April 12, 2016
Today’s the day! As I hinted a couple of months ago
, we have big news. Today, we are announcing the IBM i 7.3 release, which will be generally available on April 15, 2016.
Our themes for 7.3 apply to many of the new features:
- Simplifying Insight
- Intelligent Security
- The Power of Integration
As Chief Architect, one of the roles I have is to introduce the new release to our customers, so today’s blog will give you a stratospheric view of the biggest enhancements, while I point you to other blogs who will describe them at the next level of detail. So, let’s get started.
These days, everyone wants to get more information from the data which is running their businesses. They want “insight” on how that data affects business. On an IBM i system, of course, DB2 is where that data is stored. DB2, like all databases with a long, successful history, is designed specifically to do transaction processing, because transaction processing is at the heart of running a business. However, over the years, as CIOs & CTOs came to take transactions for granted, they started asking their IT and application departments to get more value out of the data. For example, they started asking questions about what their business data looked like in the past.
To satisfy this sort of request, IT would use the tools at its disposal to either reconstruct past data, or, if they got the request often enough, they would find ways to capture snapshots of the data. All of these techniques were understandable, of course, but they had drawbacks, such as being difficult to create, or being run against old data.
IBM i 7.3 introduces a new technology, built into DB2, to handle this sort of business problem: DB2 Temporal Support
. Once again, DB2 is providing a “data-centric” way to deal with a whole class of requirements. As of 7.3, DB2 tables can be identified as needing to have their history tracked, and DB2 will automatically store older versions of the data as it gets updated. This allows for very simple, natural queries to be written to ask questions such as “What was in this table six months ago?” or “What was the state of the table on June 1?” This is the kind of insight many business leaders want, and now DB2 can be set up to simply make this kind of insight a simple matter of running a query.
Another kind of insight required by many business decision makers is often provided by advanced analysis of their data. This sort of analysis can be done today by writing specialized programs which extract data and then perform complex mathematical computations on that data. While the traditional DB2 emphasis has been on transactional processing (OLTP), this sort of analytical process was done outside of DB2.
Now, in IBM i 7.3, DB2 has added an extensive set of OLAP functions
, so that this sort of analytical processing can be done directly against live data, using SQL. Insight like this was often simply not done in IBM i shops, or if it was done, it was done against older copies of data, with extensive investment in developing specialized analysis software. Now, that insight is available directly from IBM i DB2.
We’ve built some examples to show how both Temporal and OLAP capabilities can help solve business problems, and those examples are in the presentations I am giving at IBM Technical University, at the COMMON conference, as well as in upcoming events all around the world.
While you’re waiting for an opportunity to see these presentations, though, go visit Mike Cain’s blog
where you can see more details on how these new DB2 features are used.
We’ve been enhancing our security capabilities within IBM i with each major release: DB2 Column-level encryption in 7.1, DB2 Row & Column Access control in 7.2, as well as other lesser known features. Our focus has been on DB2 security, so that customers and application developers can implement security policies in a “data-centric” manner – defining security policy at the database. And those are very powerful.
Still, one of the key security issues which has existed on this platform since its creation is the “over-authorized” user.
We often point out that IBM i is the most ‘securable’ operating system available for business. The architecture and interfaces give you the ability to implement security, especially specializing who has authority to what, at a very broad level, or at a very specific level.
The problem has been that many customers, over the years, have doled out authority to use their system and its data far more freely than is truly secure. The reasons for this are myriad, but one of the frustrating things we see when we examine customer installations is the over-authorizing of users, particularly users who have jobs in the company which should not require much access at all. Our partners in the security community have seen this, too. Just ask them, or read their white papers.
So, what can IBM i do about this? Well, in 7.3 we provide a new capability, which should help customers ensure that their systems are as secure as they really want them to be. It’s called Authority Collection
The key idea behind Authority Collection is to track all the objects a user comes in contact with during their normal work day, and then report what authority that user has
, and most importantly, what minimum authority that user could have
, and still get his or her work done. This will allow customers to tighten up security – ensuring that an employee who should not have the ability to change vital information, but who needs to be able to run reports against it, has the right authority – without adversely affecting their day-to-day operations.
The Authority Collection capability is built into IBM i 7.3, so anyone can use it. Some customers will want to use it themselves, and others will want to work with security partners, many of whom participated in pre-release evaluation of 7.3 so they would be able to give it a thorough test, while also getting early skills in Authority Collection.
To learn more about the specifics, you can certainly attend the upcoming conferences, of course. But also, today’s “i Can” blog
, owned by Dawn May, has a guest author: Jeff Uehling, the IBM i Security architect. He’s giving more details behind this key advancement in helping IBM i clients be as secure as possible.
The Power of Integration
I’ve described just three of the top items in the IBM i 7.3 release above. For my last “see this other blog” comment today I suggest you read Tim Rowe’s blog
today, where he’s discussing the newest integration of Open Source technology with IBM i.
So there you go – an overview of the IBM i 7.3 announcement, in blog form. That’s a start, but there are also enhancements in managing the platform, in networking security (particularly in auditing of networking security events), in the kinds of storage supported, in managing availability, in RPG and other languages, and so much more. To find out about those things, again, conferences and webcasts will help, but detailed information can also be found in the IBM i 7.3 Knowledge Center
and the IBM i 7.3 developerWorks site
, both of which are available now that it’s announce day.
I have to put one final link in this blog, though – the IBM i page on ibm.com
It has links to important information for 7.3, but even more importantly, there will be new content rolling out over the next few weeks and months. I’ll be tweeting as new content shows up there (if I can keep up with it!)
Our development team has been working hard to get this new release to you, our customers and partners, and we’re excited to share it with you. Our special thanks go out to the clients, partners and ISVs who have been part of the early programs, evaluating the release and making sure it is ready for prime time!
That’s IBM i 7.3 simplifying insight, providing intelligent security, and demonstrating again the power of integration. You’re going to like it!
Posted April 12, 2016 | Permalink