In this issue, we're covering IBM i security monitoring, mobility with IBM MobileFirst, and SWMA price increases.

IBM i Software Maintenance Price Increase

With all the recent great news surrounding IBM i Technology Refresh 6 (TR6), the new Power7+ iron, and IBM's precision-like Power Systems targeting of the SMB x86-64 market, it's a bit of a downer to have to lead in with a "you have to pay more" story.

According to IBM announcement letter 313-006, IBM i software maintenance prices are going up April 16, 2013.

The announcement is not the clearest document IBM has ever released as it has 162 line items with no detailed descriptions. All potential options are there, from "uplifting" to 24x7 support or the cost of SWMA when changing processor tiers. With a little digging, you can put the product numbers together and find that, per core, you'll be looking at the following for one year of maintenance:

It is what it is.

It, however, would have been nice if this didn't come on the heels of a major announced Power Systems push into the x86-64 market. I'd argue the competitive advantage of IBM i is absolutely still there, based on the lower total cost of ownership, total cost of acquisition, low downtime, less staffing required, and all the other great things existing customers appreciate about the platform. A price increase makes it just a little harder to sell to those new customers IBM is trying to attract to the Power Systems platform who may be a good fit for IBM i.

IBM Makes Thunderous Splash in Mobility

IBM recently announced MobileFirst, a comprehensive collection of software, services, security, analytics, vendor partnerships, and much more. Consisting of six solution portfolios, IBM MobileFirst is positioned to help businesses in all aspects of mobility, from planning through implementation.

These are the six portfolios specified in the announcement:

• IBM MobileFirst Platform – New updates include expanded capabilities of IBM Worklight to simplify deployment. It also features single sign-on capabilities for multiple applications. A new beta of the Rational Test Workbench for mobile helps to improve the quality and reliability of mobile apps.
• IBM MobileFirst Security – IBM extends its context-based mobile access control solutions and expands mobile application vulnerability testing with support for Apple iOS apps with the latest release of AppScan.
• IBM MobileFirst Management – New updates to IBM Endpoint Manager include enhanced support for Bring Your Own Device (BYOD) programs and increased security standards that are critical to governments and regulated environments.
• IBM MobileFirst Analytics – IBM is expanding its Tealeaf CX Mobile solution to give enterprises more visual insight into mobile behaviors so they can better understand where improvements are needed and create exceptional and consistent consumer experiences across mobile devices.
• IBM MobileFirst Strategy and Design Services – Clients can tap into IBM expertise to map out a mobile strategy for employees and customers, and key experience design skills from IBM Interactive to build compelling mobile experiences. IBM's new Mobile Maturity Model can assess how a business is progressing towards becoming a mobile enterprise, while new Mobile Workshops help clients develop applications, architect infrastructure and accelerate their mobile progress.
• IBM MobileFirst Development and Integration Services – IBM offers services that help organizations roll out a mobile infrastructure and manage mobile application portfolios and BYOD environments. Enhanced Network Infrastructure Services for Mobile provide IT network strategy, optimization, integration and management. Mobile Enterprise Services for Managed Mobility help manage and secure smartphones, tablets and devices across a business. Mobile Application Platform Management helps speed deployment of mobile infrastructure to develop mobile applications more easily and quickly.

I spoke with Ed Brill, Director of Mobile Enterprise Marketing at IBM, about IBM MobileFirst. My initial impression, and what seems very unique, is that it's more of an all-encompassing mobility umbrella as there are references all across the IBM product and brand portfolio.

Brill says, "IBM MobileFirst is an initiative, a portfolio of solutions drawn from across IBM software and services. It represents significant investment in this space, where IBM has been quietly assembling a position of industry leadership through innovation—over 270 patents in this area…and investment…ten acquisitions in the mobile market. Four of the portfolio components are key focal points for the second wave of mobile applications—platform, management, security, and analytics. In each of those, IBM has an industry-leading offering, and we integrate across all four areas. In addition, both IBM Global Technology Services and IBM Global Business Services have expertise in enterprise mobile solutions and are honing their ability to deliver prescriptive vision, design, and implementation services."

Consolidating these solutions under one umbrella sounds like an effort to simplify access to IBM's very many offerings, essentially front-ending anything mobile in a seamless manner. Is that the case here?

Per Brill: "For customers, yes, IBM MobileFirst represents a more approachable way to have a holistic enterprise mobile conversation. In the first wave of mobile applications, do-it-yourself without regard for reuse or maintenance was common. Now, in the era we like to think of as the 'business of mobile,' the applications themselves are the focus. Tools like IBM Worklight, IBM Endpoint Manager, IBM Appscan, and IBM Tealeaf CX Mobile all represent key technologies within IBM MobileFirst, but there are literally dozens of other IBM software and services components that are part of the approach.

Additionally, this week we launched two channel readiness components to IBM MobileFirst—an application affiliation 'Ready for IBM MobileFirst' and a channel certification program 'Software Value Plus IBM MobileFirst.' We will continue to expand the IBM MobileFirst story throughout 2013 and beyond, with even more capabilities and advances in this market."

IBM also formally announced the expanded relationship with AT&T, which provides developers with tools to easily create and deploy mobile applications.

IBM is positioning itself essentially as a one-stop facilitator for customer mobility needs. Not a bad place to be, considering the enterprise mobility and BYOD market is forecast to reach 181 billion by 2017.

PowerTech Releases Authority Broker 4.0, Helping You Keep an Eye on Privileged User Activities

Every now and then a product comes out with an interesting feature that makes me smile.

You do have security on your system wrapped up, right? All your programmers and administrators have just enough authority to do their jobs and nothing more?

If not, this may be a great tool to keep an eye on what they're doing. While traditional auditing keeps track of system activity fairly well (albeit in a relatively difficult-to-decipher format), the trail can get pretty cold once a user with the authority to do so launches a QSHELL session or runs some interactive SQL. Authority Broker 4.0 has a new screen-capture feature that tracks user activity once they navigate into a "black hole" such as the aforementioned QSHELL, SQL, or even DFU or System Service Tools. Very handy if you want to know which Joe Admin created that guest Linux partition and robbed the system of a full processor core.

According to the press release, "Administrators can monitor the user's activity in near real-time, play back screens on the system, or automatically receive an indexed PDF of screen captures via email. In addition to providing new visibility of privileged users, Authority Broker also audits who views the recorded screens. Any time a screen is viewed or emailed, an audit entry is recorded to the audit journal."

I'm thinking as well that since it captures a screen on every Enter or function key press, it would probably be able to track if a person started a Telnet session to another IBM i partition, tracking what commands were executed on the remote system.

I spoke with Robin Tatam, Director of Security Technologies at PowerTech about the new offering. I dug a little deeper, looking to understand where the screen shots were stored and how easy it is for a power user with excessive special authority to delete their own breadcrumb trail.

Tatum explains: "The screen captures are stored within the product natively (not IFS) and are encrypted and not visible to anybody from outside of the application. We make extensive use of journals, so the information is as secured as it possibly can be from ALLOBJ users. Of course, if a customer is using PowerTech's Command Security product, we can prevent users from running any undesired commands even if they have ALLOBJ special authority.

Accessing the screen captures is audited, so anybody who looks at them will create their own breadcrumb trail. In addition, we support bundling all of the screenshots together in an indexed PDF, which is distributed by the product to somebody external to the system, meaning that the log is not the only source of audit forensics."

The screen capture feature is a simple solution for monitoring, not to be confused with a security prevention mechanism. But there's an elegance in simplicity. Being able to shine a light on the most powerful users' activity not only helps with compliance regulations, but it's a little poetic as well. If you're looking for an auditing solution it appears to be worth a look. You can download the white paper here.

Steve Pitcher works with iTech Solutions, an IBM Premier Business Partner. He is a specialist in IBM i and IBM Power Systems solutions since 2001. Feel free to contact him directly This email address is being protected from spambots. You need JavaScript enabled to view it..

Also Read

The Effects of COVID-19 on the IBM i Ecosystem

Dissecting the HelpSystems IBM i Marketplace Survey

IBM i Receives Package Manager Support