Joe Messineo writes: >Well I don't want to complicate things for the operators. >Right now the console "just comes on" when they IPL the system. >So the security is the physical computer room. So any >solution would require it to be seamless for our operations >staff. I really don't want to add any additional hardware or >terminal servers.
I don't think you've got a choice for your use case at this moment in time. Sometimes putting a lock on the door means somebody has to carry a key or remember a combination. Security is occasionally, unavoidably "inconvenient." OK, so if you want to *minimize* the inconvenience, set up a VPN as recommended. Configure the remote console to connect automatically to the VPN. (I'm assuming the console client is in a remote but physically secure location, and you're still satisfied with physical security there.) The VPN on the mainframe side would ideally be part of your always on physical network infrastructure. Nowadays that'd be something like turning on VPN access (suitably constrained) on one or a couple pieces of existing network gear, probably. Naive question: how are these remote operators securely getting to everything else associated with the mainframe they'll be remotely managing? Wouldn't the same path(s) apply? Yes, I personally think it'd be nice if OSA-ICC supported something like TLS, IPSEC, SSH, or all of the above. Feel free to "ask your IBM representative." -------------------------------------------------------------------------------------------------------- Timothy Sipples GMU VCT Architect Executive (Based in Singapore) E-Mail: [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
