I think the best way to tackle this situation is to build your case for keeping your iSeries-based infrastructure...
and put them across in an open and frank debate about the organization's IT direction. The debate would certainly benefit from an independent -- and I mean independent -- risk assessment and return-of-investment report. These would provide a baseline from which arguments both for and against could be judged. Here are some reasons why you may want to consider championing for the iSeries.
The AS/400 has powerful security features built in to it; its security architecture is time tested and has been the backbone of subsequent IBM midrange product lines, including the iSeries. User authorization is mapped to the objects through a well-proven system of user rights, object types, group authorities and special authorities. Every resource is considered an object and authentication and authorization exists at the user and object levels. Users are defined by a user profile, made up of dozens of parameters defining the authorities and environments available to the user.
Your organization obviously has skilled in-house expertise to manage your current infrastructure. There would be extensive retraining requirements if the IT department had to learn how to maintain and secure a Windows-based server infrastructure. Certainly, one process that would need revamping is patch management, to ensure the new system maintained current performance levels. Virtualization is certainly all the rage, but little is understood about the security implications, both long and short term, of running virtual systems. I think virtualization is great for running test and development systems, but I would want to wait until the technology has matured a little further before I bet my business on it.
Counter arguments that you need to consider are the availability of iSeries experts. Finding admin staff to run a Windows environment is going to be easier and cheaper than for the iSeries. In five years time, how easy will it be to recruit iSeries specialists? You certainly need to be aware of IBM's road map for the iSeries so you can counter any arguments based on future compatibility issues with technologies such as smart phones and mobile devices.
Certainly, any migration would need to be rolled out slowly, with less-critical processes migrated first. A virtual environment would actually be a good way to test how any new system handles both business and security requirements. This won't be a short exercise though, and in the end, budget constraints and the overall business environment may well distract your bosses' attentions elsewhere.
Dig Deeper on Windows Security: Alerts, Updates and Best Practices
Related Q&A from Michael Cobb
An old Java vulnerability was discovered to have been ineffectually patched. Expert Michael Cobb explains how this happened and what can be done to ...continue reading
Google's Certificate Transparency tool publicly logs certificates issued by CAs. Expert Michael Cobb explains how the log viewer works to improve ...continue reading
Crowning the most secure web browser is difficult, with research often turning up biased results. Expert Michael Cobb explains how to make a choice ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.