IBM i Security
IBM i Authority Collection
Most IBM i applications have excessive authorities granted to objects within the application. For instance, when an application gives *PUBLIC *CHANGE or *ALL authority for objects within an application, and accessing a DB2 file, when it only requires *USE authority to the data. Applications with unnecessary authorities creates security vulnerabilities by allowing users and other applications to make changes to data outside the application.
The following Authority Collection interfaces have been updated:
End Authority Collection (ENDAUTCOL).
Delete Authority Collection (DLTAUTCOL).
Display Security Attributes (DSPSECA) command and Retrieve Security Attributes (QSYRTVSA) API show if an Authority collection for objects is active.
Interfaces that show object attributes now include the authority collection value for the object.
The Authority Collection value for an object can be set with the new Change Authority Collection (CHGAUTCOL) command. When Authority Collection for objects is started using the enhanced Start Authority Collection (STRAUTCOL) command, authority information is collected for the specific objects that have this value set. Any user access of these objects is then collected and written to the authority collection repository for objects.
The following SQL views were added to display and analyze the authority collection data for objects:
QSYS2.AUTHORITY_COLLECTION_OBJECT view - for QSYS objects; use this when the number of entries in the authority collection is large and you are looking for a specific object or objects in a specific library.
QSYS2.AUTHORITY_COLLECTION_LIBRARIES view - for QSYS objects; use this when the number of entries in the authority collection is small or you are looking for all, or most, objects in the authority collection.
QSYS2.AUTHORITY_COLLECTION_FSOBJ view - for file system objects in the "root" (/), QOpenSys, and user-defined file systems
QSYS2.AUTHORITY_COLLECTION_DLO view - for document and folder objects
Transport Layer Security (TLSv1.3)
Transport Layer Security (TLS) encryption is used to encrypt communications between two systems, such as when using IBM i FTPS. V7R4 update provides support for TLS version 1.3 (TLSV1.3) to ensure secure communications of applications and data. TLSv1.3 is used by default when system value QSSLPCL is set to *OPSYS. All applications designed to use the default TLS protocol will immediately support TLSv1.3 if the system value setting allows TLSv1.3. Other applications may require configuration or code changes to enable TLSv1.3.
IBM i V7R4 provides a new Retrieve TLS Attributes (QsoRtvTLSA) API to retrieve the current default TLS properties. The TLS properties can be changed with the TLSCONFIG command.
SNMPv3
IBM i support for Simple Network Management Protocol version 3 (SNMPv3) has been enhanced with the ability to securely send SNMPv3 Trap and Inform messages. The IBM i local trap manager has been enhanced with the ability to securely receive and forward SNMPv3 Trap and Inform messages. Additionally, traps generated by third-party sub-agents can be sent as SNMPv3 Traps or Informs without any changes to the sub-agent code. See the Change SNMP Attributes (CHGSNMPA) topic in IBM Knowledge Center for additional information.
Service tools enhancements
IBM i service tools security options now support service tools user ID password rules similar to those provided for system user profiles, which now allow the following password composition rules for DST, SST and the new SST Security Attribute commands:
Limit profile name
Hours to block password change
Minimum password length
Maximum password length
Use chars from three groups
Limit adjacent characters
Limit repeating characters
Limit characters’ same position
Minimum digits
Maximum digits
Limit adjacent digits
Limit digit first position
Limit digit last position
Minimum letters
Maximum letters
Limit adjacent letters
Limit letter first position
Limit letter last position
Number of mixed case letters
Minimum special characters
Maximum special characters
Limit adjacent special characters
Limit special character first position
Limit special character last position
The new SST Security Attribute commands are:
Change SST Security Attributes (CHGSSTSECA)
Display SST Security Attributes (DSPSSTSECA)
In addition to password rule attributes, the commands support the "service tools password level" attribute and the "allow security-related system values to be changed" attribute.
The new commands for service tools user ID management to enable the same SST privileges managed through DST or SST are:
Create Service Tools User ID (CRTSSTUSR)
Change Service Tools User ID (CHGSSTUSR)
Delete Service Tools User ID (DLTSSTUSR)
Digital Certificate Manager (DCM)
Digital Certificate Manager can now automate many certificate management tasks using remove, add and check functions for renewing a certificate from the certificate store, update an application identifier to use renewed certificates and update trust list with the CA that issued the renewed certificate.
An Application Definition, also known as Application ID, is created and maintained in DCM for use by System TLS based applications. These three APIs provide Application Definition certificate assignment capabilities:
Remove a certificate assignment from an application (QycdRemoveCertUsage).
Add a certificate assignment to an application (QycdUpdateCertUsage).
Retrieve information about the certificate currently assigned to an application (QycdRetrieveCertUsageInfo).
A Certificate Authority (CA) Trust List is an optional configuration for Application Definitions. The list allows individual applications to trust a different set of CAs from other applications. These three APIs provide CA Trust List configuration capabilities:
Add a CA certificate to the CA certificate trust list (QycdAddCACertTrust).
Remove a CA certificate from the CA certificate trust list (QycdRemoveCACertTrust).
Check if CA certificate is in the CA certificate trust list (QycdCheckCACertTrust).
This API is used in a two-step process to renew an existing certificate residing in the system certificate store: Request a certificate renewal and import certificate into system store (QycdRenewCertificate).
With the first call, a CSR (Certificate Signing Request) is generated based on an existing certificate. After out-of-band processing of the CSR is complete, the second call imports the issued certificate into the system certificate store.
IBM i System Management
Workload groups
Workload groups allow the isolation of specific workloads into a limited processing environment. With IBM i V7R4, workload groups can now be configured by job description using the new WLCGRP parameter on Create Job Description (CRTJOBD) or Change Job Description (CHGJOBD) commands. In previous OS400 version releases, workload groups were set at the subsystem level only, and every job in a subsystem ran in the same workload group. Jobs can run in different workload groups within the same subsystem by setting a workload group name on the job description.
The workload group (WLCGRP) name can be viewed for a job description using the Display Job Description (DSPJOBD) command or the Retrieve Job Description (QWDRJOBD) API. If a workload group name has not been explicitly set in the job description, it will default to *SBSD, which means that jobs started with the job description will use the workload group defined in the subsystem description.
It is possible to change the workload group (WLCGRP) in the JOBD while the subsystem is active. New jobs will be able to use the new workload group without restarting the subsystem.
Processor Multitasking Information
The Retrieve Processor Multitasking Information (QWCRTVPR) API in IBM i V7R4 returns the current and maximum number of secondary hardware threads, in addition to the configured number of secondary hardware threads, per processor. Previous OS400 version releases, the Retrieve Processor Multitasking Information (QWCRTVPR) API only retrieved the maximum number of secondary hardware threads per processor.
The Change Processor Multitasking Information (QWCCHGPR) API is used to limit the number of processing threads on systems using simultaneous multithreading (QPRCMLTTSK system value). The QWCRTVPR API in previous OS400 version releases returned only the value set by the QWCCHGPR API, and could not determine the actual value used by the system or the maximum value supported by the system.
In IBM i V7R4, QWCRTVPR add two new parameters that retrieve the number of secondary threads that are currently active, and the maximum number of secondary hardware threads per processor supported by the system.
Managing and tracking jobs in a job queue
Two new exit points have been added to better track and manage jobs submitted to a job queue, and keep track of the information needed to resubmit jobs to a JOBQ in conjunction with the existing Job Notification exit point. The Submit Job exit point (QIBM_QWT_SBMJOB) can call a user exit program in a job that calls the SBMJOB command, prior to the job being placed in the job queue. The Change Job exit point (QIBM_QWT_CHGJOB) can call a user exit program when the CHGJOB command or API is called to change a job while the job is in a job queue, allowing the program to keep track of any changes made to the JOBQ job after it was submitted but before it becomes active.
QHST job
The V7R4 QHST system job is now started at IPL to perform message logging to the history log, and no longer done by the SCPF job. This change moves message logging out of the critical system job, without an IPL requirement. The new function runs in QHST as a separate job. A new QHST job will automatically start if excessive messaging floods the history log and causes the QHST job to end unexpectedly, improving availability.
The IBM i qsys2.history_log_info service adds SQL for sorting, filtering, parsing and analyzing the history data to help you find what you are looking for faster. Examples are provided in Access Client Solutions interface under 'Insert from Examples' of the Run SQL Scripts.
Networking
Server Message Block Version 3 (SMB3)
IBM i QNTC file system and NetServer file system connectivity and sharing with workstations and clients on the network now support Server Message Block Version 3 (SMB3), the latest industry standard for connectivity. SMB3 add the following new features for connecting to QNTC and NetServer file systems:
Data encryption for entire client/server conversations (end-to-end encryption) or just for access of specific shares.
Large read and write sizes of 512 KB.
Improve performance on high latency networks.
QNTC can now support share names longer than 15 characters.
NetServer support for macOS has been improved.
SMTP (Simple Mail Transfer Protocol)
The SNDSMTPEMM command for the IBM i SMTP TCP/IP protocol sending and receiving email has been enhanced to include the following new capabilities:
Subject of an email increased to 255 characters.
Body of email increased to 5,000 characters.
Creating, adding, editing, and removing of distribution lists for directory types *SMTP and *SMTPMSF using CL commands have been added.
Availability
Save and Restore
The SAVE and RESTORE menus have been enhanced with a new option to "Start controlling subsystem". Previously, the controlling subsystem always started automatically when the save or restore operation completed. In IBM i V7R4, it is now possible to leave the system in restricted state after the save or restore operation, by not starting the controlling subsystem. This can be helpful for installing PTFs, performing system maintenance, or IPLing the system. See the Backing up your system and Recovering your system topics in IBM Knowledge Center for more information.
Clustering
IBM is announcing some enhancements to the clustering technologies resident in the base operating system. Many of these technologies are seamlessly integrated into IBM PowerHA SystemMirror for i.
New usability enhancements to the IBM i clustering policies allow for more automation of an administrative domain. Resources may be automatically added to the cluster administrative domain when they are created or added on a node. Previously, this was a two-step process; each monitored resource entry (MRE) had to be added manually after it was created. Similarly, it is possible to automatically delete resources and remove them from the cluster administrative domain in one step. Previously, a delete needed to be issued on each system in the cluster. See the Cluster Policy APIs topic in IBM Knowledge Center for more information.
Enhancements have been made to the behavior of restore handling in a cluster administrative domain to honor the restored values. Previously, after a restore the administrative domain would essentially undo the restore operation.
In IBM i V7R4, if a new policy for cancel failover is defined for a cluster resource group, the IASP will no longer be varied off on the failing node when a failover is canceled. Prior to this policy, when a failover was canceled, the IASP would be varied off on the failing node.
This release introduces the Container CRG, which allows for management of a group of CRGs as a single entity for the purposes of operations.
A restriction has been removed, and an IASP may now be specified in more than one CRG. This function is especially useful in Db2 Mirror configurations. Previously, an IASP was limited to a single CRG. When an IASP appears in more than one CRG, the CRG recovery domains must have no nodes in common.
Application development
Integrated Web Services server
The Integrated Web Services (IWS) server support enables users to create APIs based on ILE programs and service programs. In IBM i V7R4, IWS API support has been enhanced to allow the creation of REST and SOAP APIs based on SQL statements. The SQL statements are processed against Db2 for i database management systems. The support enables the creation of APIs that can process XML, JSON, and user-defined media resources. This now means that the database on IBM i can be accessed directly using the HTTP REST support. No JDBC or ODBC connection is needed when using the IWS support.
System Debugger
The System Debugger is the tool used to debug programs written in both ILE and OPM languages as well as Java™ that run on the system. Program information stored with the object, along with the program observability, are used by the System Debugger. In IBM i V7R4, the System Debugger is enhanced with some limited ability to relocate the debug source.
The Change Program Data (QBNCHGPD) API is enhanced to update the debug source location. This relocation, the moving of source files to another location, can be done for both library physical files and IFS stream files. The steps are:
Compile a program from IFS stream source files or library physical files with DBGVIEW(*SOURCE).
Move the source files to another location.
Use API QBNCHGPD to update the old source location to the new one with new format CHGP0200.
Debug the target program. System debugger will show the source files correctly from the new location.
Locating module source
The Display Module (DSPMOD) command now shows the location (path name) of a module's source code stored in a stream file (IFS). This will be very useful to C, C++, RPG, COBOL, and CL programmers because compilers for those languages all support compiling source from IFS.
TEXT options on CRTSRVPGM
Two new TEXT options are provided, in addition to *BLANK, for the Create Service Program (CRTSRVPGM) command. These new options allow propagation of the text from the export source file or the first module used to create the service program. See Create Service Program for more information.
Updated MI instructions
A couple of MI instructions have been enhanced:
GENUUID can now generate a version 4 Universally Unique IDentifier (UUID), which is a randomly generated UUID that is consistent with the Internet Engineering Task Force (IETF) specification as described in RFC 4122. See the GENUUID MI Instruction topic in IBM Knowledge Center for more information.
MODS can return the size of the modified space, avoiding a call to MATS to get the size of a modified space. See the MODS MI Instruction topic in IBM Knowledge Center for more information.
Easier retranslation of program objects
No retranslation of programs is required to work with IBM i V7R4. However, there are times when a retranslation may be beneficial to ensure that programs are using the latest technology updates for performance, efficiency, and so on. For this purpose, IBM is providing the new QBNCVTPGM tool. See the Simple IBM i program and module conversion technical article on developerWorks for more information.
Miscellaneous
Service Tool debug enhancements
The Mainstore Dump Copy screens now have a column that indicates the size of a dump to help plan for proper handling of a dump.
An option on the Remote Modem Support screens for configuring LANs makes it easier to set up access for remote support.
Limits for the Licensed Internal Code (LIC) log have been increased so important debug information does not wrap out of the log too soon. Note that the LIC Log sizes are selectable by the client, but have minimum, default, and maximum values. See the Licensed Internal Code log topic in IBM Knowledge Center for more information.
Selected operating system limits increased
The maximum number of disk arms in all basic auxiliary storage pools has been increased to 3999.
The maximum number of disk arms in all independent auxiliary storage pools has been increased to 5999.
The maximum LUN size (for LUNs with 4160 or 4096 byte block sizes) has been increased to 16 TB.
Db2 for i
With IBM i V7R4, Db2 for i continues to focus on new and advanced SQL capabilities and the ability to use SQL to access IBM i operating system detail. Further, Db2 for i delivers new capabilities for the database engineer.
Database application developers have new capabilities for constructing data-centric SQL solutions:
A new variant of INSERT can be used to populate rows using default values.
The RPG SQL Precompiler is enhanced to support constants as host variables.
The SYSTOOLS.SPLIT User Defined Table Function (UDTF) can be used to deconstruct aggregated lists of values using SQL.
In the tradition of recent Technology Refreshes, IBM i Services are added and enhanced, providing useful SQL-based alternatives to IBM i commands and APIs:
The DATA_AREA_INFO view and UDTF enable SQL users to query the existence, attributes, and data within data areas (*DTAARA).
The ASP_JOB_INFO view returns one row for each job that is currently using a specific ASP. This service is an SQL alternative to the Work with ASP Jobs (WRKASPJOB) CL command.
The OBJECT_PRIVILEGES view is enhanced to return authorization list detail, bringing equivalent functionality to the SQL alternative to the Display Object Authority (DSPOBJAUT) CL command.
The MESSAGE_FILE_DATA view returns data that can be found using the Display Message Description (DSPMSGD) CL command, opening up new options for managing messages using SQL.
Examples of these new services can be found in the latest versions of Access Client Solutions within the Run SQL Scripts interface under the category "Insert from Examples".
New capabilities are added for the database engineer:
The CREATE INDEX statement has been enhanced to include result column names matching the behavior of the ALIAS and RENAME keywords that are supported for logical files.
The PARSE_STATEMENT UDTF is enhanced to return detail for DROP statements and referential constraints, making it easier to deploy advanced impact analysis.
System Limits processing has been extended to additionally track the growth of database files by size, providing the data needed for clients to proactively manage their IBM i.
These and other enhancements are delivered through Db2 PTF Group SF99704. See the IBM i Technology Updates wiki on developerWorks to learn more about these and other Db2 for i enhancements.
Open source
Node.js ecosystem enhancements
The idb-connector and idb-pconnector packages 1.x releases are now generally available and are no longer in technology preview status. The idb-connector package provides direct API access to Db2 using the conventional (callback-based) JavaScript™ conventions.
The itoolkit package, which allows a Node.js application to call IBM i functions, such as service programs, programs, commands, and so on, is enhanced to allow for new transport methods. With this enhancement, SSH or ODBC connections can be used to communicate with IBM i through the itoolkit package.
A Db2 for i dialect has been created for Sequelize.js. Sequelize is a popular, promise-based ORM for Node.js.
A new connector allows Db2 for i to be used as a data source for LoopBack® applications. LoopBack is a JavaScript framework that allows for rapid creation and deployment of REST APIs. It comes with a built-in API explorer and the ability to define a robust data model for your application. It can also be used with IBM API Connect® and several other tools.
Python ecosystem enhancements
A number of Python packages have been made available in RPM form. This enables the packages to be easily installed with the yum package manager. The new packages allow for security enhancements, and more options for application development, data science, and machine learning.
The updated Python Machine Learning and Data Science libraries are included in the following packages: Asn1crypto, Bcrypt, Cffi, Cryptography, Devel, IBM_db, Idna, Itoolkit, Lxml, Numpy, Pandas, Pillow, Pip, Pycparser, Pynacl, Scikit-learn, Scipy, Tkinter
Connectivity enhancements
The delivery of SSL certificates through a ca-certificates RPM allows for easier SSL communication with standard sources. For instance, interactions with https-based APIs or websites may no longer need manual certificate setup.
The IBM i Access ODBC driver has been ported to IBM i. This allows any standard ODBC client to be able to communicate to the local database on i. It also allows an application to be developed using the IBM i Access ODBC driver for Windows™/Linux® and deployed to IBM i using the same ODBC driver.
R programming language
R brings another programming language to IBM i. Although it has a wide variety of uses, R excels at statistical computing and data mining. DB2 can be accessed from R by installing the RODBC package and using the newly delivered ODBC driver.
New Developer tools
A number of developer and user tools in RPM form have been added to the IBM i, and a few examples include:
Apache ActiveMQ, a robust message broker
Apache Ant and Maven, build automation tools
vim, a terminal-based editor
yum-utils, a collection of tools and programs for managing yum repositories and installed software for more advanced users
Midnight Commander, a terminal-based utility for exploring the filesystem and performing various tasks like FTP transfers, file compares, and much more
IBM i Portfolio: Licensed Program Products (LPP)
IBM DB2 Mirror for i
Today, in conjunction with the announcement of IBM i V7R4, IBM is announcing a new Licensed Program Product (LPP) for the IBM i Portfolio: IBM DB2 Mirror for i. This new product offering, available for IBM i V7R4 clients, enables near-continuous availability through an IBM i exclusive Db2 active-active two-system configuration. IBM DB2 Mirror for IBM i is explained in detail in Software Announcement 219-216, dated April 23, 2019.
Rational Development Studio for i
The Development Studio for i is being updated to transform the development languages of IBM i to meet the ever-changing world of modern development. The RPG language is evolving into a modern business language. In this release, COBOL is also being enhanced to include many requirements from the industry.
RPG
There are many enhancements to the RPG Language in this release (some of these were made available in earlier TRs through PTFs):
A varying-dimension array is defined with DIM(*AUTO:maximum_elements) or DIM(*VAR:maximum_elements). The second parameter of the DIM keyword indicates the maximum number of elements in the array.
- The dimension of a varying-dimension array can be changed by assigning a value to the %ELEM built-in function.
- The dimension of a varying-dimension array defined with DIM(*AUTO) increases when there is an assignment statement to an element that is greater than the current number of elements.
- You can specify *NEXT as the index for an array defined with DIM(*AUTO) when the array is modified by an assignment statement. The dimension of the array increases by one.
Specify DIM(*CTDATA) to specify that the dimension of a compile-time array or table is determined by the number of records in the compile-time data.
The SAMEPOS keyword positions a subfield at the same starting position as another subfield.
New PSDS subfields:
- Internal job ID, in positions 380 to 395
- System name, in positions 396 - 403
The ON-EXIT section runs every time that a procedure ends, whether the procedure ends normally or abnormally.
When a qualified data structure is defined using free-form RPG syntax, a subfield can be directly defined as a nested data structure subfield using DCL-DS and END-DS to define the subfield.
The new DATA-INTO operation code reads data from a structured document, such as JSON, into an RPG variable. It requires a parser to parse the document. The DATA-INTO operation calls the parser, and the parser passes the information in the document back to the DATA-INTO operation, which places the information into the RPG variable.
Built-in function %PROC() returns the external name of the current procedure.
Complex qualified names can be used in more places:
- Built-in function %ELEM
- Built-in function %SIZE
- Operation code DEALLOC
- Operation code RESET
New built-in functions %MAX and %MIN can be used in definition statements and calculation statements.
ALIGN(*FULL) defines the length of a data structure as a multiple of its alignment. This is important for avoiding storage-corruption problems when calling functions written in ILE C.
The CRTBNDRPG and CRTRPGMOD commands now support compiling from Unicode source by specifying either an EBCDIC CCSID or *JOB for the new TGTCCSID parameter.
For more information about the RPG IV enhancements, including the PTFs that provide the enhancements, see the RPG Cafe.
COBOL
New enhancements are available for the COBOL compiler:
The new ALLOCATE statement obtains dynamic storage, while the new FREE statement releases dynamic storage that was previously obtained with an ALLOCATE statement.
The EXIT statement includes the following new formats, which provide a structured way to exit without using a GO TO statement:
- Format 5, EXIT PERFORM statement for exiting from an inline PERFORM statement
- Format 6, EXIT PARAGRAPH or EXIT SECTION statement for exiting from the middle of a paragraph or exiting from a section respectively
Enhancements are made to the INITIALIZE statement:
- A new FILLER phrase is added so that FILLER data items can be initialized with the INITIALIZE statement.
- A new VALUE phrase is added so that elementary data items can be initialized to the literal specified in the VALUE clause.
- The INITIALIZE statement supports NATIONAL-EDITED as a REPLACING category and can initialize national groups and numeric or numeric-edited data that has USAGE NATIONAL.
A new format of the SORT statement, the table SORT statement, arranges table elements in a user-specified sequence.
The following new compiler directives are added to support conditional compilation:
- The DEFINE directive defines or undefines a compilation variable.
- The EVALUATE directive provides a multibranch method of choosing the source lines to include in a compilation group.
- The IF directive provides for a one-way or two-way conditional compilation.
- The new DEFINE parameter for the CRTBNDCBL and CRTCBLMOD commands provides a way to define compilation variables before the compilation begins.
- A new floating comment indicator (the character string '*>') can be coded to indicate that the ensuing text on a line is an inline comment.
IBM i Access Client Solutions (ACS) V1.1.8.2
IBM i Access Client Solutions is the strategic interface for accessing and managing IBM i. A new version (1.1.8.2) includes many new features and updates for both an IBM i system manager and a database engineer.
Run SQL Scripts
Open and Save support to IFS and stream files extends the options for how scripts are maintained and used.
When a "Database of Choice" has been selected, the information is retained, making it easier to resume work. Additionally, connections to an IASP are retained.
The Insert from Examples capability is extended to include new SQL examples, making it easier and faster to include precoded examples.
New JDBC Connection properties are available for assigning alternate server name and other attributes.
The new design of the Formatter enables it to understand SQL syntax, creating more consistency for formatting, especially with complex SQL statements.
The new formatter also provides the ability to verify the syntax of your SQL, highlighting error information, line numbers, and issues.
Leveraging the new "for Update" option, users who have access can update and edit the data values within a database table directly from Run SQL Scripts.
Schemas
To facilitate the creation of new projects, the ability to copy and paste schemas has been added.
Printer Output
Most printed output displays the system name. Based on requests from clients, ACS 1.1.8.2 allows for removing the system name from the Printer Output download path.
Integrated File System
Prompt for the location of the current IFS download location on the target PC.
A new "Include" filter to improve performance by limiting the data returned from the server when viewing directories with a large number of files.
ODBC Driver for i
The IBM i Access ODBC driver has been ported to IBM i. This allows any standard ODBC client to be able to communicate to the local database on i. It also allows an application to be developed using the IBM i Access ODBC driver for Windows/Linux and deployed to IBM i using the same ODBC driver.
System Configuration
The System Configuration panel can now be leveraged as the primary location for launching ACS activities.
Keyboard shortcuts have been added to menu options, improving navigation and simplifying the user's experience. Also, right-clicking on a system on the System Configuration panel will show a context menu of available actions.
To accommodate different user preferences, you can sort the data within a column on the System Configuration panel.
Easily see the specified description field to understand the system being selected.
The Hardware Management Interface has undergone dramatic improvement. Some of these are:
A customized list of possible interfaces has been added.
It is possible to now specify more than two options.
The main ACS panel will be updated based on the configured Hardware Management Interfaces for the selected system.
Japanese new era support has been added to ACS.
Prior to ACS V1.1.7.2, when importing an ACS configuration to a target machine, it was necessary to have the user profile of the saved configuration already on the target. With ACS V1.1.8.2, this requirement is removed and the saved default user profile is not required to exist when importing a configuration.
New ability to specify a list of included components, thereby excluding those not on the list.
Improved Entitled System Support (ESS) delivery
In response to client feedback regarding making Access Client Solutions easier to find and download on the ESS website, feature 6290 under 5770-SS1 will be automatically defaulted on orders of 5770-SS1 for version 7.2 and later releases. On the ESS website, under Software Downloads, select 5770-SS1 IBM i, then select your language group, then in the download packages, refer to feature "6290: Access Client Solutions".
Administration Runtime Expert
Administration Runtime Expert is used by system administrators to enhance the abilities to manage the systems in their environment. In IBM i V7R4, Administration Runtime Expert has made significant enhancements to the product. PTF management now includes the ability to manage PTFs with preconditions as well as handling delayed PTFs. With the ability of Administration Runtime Expert to compare and manage PTFs across multiple systems, this provides more usability. Additional enhancements are:
The dashboard interface has been updated to handle an independent workset for every user to easily allow the dashboard to be used for a call center environment.
Result history now shows the formatted view instead of just the text view.
Support for case-sensitive template rename.
Attach the zip file of a verification result to the notification mail.
Restrict user's access by the role. If a user's role is "operator", the user has access only to console and has no ability to edit groups and systems.
Rational Developer for i, 9.6.x
Rational Developer for i (RDi), 9.6.x, is the strategic suite of tools for IBM i developers. This desktop environment gives developers an efficient and highly productive environment for writing business applications. The primary focus of these and other recent enhancements has been to provide continuous improvement in the areas of reliability, productivity, security, and currency.
Added an API to allow SystemTextEditors to report an IBM i connection and member properties, thereby making actions and third-party vendors independent of the parser for this information.
Users can zoom in and out in the editor using command keys, allowing a more efficient way to hone in code more quickly.
Settings are now available to allow free-form RPG comments to be repeated from a previous operation code.
Code coverage has undergone two significant improvements:
Code coverage results have an improved web-faced view.
Code coverage source view now displays in Browse mode.
PDM Perspective, brought to RDi users in 2018, has been refined and includes new enhancements to make the view even more compatible with PDM.
Added Alt-F13 to enable users to repeat options in a manner similar to PDM on the options field of the Member Object table view
Added new multiple entry actions to improve Object Table multiple object actions, enabling users to copy repeat options in one panel instead of a series of pop-up commands
JTopen, ACS, and Java have been updated to be compatible with IBM i V7R4.
The RPG verifier and syntax checker will support the new ILE RPG enhancements in IBM i V7R4.
RPG ILE Parser includes the capability to search for code that appears to be out of place and reports these discoveries with annotations, allowing developers to quickly find anomalies in their code.
Improved SQL formatting
Smart enter key is included, allowing easier line splitting.
Developers can now choose either automatic formatting or to specifically request when formatting should occur.
RDi has added a Toggle editor to the outline view, allowing the display of procedure and subroutine names while navigating in the editor.
PowerHA SystemMirror for i
A key value proposition for PowerHA on IBM i is that it integrates the functionality of IBM SAN storage: in particular, the DS8000 and the IBM Storwize® family of storage servers. This integration enables PowerHA for i to manage the storage operations as an integral part of clustering operations such as failover/fallback operations and FlashCopy® operations. With PowerHA SystemMirror for i Enterprise Edition, the integration with the IBM Copy Services Manager for the DS8000 enables PowerHA to support HyperSwap with a Global Mirror link. HyperSwap is an active/active storage configuration whereby two of the DS8000s are linked through Metro Mirror, while at the user/application level, it actually appears as a single shared storage resource (switchable LUN configuration). If one of the storage servers in the HyperSwap configuration goes away, the application workload simply continues I/O operations to the alternate DS8000 in the HyperSwap pair without interruption. Adding the capability to support a Global Mirror link to the HyperSwap pair provides the third site for disaster recovery operations, all under the management of the PowerHA for i cluster.
In addition, PowerHA for i, V7R4 Enterprise Edition enables a Db2 Mirror disaster recovery capability.
PowerHA SystemMirror for i, V7R4 Standard Edition has been enhanced with ease-of-use and automation capabilities:
New policies that automate adding monitored resource entries (MREs) upon object creation, the deletion of MREs upon object deletion, and restore operations for MREs.
Improved control over administrative domain synchronization options; for example, the capability to choose which node is to be the source of updates to push to the other nodes when using Start Cluster Administrative Domain. Previously, when resource changes were made to nodes in an inactive administrative domain, multiple nodes could change the same resource and there was no coordination for multiple different changes to the same resource.
Integrated ability to cancel automatic CRG failovers with a new PowerHA policy.
Support for replication of IFS data in a Db2 Mirror for i environment.
Backup, Recovery, and Media Services for i (BRMS)
The BRMS V7R4 enhancements include:
Turn-key cloud control group deployment that enables clients to easily set up custom control groups for cloud.
Ability to enable the green screen command to change control group attributes, which were previously available only in the GUI.
Backup for changes to journaled objects is now the default setting; that is, the default for SAVLIBBRM command has been changed to OBJJRN(*YES).
New *OBJ list named QALLSPLF to back up all spooled files, which improves restore performance.
Support for the 3592-60F tape drive with *FMT3592A6 and FMT3592A6E densities.
Enhanced log information that uses the system timestamp to preserve message order when messages are logged at the same second. They are displayed using DSPLOGBRM.
DB2 Web Query
Get a fast start to advanced, visual reporting and business intelligence with Db2 Web Query for i. Get running quickly using Web Query's newly enhanced EZ-Install package. Flatten the learning curve through readily available tutorials, a new Date Dimension table creation procedure, and new sample reports for the IBM i Systems Administrator. To learn more about EZ-Install, see the DB2® Web Query for i installation web page.
ARCAD Observer (Version 1.1.2)
ARCAD Observer for IBM i supports the understanding of business applications. It includes graphical diagramming, I/O diagramming, and other analysis capabilities to understand business applications.
Note: The latest version of ARCAD Observer (10.08.02) is being incorporated into this LPP.
ARCAD Converter (Version 1.1.2)
ARCAD RPG Converter for IBM i automates the conversion of any RPG IV source code to free-form RPG, achieving near 100% conversion accuracy. It supports unitary or mass conversion.
Note: The latest version of ARCAD Transformer (10.09.03) is being incorporated into this LPP.
Firmware and hardware
IBM i supports FW930, which provides the most up-to-date POWER9 functionality. Additional I/O support includes several Power features:
Enhanced support for the PCIe Gen4 dual port 100 Gb Ethernet adapter. IBM i adds both dedicated and native SR-IOV support for the Network Interface Card (NIC) function. This adapter is already available for use in IBM i configurations with Virtual I/O Server (VIOS). IBM i also adds both dedicated and native SR-IOV support for RDMA over Converged Ethernet (RoCE) to allow remote direct memory access (RDMA) in IBM Db2 Mirror for i configurations.
Both dedicated and native SR-IOV support for RoCE for PCIe Gen3 Ethernet adapters. Sharing these adapters with SR-IOV allows more configuration flexibility. Multiple 2-port cards are available: 100 Gb, 25/10 Gb, and 10 Gb.
New PCIe3 6-Slot Fanout Module for the PCIe3 Expansion Drawer.
New optical cable cards for attaching the PCIe3 I/O Expansion drawer with the new PCIe3 6-Slot Fanout Module. The new cards for the Scale Out models are now single wide so they do not block the adjacent PCIe Gen4 x16 card slot.
New 387 GB, 775 GB, and 1.55 TB Enterprise SAS 4k and 5xx SFF-3 and SFF-2 SSDs.
New 931 GB, 1.86 TB, 3.72 TB, and V7R45 TB Mainstream SAS 4K SFF-3 and SFF-2 SSDs.
Domino 10.0.1
A significant new release for the Domino product has been released. Some of the highlights include:
Automatic Notes® client updates
MarvelClient Essentials for IBM Notes Management solution
Publishing statistics to external services
Larger database (256 GB) and folders
Apache Tika conversion filter for attachments searches
Features that save you time, such as Indexing/clusters/database replicas management
IBM Content Manager OnDemand for i (5770-RD1)
IBM Content Manager OnDemand for i is providing significant new function in the latest release, exploiting new technologies available in IBM i. Some of the enhancements are listed below:
Cloud storage for archive media: Cloud storage is now supported as an archive media for Content Manager OnDemand for i. Cloud support requires the IBM Cloud™ Storage Solutions for i (5733-ICC) licensed program product.
400 indexer enhancements: The OS/400® indexer has been renamed to the 400 indexer. The 400 indexer has been updated for improved performance and enhanced serviceability. In addition, the 400 indexer can now use AFP resources located in IFS directories.
Content Manager OnDemand component of IBM Navigator for i enhancements: A new option has been added to create and manage cloud storage resources. The design of the Content Manager OnDemand component of IBM Navigator for i has also been updated to reflect a format similar to the operating system components.
Start Archived Storage Management (STRASMOND) command enhancement: The Start Archived Storage Management (STRASMOND) command has a new Trace (TRACE) parameter to facilitate tracing when requested by software support.
Start Disk Storage Management (STRDSMOND) command enhancement: The Start Disk Storage Management (STRDSMOND) command has a new Force ASM to end (ENDASM) parameter to enable you to end the Archived Storage Management (ASM) process (which, by default, runs after DSM completes) at a specified time or after a specified number of hours. Prior to version V7R4, the ENDASM parameter was only available on the Start Archived Storage Management (STRASMOND) command.
Print Report (PRTRPTOND), Print document (PRTDOCOND), Query document (QRYDOCOND), and Retrieve document (RTVDOCOND) command enhancements: The Print Report (PRTRPTOND), Print document (PRTDOCOND), Query document (QRYDOCOND), and Retrieve document (RTVDOCOND) commands have a new Retrieve in load order (RTVLODORD) parameter to control which documents are included and in what order the documents are included. See the command help for the RTVLODORD parameter for more information.