Times have changed.
Just ask the auditors if they have VPN access to their files so that
they can work from home. If they say yes, then you should be able to
have VPN consoles too.
Or, just set it up and don't tell them. If they ever figure it out, just
say that 'Joe' (some retired auditor) approved it many years ago. Let
them prove he did not.
Tony Thigpen
Edward Gould wrote on 09/29/2016 03:44 AM:
On Sep 28, 2016, at 11:49 PM, Brian Westerman <brian_wester...@syzygyinc.com>
wrote:
Now that most mainframes (at least for the past several years) have OSA-ICC's,
there is no reason to worry about not having a console connection remotely. We
routinely define 16 consoles and 16 3270's (non-console) to each LPAR (a few
more for production LPARs sometimes). I can't think of the last time that I
couldn't get into any of the client mainframes that wasn't a flat-out network
issue, and that can't normally be handled from z/OS anyway. That's why you
have network appliances to control the network.
You need to make sure that you ALWAYS have multiple points of entry to the
LPARs available to you, TCP to OSA, TCP to OSA-ICC, LPAR to LPAR, etc. If a
site is still using and/or paying for a local control unit and 3270's when
their system supports OSA-ICC they really need to think about spending their
money more wisely. I would trust an OSA-ICC a lot more than some old 3274.
The ICC's are cheap enough that really worried sites can purchase a backup.
If you need to enter the computer room to get or keep your site working, then
you are doing something wrong. I'm not saying that you might not need to get
to the HMC, but if you physically have to go to it to use it, then you have set
things up badly.
We do have a couple very old sites (who don't have OSA-ICC's) where the backup
way in is the HMC, and then a dial-up to the HMC in case the network to the HMC
fails. One of the banks we support still has local 3274 control units on a
z800, and they have a phone line attached to a PC in the computer room that is
wired directly to the 3274 via CUT. We have never needed to use it, but we
still test it out once a month.
In my opinion, in the end, it's up to you as the consultant to make sure that
you can get in if there is a problem. If you don't set it up right or can't,
then you're in the wrong business. This is not meant as a comment on anyone's
abilities, not everyone is going to know how to set things up for 100% remote
support without doing some research. In my case, I helped to design some of
it, so I'm able to work comfortably with it.
Brian
Brian:
One of there specific episodes we had was that the master console was the only
one that was “talking”. As to other options you listed the auditors cut them
off years ago and no use arguing with them (BTDT).
As for HMC remote access again the auditors wouldn’t allow it no matter how
much we argued (besides I sort of agree with them on the HMC issue).
I won’t go into the old xmas party story I use regularly on here and what could
happen.
Ed
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
