Since your IBM i environment handle some of your most mission critical workloads, protecting them is imperative. High availability solutions are there to help you minimize or virtually eliminate downtime. IBM i security is an ongoing concern for IBM i shops due to threats of ransomware and other malware, as well as various regulations and audit requirements. When HA/DR and security can work together, you can get an even greater ROI from these important solutions. Join us for this webcast to hear about: • The benefits of coordinating your HA/DR and your security • Implications for security, switching, and replication • Establishing effective reporting and monitoring

1. How Security and
HA Need to Work
Together
Bill Peedle | Principal Sales Engineer
Barry Kirksey | Principal Sales Engineer

2. Today’s Topics
• IBM i is mission critical
• HA and Security coordination
• Security
• Switching
• Replication
• Reporting and monitoring
• Minimizing downtime
2

3. IBM i is Mission Critical

4. Let’s talk about IBM Power Systems running IBM i
4
Reputation
• IBM i has been a strategic
platform for decades
• IBM i has been able to
adapt to a changing IT
landscape
• IBM i handles important,
mission-critical workloads
• Popular in manufacturing,
retail, distribution, logistics,
banking, healthcare,
insurance, hospitality
management, government
management, and legal
case management.
Trends Concerns
• Increasing move to cloud
deployment
• Existing customers
continue to upgrade
systems and OS versions
• Customers continue to
add more partitions -50%
of companies have more
than 3 LPARs
• Remote work
environments continue to
grow
• Security knowledge and
skills gap
• Security continues to be
top priority
• HA/DR cited as top
concern for almost 2/3
of customers
• Finding required staff
with IBM i skills also a
top concern
• Automation and
modernization are
frequently cited
concerns
*Forta 2022 IBM i Marketplace Survey

5. IT Jungle
2023 IBM i
Marketplace
Predictions*
Automation Modernization
Automation is key in operations, job
scheduling and regular complex
and simple tasks, but the resources
for skilled IBM Power Systems
people are scarce and becoming
even scarcer
IBM i is the system of record and
clients are implementing a hybrid
approach to modernization
Spending Cloud
Many IT projects will be looking to
optimize costs. We will see
investment in tools on the platform
(IBM i) to help move workloads to
cloud/hybrid cloud environments
2023 will mark a year where
customers finally make the move to
cloud-based hosting of their IBM i
5 * IT Jungle-2023 IBM i Predictions, Part 1 - 1/16/2023

6. IBM i marketplace surveys
• Virtually all surveys continue to point to Security
as Number 1 concern
• HA is usually 2nd or 3rd and is generally cited by
more than 50% of survey respondents
• Only 5% of IBM i users intend to remove all
IBM i-based applications from their systems
during the next two years
• Downtime costs IBM i uses an average of $125k
per event**
• Remote operations has become the new
normal for most organizations causing
increased security risks**
• 70% of respondents using their IBM i platform
to run more than half of core business
applications.
6 **Forrester Economic Impact Study

7. Tension Between Availability
and Security
7
Conflict
• Operations team generally focused on Availability
• Security team focused on locking down a secure environment
Causes
• Conflicting Values
• Complexity
• Policy problems
• Communication & coordination

8. How to coordinate
IBM i Security and
High Availability

9. Replication Topics to discuss
• IBM i Security Product Modules required to be replicated
• Switching considerations for HA and Security
• Availability and security in a Cloud environment
• Streaming HA and security data to IT Operations
Analytics (ITOA) solutions
• Managing risk and downtime for encryption of data at rest,
while maintaining switch readiness
9

10. Security Modules

11. Multi-factor Authentication (MFA)
Security Module Replication
11
• Enabling Multi-factor Authentication
• Install MFA Product on target server
• Configure IBM i replication product to replicate MFA
• Authentication server considerations
• External
• Local
• HA Server access when in read only mode

12. Encryption Security Module Replication
12
• Enabling Encryption
• Install on target server
• Configure IBM i replication product to replicate the encryption module
• Encryption at the filed level with IBM i Field Procedures
• Fields encrypted/decrypted on the fly
• Field Proc procedure used on the fly
• Procedures must be replicated

13. Exit Point Security
Module Replication
Managing Exit Points
• Install on target server
• Configure IBM i replication product to
replicate the exit point software product
• Exit Points must be turned on at the system
level
• Consideration for new exit points on source
need to be introduced to backup server
13

14. Switching Considerations

15. Switching Your HA and Security Products
15
• Products need to be integrated
• Procedure and steps needed to accommodate
integrated switching
• Automated notification of manual steps required
• Regular testing to ensure HA and Security switch error
free
New
LPARs
Current
LPARs
From
Anywhere
To
Anywhere
Any
Hardware
Any
Storage
Physical,
Virtual, Cloud
Any
IBM i OS
Version

16. Replication in the Cloud

17. Presentation name
17
Cloud Considerations
HA and security products
need to be Cloud ready
Many Cloud environments
do not have tape access

18. Reporting and Monitoring
HA and Security Data

19. Some definitions…
19
• Security Information and Event Management (SIEM) - offers real-time monitoring and
analysis of events as well as tracking and logging of security data for compliance or auditing
purposes
• IT Operations Analytics (ITOA) - IT operations analytics involves collecting IT data from
different sources, examining that data in a broader context, and proactively identifying
problems in advance of their occurrence.
• IT Operations Management (ITOM) - IT operations management (ITOM) is responsible for
managing information technology requirements within an organization, overseeing the
provisioning, capacity, performance, and availability of IT infrastructure and resources.

20. Leading IT analytics & security platforms lack
native IBM i support
20
Distributed and
Cloud environments
IBM i Systems
Online
services
Storage
Online
Shopping
Cart
Servers
Desktops
Web
clickstreams
Security
Networks
Telecoms
Call detail
records
GPS
location
Messaging
Databases
RFID
Web
services
Packaged
applications
APP
Custom
apps
Energy
meters
Smartphones
and devices
On-
premises
Private
cloud
Public
cloud
IBM i

21. IT operations analytics
Monitor the business for real-time
operational intelligence
• Monitor operational status of enterprise IT
infrastructure
• Monitor resource utilization and availability
• Realtime visibility into IBM systems
• Predict and avoid problems
• Non-IBM users have access to IBM KPIs
21

22. Security monitoring
Extend your security strategy to include
the IBM i
• Detect and prevent security threats
• Report on security events
• Prioritize on highest impact issues
• Monitor privileged user activity
• Automated reporting and simplified
compliance
22

23. Minimizing IBM i Downtime
while Encrypting Data

24. Implementing
encryption has
its challenges
Exclusive Locks Small Window
• IBM i Field Procedures (FieldProc)
needs an Exclusive Lock on file
data to add/remove an
encryption program and
encrypt/decrypt a column
• Your maintenance window may
be too small to encrypt/decrypt
all files during the allotted time
Application Risk
• Encryption processing changes
every record within a file –
increasing risk to applications
24

25. Encrypt While
Active is useful
throughout the
lifetime of your
encryption
project
Initial Encryption Removing Encryption
• Adding encryption to fields/files
not currently encrypted
• Removing encryption from
fields/files currently encrypted
Key Rotation
• Cycling an encrypted file from
one set of encryption keys to
another
(annually or on another regular interval to meet
compliance requirements)
25

26. Benefits of Encrypt
While Active
• Minimizes downtime for encryption
operations
• Mitigates the risk of application failure
after encryption
• Ensures HA/DR-readiness throughout
the encryption process
26
As an added benefit, deleted records can be
removed from the file during the encryption –
a Compress While Active service

27. How Precisely
can help

28. Precisely IBM i Products
• Protects against downtime
and meets aggressive service
level agreements
• Flexible, scalable replication
and failover automation
• Scales from SMB to
enterprise workloads
• Minimizes impact on network
bandwidth and CPU usage
• Supports mixed i OS and
hardware environments on
physical, virtual and cloud
platforms
Integrates log data from IBM i into
IT operations analytics and
management platforms
• Robust, multi-layered, and
resilient defenses against
advanced malware threats
• Enforces strict security policies to
protect your systems with
automated access control
• Generates generate clear,
actionable alerts and reports
• Protects sensitive and highly
regulated data from
unauthorized access using
encryption, tokenization and
masking technologies
• Provides access to the log data
to address IT operations
analysis, security, and
compliance
• Unlocks real time operational
intelligence from IBM i systems,
• Improves access to data by
breaking down silos
• Increases value and
observability of IT services &
operations
28
Ironstream
Assure HA Assure Security
Protects IBM i systems and data
from security breaches and assures
regulatory compliance
Protect IBM i servers from
downtime and data loss

29. Questions