Verizon Outlines Disturbing AS/400 Breach At Water District

Verizon Outlines Disturbing AS/400 Breach At Water District
Published: March 16, 2016

by Alex Woodie

Cyber intruders who gained access to an AS/400 at a water district were able to manipulate the flow of chemicals into the public water supply, Verizon says in its latest Data Breach Digest. While customers served by the water district were not harmed, the episode shows the potential consequences of failure to properly secure critical systems in an increasingly connected world.

Verizon dedicated five pages to laying out the disturbing breach of a water district that it referred to as Kemuri Water Company (KWC), which is not a real name. The water district had first contacted Verizon's RISK Team to conduct a proactive assessment of its security system. KWC insisted it had never been compromised. However, after just a little probing, the RISK Team found evidence of an actual breach by a "hacktivist" group with ties to Syria.

According to details of the breach, the hacktivists first infiltrated KWC's systems by exploiting known security vulnerabilities in a Web-based payment server application that KWC had set up to allow customers to pay their bills and view water usage information. Unfortunately, that system was directly linked by cable to its backend "AS400" system. Making matters worse, the water district stored login credentials for the AS/400 on that front-end Web server, and the AS/400 was directly connected to the Internet.

KWC's aging AS/400 system (it was more than 10 years old, according to Verizon) served many purposes, as it does for most organizations that run the platform, which has gone through several name changes (iSeries, System i) and is now officially called IBM i for Power Systems by IBM. Among the applications are core financials, billing, and database containing personally identifiable information (PII) about customers.

SCADA Plot

The water district also used the AS/400 as a supervisory control and data acquisition (SCADA) system to directly control hundreds of programmable logic controllers (PLCs) that opened and closed valves that govern the flow of water and chemicals used to treat the water. Verizon's RISK Team found evidence that the hacktivists logged into this operational technology (OT) system and manipulated the valves controlling the flow of chemicals.

"It became clear that KWC management was aware of potential unauthorized access into the OT systems of the water district," Verizon says in its report. "More specifically, an unexplained pattern of valve and duct movements had occurred over the previous 60 days. These movements consisted of manipulating the PLCs that managed the amount of chemicals used to treat the water to make it safe to drink, as well as affecting the water flow rate, causing disruptions with water distribution."

The hackers also stole more than 2.5 million files that contained PII data, according to the report. There was no evidence that the data breach led to any fraudulent activity, Verizon says. That's not surprising, considering the hackers worked out of IP addresses that were used in previous hacktivist activities, the telco and IT giant says. "The typical semantic footprint of a hacktivist attack shows greater interest in denying and disrupting the victim's ability to conduct business than stealing information for financial gain," Verizon says in its report. "That was definitely the case here."

The bad news, of course, is that cyber criminals operating in the Middle East were able to release potentially dangerous chemicals into the public drinking water supply serving several counties in the United States. , KWC had systems in place to detect the chemical release and took immediate steps to fix the problem after being alerted to the problem.

"KWC's breach was serious and could have easily been more critical," Verizon says in its report. "If the threat actors had a little more time, and with a little more knowledge of the ICS/SCADA system, KWC and the local community could have suffered serious consequences."

Lessons Learned

From an IT and IBM i point of view, there are several lessons to be learned from the KWC breach. Some of the lessons are obvious, while others less so.

Among the basic lessons at play here are the need to apply patches and remediate known security vulnerabilities that affect Web applications. It's also not a good idea to store user names and passwords for critical systems like AS/400s in plain text on front-end Windows and Linux servers, or to expose backend servers like the AS/400 to the public Internet. This is the low-hanging fruit of IT security, but all too often, organizations continue to violate these basic tenets of security and rack up the "duh" moments by the dozen.

Having SCADA systems directly connected to front-end billing systems (as KWC had) is not a best practice, but is undoubtedly fairly common. Verizon also took KWC to task for employing a single administrator for the AS/400 system. While having duplicate hardware, software, and network connectivity is standard practice for many shops, having redundancy in personnel is also something worth considering.

But some of the other lessons from the KWC hack are not so obvious.

Not too long ago, OT systems such as SCADA were housed separate from IT systems, such as corporate networks and payment servers. That "air gap" served as a barrier to cyber snoopers and criminals. But as technology matured and data centers grew, organizations recognized there were benefits to grabbing more "real time" data from operational systems, and hence, that air gap disappeared. The problem is compounded by having IT administrators remotely manage OT systems over the Internet.

"This new technology can provide a false sense of security, as operating budgets do not take into account the time to support, maintain and operate the new technology--thus it becomes ineffective," Verizon concludes. "Threat actors have the upper hand when technology is not maintained and they develop ways to circumvent how it works. Continuous operational and security training, coupled with additional staff, are required to stay on the same level playing field as threat actors."

You can download a copy of the Verizon Breach Digest at www.verizonenterprise.com/verizon-insights/data-breach-digest/2016/.

Zipping / Unzipping IFS Objects in IBM i

February 25, 2016 by Steve Bradshaw Leave a Comment

118

Those of you who know me probably know that I’m a lapsed programmer. These days I spend most of my time working at or below the IBM i Operating System layer but every now and then there is an exception that makes me dust off my coding skills and the recent need to Zip / UnZip files held in the IFS proved to be one such exception.

It started out with a simple request from a client saying that they would really like to be able to send and receive ASCII files stored in the IFS that were compressed and interchangeable with a standard Zip program on a Windows Server.

Initially I thought of cheating and just writing a script to do this from a Windows device that had the IFS folder in question mapped as a network drive. In the same moment I remember the countless times I had stood up in front of clients and user groups and told them just how flexible, open and downright fabulous IBM i is and I so realised there must be a better way. And of course there is!

QZIPUTL Service Program
Back in 2012 IBM added a service program called QZIPUTIL to v7.1 along with a couple of APIs QzipZip and QzipUnzip to IBM i, if you are running IBM i v7.2 or v7.1 with Cumulative level 2279 or higher then you will already have this.

Now, if want to ZIP / UNZIP files but you are about to abandon me as you are not an RPG developer or run on older versions of IBM i, stick around, I promise there are a couple of golden nuggets lurking just a few paragraphs further down.

Back to QZIPUTIL, to give the syntax of these APIs, the following charts are taken from the IBM Knowledge Centre. The links below them take you to those pages where you can get detailed information abouttheir usage, syntax and errors.

https://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_71/apis/QZIPZIP.htm

https://www-01.ibm.com/support/knowledgecenter/ssw_ibm_i_71/apis/QZIPUNZIP.htm

APIs are great but a command would be more useful.

APIs are of course great but for CL monkeys like myself an IBM i command would be much more useful. Ideally what we would want here are a couple of simple commands like ZIP and UNZIP.

In fact this is so startlingly fundamental, I truly don’t know why IBM did not add them. If you can think of a reason please feel free to enlighten me via the comments option at the bottom of this article. In fact the very lack of these commands was the very reason that I personally did not notice IBM had added this function to IBM i to v7.1 until just a few months ago!

Fortunately, thanks to a very generous and gifted gentleman called Carsten Flensburg, this is now possible in a matter of minutes. Carsten has created both ZIPF and UNZIPF command that you can freely download from the IBM Support website and upload to your server in minutes. Below is a link to the page on the IBM support website:
http://www-01.ibm.com/support/docview.wss?uid=nas8N1010418

Sample ZIPF command
Once created you can simply use the ZIPF command to compress a single file or a whole series of directories, subdirectories and objects. Below is a sample screen shot from this command:

Sample UNZIPF command
The UNZIP command is just as intuitive and like the ZIPF command to decompress a single file or a whole series of directories, subdirectories and objects. Below is a sample screen shot from this command:

Compatible with Windows ZIP files
I’ve only done limited tests so far but both the APIs and the commands above work flawlessly with their Windows counterparts. Please feel free to share your experiences with this via the post a comment option at the bottom of the article.

PCI Compliance
If you are worried that you cannot use these commands as they are not directly from IBM, the good news is that Carsten included the source to all his programs and it is this source that is compiled as part of the install so you have complete visibility over the code.

Pro Tip: If want a masterclass in how to write an IBM i installer without access to a complier, just check out the script he includes for uploading these commands, it is genius!

I’m sorry to bang on about Carsten, I’ve never met him and have no working relationship with him but this is the perfect example of how to write, deliver and add function to our community. If any of you know Carsten please give him a huge IBM i hug from me!

Zipping files in older versions of IBM i
If you are not yet running v7.x of IBM i, then firstly let me remind you that you’re running on an unsupported version of the operating system but you are not totally out of luck.

If you like QSHELL then you can always use the Java Archive (JAR) command but if you like your command line environment to be a little more normal then just google IBM i Zip commands and it won’t take you long to find functions like the ZIP/UNZIP commands created by Giovanni B. Perotti which run on systems with v5.2 onwards.

Nice to see you
It was great to see so many of you at the i-UG event at the Norton Grange, in Rochdale. We will repeat that event with the same agenda in Central London at Arrow ECS’s offices in the Royal Exchange on Thursday 3rd March. Hope to see you there, more details and registration available at www.i-ug.co.uk

Related Posts

• Be the Exception. Become an IT Monitoring Hero.
• Did IBM just offer you a FREE HMC?
• Five reasons to love your Hardware Management Console
• USB Flash Drives and IBM i
• Using the VIOS VMR for system backups
• Running Open Source PHP Applications

Filed Under: Featured, IBM i, Technical ArticlesTagged With: IBM i, IBM Power Systems, Power i, Power Systems, Steve Bradshaw, systems management

Leave a Reply

Your email address will not be published. Required fields are marked *

Name *

Email *

Website

Comment

FREE MONTHLY NEWSLETTER SIGNUP

First Name:

Last Name:

Email address:

NEWS

Press Release: Maxava launches a brand new product – Maxava Monitor Mi8

Philadelphia, PA., March 2, 2016:  Maxava is delighted to announce the release of its latest product, Maxava … [Read More...]

HelpSystems Meets Growing Demand for Cybersecurity on Multiple Platforms

HelpSystems Meets Growing Demand for Cybersecurity on Multiple Platforms Minneapolis, MN, March 1, … [Read More...]

HelpSystems Marketplace Survey

It’s 2016. Is anyone expanding their IBM i footprint? Now you don’t have to guess. The answer’s right here! … [Read More...]

More articles from this section

« Return to main article

The IBM i OS Contains Everything Needed to Create Web Services

October 2014 | by Tim Rowe

More Sharing ServicesShare|

Figure 1

Leveraging Web services for your IBM i applications allows you to continue to use your applications of today while also enabling you to repurpose key components in other applications or as the conduit between your UI and your back-end data and key business logic.

Web services can be a key component to a modernization project on IBM i. A “service” is a callable interface/method/routine that executes some business logic. It can be complex or very simple. What makes this different is this that it’s callable from the Web, providing a highly reusable interface that can be called from anywhere.

On IBM i, using Web services has never been easier. The OS includes an integrated Web services (IWS) runtime environment. The IWS is utilized today by thousands of IBM i users for a wide array of production services. In June 2014 IBM shipped the new Liberty and JAX-WS based runtime environment. This new technology base is built on the latest industry technologies to ensure a solid base for the future. The IWS server has been built and designed with the RPG or COLBOL developer as its primary user. The IWS support not only contains the necessary runtime environment for running Web services in an enterprise production environment, it also has wizards to help RPG and COBOL developers quickly and easily create and host Web services over back-end ILE programs with virtually no knowledge of the Web side of things. The best part about this support? Because it is part of the IBM i OS, you don’t need to purchase or install anything.

Getting Started

To get started with the IWS support, it’s recommended that you have the latest HTTP PTF and Java* PTF group levels installed. This will ensure you have access to the new Liberty-based IWS engine as well as any other goodies. This support applies to all currently supported releases of IBM i. Once your PTF group levels are set, (again this is not necessary unless you want to leverage the new Liberty-based server, which I highly recommend) you can create your Web services runtime hosting environment easily by walking through the create wizard found in the left navigation pane of the Web Administration GUI (open a browser, enter http://hostname:2001/HTTPAdmin) as shown in Figure 1 (right). Once your server is created and running, which should only take a couple of minutes, you are ready to deploy your first Web service.

When it comes to creating a Web service over your RPG or COBOL programs, the hard part lies on the ILE side, where the real work needs to happen. Because you are creating a service callable from anywhere, the RPG or COBOL program needs to conform to three rules:

You have to be using an ILE version of RPG or COBOL. The older versions are just not supported with the IWS-based support.

Your function that you are creating as a service must be a stateless callable program or service program. It can’t be dependent on an input or other things.

When you compile your code, you must specify the Program Call Markup Language (PCML) option as either a program header option or on the create program command. The PCML is a special object that’s embedded with your compiled program and tells the IWS support what the input and output parameters are for you program.

Once your ILE code is set, the fun part can begin. Creating your Web services is easy. From the Web admin GUI, click on the Manage Deployed Services link. Within this interface, click the Deploy button to start the Deploy a service wizard. This wizard consists of several steps; most are for more advanced features. You really only need to care about a few:

Specify the ILE program or service program object that contains your back-end function.

Define a name for your service. The wizard provides a default value based on the name of the program you specified, but I would recommend specifying a meaningful value, as it will be beneficial later when you are trying to remember what you just did.

Specify what functions you want to expose within this Web service. You can do this in several ways: one large Web service with many functions exposed or an individual Web service for each function you want to expose. I personally am a big fan of simplicity, and would create a simple Web service for each function.

R Update the input and output fields. You will notice the fields are already defined, but likely they aren’t completely accurate. If you’re returning an output structure, for example, it will likely be marked “input/output.” It’s best if you can change that to output and then be sure to designate the correct structure return size. This ensures that the IWS wrapper code handling the call back and forth between the world of the Web and the ILE program can process that data efficiently.

Specify the user ID that this ILE program will run against.

Specify the library list that will be used. The library list can easily be updated at a later time, so here you could specify test data library to get started and then update with the production library later.

R Click on “Next” on any additional screens and hit “Finish.” Within a few seconds the wizard will create the Web services wrapper and deploy it into your Web services runtime environment.

At this point you are set and ready to go! Within the deployed service interface, is a link to the Web Services Descriptive Language. That is the object you will need to send to the caller of your Web service. Try it out for yourself; click on the Test button to launch the IWS testing interface, specify your input values and verify your Web service is working as expected.

Helpful Wizards

Getting starting creating and hosting Web services for the IBM i has never been easier. A complete set of wizards help guide you along the path. For those that are wondering, the IWS support also has a complete set of callable scripts and interfaces to give you the ability to automate or easily move these services from one system to another.

Tim Rowe is the Business Architect for Application Development responsible for all middleware and infrastructure needed for applications on IBM i. He has spent the past 8 years as an architect for the IBM i Web integration team.

Why You Might Want To Encrypt Your Syslogs Now

Why You Might Want To Encrypt Your Syslogs Now
Corrected: June 19, 2015

by Alex Woodie

Every day millions of IBM i server events are packaged up in the syslog standard and sent offsite for safekeeping and analysis. In many cases, the syslog files are sent in plain text across the wire because, hey, they're just boring old log files, and what could anybody ever do with those, right? Wrong, says IBM i security software company Raz-Lee Security.

Syslogs are a bread-and-butter data format for IT professionals around the world. Just about every device in the data center uses the syslog format to transmit data about what it's done. All sorts of IT activities are documented in syslog, from debugging applications and general systems management to real-time network alerts and security auditing.

In the security space, syslogs are the de-facto standard for sending system events to the all-important security information and event management (SIEM) products that do the hard work of analyzing and correlating activity occurring across different servers, networks, databases, switches, and various other systems. No platform is an island these days--not even the venerable IBM i server--and SIEM products like IBM's QRadar, Hewlett-Packard's ArcSight, LogRhythm's Security Intelligence, RSA Security's enVision, and Splunk's Enterprise Security are critical assets in the ongoing war against cyber criminals.

Security software companies plying the IBM i waters are no stranger to these SIEM products, and most of them are equipped to convert IBM i events--such as QAUDJRN system journal events, message queues, and user-related information--from the native IBM i format into syslog and send them across the wire to a central SIEM server.

Eli Spitz, Raz-Lee's vice president of business development, says the company decided to use TLS to encrypt syslog files at the request of customers.

"We've been asked by a number of customers, not a large number but some very large and important customers," to encrypt the syslogs, Spitz tells IT Jungle in an interview. "One of the customers is a pharmaceutical company based in Eastern Europe. They said 'We have to have encryption in syslog to be compliant with FDA regulations.' That was after we received a number of requests."

Helping customers comply with Food and Drug Administration regulations--in this case, rules that require tamper-proof lot tracking at pharmaceutical manufacturers--is certainly a good enough reason. But would companies in other industries have a reason to encrypt their syslogs?

Yes, says Raz-Lee CTO Schmuel Zailer. While you're not going to find personally identifiable information (PII) in the server logs, there are other pieces of data contained in the log files sent from production IBM i servers to SIEM and servers that could be of value to cybercriminals.

"The SIEM server collects information that's coming from the IBM i, which means your line is exposed and everybody can understand what is going on on the IBM i if you just listen to that line," Zailer says. "So you must encrypt it. And if you encrypt it, you hide it."

Raz-Lee's iSecurity suite not only sends data from QAUDJRN and other message queues; it can also upload data from the database journal, Zailer says. This is dubbed database activity monitoring (DAM), a relatively new discipline in the IBM i community, and one in which Raz-Lee has a partnership with McAfee.

For customers who choose to replicate contents of the database journal to a SIEM server via syslog--such as one large insurance company that sends thousands of database events per second--that poses an unacceptable security risk. "We send over the net information of the database updates [which] means that the database is exposed," Zailer says.

Encryption is a major theme for Raz-Lee this year. The Israeli company is gearing up to offer PGP encryption in iSecurity. It's also planning to beef up its field-level encryption offering with a major update later this year. "Encryption is emerging to be a major theme," Spitz says.

HelpSystems Adds Security Expertise, Managed Services, and Software with Acquisition of SkyView Partners

posted Jun 2, 2015

          

SkyView team of industry experts, led by Carol Woodbury and John Vanderwall, join HelpSystems. Companies create powerful combination to help organizations improve security on IBM i, UNIX, and Linux.

Minneapolis, MN, June 2, 2015—HelpSystems, a leading provider of systems and network management, business intelligence, and security solutions today announced the acquisition of SkyView Partners, Inc.  
By adding SkyView to HelpSystems, customers can now take advantage of a deeper bench of security experts, an innovative approach to ongoing security services, and a broader range of security products.
“At a time when demand for system security is growing and security needs are constantly changing, the SkyView team’s experience is a great fit for HelpSystems and a compelling benefit for our customers,” said Chris Heim, CEO, HelpSystems.
Numerous recent CIO surveys have identified security as a top priority for CIOs in 2015, making SkyView’s service-oriented expertise and world-class support from HelpSystems a powerful combination that will benefit all IBM i, AIX, and Linux customers.
“As we looked to expand our global security services to more customers, we sought out a security-focused company we could complement with services and we found just that in HelpSystems. Our entire team looks forward to joining the HelpSystems family,” said Carol Woodbury, President and Co-Founder of SkyView Partners, Inc.
“By combining SkyView’s services and tools with cutting-edge technology from the HelpSystems security offerings, we can help more organizations secure their systems,” said John Vanderwall, CEO and Co-Founder of SkyView Partners, Inc.
About HelpSystems
HelpSystems, LLC is a leading provider of systems and network management, business intelligence, and security and compliance solutions. HelpSystems software reduces data center costs by improving operational control and delivery of IT services. The company provides managed services around system security, with experts monitoring customers’ compliance reporting. Founded in 1982, the company has 15 offices worldwide and more than 9,000 customers from small businesses to Fortune 100 companies. Based in Minneapolis, Minnesota, HelpSystems sells its solutions directly and through strategic partners worldwide.
HelpSystems brands include: Robot, SEQUEL Software, PowerTech, Halcyon, Skybot, AutoMate, Safestone, Bytware, ShowCase, InterMapper, CCSS, and RJS Software. Learn more at www.helpsystems.com.
Mike Devine
Vice President, Marketing
+1 952-563-2798
mike.devine@helpsystems.com


http://www.helpsystems.com/newsroom/helpsystems-acquires-skyview-partners

IBM i Marketplace Survey-HelpSystems

IBM i Marketplace Survey

Find out how nearly 350 of your peers are using the platform.

We speak with IT professionals regularly about their IT infrastructures and platform changes, and we saw the need for a deeper understanding of the state of the IBM i platform. With no other source for this information, we teamed up with IT Jungle and PowerWire to gather it ourselves.
The first annual IBM i Marketplace Survey reveals how IBM i is being used and how it relates to users’ broader IT objectives.


http://www.helpsystems.com/ibm-i-marketplace-study

The IBM i Future: Hints from DB2

The IBM i Future: Hints from DB2

April 13, 2015

In a previous post about the future of IBM i, I shared some of the primary messages we give to customers who ask us things like, “Show me a roadmap for IBM i for the next five years” and “Is IBM going to support IBM i in the future?” Typically, these questions get asked by CxO types in companies—CTOs, CIOs and CEOs who don’t have much experience with IBM i and its predecessors, or who have been depending on the platform for a long time, but who have had no reason to pay close attention to the blogs, whitepapers and conference sessions we’ve been creating for the customer base. The messages from that post are often enough to calm the anxiety of CxOs, particularly if we get to deliver them in person.

 

However, there is more than one approach to demonstrating IBM’s strategic commitment to the IBM i and its customer base, so today I’m going to take another of those approaches, and this approach might be more meaningful to people who have more specific technical knowledge than is typically required of a day-to-day CxO. What is it?

 

Look at the recent past. Specifically, look at the investments IBM i development is making in technological enhancements, and ask yourself whether these investments give you an indication where the platform is headed. Today, I’ll talk about just one area of IBM i, but it’s an important area, since it’s the core of the operating system: DB2.

 

DB2 and the Data-centric paradigm: For several years, we’ve been talking about the benefits of a “data-centric” approach for application design. In case you’re not familiar with it, “data-centric” means that you define, in the database, how your data should be treated, so that you don’t have to ensure every application and management method you have for the data is synchronized properly. Hmmm. Maybe that’s not clear enough. Let me give you examples.

 

In IBM i 7.1, we made it possible to do column-level encryption, defined at the DB2 column level. By doing this, we ensured you could enforce a security policy that required specific information was always encrypted, without having to go into every piece of code, and knowing that every interface into your DB would be protected. This is data-centric encryption. Similarly, in IBM i 7.2 we introduced Row/Column Access Control, which is also data-centric. It gets defined for the entire database, no matter how the data is accessed. And when 7.2 TR2 and 7.1 TR10 get announced, there’s another DB2 feature that allows more data-centric management, reducing the complexity of managing your DB2, by having DB2 do things for you.

In each of these instances, we’re guiding the solution community toward a data-centric approach, because ultimately it makes it easier for customers, and it provides more opportunity for us to optimize DB2 for our customers. We see a future where people will use DB2 more and more, as they have in the past, but they will want to avoid complex and error-prone methods of securing, managing and designing their database. And we’re investing in that future.

 

First on DB2 for i: Furthermore, some of the features we’re putting into DB2 for i are features that other members of the DB2 family will get, but they don’t have them yet. Regular expression support from TR1/TR9 was one example where the IBM i DB2 implementation was the first DB2 to support it, and the feature I hinted at above is another example of a DB2 feature that will be delivered on IBM i first. So, IBM i is not just investing, it’s remaining a full partner with other DB2 family members, doing functions that support the future of database use before anyone else.

 

Integration of XML: XML, of course, is a way to describe data. DB2 stores data. XML is a big deal. DB2 is big deal. Of course, if you’re an operating system like IBM i, built around DB2, and you want to enable yourself for the future, you figure out how you’re going to work with XML, or not. In the context of investing for the future, realize that we had a choice. We could have allowed XML support to remain a job for application developers. Integrating the support into DB2 would provide significant value to developers, and it would support that “data-centric” strategy I mentioned before, but it also would mean we were committing to supporting a pretty extensive data description technology well into the future. So what did IBM i decide to do?

 

At first, the IBM i DB2 first added support to store and use XML in a very general way. Then, more than five years ago, over the course of several mid-release deliverables and a major release, DB2 on i incorporated advanced XML support integrated directly into the database. It was one of the major enhancements in 7.1, and has been extended several times since then.

 

XML is still necessary, of course. Plenty of people use it. But these days, it’s not the only “big deal” in data description. XML is powerful, but pretty complicated when comparing it to at least one other popular technology. (Do I hear someone in the audience asking about JSON? Yes, I thought I did.) So, what are we going to do? Hmmmm. I guess we could do nothing. If IBM i didn’t have a future, doing nothing would probably be best. Why tie ourselves to another growing new data-related technology if we can’t continue to support it? On the other hand, since IBM i does have a future—well, you can expect more news in this area.

More: Other aspects of DB2 show continued investment, for the future of our customers, but those aspects might cross over into other future blogs, so let me just say that Services through SQL has been a focus of IBM i for quite some time (Dawn May wrote about it here: http://www.ibmsystemsmag.com/Blogs/i-Can/March-2015/IBM-i-Services/ ) and then there is all the support we have created to help users Modernize the use of DB2, which is covered extensively in the IBM i Modernization Redbook.

 

In closing (for today—not forever) let me reiterate: there are many ways to talk about the future of IBM i and each of those ways might be more effective to certain groups of people. If you are a technical person and you are asked by your executive if IBM is saying anything about the future of IBM i, then I suggest you point them to the previous blog and the resources it mentions.

 

On the other hand, if you are a technical person and you get the same question from another technical person, information about the technical investments being made in IBM i might serve you better. And if DB2 isn’t the right technology to talk about, well, then you can wait for me to write about other parts of IBM i. Or, better yet, think about the new things you’ve seen us announce over the past few years and develop a list of things that means the most to you. Because when you’re face-to-face with a doubter, the best position you can take is one that you believe in, and you do that best with facts that mean something to you.

 

Until next time, I’ll keep heading into the future. I look forward to seeing you there!

 

Posted April 13, 2015 | Permalink