IBM i

IBM i (the i standing for integrated) is an operating system developed by IBM for IBM Power Systems. It was originally released in 1988 as OS/400, as the sole operating system of the IBM AS/400 line of systems. It was renamed to i5/OS in 2004, before being renamed a second time to IBM i in 2008. It is an evolution of the System/38 CPF operating system, with compatibility layers for System/36 SSP and AIX applications. It inherits a number of distinctive features from the System/38 platform, including the Machine Interface which provides hardware independence, the implementation of object-based addressing on top of a single-level store, and the tight integration of a relational database into the operating system.

Origin
OS/400 was developed alongside the AS/400 hardware platform beginning in December 1985. Development began in the aftermath of the failure of the Fort Knox project, which left IBM without a competitive midrange system. During the Fort Knox project, a skunkworks project was started at Rochester by engineers, who succeeded in developing code which allowed System/36 applications to run on top of the System/38, and when Fort Knox was cancelled, this project evolved into an official project to replace both the System/36 and System/38 with a single new hardware and software platform. The project became known as Silverlake (named for Silver Lake in Rochester, Minnesota).

The operating system for Silverlake was codenamed XPF (Extended CPF), and had originally begun as a port of CPF to the Fort Knox hardware. In addition to adding support for System/36 applications, some of the user interface and ease-of-use features from the System/36 were carried over to the new operating system. Silverlake was available for field test in June 1988, and was officially announced in August of that year. By that point, it had been renamed to the Application System/400, and the operating system had been named Operating System/400.

The move to PowerPC
The port to PowerPC required a rewrite of most of the code below the TIMI. Early versions of OS/400 inherited the Horizontal and Vertical Microcode layers of the System/38, although they were renamed to the Horizontal Licensed Internal Code (HLIC) and Vertical Licensed Internal Code (VLIC) respectively. The port to the new hardware led to the IMPI instruction set and the horizontal microcode implementing it being replaced by the PowerPC AS instruction set and its implementation in PowerAS processors. This required the VLIC to be rewritten to target PowerPC instead of IMPI, and for the operating system functionality previously implemented in the HLIC to be re-implemented elsewhere. This led to the HLIC and VLIC being replaced with a single layer named the System Licensed Internal Code (SLIC). The SLIC was implemented in an object-oriented style with over 2 million lines of C++ code, replacing some of the HLIC code, and most of the VLIC code. Owing to the amount of work needed to implement the SLIC, IBM Rochester hired several hundred C++ programmers for the project, who worked on the SLIC in parallel to new revisions of the VLIC for the CISC AS/400 systems. The first release of OS/400 to support PowerPC-based hardware was V3R6.

Rebranding


The AS/400 product line was rebranded multiple times throughout the 1990s and 2000s. As part of the 2004 rebranding to eServer i5, OS/400 was renamed to i5/OS; the 5 signifying the use of POWER5 processors. The first release of i5/OS, V5R3, was described by IBM as "a different name for the same operating system".

In 2006, IBM rebranded the AS/400 line one last time to System i. In April 2008, IBM consolidated the System i with the System p platform to create IBM Power Systems. At the same time, i5/OS was renamed to IBM i, in order to remove the association with POWER5 processors. The two most recent versions of the operating system at that time, which had been released as i5/OS V5R4 and V6R1, were renamed to IBM i 5.4 and 6.1.

Along with the rebranding to IBM i, IBM changed the versioning nomenclature for the operating system. Prior releases used a Version, Release, Modification scheme, e.g. V2R1M1. This was replaced with a Version.Release scheme, e.g. 6.1. Beginning with IBM i 7.1, IBM replaced the Modification releases with Technology Refreshes. Technology Refreshes are delivered as optional PTFs for specific releases of the operating system which add new functionality or hardware support to the operating system.

Architecture


When IBM i was first released as OS/400, it was split into two layers, the hardware-dependent System Licensed Internal Code (SLIC) and the hardware-independent Extended Control Program Facility (XPF). These are divided by a hardware abstraction layer called the Technology Independent Machine Interface (TIMI). Later versions of the operating system gained additional layers, including an AIX compatibility layer named Portable Application Solutions Environment (originally known as the Private Address Space Environment), and the Advanced 36 Machine environment which ran System/36 SSP applications in emulation.

IBM often uses different names for the TIMI, SLIC and XPF in documentation and marketing materials, for example, the IBM i 7.4 documentation refers to them as the IBM i Machine Interface, IBM i Licensed Internal Code and IBM i Operating System respectively.

Technology Independent Machine Interface (TIMI)
The TIMI isolates users and applications from the underlying hardware. This isolation is more thorough than the hardware abstractions of other operating systems, and includes abstracting the instruction set architecture of the processor, the size of the address space and the specifics of I/O and persistence. This is accomplished through two interrelated mechanisms:


 * Compilers for IBM i do not generate native machine code directly, instead they generate a high level intermediate representation defined by the TIMI. When a program is run, the operating system carries out ahead-of-time translation of the TIMI instructions into native machine code for the processor, and stores the generated machine code for future execution of the program. If the translation process changes, or a different CPU instruction set is adopted, the operating system can transparently regenerate the machine code from the TIMI instructions without needing to recompile from source code.
 * Instead of operating on memory addresses, TIMI instructions operate on objects. All data in IBM i, such as data files, source code, programs and regions of allocated memory, are encapsulated inside objects managed by the operating system (cf. the "Everything is a file" model in Unix). IBM i objects have a fixed type, which defines the set of applicable operations which may be carried out on them (for example, a Program object can be executed, but cannot be edited). The object model hides whether data is stored in primary, or secondary storage. Instead, the operating system automatically handles the process of retrieving and then storing the changes to permanent storage.

The hardware isolation provided by the TIMI allowed IBM to replace the AS/400's 48-bit IMPI architecture with the 64-bit RS64 architecture in 1995. Applications compiled on systems using the IMPI instruction set could run on top of the newer RS64 systems without any code changes, recompilation or emulation, while also allowing those applications to avail of 64-bit addressing.

There are two different formats of TIMI instructions, known as the Original Machine Interface (OMI) and New Machine Interface (NMI) formats. OMI instructions are essentially the same as the System/38 Machine interface instructions, whereas NMI instructions are lower-level, resembling the W-code intermediate representation format used by IBM's compilers. IBM partially documents the OMI instructions, whereas the NMI instructions are not officially documented. OMI instructions are used by the original AS/400 compilers, whereas NMI instructions are used by the Integrated Language Environment compilers. During the PowerPC port, native support for the OMI format was removed, and replaced with a translator which converted OMI instructions into NMI instructions.

The storing of the TIMI instructions alongside the native machine code instructions is known as observability. In 2008, the release of i5/OS V6R1 (later known as IBM i 6.1) introduced a number of changes to the TIMI layer which caused problems for third-party software which removed observability from the application objects shipped to customers.

SLIC


The SLIC consists of the code which implements the TIMI on top of the IBM Power architecture. In addition to containing most of the functionality typically associated with an operating system kernel, it is responsible for translating TIMI instructions into machine code, and it also implements some high level functionality which is exposed through the TIMI, such as IBM i's integrated relational database. The SLIC implements IBM i's object-based storage model on top of a single-level store addressing scheme, which does not distinguish between primary and secondary storage, and instead manages all types of storage in a single virtual address space. The SLIC is primarily implemented in C++, and replaced the HLIC and VLIC layers used in versions of OS/400 prior to V3R6.

XPF
The XPF consists of the code which implements the hardware-independent components of the operating system, which are compiled into TIMI instructions. Components of the XPF include the user interface, the Control Language, data management and query utilities, development tools and system management utilities. The XPF also contains the System/36 Environment and System/38 Environment, which provide backwards compatibility APIs and utilities for applications and data migrated from SSP and CPF systems. The XPF is IBM's internal name for this layer, and as the name suggests, began as an evolution of the System/38 Control Program Facility. The XPF is mostly implemented in PL/MI, although other languages are also used.

PASE
PASE (Portable Applications Solutions Environment) provides binary compatibility for user mode AIX executables which do not interact directly with the AIX kernel, and supports the 32-bit and 64-bit AIX Application Binary Interfaces. PASE was first included in a limited and undocumented form in the V4R3 release of OS/400 to support a port of Smalltalk. It was first announced to customers at the time of the V4R5 release, by which time it had gained significant additional functionality.

PASE consists of the AIX userspace running on top of a system call interface implemented by the SLIC. The system call interfaces allows interoperability between PASE and native IBM i applications, for example, PASE applications can access the integrated database, or call native IBM i applications, and vice versa. During the creation of PASE, a new type of single level storage object named a Teraspace was added to the operating system, which allows each PASE process to have a private 1TiB space which is addressed with 64-bit pointers. This was necessary since all IBM i jobs (i.e. processes) typically share the same address space. PASE applications do not use the hardware-independent TIMI instructions, and are instead compiled directly to Power machine code.

Ports of open source software to IBM i typically target PASE instead of the native IBM i APIs in order to simplify porting. Open source software for IBM i is typically packaged using the RPM package format, and installed with the YUM package manager.

PASE is distinct from the Qshell environment, which is an implementation of a Unix shell and associated utilities built on top of IBM i's native POSIX-compatible APIs.

Advanced 36 Machine


Introduced in 1994, the Advanced/36 platform ran unmodified System/36 applications and the SSP operating system in emulation on top of the OS/400 SLIC using hardware which was mostly identical to that of contemporary AS/400 systems. This functionality was incorporated into OS/400 itself from V3R6 through V4R4, making it possible to run up to four System/36 "virtual machines" (to use IBM's term) using the so-called Advanced 36 Machine feature of the operating system. Support was discontinued in the V4R5 release, coinciding with IBM's discontinuation of the Advanced/36 product line as a whole. The Advanced 36 Machine feature is distinct from the System/36 Environment introduced in the initial OS/400 release and still supported in current IBM i versions.

Prior to the Advanced/36, the System/36 line used two different processors in each system - the Main Storage Processor (MSP) which ran most of the SSP operating system as well as user code, and the Control Storage Processor (CSP) which ran so-called "microcode" which implemented core operating system functionality as well as I/O. The CSP microcode was invoked from the MSP through the use of the Supervisor Call (SVC) instruction. On the Advanced/36, the CSP microcode was reimplemented inside the SLIC. An MSP emulator was also built into the SLIC, sometimes referred to as the Technology Independent Emulation Interface. Even with the overhead of emulation, the Advanced/36 systems were significantly faster than the original System/36 systems they replaced due to the performance of their PowerPC AS processors.

Database management
IBM i features an integrated relational database currently known as IBM Db2 for IBM i. The database evolved from the non-relational System/38 database, gaining support for the relational model and SQL. The database originally had no name, instead it was described simply as "data base support". It was given the name DB2/400 in 1994 to indicate comparable functionality to IBM's other commercial databases. Despite the Db2 branding, Db2 for IBM i is an entirely separate codebase to Db2 on other platforms, and is tightly integrated into the SLIC layer of IBM i as opposed to being an optional product.

IBM i provides two mechanisms for accessing the integrated database - the so-called native interface, which is based on the database access model of the System/38, and SQL. The native interface consists of the Data Description Specifications (DDS) language, which is used to define schemas and the  command or   query API. Certain Db2 for i features such as object-relational database management require SQL and cannot be accessed through the native interface. IBM i has two separate query optimizers known as the Classic Query Engine (CQE) and SQL Query Engine (SQE). These are implemented inside the SLIC alongside a Query Dispatcher which selects the appropriate optimizer depending on the type of the query. Remote access through the native interface and SQL is provided by the Distributed Data Management Architecture (DDM) and Distributed Relational Database Architecture respectively.

A storage engine for MySQL and MariaDB named  allows applications designed for those databases to use Db2 for i as a backing store. Other open source databases have been ported to IBM i, including PostgreSQL, MongoDB and Redis. These databases run on the PASE environment, and are independent of the operating system's integrated database features.

Networking
IBM i supports TCP/IP networking in addition to the proprietary IBM Systems Network Architecture.

IBM i systems were historically accessed and managed through IBM 5250 terminals attached to the system with twinax cabling. With the decline of dedicated terminal hardware, modern IBM i systems are typically accessed through 5250 terminal emulators. IBM provides two terminal emulator products for IBM i:
 * IBM i Access Client Solutions is a Java-based client that runs on Linux, macOS and Windows to provide 5250 emulation.
 * IBM i Access for Web/Mobile provides web-based 5250 emulation.

In addition, IBM provides a web-based management console and performance analysis product named IBM Navigator for i.

Programming
Programming languages available from IBM for IBM i include RPG, Control Language, C, C++, Java, EGL, COBOL, and REXX. Compilers were previously available for Pascal, BASIC, PL/I and Smalltalk but have since been discontinued. The Integrated Language Environment (ILE) allows programs from ILE compatible languages (C, C++, COBOL, RPG, and CL), to be bound into the same executable and call procedures written in any of the other ILE languages.

When PASE was introduced, it was necessary to compile code for PASE on an AIX system. This requirement was removed in OS/400 V5R2 when it became possible to compile code using the IBM XL compiler suite inside PASE itself. Since then, other compilers have been ported to PASE, including gcc.

Certain development tools for IBM i run on top of the operating system itself, such as the Source Edit Utility (SEU) text editor and Programming Development Manager. IBM also provides an Eclipse-based integrated development environment (IDE) for IBM i named IBM Rational Developer for i which runs on developer workstations instead of IBM i. Prior to the Eclipse-based IDE, IBM provided an IDE based on WorkFrame/2 which ran on OS/2 named CODE/400 and an IDE based on VisualAge which ran on Microsoft Windows systems.

IBM i uses EBCDIC as the default character encoding, but also provides support for ASCII, UCS-2 and UTF-16.

Storage
In IBM i, disk drives may be grouped into an auxiliary storage pool (ASP) in order to organize data to limit the impact of storage-device failures and to reduce recovery time. If a disk failure occurs, only the data in the pool containing the failed unit needs to be recovered. ASPs may also be used to improve performance by isolating objects with similar performance characteristics, for example journal receivers, in their own pool.

By default, all disk drives are assigned to pool 1. The concept of IBM i pools is similar to the Unix/Linux concept of volume groups; however, with IBM i it is typical for all disk drives to be assigned to a single ASP.

Security
Security in IBM i is defined in terms of authorities, which represents the permission to carry out a specific action on a specific object. Authorities can be granted to individual users (known as user profiles), groups (known as group profiles) or all users (public authorities). Related objects can be grouped together in an authorization list, making it possible to grant authorities on all objects in the list by granting authorities on the authorization list.

User profiles have an associated user class which dictates the set of default authorities available to that user profile. There are five standard user classes which, in order of increasing privilege, are: Workstation User, System Operator, System Programmer, Security Administrator and Security Officer. IBM i ships with a default user profile for each user class, and the default Security Officer user profile, named, is the closest equivalent to the root user of a Unix-like operating system.

IBM i can be set to use one of five levels of security, which control the extent to which the operating system's security features are enforced:


 * Level 10 – Users can log in without a password, and have full access to the system. If a user logs in with an unknown username, a new user profile will be automatically created.
 * Level 20 – Users must log in with a username and password of a known user profile, but will have almost full access to the system once logged in. Creation or modification of user profiles is restricted to user profiles which have been granted authorities for profile management. Limited access accounts can be created, which can be restricted to accessing certain objects, or running certain commands.
 * Level 30 – Authorities are enforced, meaning that users cannot access objects unless they have an authority for the object.
 * Level 40 – Access to certain system programs and MI instructions are restricted, and can only be used by operating system code.
 * Level 50 – Includes changes needed for the system to achieve TCSEC C2 compliance, and adds a security audit journal.

The first three levels correspond to the security levels available in CPF and the initial releases of OS/400. Security level 40 was added in OS/400 V1R3 and become the default security level for the operating system. The addition of Level 40 required the removal of the capability addressing model of the System/38 which was also present in earlier releases of OS/400. Security level 50 was added in V2R3 when OS/400 was certified to TCSEC C2 security.