IBM i. Imagine, if the articles are that helpful, how much help a business partner like iTech Solutions could be for you.

Grave Yards (End of Support)
Grave yards? Well, that is easy. If you are still on IBM i 7.1, it is now out of regular support. If you want to pay for extended support, you will pay double your software maintenance. Why not contact us and have us upgrade you to a supported release?

The cost of the upgrade for a P10 tier machine would be the same as 1 year of extended support, so a 1 year payback, and you are on a supported release. That is like rising from the grave.

The other grave yard to discuss for Halloween is that POWER7 machines are coming to an end of support as well, and now is the time to look at a new POWER9 processor. In addition, IBM recently announced that IBM i Next (the release after 7.3) will not run on POWER7 hardware. If you are on POWER7, we can probably install a POWER9 for the same price as what you are paying for 3 years of maintenance on your POWER7. The nice thing is it will also be about twice the performance for the same cost of ownership. Don’t forget to watch our video of how to install and un-package a POWER9 and HMC.

IBM (Lotus) Domino License Renewals
iTech Solutions is now able to resell your yearly IBM (Lotus) Domino license renewals. Rather than paying your IBM Passport Advantage renewal direct to IBM, feel free to send your IBM Passport Advantage renewal letter to an iTech Solutions account executive who will help reduce your yearly Domino renewal cost.

POWER9 Saves the World
I was an at IBM event in New York City last week, where they premiered the IBM Mission Critical Film. It’s how IBM POWER9 saves the world.
Here is a trailer to watch: https://www.youtube.com/watch?v=Ha8h6CQZgqg&feature=youtu.be

Staying Current
I was on a machine earlier this week and the PTFs were five years old. Five years is a long time, especially if you look what has happened in the world around us in five years. If you think about security in the last five years, you have to be proactive. Putting the patches (or PTF’s) on that fix problems will help you become more secure and give you more functionality. Your machine will run better, and you will probably sleep better at night as well.

Did you know that iTech Solutions has a 24 month PTF and OS Subscription service for just $295 a month? We will install PTFs 3 times on your machine/partition, and perform one OS upgrade during that 24 month period. That is only $295 a month for 24 months. You probably spend more on ink for your printers per month.

For $295 a month, we will help you become more secure, ensure you have have the latest fixes, and keep you up to date on all of the technology refreshes. At only $295 a month, I definitely recommend jumping on this.

[VIDEO] POWER9 & HMC: Unpacking, Racking, Installation, and Setup

video_imageWhat happens when a POWER9 arrives to your office? How’s it packaged? What does it look like? How do you even begin to install it?

We recently received our brand new POWER9 and Power based HMC in our office, and thought we would show you how to unpack, rack, and install them together.
Nathan Williams and I do these all the time, so we thought we would make a video for those of you who may get a new POWER9 server and needs some instructions.

[WATCH VIDEO]
Newsletter_banner_security.png

How To: IBM i Services Tools Security Log

There is an audit log to monitor service function use by service tools users. You can monitor the use of service functions through the dedicated service tools (DST) security log or through the IBM i security audit log. These logs help you trace unusual access patterns or potential security risks. Below is information on how to access these logs for reference and use.

To work with the Service Tools security log, complete the following steps:

1) Access service tools using DST on the console (To force a Dedicate Service Tools (DST) sign on for a partition), you have 2 ways depending on how your console is connected.

  • On an HMC (Version 7 & 8) managed system, do the following:
    • Step 1: Open the console session.
      • Power on and connect the device used as the console, (Be on the console sign on screen).
    • Step 2: On the HMC, expand Systems Management > Servers. Click on the Select column on the target partition.
    • Step 3: In the Tasks panel (or Tasks button), expand Serviceability > Control Panel Functions. Click on (21) Activate Dedicated Service Tools.
      Unknown
    • Step 4: Click OK when the status window appears.
      Unknown
       
      • The partition console session will now have the DST log-in panel.

[CONTINUE READING]

The Scary Truth About IBM i Security Pushbacks

scary_truthIf you’re looking to make improvements to your IBM i security, then you need to be able to get your whole team on the same page, which sometimes can mean common oppositions.

But, does your team know the scary truth on the other side of those rebuttals?

Here are a number of counterpoints to help you make security a priority in your shop.

1. We trust our employees

It is important to hire those you trust and to maintain relationships to continuing to vet security worthiness. However, realism is called for as well.

Do you give all employees full access keys to your manufacturing facility? Do you give them all company credit cards? How about full access to your financial systems?

Of course not, unless you give them *ALLOBJ special authority and therefore they own the system. Do you really think somehow a menu system is going to keep them out of the sensitive stuff?

Look at the corollary. Should your employees trust you?

When they give you their social insurance number, date of birth, legal name, banking information for direct deposit,  you are responsible for protecting that data. I would imagine that any employee would assume you have proper data controls in place. Furthermore, I would assume as someone who is security literate,  if I give anyone my information, it is properly controlled and also encrypted so that it can’t be read easily when exported to a USB drive, sent to tape or intercepted in transit.

2.We have a firewall

And so does everybody else.

When was the last time your firewall was taken down for software patching? Whether personal or corporate, firewalls are just one of those devices that never gets updated because of two reasons:

[CONTINUE READING]

 
newsletter_DR.png

A Disaster Recovery Perfect Storm

 

Steve_croppedThe situation:

The system bezel said that it couldn’t find the disk drives which could’ve been a number of failing parts. This system had a single disk drive mirrored to another. The backup was questionable (i.e., the customer couldn’t guarantee what was on it) on ¼ inch tapes so it was not really compatible with current technology. Also, the customer did not have an active hardware/software maintenance contract. The system was set up for operations console but there was no cable nor operations console PC in the building. No LIC DVD was available either. These are the facts of the situation.

Settling on a plan:

An IBM customer engineer (CE) was dispatched at their hourly rate with a four-hour minimum and a purchase order required up front. That’s standard. IBM arrived on-site at 2 PM as they were a 90-minute drive away. Since there was no available console and no LIC DVD present, plus the CE didn’t bring a 5.4 LIC DVD, there’s not much they could do that late in the day. When you’re paying IBM time and materials, they don’t necessarily work on the weekend. Time and materials mean when they have the time and if they have the materials, within a 9 to 5 window during the business day. Customers with 24×7 maintenance contracts come first so we contemplated the scenarios with IBM about how to move forward.

We settled on a two-prong approach: we would prepare a cloud recovery and IBM will continue diagnosing the problem locally.

[Read Full Story]
Newsletter_banner_support.png

Managing Firmware: Using UAK Management Feature

There are two ways of using this UAK management feature:

  • Manual: A system administrator can manually kick off the process of checking UAK’s expiration date, downloading UAK, and applying UAK. This is accomplished by running the WRKSRVAGT TYPE(*UAK) command. This can also be accomplished by running the go service command to access the Electronic Service Agent on IBM i main menu, then selecting option 20 (Check and refresh Update Access Key).
  • Automatic: By default, there is no automatic UAK checking. The Change Service Agent Attribute (CHGSRVAGTA) command can be used to enable automatic checking, which creates or causes the creation of the job scheduler entry. The CHGSRVAGTA command parameter (REFRESHUAK) can be used to establish automatic UAK management. By default, a job will be run every Sunday, but can be easily customized.

Enablement steps:

  1. Enter CHGSRVAGTA and press F4.
  2. Enter Yes for Enable.
  3. Press Page Down.

Refresh UAK:

Enable . . . . . . . . . . . .   *YES          *SAME, *YES, *NO

Schedule day . . . . . . . . .   *SUN          *SAME, *SUN, *MON, *TUE…

Run time . . . . . . . . . . .   081900        Time, *SAME, *CURRENT

 

This job scheduler job was created as a result of a PTF for 7.2 (SI58783). This job is in error on your system because:

Message . . . . :   Download and apply Update Access Key stopped.

Cause . . . . . :   Something happened during the process, which caused the  termination. Reason code 2 . Recovery  . . . :   Reason codes and

their meaning: 2 — This is not a power 8 system, which doesn’t support apply key action.

 

So, in this case (BEVO), you can either put it on hold, or change the CHGSRVAGTA parameter for Refresh of UAK to Enable *NO, and this will or should remove this job from the job scheduler.

Upcoming Events

COMMON Sweden
October 28-30

Pete Massiello and Steve Pitcher will be speaking at the following sessions:

Monday, October 29:

  • Rapid Fire Admin – 10:45, Steve Pitcher
    [Read Description]
  • What You Need to Know to Successfully Upgrade to 7.3,7.2, and 7.1 – 12:00, Pete Massiello
    [Read Description]
  • HMC, IBM i, FSP & Firmware: Putting All the Pieces Together – 15:15, Pete Massiello
    [Read Description]

Tuesday, October 30:

  • Tips and Tricks to Improve System Performance and Save Disk Space – 8:00, Pete Massiello
    [Read Description]
  • RPM’s for the System Administrator – 10:15, Steve Pitcher
    [Read Description]
  • Step-by-Step guide to creating Virtual i Partitions hosted by IBM i – 11:30, Pete Massiello
    [Read Description]
  • Update your IBM i Modernization Mindset – 13:15, Steve Pitcher
    [Read Description]
  • Cool Things in Navigator to be a Rockstar System Administrator – 14:30, Pete Massiello
    [Read Description]

WMCPA User Group Meeting
Dec 13th
Milwaukee, WI

Richie Palma will be speaking on:

  • Understanding your licensing and what you are entitled to on POWER Systems
  • IBM i a Corner Office Perspective: Articulating the business value of IBM i
newsletter_PTF_banner.png

Release levels and PTFs

People are always asking me how often they should be performing PTF maintenance, and when is the right time to upgrade their operating system. I updated this article from last month with the current levels of PTFs. Let’s look at PTFs. First, PTFs are Program Temporary Fixes that are created by IBM to fix a problem that has occurred or to possibly prevent a problem from occurring. In addition, some times PTFs add new functionality, security, or improve performance. Therefore, I am always dumbfounded as to why customers do not perform PTF maintenance on their machine at least quarterly.

If IBM has come out with a fix for your disk drives, why do you want to wait for your disk drive to fail with that problem, only to be told that there is a fix for that problem, and if you had applied the PTF beforehand, you would have averted the problem. Therefore, I think a quarterly PTF maintenance strategy is a smart move. Many of our customers are on our quarterly PTF maintenance program, and that provides them with the peace of mind of knowing their system is up to date on PTFs. Below is a table of the major group PTFs for the last few releases. This is what we are installing for our customers on iTech Solutions Quarterly Maintenance program.

7.3 7.2 7.1 6.1 V5R4
Cumul Pack 18242 18249 17192 15063 12094
Tech. Refresh  5 9 11
Grp Hipers 69 132 231 210 204
DB Group 10 22 43 33 33
Java Group 10 18 33 41 34

[Continue Reading]

Read the Full Article

IBM i Hardware and OS End of Support Dates

IBM POWER Server Lifecycle Dates

Technology Models General Availability End of Support Last OS
POWER5 520, 550, 570, 595 06/11/2004 01/31/2019 V7.1
POWER5+ 515, 525 04/10/2007 01/31/2019 V7.1
POWER6 M15, M25, Power 520, 550, 570 04/18/2008 09/30/2019  V7.3
POWER7 720B&C, 740B&C, 770B&C, 795 09/17/2010 09/30/2019 V7.3
POWER7+ 720D, 740D, 750, 770D 05/20/2012 N/A V7.3
POWER8 S812, S814, S824, E870 06/10/2014 N/A N/A
POWER9 S914, S924, E980 03/20/2018 N/A N/A

IBM i Lifecycle Dates

Version General Availability End of Support EOS 
Extended
V5R4 02/14/2006 09/30/2013 09/30/2017
V6R1 03/21/2008 09/30/2015 09/30/2018
V7.1 04/30/2010 04/30/2018 04/30/2021
V7.2 05/02/2014 N/A N/A
V7.3 04/15/2016 N/A N/A
scary_truth.png

The Scary Truth About IBM i Security Pushbacks

If you’re looking to make improvements to your IBM i security, then you need to be able to get your whole team on the same page, which sometimes can mean common oppositions.

Read the Blog
Copy of evaluate_managed_service_needs.png

How to Evaluate Your Managed Service Needs

Managed Services can be tailored to fit the needs of your business, which means you need to evaluate where a third party provider can provide you with the most benefits. Identifying where you have vulnerabilities or gaps with your system administration is the easiest place to start.

Read the Blog
security_blog_image_newsletter.png

6 Steps to Execute an IBM i Security Project

Many companies want to improve the state of their IBM i security, but they often don’t know where to start. They also might not understand the long-term impact of recommended changes.

Read the Blog
Power-Processor-Roadmap-1024x561-1.png

Moving IBM i to POWER9

It’s always exciting when IBM announces new hardware and today is no exception! We have been hearing about the new POWER9 Chip for several months.

Read the Blog
newsletter_tech_tips-1.png
tips_images_newsletters1.png

Using TRCINT to find detailed encrypted connection information

Here you’ll find a detailed method to determining the strength of each encrypted connection to your IBM ipartition. Commands used: TRCINT SET(*ON) TRCTBL(‘All-encrypted’) TRCTYPE(*SCKSSL) SLTTRCPNT((17000 17004)). TRCINT SET(*OFF) TRCTBL(‘All-encrypted’…[Read More]

Watch Video >
tips_images_newsletters2.png

Set up a LIC macro for summarizing encrypted information

If you’re currently using any type of network encryption and want to understand the protocols in use, you can easily do this with a LIC macro. This is quite handy especially if you’re looking at turning off a less secure protocol like TLS 1.0….[Read More]
Watch Video >
tips_images_newsletters3.png

Using Run SQL Scripts to get a high level user profile security summary

Need a way to get a high level understanding of your user profile security? Look no further. This simple script will allow you to summarize key aspects of your user profile security, from special authorities to group profiles with passwords. [Read More]

Watch Video >
tips_images_newsletters4.png

Determining Who Responded to QSYSOPR Messages

Ever want to see who responded to a message on the QSYSOPR message queue? There are two easy ways to do it.

Watch Video >
Follow us on http://blog.itechsol.com/feed/rss2/ Follow us on Twitter

Leave a Reply

Your email address will not be published. Required fields are marked *

*