I think shifting over to encrypted connections is a perfect time to shift users over to something more easily managed than "fat client" emulators. It's no fun reconfiguring hundreds or thousands of desktops, and taking unnecessary support calls -- and discovering that scores or hundreds require on-site visits to fix. That frustration is just not worth it.
Since you already have Personal Communications, at least for some/many users, then you almost certainly already have licenses to Host On-Demand. (PComm and HOD have come together in a single license package for many years.) I think that's what I'd recommend, that you install HOD to an HTTP server. Preferably your z/OS HTTP server -- that's the best place for it. (Don't encrypt the HTTP port. That's totally unnecessary.) Then start providing a simple Web address to users with your preconfigured, customized HOD launch page and any instructions you want, including training videos, etc. Keep a user count, of course, to stay within your license allotment. HOD has a nice side benefit: it works on Linux, Windows, and Macs. (And UNIX workstations and even OS/2, for that matter.) Eventually, on the unencrypted port, you will put up a warning message ("This specific network connection will be shut down on date X as we upgrade our network security. But don't worry: you can continue to access all your applications and information without disruption. Please visit http://mycompany.com/criticalservices now to learn how to switch to our new, more secure connection immediately.") that everyone sees at logon, unique to that port. Then, at date X, you'll display something like "For security reasons this unencrypted port is no longer in service. But don't worry: we now have an encrypted connection available, along with simplified Web access to all your applications and information. Please visit http://mycompany.com/criticalservices to get immediate access." You may also decide (in this evolutionary journey) to start to steer users to Web (HTML) user interfaces, piece by piece. HOD has URL hotspot recognition to help facilitate that -- the user can click on a URL displayed in their 3270 session, and another browser window will pop up that takes them directly to that Web site. HATS (Host Access Transformation Services) is a quick and simple way to make that transition. For example, I've seen some cases where (almost) everybody in the company fills out a timecard every week, today using a 3270 emulator. Otherwise, many of these employees don't use 3270 sessions much. That's an obvious situation for something like HATS, so they can just use an ordinary Web browser to fill out their timecards without requiring any application changes. (HATS also runs extremely well on z/OS and exploits zAAPs.) For the record, there are alternatives to both HOD and HATS, many of which have been discussed in this mailing list. However, you probably already own HOD, so that would seem an obvious first candidate. - - - - - Timothy Sipples IBM Consulting Enterprise Software Architect Based in Tokyo, Serving IBM Japan / Asia-Pacific E-Mail: timothy.sipp...@us.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html