Hit enter to search

The question: to encrypt or not to encrypt, is now answered by IBM i

10/02/2021
Author Avatar
Rudi van Helvoirt

The new Object Connect TCP/IP server currently has the option to operate with or without encryption, but IBM's message is clear. Encryption is the future.

What do we know today?

Maybe the new *OBJC TCP/IP server did pass by unnoticed, but it was part of the latest IBM i 7.4 Technology Refresh (TR3) made available in November of last year.

The topic in which this new *OBJC server was announced was called ObjectConnect over TCP/IP. You might think that after using the SAVRST* command in combination with AnyNet and Enterprise Extenders, this is the new kid on the block with which you can do so same, only faster. That is not entirely true. The new Object Connect TCP/IP server can be started with the command STRTCPSVR SERVER(*OBJC), but when you do so, you will see this:

display1

This new server does require you to use encryption, and encryption only. The Telnet server has currently the option to run with and without encryption as you can see below:

display2

So why this change of behaviour of IBM i?

IBM i has a rock solid reputation a being a secure system. That does not mean that every system is secure by default, an effort has to be made to make it secure.

IBM's choice to make this new TCP/IP server only available if you set it up yourself for encryption, makes perfectly sense in the current time with the growing awareness for a better security. Another reason to do so, is that fact that it is a brand new server, so by allowing only encrypted traffic, IBM does not break something which is already there.

The new Digital Certificate Manager

For setting up encryption on IBM you have to use the Digital Certificate Manager, which looks outdated to be honest. That is why recently IBM did launch a new instance of the Digital Certificate Manager (IBM i 7.4 TR1 & IBM i 7.3 TR8). The old one is still around and accessible, but once you have seen and used the new Digital Certificate Manager you do not want to use the old one anymore.

How much time do you have left?

Soon new versions of browsers will ban accessing websites not using encryption, so the message given of by the manufacturers behind those browsers and now also IBM is clear. If you did not bother about IBM i and encryption now is the time to do so and to come into action. Do it now before you are forced to do so. There is still time, how much? Only heaven nows.

If you want to get started with encrypting Telnet as your first step to secure your system in a better way please have a look at this link.

In the link the old DCM is still used but this was written before the days of the new DCM.

IBM Power 9 Migration Scenarios

 

Current job openings

Get our top stories in your inbox every month

Follow us

  

Share this article