March 27, 2020 | IBM i

The Quarantined IBM i Administrator’s Check List

image

Due to COVID-19 quarantines and shelter in place orders, IBM i (i.e. iSeries, AS400) professionals may be quarantined out of the building where their Power systems running IBM i reside. Fortunately, remotely accessing IBM i systems is nothing new.

If you suddenly find yourself physically separated or about to be separated from your IBM I during the pandemic, here’s our checklist of critical items you’ll need to keep your IBM i servers running, when you can’t physically access them.

  1. Install additional VPN licenses, if needed — VPN is your friend. Prepare yourself for a big uptick in remote users as people who used to access your IBM i from the local network now have to come in through VPN. Check your VPN licenses and bump them up to handle a probable increase in VPN traffic to your network and IBM i. Also check your VPN hardware to make sure it can handle increased demand; in case your off-site user count suddenly increases by several hundred (or a thousand) users.
  2. Be prepared to deliver remote activity reports –Keeping track of what’s going on within your system is crucial, especially during times like this, when your business might be more vulnerable. Programs like iSecurity Firewall can help monitor inbound and outbound traffic, and provide reports on user activity.
  3. IBM i system console—If you have a physical on-site system console, look into setting up a remote system console using IBM i Access Client. When your building is shut down, you won’t be able to go to the Computer Room to put your i in restricted mode or perform IPL’s or required full system backups, as needed. If you have a physical console, go to the IBM i Access Client Solutions Web site, learn how to download and install the software, and configure an IBM i Access Client system console that can be run remotely from a PC.
  4. Deputize new IBM admins, as needed (part 1)—If you’re a small shop where one person does everything from creating IBM i user profiles to resetting passwords to authorizing menu access to performing IT operations duties, consider who can step into the lead IBM i admin role if your IBM i admin is unavailable. This may be someone such as a programmer or an outside resource who can step in if your IBM i administrator checks out. With the tendency of many IBM i shops to run on extremely lean staffs, make sure there’s someone else who can step in.
  5. Deputize new IBM i admins, as needed (part 2)—Same scenario as item 3 above. Who will be your security officer if your security officer is gone? Consider using a program like iSecurity Authority on Demand that can be used to quickly provide temporary crisis elevated access to other users, as needed. Elevated access, up to and including security officer access, can be immediately added, audited, and expired according to the needs of the moment, using programs like this.
  6. Help Desk and password resets—Password resets are the biggest requested item for any Help Desk or Service Desk. If your Help Desk or Service Desk personnel may get overwhelmed during a crisis or become unavailable, look into installing an automated IBM i password reset program such as iSecurity Password Reset to allow your users to reset their passwords by themselves.
  7. Protect the IFS from viruses—When people VPN or access your systems from home during the pandemic, they may not be using company-sanctioned systems. In a crisis where people without company-approved systems need to get to your i servers, your network people may set up users to access the system from machines without mandatory anti-virus and anti-malware software running. In these instances, you’ll want to make sure your IFS doesn’t become a virus carrier by installing and running an IBM i anti-virus and malware program, such as iSecurity Anti-Virus.
  8. Install IBM i Message and Resource Monitoring software—What happens if the people monitoring your IBM i aren’t available during the pandemic? Automated message and resource monitoring can help. Rather than relying on on-site personnel to monitor your IBM I, you can set up an IBM i monitoring package like SEA’s absMessage to monitor critical situations on your IBM i (including unanswered system messages) and either alert off-site personnel or automatically respond to any situation that occurs.
  9. Don’t forget your peripherals—One of the biggest problems with sending people home to shelter in place during a crisis is what happens when key personnel can’t access local resources. What will you do for check printing or remotely sending checks to the bank, for example, if your users can’t get into the same building as your check printer or scanner? If your key users are quarantined away from the building, make sure they or their replacements can still access peripheral resources that are local to your restricted location. Inventory your key on-site peripherals and make a plan for dealing with them if the building is shut down.
  10. Don’t forget your backups—If you’re still using physical media such as tape, that need to be swapped or move off-site, consider setting up an alternate IBM i backup system. Look for an IBM i vendor who sells vaulting services and configure off-site backup and retrieval services. At the very least, you may be able to set up a modified backup routine to save your critical data to save files and then FTP your backup files off-site to another server, on a regular basis. Give your backup routine some thought.

It’s not easy dealing with a business, much less an IBM i environment, during the pandemic where personnel, buildings, and resources will quickly become unavailable. However, checklists like these can help you prepare for the worst, so you can hit the ground running if bad news comes. Good luck with your systems as you deal with this unprecedented situation.