Fresh back from the CEC in Gothenburg, energized and ready for action! 🚀 Our first mission? Upgrading our IBM i system to the new 7.6 release and locking it down with Multi-Factor Authentication (MFA).
Here's a rundown of our deep dive into the future of Power Systems security.
🔒 From "Security by Design" to "Security by Default": The Real Game-Changer
Right after installation, we immediately ran into (in a good way!) the most revolutionary aspect of this release: the shift from a "Security by Design" to a "Security by Default" philosophy.
What does this mean in practice?
- 🔹 Security by Design (The Past): The OS provided all the tools to make your system secure, but you had to actively enable and configure them. By default, many doors were "left ajar."
- 🔹 Security by Default (The Present): IBM i 7.6 is born locked down. Security is no longer an option, but the starting point. To even begin "tinkering," we had to explicitly configure and authorize users and services. This is a fundamental mindset shift that puts security first, without compromise.
It wasn't a walk in the park. Juggling Memos to Users, manuals, and even opening a support ticket with IBM (the release did show some teething issues), we finally tamed the "beast": release 7.6 is now live and operational!
✅ MFA Configuration: Passed with Flying Colors!
The next step was to enable Multi-Factor Authentication (MFA).
The experience was surprisingly smooth:
- Activation: Required an IPL, as expected.
- Integration: The new field for the second factor magically appeared on the login screen, in Navigator for i, and in ACS.
- Field Test: We used a standard, free TOTP generator (like Google/Microsoft Authenticator) and it worked perfectly.
- Compatibility: The real highlight? We tested connections with clients that don't natively support MFA, like FileZilla, and with the right setup, access was still managed correctly.
Great job, IBM!
⚠️ A Note of Caution: Farewell, STRSDA and STRRLU!
Every update brings a few goodbyes. With 7.6, we bid farewell to two legacy commands: STRSDA and STRRLU.
It's no longer possible to edit screens and reports directly from PDM.
The solution? Rely on modern, external tools. I've been using IBM Rational Developer for i (RDI) for years, and I can confirm it integrates seamlessly with the new release for these tasks.
What's next?
This is just the first step. Now the real fun begins: continuing to explore this new, incredible powerhouse of security and features.
What about you? Have you planned your upgrade to IBM i 7.6? What are your main concerns or expectations about "Security by Default"? Let's discuss in the comments!
Stay Tuned!
#IBMi #AS400 #PowerSystems #CyberSecurity #MFA #SecurityByDefault #IBM #RPG #ITInfrastructure #SystemAdministrator #IBMi76 #RDI #CECgothenburg