With the arrival of IBM i version 7.6, IBM is once again proving that this platform is not only alive and well but actively evolving.
What are some slick features inside IBM i 7.6?
Security is finally at the forefront of everyone’s minds, rightfully so. With breaches, ransomware and cyberattacks making daily headlines, companies are under increasing pressure to tighten how they protect their data. Just yesterday, I sat in a CFO’s office describing a Disaster Recovery as a Service (DRaaS) proposal. His biggest question? “How do you protect my data?”
My most favourite new feature? Well, there’s two:
Built-in multi-factor authentication (MFA)
First, IBM i 7.6 offers built-in multi-factor authentication (MFA).
That means you can now require users to confirm their identity with a secondary factor, like with an app on their phone. The integrated MFA is an additional layer that validates a user is who they say they are and strengthens the IBM i overall security posture. This extra layer of protection doesn’t cost one penny extra or require any additional software. It just works right out of the can.
Auxiliary storage pool (ASP)
Second, we now can encrypt the system Auxiliary Storage Pool (ASP).
Before this, to encrypt the system ASP, you’d need to purchase external storage and encrypt those disks before presenting logical unit numbers (LUNs) to the IBM i. Customers on the smaller end of the spectrum can’t usually justify purchasing a SAN, so this feature is tipping the hat to the smaller shops. The only requirement to encrypt the system ASP is option 45 of the operating system licensed programme, Encrypted ASP Enablement. The feature is accessed from inside Service Tools and doesn’t require any downtime to enable.
Additional honourable mentions
The CFGHOSTSVR command
Another cool feature is the CFGHOSTSVR command, which enables and even forces encrypted connections to IBM i host servers, such as database, file, network print and sign-on servers.
Previously, to prevent your host servers from operating on unencrypted ports, you’d have to mess around with TCP/IP port restrictions; this has never been a simple or straightforward task for the average administrator.
IBM Navigator for i
IBM Navigator for i (the main web-based interface for managing the system) continues to improve steadily. It’s become a clean, more intuitive interface. It includes helpful wizards for setting up things like TLS encryption, managing digital certificates, enabling those new MFA options and managing the host servers we just discussed. Administrators will love how much easier it is to see what’s happening at a glance, especially when managing multiple systems. Some significant new dashboards track license expirations, security events and performance trends.
Is that all there is? Not in the slightest!
In fact, there are a whole bunch of features that I haven’t even touched on here, including many related to security. Digital Certificate Manager had a facelift. IBM Debugger clients can now secure their connections. The ability to view (not change) specific system parameters previously required *IOSYSCFG special authority.
Stronger AES encryption is enabled out of the gate instead of the older DES and triple-DES encryption for Kerberos and Enterprise Identity Mapping configurations. The security PTF group apply date is visible on the WRKPTFGRP screen to show you how old your security fixes are.
However, because of the two main features (in my opinion) of System ASP encryption and multi-factor authentication, the question shouldn’t be whether you should upgrade to IBM i 7.6. It should be when.
And the answer is: yesterday.
