IBM i 7.4 and IBM Db2 Mirror for i Enhance Security and Availability
IBM Systems magazine sat down with Alison Butterill, offering manager for IBM i, to learn more about what’s new with IBM i 7.4.
Image by Stephan Walter
By Claire Walling06/01/2019
IBM Systems magazine sat down with Alison Butterill, offering manager for IBM i, to learn more about what’s new with IBM i 7.4—including bolstered reliability, continuous availability, enhanced security controls and simplified open-source integrations.
IBM Systems magazine (ISM): What can clients expect with IBM i 7.4?
Alison Butterill (AB): A big release like IBM i 7.4 touches many areas of the portfolio. Technology refreshes, which happen twice a year between releases, typically target only a couple products or functions. The release touches base OS functions, including new message logging capabilities, Jobqs and the Digital Certificate Manager. There are new enhancements to RPG, COBOL, Rational* Developer for i (RDi), the desktop tools. Many capabilities have been added into Access Client Solutions (ACS). Additionally, a new release of Content-Manager- on-Demand from IBM software and Domino* 10 run on IBM i.
One of the main features touches availability and reliability. IBM Db2* Mirror for i has been in the works for a few years. However, while it’s a focal point, it’s definitely not the only key item in IBM i 7.4.
ISM: Why is RAS important to a business’s operations?
AB: RAS stands for reliability, availability and serviceability. It’s often seen with three S’s because it also refers to scalability and security. These five tenets are really the fundamental architecture of IBM i. All of them were considered to be key goals of the AS/400 in 1988. In this release of IBM i 7.4, one of the key focal items is enhancing and strengthening that foundation.
Why is it important? Obviously, those are the things that keep people up at night—things like security. Is it secure? Is the system secure from viruses? Can I keep intruders out of my system? Can the system deliver new innovation and keep the business running? Is it possible to provide the critical service level to the business?
IBM wants to be sure that IBM i continually addresses these concerns with every announcement by providing not only new features and programs, but also by enhancing the existing portfolio.
ISM: Speaking of security, how does IBM i 7.4 improve security controls?
AB: While there’s no one large new enhancement for improving security, it’s a big focus item and has been addressed by many components by adding updated, enhancements and new features. For example, IBM i 7.4 is implementing many new communications protocols that deliver enhanced encryption and performance.
Transport Layer Security (TLS) is used to encrypt a communication channel between two systems. With IBM i 7.4, IBM i System TLS has been enhanced to support the latest industry standard of TLS version 1.3 protocol.
The IBM i support for Simple Network Management Protocol version 3 has been enhanced with the ability to securely send SNMPv3 Trap and Inform messages.
In IBM i 7.4, both NetServer and QNTC have been upgraded to the latest industry standard for connectivity, SMB3. This new level includes end-to-end data encryption and improved performance.
And there are many other examples to cite, to illustrate the many areas where IBM i 7.4 includes the latest industry standards.
ISM: How do these build upon security features incorporated in previous releases?
AB: One example is that in IBM i 7.3, authority collection was introduced. Think of this as a monitor that collects information about how users use objects and their authority to do so. For example, the monitor data shows that Claire is running an application and accessed the customer master file. The monitor traps not only that she accessed the master file, but it also records the security level with which she accessed the file and the security level that was required.
At 7.4, a new view of the monitored data is being added. Instead of being focused on tracking security from a user perspective (i.e., what is Claire using in the application), the view will be based on an object. Who is using the object? How are they using it and what level of authority is required versus what level was used. This is a different viewpoint that will assist in setting up a security schema.
ISM: Why does availability matter?
AB: Another concern that clients express frequently is availability and especially high availability. Many clients state their desire to move to an “active-active” solution to fulfill requirements of 24-7 business. It started in the banking and retail industries as they moved online. Now it’s spreading out to many other industries as well and affects anyone who has clients requiring access at any time of the day or night. Clients in banking and retail have really been driving us to develop to a continuous availability model. This is a focus for IBM i 7.4 and IBM Db2 Mirror for i.
ISM: How is high availability different from continuous availability?
AB: Let’s say that the business applications run on a production box and something happens to the machine. In an availability environment, the business needs the ability to fail over to a backup environment in order to continue operations. The faster that this failover to a backup environment occurs, the lower the downtime and the more the environment is considered to be highly available. Businesses want the fastest possible time between failure and being up and running.
In fact, the industry is driving to something called “active-active.” With IBM Db2 Mirror for i, the goal is to achieve zero time between failure and being up and running—this is continuous availability. The goal is that the mean time to failover is zero. If something happens to your production database, an exact mirror is available, so the application continues to run against the second database. Nothing stops. The application just keeps on working. The downtime is nothing. That’s what the industry calls active-active, or in the case of IBM Db2 Mirror, it’s continuous availability.
“IBM wants to be sure that IBM i continually addresses these concerns with every announcement by providing not only new features and programs, but by enhancing the existing portfolio.” –Alison Butterill, offering manager for IBM i
ISM: What else is included in the IBM i 7.4 release?
AB: There are many features and functions in IBM i 7.4. It’s probably easiest to cover these as categories. Under the system management topic, changes allow the assignment of workload groups in a JOBD. And better searching has been built into QHST. Under application development, enhancements to the COBOL and RPG languages were made. RDi has new functions. Multiple new open-source environments and tools have been added such as vim and R. New SQL Services and many user-friendly enhancements have been made to ACS. There are new things in Backup and Recovery Management Services.
ISM: What are some notable features of 7.1 through 7.3 that clients might not be aware of, and how are these continued and enhanced in 7.4?
AB: Since IBM i 7.1 was announced in 2010, internet access has grown, as has the number of mobile devices. As the world has moved into a place of anyplace anytime access, companies must be more diligent and lock down their sensitive business data.
In IBM i 7.2 and 7.3, this has been given a lot of attention by giving new database features in those releases, such as row column access control (RCAC) in 7.2. RCAC allows the securing of data and providing access to rows and columns to only those people with a “need to know.” An example would be giving access to the employee information table to a payroll clerk, allowing them to see only the name and address. And then allowing the department manager to additionally see the salary column. All of the access is locked at the table level. Then it doesn’t matter where that application is being driven from or what language it’s written in because the security information is stored as part of the file or the table object itself.
IBM has done a lot to enhance the security of critical business data from all of the possibilities. Just as the world has changed, so has IBM i. So many more things are possible today than in years before. The system has opened up with things like open-source languages and Internet of Things devices—meters and monitors to retrieve data. IBM i is more open with the world of analytics. All of these are accessing data. At the same time that new security is assisting to lock down business data, the system is being opened up to possibilities.
ISM: Can you explain more about the open-source integrations—and especially how they’re continued in 7.4?
AB: In 2006, IBM, partnering with Zend, brought PHP to IBM i. With its success, IBM began to explore which open-source environments were popular among our clients. Open source runs in the IBM i PASE environment, which is a kernel of AIX* that sits inside IBM i. Many environments (coding languages, compilers or runtimes) can port to PASE, allowing companies to move lots of other applications onto IBM i.
For example, an ERP application written in industry-standard Python today using a Maria database could be ported to IBM i, where it could run unchanged. This gives clients more options when looking for business solutions.
Many, many schools teach open-source languages to their developers. Python is the most widely taught language in the world. To continue to see young developers coming to IBM i, it was necessary to move a lot of those languages onto IBM i. Many young developers have been absolutely thrilled that they can use Python or Pearl or Ruby or PHP or many other open-source languages natively on IBM i.
IBM i 7.4, adds more open-source components, including R, vim, Midnight Commander and others. Additionally, both the Node.js and Python ecosystems have been enhanced with the latest packages in the industry.
ISM: How has the way clients access open-source languages changed?
AB: The IBM delivery method for new products has traditionally been a new release or with a technology refresh, but the world of open source changes is different. Components are delivered whenever they are ready and do not fall under IBM’s governance. It was necessary to find a vehicle that would allow delivery of the latest enhancements as soon as they were announced.
Together with his team, Jesse Gorzinski, business architect for open source on IBM i, decided to follow the open-source delivery mechanism and use RPM delivery. It’s a robust environment for delivering packages of code.
ISM: Why is open source on IBM i critical to the vitality of IBM i?
AB: Many business applications are being developed in open-source languages as opposed to the traditional COBOL, C, RPG environment.
More importantly, new developers aren’t attracted to a company that only codes in COBOL. It’s not something that they’ve learned at school. Therefore, to get new developers into IBM i shops and for them to be productive, it was critical that more open source be available for IBM i. New developers are critical for the ongoing success of IBM i.
ISM: Why should clients upgrade to 7.4?
AB: Technical reasons and business reasons exist for moving to IBM i 7.4. It brings many enhancements across most of the components and functions, such as security protocols and the latest features in COBOL. It’s amazing that sometimes what actually drives people to move to a new release is not the biggest feature, but a few of the smaller ones like the enhanced logging capabilities of the additional view of Authority Collection.
From a business perspective, clients need to stay at current releases of IBM i. This allows them access to current support and service. IBM i 7.2 is under extended support. Clients currently using at 7.1 should be looking at upgrading to IBM i 7.4. Clients at IBM i, 7.2 and 7.3 should also be planning to upgrade to gain the performance, availability and security enhancements from IBM i 7.4.
Claire Walling is the senior editor of IBM Systems magazine.