This newsletter includes:
- IBM i 7.1 End of Life
- Ensuring that your IBM i isn’t Vulnerable to Attacks
- Saving and Restoring External Stored Procedures
- Jump Start Performance with DB2 Symmetric Multiprocessing
- Release levels and PTFs
Well it seems like it is speaking time, all the conferences are upon us and we have people speaking at all the major conferences. You can see in the events section where we will be over the next 2 months, and we hope to see you there. If you stop by our booth, ask for an “i Can do Anything…” shirt, we are giving them out at all our upcoming conferences. These shirts are destined to be a collector’s item. If you are attending the COMMON Annual Conference in Orlando May 7 – 10, be sure to also stop by our booth #509 to participate in a game we will be playing throughout the event. It has to do with Harry Potter Pins which we will be giving out to everyone who visits our booth. Find someone who has the same pin as yours, and when you both come up to the booth together you will receive a cash prize. A win-win for sure.
Probably the big news out of IBM this month is the announcement that IBM i 7.1 has an end of life date. If you are still on 7.1 you have plenty of time to upgrade, so start your planning today. Don’t let this upgrade catch you by surprise.
We have just finished our 2017 IBM i State of the Union, and it is getting all the art work done as you read this. We will send you an email shortly for your reading pleasure, and we are also producing a short video to go along with the State of the Union. I look forward to sharing this with you.
This issue of our newsletter has 6 articles. The first article is on IBM i 7.1 End of Life. The second article is a reprint of our blog dealing with Ensuring that your IBM i isn’t Vulnerable to Attacks and a few simple steps to improve your security. The third article by Chris Flick is on Saving and Restoring External Stored Procedures. The fourth article by our newest member of the iTech Staff, Steve Pitcher, is on how to Jump Start Performance with DB2 Symmetric Multiprocessing. The fifth article lists some of the upcoming events in which iTech Solutions will be participating. The last article is for your reference with updated PTF information. Please note that for all 7.1 customers that are on the Quarterly or Semi-annual iTech Solutions PTF maintenance plan, we will be installing the latest PTFs as you are most likely now on Technology Refresh 11. For the 7.2 customers, we will be installing 7.2 Technology Refresh 6, and 7.3 will be Technology Refresh 2.
Some notes on the new HMC release that just came out:
- HMC V8 R8.6.0 will be the last release to support POWER6.
- HMC V8 R8.6.0 will be the last release to allow ‘classic’ UI login.
- HMC V8 R8.6.0 will be the last release that supports the model CR5, CR6 and C08.
- The HMC must be at version V8 R8.4.0 or later to be upgraded to HMC V8 R8.6.0. This requirement is enforced during installation.
Having a business partner isn’t the same as having iTech Solutions. If you are not getting the support, the help, the guidance, and the advice you need to succeed, then you owe it to yourself to contact iTech Solutions for all your IBM Power Systems running IBM i needs. We can help you upgrade your AS/400 or iSeries to a Power Systems running IBM i, or even your existing POWER5, POWER6, or POWER7 machines to POWER8.
iTech Solutions vast experience can help you improve performance, perform security audits, implement a high availability solution, perform health checks, systems management, remote administration, PTF management, cloud-based systems, hosting, replication, and backup/recovery; upgrade an existing machine; or upgrade to a new machine. If you are thinking of LPAR or HMC, then think iTech Solutions. We have the skills to help you get the most out of your IBM i.
|
 |
For more information on any of the articles below please visit us on the web at iTech Solutions or email iTech Solutions. We would love for you to let us know any articles that you wish for the future, or if you enjoy any of the articles in the current newsletters.
___________________________________________________________________________________________
IBM i 7.1 End of Life.
On April 11, 2017 IBM announced that IBM i 7.1 would no longer be marketed after September 30, 2017, and it goes end of support on April 30, 2018. This means if you are still on IBM i 7.1 after 04/30/18, you will have to pay an additional fee for SWMA. IBM i 7.1 is already pretty old having been released on April 13, 2010. It has been rock solid for 7 years, but now it is getting old. If you are on this release you aren’t able to take advantage of all the new features that IBM has been delivering with 7.2 & 7.3. Yes, you could have been putting on all the Technology Refreshes, but they don’t give you all the new features and functions, plus they ended a while ago for 7.1. Moving up to IBM i 7.2 is a good move, moving to IBM i 7.3 is an even a better move.
Well I have to say, it really is about time, and in my opinion overdue. Do you know that 12 out of the 16 encryption ciphers in 7.1 are obsolete? That is 75%. If you are using Java 6, which is the default on IBM i 7.1, that hasn’t been updated by Oracle since February 2013. How vulnerable are you if that is what you are using?
The question becomes why have you been waiting so long? There are quite a few things that you have to address before moving to 7.2 or 7.3 that we have discussed over the years. Things like versions of Java, Domino, Apache, WebSphere, MQ, LAN Console, Load Source size, required PTFs, Expanding the License Internal Code space, PHP, and a few others. Is your hardware capable of running the new release? When was the last time you did an upgrade? Want to work with an IBM business partner that does multiple OS upgrades a week, then contact iTech Solutions. We do more OS upgrades in a week, than most people do in their lifetime. We have the knowledge, the skills, the expertise, and the experience to do your upgrade correctly and with the least disruption possible. You get your machine upgraded, all with the comfort of knowing it’s being done correctly.
Ensuring that your IBM i isn’t Vulnerable to Attacks.
Did you get a chance to read our recent blog on IBM i security from an administrator’s perspective? Your IBM i isn’t as safe as you may wish. Remember the IBM i is securable, but left without proper management and administration it is not as secure as you may believe.
If you believe your IBM i is 100% secure from attacks both inside and outside the firewall, then you are probably at risk. Many companies are under a false sense of security that their data is safe just because it resides on IBM i. A good IBM i administrator should be able to demonstrate that their systems are being proactively assessed and interrogated to minimize the risk of security vulnerabilities. Regardless of architecture, no system is 100% secure. However, when security is viewed as an operating strategy rather than a goal the chances of a breach with data loss are reduced substantially.
[Get 5 Tips to Improving Your IBM i Security]
Where is your system vulnerable?
The IBM i is probably the most securable system available, but it doesn’t come that way. You have to know how to configure the system properly to make it secure. This requires knowledge about proper security levels, password levels, authorities and more. Even a well-managed system may still be exposed, without you realizing it. Having your IBM i assessed by an IBM i Security expert can help ensure that your system is as protected as it can be.
Passwords
Poorly implemented password policies are one of the most prevalent risks faced by IBM i shops. Limiting password lengths to only 10 characters is extremely risky. It makes it easier for someone to hack into your system, therefore putting your data and business at risk. In addition to not requiring strong enough passwords, too many shops still have users……..
To continue reading the rest of the blog click here.
For getting the guide below, click on the image.
If you need help or have questions on this, iTech Solutions can help you to do the remediation, or anything else. Contact us to let us help you.
Saving and Restoring External Stored Procedures.
Issue: Saving and restoring External Stored Procedures.
When the program object is backed up, the SQL routine definition is captured as well. Subsequently when the program object is restored, the SQL routine definition is restored. Therefore, restoring the library will not restore the SQL routine definition unless the program object is in that library. This issue arises typically, because the SQL routine definitions’ schema is assigned to a “data” library rather than the “program” library. IBM chose to associate the routine definition at the program and service program level rather than at the library level. To avoid this issue, you should create the external SQL routine definitions in the same schema/library as the HLL program objects, instead of using mixed schema/library.
Background: On External Stored Procedures. 
An External Stored Procedure is made up of two distinct entities, which can exist independently of each other. These are the program or service program object, and the catalog entries for Stored Procedures. When working with External Stored Procedures, the program object (*PGM) and the IBM SQL/400 Catalogs must be synchronized. A stored procedure can be created without the program existing, so just the catalog entry is made, and the program object can be compiled and exist without the catalog entry.
Resolution: Working with External Stored Procedures.
Below is a table that contains IBM’s recommended actions that should be performed when working with External Stored Procedures that were created in an ILE (non-OPM) environment outside of libraries QSYS or QSYS2 with a minimum of one IBM SQL/400 statement. These guidelines were designed and apply to External (non-SQL) Stored Procedures that were made in an ILE (non-OPM) environment and contain at least one embedded SQL statement and are not in the QSYS or QSYS2 libraries. If your stored procedures do not meet these criteria, the steps required will be increased.
| Action Required: | Steps Required: |
| Create New | – Compile – CREATE PROCEDURE(s) – Verify SQL Catalogs |
| Delete | – DROP SPECIFIC PROCEDURE(s) – DLTPGM – Verify SQL Catalogs |
| Recompile | – DROP SPECIFIC PROCEDURE(s) – DLTPGM – Compile – CREATE PROCEDURE(s) – Verify SQL Catalogs |
| Restore from SystemA to SystemB | – DROP SPECIFIC PROCEDURE(s) on SystemB – DLTPGM on SystemB – Restore from SystemA – Verify SQL Catalogs |
| Restore from SystemA LibA to SystemB LibB | – DROP SPECIFIC PROCEDURE(s) on SystemB – DLTPGM on SystemB – Restore from SystemA to SystemB – DROP SPECIFIC PROCEDURE(s) on SystemB of LibA – CREATE PROCEDURE(s) on SystemB of LibB – Verify SQL Catalogs |
| Move from LibA to LibB | – DROP SPECIFIC PROCEDURE(s) on LibA – Move *PGM object – CREATE PROCEDURE(s) for LibB – Verify SQL Catalogs |
| Verify SQL Catalogs (CREATES) | – DSPJRN JRN(QSYS2/QSQJRN) FILE((SYSROUTINE)) JRNCDE((R)) ENTTYP(PX) – SELECT * FROM QSYS2/SYSPROCS WHERE DATE(ROUTINE_CREATED) = CURRENT_DATE |
| Verify SQL Catalogs (DROPS) | – DSPJRN JRN(QSYS2/QSQJRN) FILE((SYSROUTINE)) JRNCDE((R)) ENTTYP(DL) |
To learn more on how iTech Solutions can help you with any migration, please call us at 203-744-7854 and press 3, or email us.
Jump Start Performance with DB2 Symmetric Multiprocessing
Do you have multiple processor cores allocated to an IBM i partition? If so you may not be aware of a great feature that’s been around since V3R1 of the operating system. It’s called DB2 Symmetric Multiprocessing, or DB2 SMP (IBM i – option 26). If it’s been around forever you may be asking yourself why you haven’t heard about it before.
Well, back in V3R1, if you had a multi-core machine then chances are you had some seriously big and expensive iron. Most IBM i customers are small to medium businesses. The Power 720’s and S814’s of the world make up the bulk of the current systems out there today. Way back in V3R1, most customers had small systems with one active processor. As hardware evolved and the price came down, customers began buying and activating additional processing cores for their systems and restoring the licensed programs they had on their previous machine. Therefore, DB2 Symmetric Multiprocessing wouldn’t have come over with the rest of the licensed programs during a migration.
Symmetric Multiprocessing allows multiple database operations to occur simultaneously on multiple processors. This allows IBM i to be optimized for more complex and bigger data crunching tasks. Without SMP, a database job is allocated to one processor core no matter how many cores you have allocated to a partition. With SMP enabled, the job is logically allocated between all active cores on a partition. This “parallelism” can drastically and positively affect the overall processing capability and efficiency of a server. For instance, an SQL query that runs for 100 seconds against one core will run for about 50 seconds with two cores and SMP enabled, 33 seconds with three cores and SMP enabled and 25 seconds with four cores and SMP enabled.
If you have multiple cores allocated to a partition, check to see if you have option 26 of IBM i installed. If you do, then that’s the first step. If you have it installed, to check if it’s enabled have a look at your QQRYDEGREE system value:
- *NONE—This means that a job will use only one processor core, no matter how many are assigned to the partition.
- *IO—Any number of tasks may be used when the database query optimizer chooses to use I/O parallel processing for queries. Parallel processing is not used.
- *OPTIMIZE—This is the least intrusive option for parallel processing. This means that a job will take a reasonable share of processing and memory resources for symmetric multiprocessing or choose I/O processing instead, depending on available resources.
- *MAX—A job will attempt to use all processing power across all cores and system memory to complete. I wouldn’t recommend this for “middle of the day” processing.
If you have SMP installed, you may want to review your performance information with Performance Data Investigator inside IBM Navigator for i in order to get a benchmark. Then, change QQRYDEGREE to *OPTIMIZE. This is the “good neighbor” setting, allowing a balanced share of resources against DB2 jobs. Review your performance history in a day or two and you may be surprised with the results. To discuss this further, or have iTech Solutions help you improve performance, contact our sales staff.
| Upcoming Events
Some of the events that we will be speaking at or exhibiting at are listed below. Don’t forget the iTech Solutions web site at https://itechsol.com. |
 |
Archived available anytime – Steve Will and Pete Massiello host a session on what’s new for IBM i 7.3.
May 7 – 10, 2017 – COMMON Annual Conference & Expo – Loews Sapphire Falls Resort, at Universal Orlando, FL
- Stop by our booth 509 in the Expo and see Rick Marcotte and Laurie LeBlanc
- Steve – Sunday 12:45 14AC Rapid Fire Admin
- Pete – Monday 14:00 25AA Tips and Tricks to improve System performance and Save Disk Space
- Pete – Monday 17:00 27AA Cool Things in Navigator for IBM i to be a Rock Star Administrator
- Steve – Monday 17:00 27CM YIPs Roundtable
- Pete – Tuesday 08:00 31AA What you need to know when Upgrading IBM i to 7.3
- Steve – Tuesday 09:30 32AC IBM i and our False Sense of Security
- Pete – Tuesday 11:00 33AA HMC, IBM i, FSP, and Firmware
- Pete – Wednesday 11:00 43AA Step-by-Step Guide to Creating Virtual i Partitions Hosted by IBM i
May 16, 2017 – Long Island Systems User Group – Westbury, NY
- Stop by our booth and talk with Charlie Kaplan
May 22 – 26, 2017 – IBM Systems Technical University – Hilton Buena Vista Palace, Orlando, FL – Pete Will be speaking on:
- Step-by-step guide to creating IBM i partitions hosted by IBM i
- Cool Things in Navigator for IBM i to be a Rock Star Administrator
- What you need to know when Upgrading IBM i to 7.3
- Tips and Tricks to improve System performance and Save Disk Space
June 18 – 21, 2017 – COMMON Europe Congress, Brussels Belgium. Pete will be speaking on:
- What you need to know when Upgrading IBM i to 7.3
- HMC, IBM i, FSP, and Firmware: Putting the pieces together
Release levels and PTFs
People are always asking me how often they should be performing PTF maintenance, and when is the right time to upgrade their operating system. I updated this article from last month with the current levels of PTFs. Let’s look at PTFs. First, PTFs are Program Temporary Fixes that are created by IBM to fix a problem that has occurred or to possibly prevent a problem from occurring. In addition, some times PTFs add new functionality, security, or improve performance. Therefore, I am always dumbfounded as to why customers do not perform PTF maintenance on their machine at least quarterly. If IBM has come out with a fix for your disk drives, why do you want to wait for your disk drive to fail with that problem, only to be told that there is a fix for that problem, and if you had applied the PTF beforehand, you would have averted the problem. Therefore, I think a quarterly PTF maintenance strategy is a smart move. Many of our customers are on our quarterly PTF maintenance program, and that provides them with the peace of mind of knowing their system is up to date on PTFs. Below is a table of the major group PTFs for the last few releases. This is what we are installing for our customers on iTech Solutions Quarterly Maintenance program.
| 7.3 | 7.2 | 7.1 | 6.1 | V5R4 | |
|---|---|---|---|---|---|
| Cumul Pack | 17061 | 17068 | 16320 | 15063 | 12094 |
| Tech. Refresh | 2 | 6 | 11 | ||
| Grp Hipers | 28 | 88 | 192 | 210 | 204 |
| DB Group | 4 | 16 | 41 | 33 | 33 |
| Java Group | 3 | 11 | 26 | 37 | 34 |
| Print Group | 3 | 13 | 31 | 49 | |
| Backup/Recov. | 9 | 31 | 65 | 61 | 57 |
| Blade/IXA/IXS | 1 | 16 | 30 | 15 | |
| HTTP | 6 | 19 | 45 | 46 | 36 |
| TCP/IP | 3 | 10 | 17 | 22 | |
| Security | 13 | 44 | 68 | 60 | 33 |
| High Availability | 3 | 6 | 13 | 5 | |
| Hardware | 9 | 26 | 37 | 17 | |
| Open Source | 3 | 3 | 3 |
The easiest way to check your levels is to issue the command WRKPTFGRP. They should all have a status of installed, and you should be up to the latest for all the above, based upon your release. Now there are more groups than the ones listed above, but these are the general ones that most people require. We can help you know which group PTFs you should be installing on your machine based upon your licensed programs. Here is a nice tidbit. The Cumulative PTF package number is broken down as YDDD, where Y is the year and DDD is the day it was released. Therefore, if we look at the cumulative package for V7R1, the ID is 16120. We can determine that it was created on the 120th day of 2016, which is April 29th, 2016. Look at your machine and this will give you a quick indication of just how far out of date in PTFs you may be.
HMCs
If you have a Hardware Management Console (HMC,) you should be running:
| Model | Release | Service Pack |
|---|---|---|
| HMC | V8R8.6 |
|
| HMC | V8R8.5 |
|
| HMC | V8R8.4 |
|
| HMC | V8R8.3 |
|
| HMC | V8R8.2 |
|
| HMC (CR4 last release) | V7R7.9 |
|
| HMC | V7R7.8 |
|
| or | V7R7.7 |
|
| HMC C03 | V7R3.5 |
|
If we have a model listed above in the HMC column that is the highest level of firmware that model of the HMC can be upgraded to.
- Note that release 8.8.x does not support any POWER5 servers.
- Version 7.7.9 is not supported as of 12/30/2016 and cannot be installed on HMC models C03, C04 or CR2.
- If an HMC is used to manage any POWER7 processor based server, the HMC must be a model CR3 or later model rack-mount HMC or C05 or later desk side HMC.
- HMC V8R8.1 is supported on rack-mount models CR5, CR6, CR7 and CR8; and on desktop model C08. These listed models meet or exceed the V8R8.1 minimum memory requirement of 2GB however 4GB is recommended.
- If you want to manage a POWER8 machine, you need to be on at least HMC 8.8.1
Some notes on the new HMC release V8R8.6 that just came out:
- Will be the last release to support POWER6.
- Will be the last release to allow ‘classic’ UI login.
- Will be the last release that supports the model CR5, CR6 and C08.
- The HMC must be at version V8 R8.4.0 or later to be upgraded to HMC V8 R8.6.0. This requirement is enforced during installation.
If you have a Flexible Service Processor (FSP) your firmware should be:
| Machine Processor | Model | Version | Notes |
|---|---|---|---|
| Power5 or 5+ | 520, 515, 525, 550, 570 | SF240_418_382 | last |
| Power6 | 940x, M15, M25, M50 | EL350_176_038 | last |
| 8203-E4A, 8204-E8A, 8204-E4A | EL350_176_038 | last | |
| MMA, 560, 570 | EM350_176_038 | last | |
| 9119-FHA | EH350_176_038 | last | |
| Power7 | 8231-E1B, 8202-E4B, 8231-E2B, 8205-E6B, 8233-E8B, 8236-E8C | AL730_152_035 | |
| 9117-MMB, 9179-MHB | AM780_080_040 | ||
| 8231-E1C, 8202-E4C, 8205-E6C | AL740_161_042 | ||
| 9117-MMC, 9179-MHC | AM770-112_032 | ||
| Power7+ | 8231-E1D, 8202-E4D, 8231-E2D, 8205-E6D | AL770_112_032 | |
| 8408-E8D, 9109-RMD | AM770_112_032 | ||
| 9117-MMD, 9179-MHD | AM780_080_040 | ||
| Power8 | 8408-E8E, 8284-21A, 8284-22A, 8286-41A, or 8286-42A |
|
|
| 9119-MHE or 9119-MME | SC860_070_056 |
If you need help with upgrading your HMC or FSP just give us a call. We will be happy to perform the function for you or assist you in doing it. Contact Pete Massiello.
