IBM i 7.2: The Carrot Versus the Stick

IT Infrastructure - Other
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

If you’re on older iron than POWER9 and IBM i 7.3 is your path forward, you need to read this.

On April 30, 2021, IBM i 7.2 goes end of service.

We’ve all heard about the carrot vs. the stick. The carrot is effectively positive reinforcement. You get a reward. The stick is negative reinforcement. You get punished.

A few short years ago, when IBM i 7.1 was going end of service in 2018, it seemed like I was doing an upgrade every single week. That’s actually not too far from the truth. 7.1 was released in 2010, and it was by far the most popular install base of IBM i at the time. Most customers were running POWER7 and POWER8 machines, so getting them to 7.2 or 7.3 wasn’t a hard stretch. And for the most part, there were a lot of reasons to get away from 7.1: the end of Java 6, poor cipher and protocol support, SMB1 being incredibly weak, the fact that the OS was eight years old.

There are a few things you need to be aware of with 7.2 going end of service, keeping in mind the carrot and the stick.

The Sticks

Let’s start with “stick” considerations.

Hardware Constraints

While the majority of people upgraded directly to 7.3 from 7.1, there were plenty who upgraded to 7.2 simply because their hardware would not run 7.3. This, of course, means the POWER6 hardware that went end of service in March of 2019 very likely was put on extended maintenance contracts for hardware. Luckily for customers, that hardware maintenance extension cost wasn’t too painful. Extended maintenance contracts for software are a different story. More on that below, but let’s stay with the hardware for now.

POWER6 machines can’t run 7.3, so they’re definitely not going to run 7.4. Therefore, when you’re planning your 7.2-to-7.3/7.4 upgrade, please be aware that you may be in for a hardware upgrade at the same time. Ideally, in order to ensure an easy migration, what I would do is order a new POWER9 with 7.3 or 7.4 and then scratch install 7.2 on it from a recent full system save (assuming you’re up to date on PTFs and 7.2 knows what 7.4 is). Then you can migrate to the new machine so the versions match: You’re only changing the hardware. Once on the new machine, I’d then upgrade it in place to 7.3 or 7.4 before April 30. Some people prefer doing what’s called a mixed-mode migration. That means they’re going to change the hardware and the operating system at the same time. The risk is much higher when doing it that way. We’ve had to parachute in and repair those mixed-mode migrations that went sideways more than a few times.

Financial Implications

You don’t have to move off 7.2 if you don’t want to. Assuming IBM offers an extended maintenance agreement for 7.2, you can delay your OS upgrade a little bit. Be advised, you will pay for the privilege. An extended software maintenance agreement will be 100 percent of the price of your standard software maintenance contract. Let’s imagine you’re on a little P05 machine with one core activated (i.e., one license of IBM i). You’ll be paying the standard software maintenance contract of, say, $1,600 per year. Now, you’ll pay another $1,600 for an extended maintenance contract because 7.2 is going unsupported.

What if you’re on a larger machine with more licenses of IBM i? Well, let’s say you’re running a P10 machine with five cores activated. That means your standard yearly maintenance renewal is roughly around $22,500. If you elect to stay on 7.2, you’ll be paying twice as much to keep the OS supported: $45,000. Ouch.

And it keeps getting more expensive with each processor tier and compounds with the number of cores you have activated. It’s often very easy to justify the services cost of an OS upgrade when you compare it to the maintenance cost of staying put.

The hardware restrictions and software maintenance costs are definitely the big sticks that will force a lot of people to upgrade from 7.2.

The Carrots

Getting onto 7.3 and 7.4 brings a lot of value. IBM i 7.3 still has a lot of gas in the tank. Yes, it’s nearly five years old, but it brings many things that you can’t get on 7.2.

For instance, 7.3 and 7.4 both have a feature called Authority Collection. On 7.3, Authority Collection is only turned on for a user profile. All objects that user touches are collected in a table, allowing you to make better decisions on how to properly secure objects and remove special authorities like *ALLOBJ. Did you ever want to reduce someone’s authority but didn’t know exactly what would happen if you did so? Authority Collection takes the guesswork out of it.

On 7.4, Authority Collection is expanded so that you can select an object. Let’s say you want to review who accesses your payroll tables. On 7.4, you can put Authority Collection on those tables and then review who accessed them and what authority they used to do so. Or better yet, let’s say you have a root directory share in NetServer and you’re scared to death of removing it. That directory share is an absolute nightmare waiting to happen. I should know. I get calls almost every week regarding IBM i malware attacks and having to perform some kind of recovery to get destroyed objects back. You can now put Authority Collection on your root directory and determine what users are accessing it via NetServer. Once determined, you can put a plan in place to make other arrangements for those users (e.g., a share lower down off the root) and then cut the root directory share completely.

Other security-related items to consider for going to 7.3 would be the expansion of IBM i Services, which allows easy access to a lot of information on the system with SQL, row and column access control for tables, TLS 1.3 capabilities with new and improved ciphers, SMB3 support, and more!

IBM i 7.4 will also give you the ability to do new things on the hardware front. For instance, I’m a big fan of NVMe adapters as opposed to traditional disk. Imagine if you have 50 percent capacity on 10 x 283 GB disk drives, including a RAID5 array and a hot spare. Well, you have eight disk drives to do the work and about 2.2 TB of usable disk. And of course you need a RAID controller. I could put in two 3.2 TB NVMe adapters instead: one for carving up into virtual disks and one for its mirrored pair. That means no RAID controller. That means I don’t need to buy 10 disk drives. The cost for the NVMe adapters should be a little less overall, and the speed improvements will curl your hair. You just can’t do that on 7.2.

Take the Leap

For those of you at 7.2, you’ve got four months to get upgraded. This is your opportunity to start future-proofing your environment and taking advantage of a lot of the new features that IBM has released, especially in 7.4.