IBM i 7.6 TR2: What System Administrators Need to Know
- Ash Giddings

- 7 hours ago
- 5 min read
IBM has announced Technology Refresh 2 for IBM i 7.6 and Technology Refresh 8 for IBM i 7.5, both available for download on July 24, 2026. This release puts a strong emphasis on security and administrative visibility, with meaningful updates across Navigator, ACS, BRMS, and IBM i Services. Note that several enhancements are exclusive to 7.6, so administrators still on 7.5 should review the enhancement lists carefully. Here is what matters most for IBM i System Administrators managing production workloads.

New CVE Visibility
One of the most practical additions for administrators is the new SYSTOOLS.CVE_INFO() service, which surfaces Common Vulnerabilities and Exposures (CVE) information via SQL. Navigator builds on this with a new CVE Information table that displays CVE counts for every system in your estate, letting you launch into the detail for any single system. For teams managing security compliance across multiple partitions, this is a welcome time-saver.
Security Takes Center Stage
External Key Management and Bring Your Own Key
IBM i Cryptographic Services now integrates natively with IBM Key Protect for IBM Cloud, enabling Bring Your Own Key (BYOK) scenarios. Administrators can export AES keys from a cryptographic services keystore to Key Protect using the new Create EKM Key (CRTEKMKEY) command, wrap locally stored keys with a root key held in Key Protect via Wrap EKM Key (WRPEKMKEY), and store or wrap Master Key parts in IBM Cloud Key Protect. All of this is manageable through CL commands or Navigator.
Master Key Protection
BYOK can now be enabled at the operating system level by removing the Save/Restore key from the partition load source, making the Master keys unavailable until the key is provided during or after IPL. Combined with ASP1 (Sysbase) encryption, this can prevent an IPL from completing until the Save/Restore key is supplied, either automatically from the Platform Keystore (PKS) in the service processor or manually through a preconfigured Remote Key Agent on another IBM i LPAR. This is a significant step forward for organizations with strict data-at-rest requirements.
Multi-Factor Authentication for Clusters
A new cluster version 12 enables cluster operations to support MFA-enabled user profiles, closing a gap for shops that have adopted MFA but rely on clustering technology.
BRMS: Sharper Visibility and Safer Delegation
The BRMS web GUI (version 2026.2.0) gains several updates that improve day-to-day backup administration:
BRMS Log filtering by severe messages, highlighting message IDs capable of causing a control group to fail, plus filtering for messages containing "objects not saved" text.
Backup History Management with new object-level and file-level detail views, including the ability to restore from an object level, and restore Link data from a file level, when object detail was included in the save.
Backup List Management with the ability to add, copy, remove, and edit backup lists directly from the GUI.
A new role-based usage type, *SYSOPR, which allows read access to media and backup information and the ability to perform backup and restore operations, while restricting change, copy, and remove actions unless the user owns the BRMS item. This is a practical way to delegate operations work without over-granting authority.
Navigator for i Enhancements
IBM continues its steady investment in the web-based Navigator, which now runs with Java 21 where available on 7.6 and 7.5. Highlights include:
Security: a new Remote Key Agent Configuration Wizard, management of External Key Manager Description (EKMD) files, the ability to check Save/Restore Master Key status, and support for the new AUDIT_JOURNAL_JD and AUDIT_JOURNAL_RU services.
Network: an enhanced TLS Wizard covering TCP/IP servers and LDAP, HTTP Apache configuration validation, and the ability to start or stop multiple WebSphere Liberty Express instances at once.
Performance: Performance Data Investigator gains new charting, the ability to save views as favorites, and restored Database Files support.
Work Management: Active Jobs adds server-side SQL filtering with support for multiple filters.
File Systems: new IFS functions to copy, move, rename, and send files.
Usability: the dashboard is now optional per user, SMTP gains phase one OAuth support, and Advanced Job Scheduler command lists can be re-sequenced with new Move Up and Move Down options.
Access Client Solutions (ACS) 1.1.9.13
ACS picks up several productivity improvements:
Run SQL Scripts adds support for the SELF (SQL Error Log) utility and many new Insert from Examples templates.
Saving to a source physical file now enforces record length rather than wrapping lines and avoids inserting x25 line endings.
IFS gains a Favorites menu for keeping track of frequently used directories.
SQL Performance Center adds Index Advisor columns displaying related MTI (Maintained Temporary Index) information.
Expanded IBM i Services
The SQL-based services catalog keeps growing, giving administrators programmatic access to more of the system. New services include:
SYSTOOLS.GROUP_PTF_CURRENCY_LOCAL() for checking PTF group currency.
QSYS2.GEOGRAPHIC_MIRRORING_INFO for insight into geographic mirroring configurations.
SYSTOOLS.CHECK_COMMAND_SYNTAX() to validate CL command syntax from SQL.
SYSTOOLS.OVERRIDE_INFO_ALL, returning one row for each file override in the current job.
New services to add, change, remove, and view Service Tools Server configuration entries.
SYSTOOLS.JOB_NAME, JOB_USER, JOB_NUMBER, and JOB_NAME_DETAILS for working with qualified job names.
Existing services have also been enhanced. QSYS2.QCMDEXC() can now optionally write the executed CL command to the job log, a small change with real audit value, and SYSTOOLS.GENERATE_SPREADSHEET() accepts a text string for the sheet name when generating Excel files. SYSTEM_STATUS, SYSDISKSTAT, ASP_INFO, JOBLOG_INFO, and SCHEDULED_JOB_INFO all return richer data.
Migrate While Active Updates
IBM continues to develop Migrate While Active, which maintains a synchronized target copy of a production system during planned maintenance, followed by a controlled role swap. TR2 adds support for creating the target copy using external storage-based replication, including FlashCopy and Global Copy where available, alongside the existing save/restore and manual methods, plus new estimation and user experience improvements.
These are useful additions although administrators comparing migration approaches should understand where the boundaries sit. Because solutions such as Maxava Migrate Live are built on logical replication rather than hardware or storage-level copying, Licensed Internal Code differences between source and target are irrelevant, replication works across differing operating system versions, and older releases back to IBM i 6.1 are supported. Logical replication also supports IASPs and delivers near-zero It is worth mapping your migration scenario against both approaches before committing to a path.
Hardware and I/O Support
The TR2 PTF Group adds support for the new entry-level Power11 server, the IBM Power S1112, for P05 software tier customers. New I/O support includes a range of PCIe4 NVMe U.2 modules from 800GB to 15.3TB, PCIe4 and PCIe5 RoCE Ethernet adapters, and both native and VIOS client support for the IBM TS7785 Virtual Tape Library. As always, VIOS partitions remain central to Power virtualization and should be monitored closely with tools such as Maxava Monitor Mi8.
Planning Your Installation
With the July 24 availability date almost upon us, now is the time to review these enhancements and plan your update strategy. The combination of stronger encryption key management, CVE visibility, and improved backup administration makes TR2 for 7.6 and TR8 for 7.5 well worth evaluating for any IBM i environment.
Always review IBM’s official enhancement list, determine which features deliver the most value for your environment, and thoroughly test in development before rolling out to production.
Additional Resources:



