Security - Other
2015 Guide to Manufacturing SoftwareFor all manufacturing industries, growth remains top of mind. Post-recession cautiousness has given way to confidence and more ambitious business goals. From automotive to fashion, more manufacturing leaders are ready to take bigger risks in the hopes of bigger payoffs, and optimism is the highest itâ€™s been in years. To help manufacturers choose the right software in a rapidly changing industry landscape, this guide will explore four key technologies that are essential to any successful manufacturing operation:&nÂ &nÂ nterprise Resource Planning (ERP)&nÂ &nÂ nterprise Asset Management (EAM)&nÂ &nÂ onfigure Price Quote (CPQ)&nÂ &nÂ upply Chain Management (SCM) See Moreâ€¦
2016 IBM i Marketplace Survey ResultsNow in its second year, HelpSystems surveyed over 800 IBM i users from around the world to produce the IBM i Marketplace Survey Results. The expanded 2016 survey builds on last yearâ€™s results to provide even greater insight into the IBM i marketplace.From manufacturing and retail to finance and healthcare, IBM i professionals from around the world reported their plans and concerns for their IT environments, revealing how IBM i is being used and how it relates to their broader IT objectives.Download the survey results to see how over 800 of your peers on the platform address:&nÂ &nÂ odernization &a&obile applications&nÂ &nÂ ardware &a&perating systems&nÂ &nÂ T concerns &a&nitiatives&nÂ &nÂ ata growth, storage, &a&ecurity&nÂ &nÂ he future of IBM iâ€¦
2016 State of IBM i Modernization White PaperAfter surveying 400+ IBM i professionals, we discovered:Â -Â The state of IBM i modernization in today's businesses and their goals for the futureÂ -Â The effect legacy applications have on the businesses' internal and external processesÂ -Â The #1 concern upper managers have with the IBM i, and how to combat it ...and much much more! Download your copy of The 2016 State of IBM i Modernization today.â€¦
2016 State of IBM i Security StudyDrawing participants from healthcare, communication, transportation, finance, and many other industries, the 2016 State of IBM i Security Study analyzed 177 servers and partitions. Now in its 13th year, the study provides compelling insight into security weaknesses affecting many IBM i systems. Some of the most dangerous defects include:Â -Â Unmonitored network accessÂ -Â Lax system auditingÂ -Â Dangerous default security settings The alarming results show improperly configured servers where users are allowed to keep default passwords and traffic passes through exit points like FTP and SQL unmonitored.â€¦
3 Compelling Drivers for Implementing an HA Solution on an IBM i Cloud with MIMIX1. Affordable Cloud Solutions 2. Efficiencies of MIMIX 3. Rising Cost of Downtime This white paper is a collaborative effort between Connectria Hosting, a pioneer in the development of the IBM i Cloud, and Vision Solutions, the leader in High Availability and Disaster Recovery solutions including MIMIXÂ®, the standard for complete, scalable HA/DR protection for the IBM i.It will provide a review of the core causes and costs of both planned and unplanned downtime and will then provide a detailed discussion of current options for IBM i High Availability and Disaster Recovery in the Cloud.Most importantly, as you read you will learn why true HA and DR protection are now within reach of even the smallest of businesses.â€¦
5 Ways to Control Access using Application AdministrationNever heard of Application Administration? Donâ€™t be surprised. Although itâ€™s full of function, itâ€™s one of little-known features of IBM i. Application Administration (or App Admin as itâ€™s commonly called) has been around for a while but the additional features provided in the latest releases as well as recent Technology Releases makes this a feature worth exploring again. Carol Woodbury, President of SkyView Partners, has written a white paper describing how you can use Application Administration (a feature of i Navigator) to control access to various client functions as well as functions available on the IBM i and network features such as ODBC and FTP access.â€¦
5 Winning Strategies to Combat Information OverloadTodayâ€™s businesses must be available 24/7 with fewer people having to manage more complex systems and processes. IT departments receive a constant bombardment of information from a diverse variety of operating systems, business applications, and critical processes and support a complex array of servers and devices running across their entire network. With tight resources and the need to keep costs in check, more and more is expected of IT operational staff to handle this information efficiently. They need to ensure a swift response with appropriate actions, that essential data is received at the right time, prove service levels are maintained, that contingency and high availability strategies are fully operational, and that vital busiâ€¦
8 Very Good Reasons to Use Your Power i For ShippingLearn how companies are reducing shipping costs by Centralizing all of their Shipping Systems and Transportation Management Systems (TMS) on One Platform with One Vendor. See how companies deployed an enterprise-wide, multi-carrier shipping solution to manage both their Parcel and Freight shipments directly from their IBM i, and seamlessly integrated it to their back end IBM i ERP and WMS. This Whitepaper examines eight reasons for centralizing standalone shipping solutions on the IBM i. In addition, you will see how a Modular TMS Solution integrated with ERP has driven significant efficiencies and cost reductions in companies shipping and transportation operation.â€¦
Automate IBM i Operations using Wireless DevicesDownload the technical whitepaper on MANAGING YOUR IBM i WIRELESSLY and (optionally) register to download an absolutely FREE software trail. This whitepaper provides an in-depth review of the native IBM i technology and ACO MONITOR's advanced two-way messaging features to remotely manage your IBM i while in or away from the office. Notify on-duty personnel of system events and remotely respond to complex problems (via your Smartphone) before they become critical-24/7. Problem solved!â€¦
DR Strategy Guide from Maxava: Brand New Edition - now fully updated to include Cloud!PRACTICAL TOOLS TO IMPLEMENT DISASTER RECOVERY IN YOUR IBM i ENVIRONMENT CLOUD VS. ON-PREMISE? - COMPREHENSIVE CHECKLISTS - RISK COST CALCULATIONS - BUSINESS CASE FRAMEWORK - DR SOLUTIONS OVERVIEW - RFP BUILDER Download your free copy of DR Strategy Guide for IBM i today. The DR Strategy Guide for IBM i is brought to you by Maxava â€“ innovative global leaders in High Availability and Disaster Recovery solutions for IBM i.â€¦
IBM i Security: Event Logging & Active MonitoringA Step by Step GuideActive monitoring is one of the most critical and effective security controls that an organization can deploy. Unlike many Windows and Linux server deployments, the IBM i can host a complex mix of back-office applications, web applications, and open source applications and services - leaving millions of security events to actively monitor.This eBook discusses: - Real-time security event logging and monitoring - Security architecture and logging sources on the IBM i - Creating the IBM security audit journal QAUDJRN - Enabling IBM security events through system values - File integrity monitoring (FIM) - A step by step checklist begin collecting and monitoring IBM i security logsâ€¦
Mobile Computing and the IBM iMobile computing is rapidly maturing into a solid platform for delivering enterprise applications. Many IBM i shops today are realizing that integrating their IBM i with mobile applications is the fast path to improved business workflows, better customer relations, and more responsive business reporting. The ROI that mobile applications can produce for your business is substantial. This ASNA whitepaper takes a look at mobile computing for the IBM i. It discusses the different ways mobile applications may be used within the enterprise and how ASNA products solve the challenges mobile presents. It also presents the case that you already have the mobile programming team your projects need: that team is your existing RPG development team!â€¦
Overcoming Common IBM i Mobile Development ChallengesCreating mobile applications for IBM i on Power Systems doesn't have to be difficult! Mobile applications can take your business to new levels of engagement, customer support and competitiveness. By making your ERP, Sales, Line of Business, and other applications mobile, you empower your workforce to get more done - from anywhere, at any time.If your business runs on IBM i (formerly known as AS400 or iSeries) there's no need to worry. You can easily make your RPG applications available on any mobile device! Read this free white paper, and learn how you can overcome the most common challenges to mobile for IBM i shops, including: - How to go mobile with limited staff or budget - How to make any RPG developer a mobile superstar - Whether to câ€¦
PCI and What it means to IBM iWhile one may think that PCI is a thing of the past and that itâ€™s already been implemented, major breaches (most notably of the Target PoS systems) have brought it back into focus. Some retailers are just now understanding how PCI applies to them and other organizations have started to accept credit cards when they didnâ€™t in the past. To refresh everyoneâ€™s memory, hereâ€™s an overview of what PCI means to the IBM i community and what organizations that use an IBM i to store, process or access cardholder data need to be aware of.â€¦
Robot in Modern IBM i EnvironmentsAs hardware and software technologies evolve, so too does the complexity of the data center.IBM i often serves as the backbone for business-critical applications, including ERP packages, leaving other servers to run email, print serving, and the websiteâ€”but users and other computing technologies still draw data from the transactional database on IBM i. Robot systems management solutions have been helping customers manage IBM i operations for over 30 years. This white paper is intended primarily for IT management and attempts to explain, in plain English, the components of modern IBM i environments and how Robot can be deployed to maximize business objectives. See Moreâ€¦
Virus Got You Down?Does a virus have your server down? Perhaps itâ€™s the latest worm, Trojan horse, buffer overflow or denial of service attack thatâ€™s got you or one of your servers down. While one of these bugs may be affecting one or more of your servers in your enterprise, it is highly unlikely that the server affected is a Power server running IBM i. IBM i may be running your core business applications or it may be hosting your website or running Domino. Whatever its function within your enterprise IBM i has remained unaffected by virus and malware attacks. Why is that? Viruses and other ailments spread by infecting a host that is vulnerable. Letâ€™s take a look at how IBM i and the applications running on it can remain unscathed by the viruses and malwarâ€¦
When Management Turns its Back on Security: The Business EffectsIn this white paper we hope to explain why the decision to secure- or not secure â€“ data on the IBM i needs to be a business decision ... not a technical decision. Something is preventing management from understanding the need to secure the electronic data. So letâ€™s explore why we think this happens....â€¦
IBM i Security Administration and Compliance
ORDER YOUR COPY
Click for this Month's
With the Get Profile Handle (QSYGETPH) and Set Profile Handle (QWTSETP) APIs, this task is easy.
One common issue to deal with when accessing network drives from the IBM i is authority. When you access a network drive from the IBM i, as discussed in previous TechTips, the user profile that is assigned to the job is the user that is being authenticated on the Windows server. One way to resolve this is to synchronize the passwords between the IBM i and Windows, but this will reduce your password protection to the level of the Windows server, because once someone cracks the Windows password protection, they now have the IBM i user name and password.
In this TechTip, I will show you how to change the active user profile for the currently running job. This technique will allow you to set up one user profile--with minimal access to the IBM i--that maintains a synchronized user ID and password with the Windows server. Then you can simply switch over to the specially designated Windows liaison to execute the Windows operations. After you're done with the Windows operations, you can switch back to the original user profile.
I have created a user profile named IBMUSER as my Windows liaison. This will make it easy for the Windows administrators to identify the account on the network. I set up this account to have minimal access to the IBM i; that way, if the Windows passwords are compromised, the potential security exposure on the IBM i is minimized.
The QSYGETPH API validates a user name and password and generates a 12-character handle. This handle is a randomly generated value that is valid only for the currently running job.
The QWTSETP API changes the current thread to run under the user profile specified by the handle. Note that I said "thread" not "job." But you cannot have multiple threads in RPG yet, so if you're only using CL and RPG programs, then you can think of it as being for the job. Once you set the profile handle to be a user profile other than the original user profile, it will remain active until the job ends or until you change it to another profile handle.
QWTSETP doesn't change the user association with the job, so after you execute the command, you would expect WRKACTJOB to show the new user profile name on the workstation, but it does not. And it does not even change the "Current User Profile" or the "Job User Identity" when you display the job status attributes.
During my initial test run, I was stepping through the program in the debugger to the QWTSETP program execution, finding that there were no errors, and performing a system request, expecting the user value to change, but it did not. So I was driving myself crazy trying to get this to work, and I didn't even realize that it was already working! Let me help you avoid that frustration with a simple code sample and a clear explanation of the changes that occur when the program is executed.
Here is the code to change the user profile.
D* CHANGE THE CURRENT USER PROFILE
D* USING HARD CODED USERNAME
D NEWUSER S 10A
D NEWPASSWORD S 10A
D NEWHANDLE S 12A
D* QUSEC IS THE COMMON ERROR CODE PARAMETER PROVIDED BY IBM
D* THAT YOU CAN FIND IN QSYSINC/QRPGLESRC,QUSEC
D* OUTERROR WAS ADDED TO RECEIVE EXCEPTION DATA
D QUSEC DS
D QUSBPRV 1 4B 0
D QUSBAVL 5 8B 0
D QUSEI 9 15
D QUSERVED 16 16
D OUTERROR 17 1040
C* FOR SECURITY LEVEL 10 SYSTEMS, THE PASSWORD IS NOT REQUIRED.
C EVAL NEWUSER = 'IBMUSER'
C EVAL NEWPASSWORD = '*NOPWD '
C EVAL QUSBPRV = 1040
C CALL 'QSYGETPH'
C PARM NEWUSER
C PARM NEWPASSWORD
C PARM NEWHANDLE
C PARM QUSEC
C IF QUSBAVL > 0
C CALL 'QWTSETP'
C PARM NEWHANDLE
C PARM QUSEC
C IF QUSBAVL > 0
C* SUCCESSFULLY CHANGED PROFILE HANDLE
C EVAL *INLR = *ON
If you were to run this code and verify that no errors were found, you may not initially see that anything changed. Now, go ahead and execute the WRKSPLF command with no parameters. You will see all of the spool files listed for IBMUSER, not the user that you signed on as. Or call a program that generates a spool file and you will see IBMUSER specified as the user. Or copy a file in the IFS and you will see the new object owner is IBMUSER.
You may not be familiar with the QSYSINC/QRPGLESRC,QUSEC in the copy statement. This is not something that you have to install yourself; it's already there with i5/OS. This IBM-provided code contains the standard error code parameter. This error code parameter information is populated and returned when the QSYGETPH and QWTSETP commands are executed.
The QUSBAVL value is contained in QUSEC and is used to determine if the command was successful. A good way to troubleshoot failures is by checking the QUSEI value from the QUSEC error code parameter. The hypertext links above for QSYGETPH and QWTSETP provide a list of potential QUSEI values.
The OUTERROR field is an additional field that was added to the data structure that is defined in the QSYSINC/QRPGLESRC,QUSEC file to receive exception data. The QUSBPRV field should be initialized to the length of the QUSEC data structure, including the OUTERROR field. If this size is not set, you could end up receiving a large amount of data in the error code parameter and produce undesired results.
Restoring the Original User Profile
Once you set the profile handle to a different user profile, this user profile will remain active until the job is completed. This is undesirable; otherwise, you would have just signed on as that user profile in the first place. So you will most likely want to set the user profile back to the original user profile after you are done with the task for the profile change.
For the previous code sample, I passed the special password value of *NOPWD, which is acceptable for security level 10 systems. But for systems not using security level 10, you will have to specify the password. As of V5R3, if you specify the password, you must also provide the password length and CCSID. Prior to V5R3, the password length and CCSID were optional. You must remember to put the correct value in the password length field; otherwise, the QSYGETPH call will fail.
The following code example will...
- Retrieve the handle for the current user profile and save it
- Set the profile handle to the IBMUSER with the password
- Copy a file from a network drive to the IFS using the IBMUSER profile handle
- Restore the profile handle back to the original user profile
D* SAVE CURRENT PROFILE HANDLE
D* SET NEW PROFILE HANDLE
D* ACCESS A SERVER WITH THE NEW PROFILE
D* RESTORE THE ORIGINAL PROFILE
D CURUSER S 10A &nbs Tom Snyder has a diverse spectrum of programming experience encompassing IBM technologies, open-source, Apple, and Microsoft and utilizing these technologies with applications on the server, on the web, or on mobile devices. Tom has over 20 years experience as a software developer in various environments, primarily in RPG, Java, C#, and PHP and holds certifications in Java from Sun and PHP from Zend. Prior to software development, Tom worked as a Hardware Engineer at Intel and is a proud United States Naval Veteran Submariner who served aboard the USS Whale SSN638 submarine. Tom is the best-selling author of Advanced Integrated RPG, which covers the latest programming techniques for RPG ILE and Java to utilize open-source technologies. Originally from and currently residing in Scranton, Pennsylvania. Tom is currently involved in a Mobile Application Start-up company named JoltRabbit LLC.
Advanced, Integrated RPG
This book shows you how to take advantage of the latest technologies from within existing RPG applications.
Tom Snyder has a diverse spectrum of programming experience encompassing IBM technologies, open-source, Apple, and Microsoft and utilizing these technologies with applications on the server, on the web, or on mobile devices.
Tom has over 20 years experience as a software developer in various environments, primarily in RPG, Java, C#, and PHP and holds certifications in Java from Sun and PHP from Zend. Prior to software development, Tom worked as a Hardware Engineer at Intel and is a proud United States Naval Veteran Submariner who served aboard the USS Whale SSN638 submarine.
Tom is the best-selling author of Advanced Integrated RPG, which covers the latest programming techniques for RPG ILE and Java to utilize open-source technologies.
Originally from and currently residing in Scranton, Pennsylvania. Tom is currently involved in a Mobile Application Start-up company named JoltRabbit LLC.