I think shifting over to encrypted connections is a perfect time to shift
users over to something more easily managed than "fat client" emulators.
It's no fun reconfiguring hundreds or thousands of desktops, and taking
unnecessary support calls -- and discovering that scores or hundreds
require on-site visits to fix. That frustration is just not worth it.
Since you already have Personal Communications, at least for some/many
users, then you almost certainly already have licenses to Host On-Demand.
(PComm and HOD have come together in a single license package for many
years.)
I think that's what I'd recommend, that you install HOD to an HTTP server.
Preferably your z/OS HTTP server -- that's the best place for it. (Don't
encrypt the HTTP port. That's totally unnecessary.) Then start providing a
simple Web address to users with your preconfigured, customized HOD launch
page and any instructions you want, including training videos, etc. Keep a
user count, of course, to stay within your license allotment.
HOD has a nice side benefit: it works on Linux, Windows, and Macs. (And
UNIX workstations and even OS/2, for that matter.)
Eventually, on the unencrypted port, you will put up a warning message
("This specific network connection will be shut down on date X as we
upgrade our network security. But don't worry: you can continue to access
all your applications and information without disruption. Please visit
http://mycompany.com/criticalservices now to learn how to switch to our
new, more secure connection immediately.") that everyone sees at logon,
unique to that port. Then, at date X, you'll display something like "For
security reasons this unencrypted port is no longer in service. But don't
worry: we now have an encrypted connection available, along with simplified
Web access to all your applications and information. Please visit
http://mycompany.com/criticalservices to get immediate access."
You may also decide (in this evolutionary journey) to start to steer users
to Web (HTML) user interfaces, piece by piece. HOD has URL hotspot
recognition to help facilitate that -- the user can click on a URL
displayed in their 3270 session, and another browser window will pop up
that takes them directly to that Web site. HATS (Host Access Transformation
Services) is a quick and simple way to make that transition. For example,
I've seen some cases where (almost) everybody in the company fills out a
timecard every week, today using a 3270 emulator. Otherwise, many of these
employees don't use 3270 sessions much. That's an obvious situation for
something like HATS, so they can just use an ordinary Web browser to fill
out their timecards without requiring any application changes. (HATS also
runs extremely well on z/OS and exploits zAAPs.)
For the record, there are alternatives to both HOD and HATS, many of which
have been discussed in this mailing list. However, you probably already own
HOD, so that would seem an obvious first candidate.
- - - - -
Timothy Sipples
IBM Consulting Enterprise Software Architect
Based in Tokyo, Serving IBM Japan / Asia-Pacific
E-Mail: timothy.sipp...@us.ibm.com
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
