IBM Champions

IBM Champions Banner

IBM Champions

Engage with IBM Champions and top advocates

 View Only

From Gothenburg to IBM i 7.6 & MFA: Our Adventure in Security by Default

  • 1.  From Gothenburg to IBM i 7.6 & MFA: Our Adventure in Security by Default

    Posted 6 days ago

     

    Fresh back from the CEC in Gothenburg, energized and ready for action! 🚀 Our first mission? Upgrading our IBM i system to the new 7.6 release and locking it down with Multi-Factor Authentication (MFA).

    Here's a rundown of our deep dive into the future of Power Systems security.

    🔒 From "Security by Design" to "Security by Default": The Real Game-Changer

    Right after installation, we immediately ran into (in a good way!) the most revolutionary aspect of this release: the shift from a "Security by Design" to a "Security by Default" philosophy.

    What does this mean in practice?

    • 🔹 Security by Design (The Past): The OS provided all the tools to make your system secure, but you had to actively enable and configure them. By default, many doors were "left ajar."
    • 🔹 Security by Default (The Present): IBM i 7.6 is born locked down. Security is no longer an option, but the starting point. To even begin "tinkering," we had to explicitly configure and authorize users and services. This is a fundamental mindset shift that puts security first, without compromise.

    It wasn't a walk in the park. Juggling Memos to Users, manuals, and even opening a support ticket with IBM (the release did show some teething issues), we finally tamed the "beast": release 7.6 is now live and operational!

     MFA Configuration: Passed with Flying Colors!

    The next step was to enable Multi-Factor Authentication (MFA).

    The experience was surprisingly smooth:

    1. Activation: Required an IPL, as expected.
    2. Integration: The new field for the second factor magically appeared on the login screen, in Navigator for i, and in ACS.
    3. Field Test: We used a standard, free TOTP generator (like Google/Microsoft Authenticator) and it worked perfectly.
    4. Compatibility: The real highlight? We tested connections with clients that don't natively support MFA, like FileZilla, and with the right setup, access was still managed correctly.

    Great job, IBM!

    ⚠️ A Note of Caution: Farewell, STRSDA and STRRLU!

    Every update brings a few goodbyes. With 7.6, we bid farewell to two legacy commands: STRSDA and STRRLU.

    It's no longer possible to edit screens and reports directly from PDM.

    The solution? Rely on modern, external tools. I've been using IBM Rational Developer for i (RDI) for years, and I can confirm it integrates seamlessly with the new release for these tasks.

    What's next?

    This is just the first step. Now the real fun begins: continuing to explore this new, incredible powerhouse of security and features.

    What about you? Have you planned your upgrade to IBM i 7.6? What are your main concerns or expectations about "Security by Default"? Let's discuss in the comments!

    Stay Tuned!

    #IBMi #AS400 #PowerSystems #CyberSecurity #MFA #SecurityByDefault #IBM #RPG #ITInfrastructure #SystemAdministrator #IBMi76 #RDI #CECgothenburg



    ------------------------------
    [Giancarlo] [Lui]
    [CTO]
    [Horsa Power]
    [Milan] [Italy]
    02 3359 1375
    ------------------------------