The purpose of this blog is to alert legacy IBM i users their many real vulnerabilities that can result in unexpected downtime.
Disclaimer: IBM i is an operating system. iSeries and AS400 are servers. I use these terms interchangeably to make it easy for folks to find this kind of information on the web.
Legacy Users On Back-Level IBM POWER Servers
My company works with a large population of legacy users – smaller businesses with older IBM servers, like 9406-170, 9406-270, 9406-8XX, 9406-520, 9407-515, 8203, and 8202. Their IBM i OS’s are back-level, behind on PTF levels, and off IBM software support, commonly V5R1 to V7.2. In some rare cases, as far back as V3R1.
Legacy Users May Be Unaware Of Their Vulnerability To Computer Disruption
Legacy users have not upgraded their older systems because they work day in and day out. Their IBM server reliability experience gives them a sense that there is no reason to change. They are unaware of their hardware, software and cyber security risks. Quite simply, “It works. If it ain’t broke, don’t fix it.”
Having worked with legacy users for decades, I understand their perspective.
Legacy System Failure And Disruption On The Rise
However, I have become increasingly alarmed for this community with the recent number of calls I have received to help repair system hardware failures with little or no backup.
Why is this surge appearing now?
From what I can gather, the original folks that set up these systems and programed them are inaccessible (retirement, moved away, passed away, etc.). Often the interim generation running the systems since the original teams set them up have also left the operations for the same reasons. This means the current folks now just keep the system running, without a clear sense of the original system, without sufficient training or documentation.
Incomplete Or Missing Backups – Yikes!
One of the most common errors from this evolution is inconsistent and incomplete backups that have not been tested. I feel so badly for those who try to recover without a good current backup. In these cases, simple recovery is not possible.
We recently had a legacy user need to migrate to our cloud hosting server. Their 9407-515 system had been down for 10 days. Their non-IBM hardware service company could not get parts to bring the system back. They were lucky to have a complete 9-month-old Save21 and a current backup so we could recover their system. They were also lucky to have software that did not require a software key so we could install it on a different server.
Even so, their firewall was over 10 years old and no longer supported. We worked with them to replace this legacy firewall with a new one.
Common Vulnerabilities
Let’s look at a summary of their vulnerabilities:
1) No member of their current management team has any knowledge of IBM i.
2) The IBM i IT Manager did not know their application software.
3) Their current system administrator had not done monthly or quarterly Save21 system saves nor consistent daily backups.
4) No one knew when they had lasted tested any backups to verify if they were any good.
5) Their non-IBM hardware maintenance company could not repair their 9207-515. (First, getting the correct used parts delivered can take several days. Second, the maintenance company did not have anyone on premise that had IBM i expertise. Further, many maintenance companies are not aware that the 9407-515 system board is serialized to the server. This means that if the system board fails, a simple exchange of the system board does not work – the system is DEAD!)
6) Their firewall was no longer supported. Even more serious, they were unaware of their cyber-security vulnerabilities.
This is just one of many examples of legacy users that have called me this year for help.
How Legacy Users Can Protect Themselves
I wish I could tell them, so they could hear, that they need to take action to avoid unexpected disruptions because:
1) IBM servers do not last forever, despite their exceptional reliability.
2) You will have delays to get replacement used parts. In some cases, like system boards, they simply will not work.
3) You must have good backup practices and regularly test your backups to make sure they are good.
4) You need to have good documentation to understand how your applications work.
5) If you have software from a software provider, you need to understand if you must have a software key to move your applications to another server with a different serial number.
6) You need to have access to your applications expertise as well as IBM i expertise. If this support is going away, what are your plans to find ongoing support?
7) The new cyber security vulnerabilities are very real. It is best to stay current on software support so you can get fixes as vulnerabilities are uncovered.
Need Help?
Call me at 714-593-0387 or email me at [email protected]. Let us know how we can help!
To learn more about us, and view our customer testimonials, please visit our website: www.Source-Data.com
