What’s New in IBM i Services and Networking
May 18, 2022 Alex Woodie
As expected, IBM delivered a slew of new IBM i services with the delivery of IBM i 7.5 last week, giving IBM i professionals handle new methods for working with various components of the platform. The new releases of the operating system also brings a number of enhancements in the networking stack, which are notable for several reasons.
The past several new releases and Technology Refreshes (TRs) have brought new IBM i services, which are SQL-based alternatives to traditional ways of accessing things on the platform like IBM i objects, system information, and other components. At this point, IBM has created hundreds of individual IBM i services that users can access through Access Client Solutions (ACS), enabling users to bypass traditional commands and complex APIs to perform some common (and uncommon) system tasks.
According to the list of enhancements in IBM i 7.5 on the IBM support website, there are 23 new IBM i services. For example, the CHECK_PASSWORD table function checks whether an input value meets the password rules for the system, which offers similar functionality to the Check Password Meets Password Rules (QSYCHKPR) API.
Another new IBM i service is the CREATE_USER_INDEX table procedure, which creates or replaces a user index object, and can be used as a replacement for the Create User Index (QUSCRTUI) API.
IBM i 7.4 TR6, meanwhile, gains 20 new IBM i services according to the list of enhancements for that release on the IBM support website. The three IBM i services that ship in 7.5 but not 7.4 TR6 include the CHECK_PASSWORD table function discussed above, as well as QSYS2.SYSTEM_ACTIVITY_INFO table function, which returns a single row containing statistical information about CPU usage and provides information similar to what’s returned in the Work with System Activity (WRKSYSACT) CL command; and the QSYS2.TELNET_SERVER_ATTRIBUTES view, which returns a single row containing the Telnet server attributes configured using the Change Telnet Attributes (CHGTELNA) command. The information returned, IBM says, is similar to the detail from the Retrieve Telnet Attributes (QTVRTVTELA) API.
IBM also delivered 13 enhancements to existing IBM i services in 7.5, handling a range of topics like active and scheduled job information, security information, and user storage usage, among others. IBM i 7.4 TR6, however, only sees three enhanced IBM i services, including the QSYS.ACTIVE_JOB_INFO table function, the QSYS2.JOBLOG_INFO table function, and the YSTOOLS.GENERATE_PDF scalar function. You can check out the details for each of these on the IBM support website.
Meanwhile, IBM i 7.5 also brings some rather significant enhancements to the networking stack — features that didn’t make their way into IBM i 7.4 TR6 (or 7.3 TR12 it goes without saying).
With 7.5, IBM bolstered security by making a tweak to simple network management protocol (SNMP), a popular logging technique used for communicating data among disparate systems. This release allows users to configure the server to only allow SNMP version 3 for the SNMP agent, the local trap manager, and the API.
“In addition,” IBM says in its product announcement for 7.5, “it is now possible to restrict information being returned by SNMPv3 by defining View-based Access Control Model (VACM) rules. Additional SHA-2 authentication types for SHA-256 and SHA-512 are new options when configuring SNMPv3 users.” IBM also added new SNMP commands and changed others with this release.
IBM also added TCP Selective Acknowledgment (SACK) support with IBM i 7.5. SACL enables the TCP stack to handle lost packets and selectively acknowledge the data segments that have been received so that only the missing data segments need to be retransmitted by the sender, IBM says. SACK is enabled by default for the TCP network layer.
Network password security will be enhanced in IBM i 7.5 thanks to IBM enabling Tivoli Directory Server for i to enforce rules for advanced password syntax checking in addition to the standard default rules, the company says. The IBM i DNS has been upgraded to a newer BIND release with IBM i 7.5. IBM also changed default settings for *PUBLIC authorities for various directories to *EXCLUDE with this release.
IBM also updated the FTP client to no longer allow it to be configured to allow FTP users to accept server certificates not signed by trusted certified authority when building secure connections with a remote server. These security-created enhancements mesh with IBM’s new focus with IBM i 7.5 on making the server more secure out of the box.
Finally, IBM changed Simple Mail Transfer Protocol (SMTP) support to enable different retention times for email that’s sent successfully and email that is unsuccessful, as well as introduced different parameters to the forwarding command.
The lone networking-related enhancement in IBM i 7.4 TR6 is support for Virtual Private Networking, including properties, defaults, and IP, IBM says.