----- Original Message -----
From: "John Mattson" <[email protected]>
Newsgroups: bit.listserv.ibm-main
Sent: Tuesday, August 25, 2009 4:26 PM
Subject: Re: Need new 3270 emulator: SSH, inexpensive, reliable
EXCELLENT Question. The kind on insight I need here.
We use Rumba, running on a Windows server to talk allow 3270 type
communication from users on Windows boxes who need to access our zOS
system, TSO, CICS, and some VTAM apps.
Problem is that PCI and JSOX do not think this is sucure... and it is
certainly not secure enough. Users are on our internal net, or coming in
thru VPN to our internal net, firewalls on the network, not zOS.
Management seems to believe that SSL is not sufficient, they must
have SSH and I am working on getting IBM Ported Tools installed. Just
where the TN3270 would go, server or user PC... etc, most everything is up
in the air at this point.
I am also looking at what is involved in putting a firewall on
zOS, and framkly, I am WAY over my head.
Hey John,
I set up SSL for TN3270 by being my own certificate authority and running
gskkyman to set up a key database. Used port 1023 to point to the key
database in TCPIP.PROFILE, and viola! Full SSL encryption for everything in
the TN3270 session. Those who are demanding SSH know not what they do (to
paraphrase a famous martyr). I even set it up on my P390 at home running
good old z/OS V1R4. This satisfied the PCI audit requirement, but
unfortunately, many PCI auditors are clueless when it comes to the
mainframe. As far as the emulator, the best $30 I ever spent was for Tom
Brennan's Vista, www.tombrennansoftware.com. I beat on Tom in the spring of
2008 to add the SSL support and he came through big time. Just my $.02.
Regards,
Tom Conley
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
