IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace IBM i
Categories Networking
Created by Guest
Created on Jul 2, 2018

RELATED IDEAS

Cannot set security for NTP protocol on IBM i

IBM i is connected to the network core switch as a client getting the time using NTP protocol. It is also a server for the rest of the application servers providing the time for them.
An audit finding was found that NTP on the IBM i is not using any security such as authentication, VPN or SSL.
A PMR was opened (10069,762,762) asking to provide a way to secure this connection, but we were told that at this time IBM i does not support any kind of security on NTP and were advised to submit a request for enhancement on this site.
This is the first time that we submit this request so we do not know how this will work, shall we receive a reply from you or what?

Appreciate your efforts


Use Case:

System: NTP security

Actor: Internal Audit team

Scenario: IBM i connects to the core switch as an NTP client getting the time from there using Authentication.
IBM i also acts as NTP server for other application servers. Clients to the IBM i must authenticate to get time.


Idea priority High
  • Guest
    Reply
    |     Dec 21, 2021

    While we agree with the request, we do not currently plan to implement it due to a list of higher priority requirements. This request will not be implemented any time soon, so it is being declined at this time.

  • Guest
    Reply
    |     Aug 13, 2019

    The CAAC has reviewed this requirement and recommends that IBM view this as a medium priority requirement that should be addressed. Security adherence should be an expectation.

    Background: The COMMON Americas Advisory Council (CAAC) members have a broad range of experience in working with small and medium-sized IBM i customers. CAAC has a key role in working with IBM i development to help assess the value and impact of individual RFEs on the broader IBM i community, and has therefore reviewed your RFE.

    For more information about CAAC, see www.common.org/caac

    For more details about CAAC's role with RFEs, see http://www.ibmsystemsmag.com/Blogs/i-Can/May-2017/COMMON-Americas-Advisory-Council-%28CAAC%29-and-RFEs/

    Nancy Uthke-Schmucki - CAAC Program Manager

  • Guest
    Reply
    |     Dec 25, 2018

    This is a valid requirement. A basic NTP feature set is considered for future release.

  • Guest
    Reply
    |     Jul 13, 2018

    It looks like IBM i server plays certain stratum level in the network time protocol. It connects to higher stratum to get the accurate time and update to IBM i OS and provide time services to machines in local network.
    IBM i does not fully support NTP stratum. It shipped SNTP implementation, following RFC 2030, which does not define any security features. NTP, especially the latest verson, NTP 4.0, which is defined in RFC 5905, recommends to use network security architecture AUTOKEY. This AUTOKEY is defined in RFC 5906. To secure the network time protocol, currently autokey is the choice.

    To understand your requirement accurately, I'd like to know:
    1. What's the network server topology used in your network? broadcast? client/server? symmetric? Is the client/server enough for your network? Which type of network time server does the IBM i connect to? A NTP server or SNTP server? What type of security is supported by the time server?
    2. How about the network time client of IBM i server? NTP client or SNTP client? which type of security is supported on the client side?

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.