“Alas, poor 7.1! I knew him, Horatio: an O/S of infinite Roch-est, of most excellent Resili-ancy: he hath borne me on his back-up a thousand times”. OK so I confess that is quite possibly the most painful Shakespeare kludge I have ever read too. If you can do better, please feel free to share with the whole of the class in the comments section below.
Remember I am but a poor comprehensive boy from Wolverhampton, so please give me credit for trying. Where I come from “Shakespeare” is what an idiot does before opening a can of Banks’s Bitter. (OK, you may need to find someone from the Midlands to explain that last one to you but as our next i-UG meeting is in Wolverhampton, then you are in luck!)
I’ve realised I’m just about to go off on one of my extended ramblings, so if you just want to know the technical reasons why you should upgrade, I’ll put a heading in called “Why Should I bother to upgrade”, scroll down to that bit and save yourself from my witterings.
Getting back to the point (or rather getting back to the tangent to the point) last weekend (30th September 2017) saw the end of the marketing date for IBM i 7.1, which is the 2nd of the key dates in the retirement of this version of the O/S. The final and literally drop-dead date for support is the 30th April 2018 but don’t wait until then unless you want to pay double for your upgrade.
Now, by Drop-Dead, I don’t mean the operating system will stop working, this is simply what the guys in Rochester support will want to tell you if you phone up for support and you are still using it 😊
We never used to have to upgrade back in my day
I hear this sort of nonsense a lot, it is simply poppycock! IBM i 7.1 is the longest supported operating system in the three-decade history of this glorious operating system. It became available to the public in April 2010 and so reigned supreme for 8 years.
The only version to come close to that was 5.4 with its 7¾ year life. If we go back to the early days of the RISC based POWER processor, IBM i v4.x, then the average time between releases was around 3 years, if we go back to v3 then it was closer to 2 years between releases.
The inconvenient truth
The remarkable yet inconvenient truth is that IBM i 7.3 is actually the 24th version of this operating system. Yes 24 versions in 29 years!! If you don’t believe me, feel free to count them yourself, there is a list at the link below:
The real reason that many companies don’t upgrade is they don’t think they need to, they normally just get a new operating system when they get a new box. For quite some time now these servers have become so powerful a typical client just doesn’t need to upgrade to get the performance or storage they need.
This would be great if we were to look after them but all too often we don’t. We say things like “if it ain’t broke, don’t fix it” and thousands of them just sit there, often for up to a decade, stagnating in the corner.
The one truly remarkable thing that Microsoft achieved was to create an operating system so ubiquitous yet so unreliable that people got used to upgrading it from the very beginning!
Why should I bother to upgrade?
Many of you will be thinking why should I bother to upgrade? My operating system isn’t buggy, it doesn’t crash and it’s not like the system will stop working on the 1st May next year. Well of course you are right but also in some very real ways YOU ARE WRONG!
As highlighted in last months article on SMBv2 support, there are some every day functions in IBM i 7.1 that are going to stop working with other more up to date operating systems, this can even include talking to newer versions of IBM i!
So, this month I thought I’d run through a few other reasons why you might want to get up to at least IBM i 7.2.
Encrypting using TLS not SSL
Many folks think that the “S” in HTTPS stands for SSL, it doesn’t, it simply stands for Secure. SSL (Secure Socket Layer) is one of those acronyms that has penetrated the language of the Muggles enough that it has stuck. This encryption methodology has been and gone and no one in their right mind should still be using it. It was replaced by TLS (Transport Layer Security) some time ago now and so all the browsers being used to read this article are TLS enabled by default.
The problem is that by default your IBM i 7.1 server does not. It is possible to enable it and to change the cipher suite that works in conjunction with it but this involves work, just about the same amount of work as upgrading the operating system.
Worse still, the world of encryption is a constantly evolving one, with ever increasing demands for higher security and, even if you are prepared to put in the work to keep your 7.1 system up to snuff, IBM are about to stop giving you the new security building blocks you will need.
Java gets a lot of bad press in the media, it’s biggest downfall is it biggest strength, it runs anywhere. The bad guys know this too and so they have spent a lot of time finding ways to get their evil code to execute on as many computers as possible.
Now, as you might have guessed, IBM i is not vulnerable to common attack vectors like Buffer Overflows. In fact, the very idea that you could simply pass more data back to a program than it was expecting and somehow the OS would accept it and execute it is laughable to an IBM i developer. Many years ago, I heard Malcolm Haines, formerly of IBM talk on this subject. He simply laughed and said, “we don’t have these problems because we practice Safe Hex”.
Malcolm’s sense of humour may have had a significant effect on yours truly. He is also the man responsible for introducing me to Podcasts, something that literally consumes my every spare moment, but I digress.
The take away point here is that the world is demanding newer and more robust versions of Java and IBM is about to stop making those available at 7.1. So, whilst your system works fine now, at some point, just like with our security and SMB examples, the other entity you want your IBM i system to talk to is not going to be able to listen because your old version of Java is no longer supported.
With GDPR regulations fast approaching many of you are going to be asked to increase the level of security on the files with customer details in them, even simple public domain details like home addresses. If you are at 7.2 or newer, you can use the free of charge RCAC (Row Column Access Control) function to protect data at the record
and / or field level.
With this tool configured correctly it means that you can give your auditor the QSECOFR password and even list out the files with your golden data. They will have full access to view and copy it just as you might expect but they will not be able to see any of the protected data. This is security implemented at the heart of the database, even the operating system adheres to it. It’s about as bullet proof as it gets. Let me repeat the point. This is FREE in IBM i from 7.2 onwards.
If you have to write your own version of this function, then good luck, you had better start soon. I know several people who have tried and failed.
Support for new hardware
When IBM release the new POWER9 servers next year it is fair to assume that you will need to be using at least 7.2 to use it. In fact, the newest of the POWER8 range, the S812, already has this limit imposed. So why not upgrade before and make your future hardware migration a simple matter of a save and restore.
There are a huge number of new features that IBM have packed into 7.2 and 7.3, I have written about many of them in previous months so I will not trot out another long list but there are links to the things I love about 7.2 and 7.3 here (part 1) and here (part 2).
Nice to see you
We have the latest news on how the GDPR regulations will start affecting you next year as well as news on Open Source and RPG development.
More details and a booking form are available at our website www.i-ug.co.uk