All, Sorry if this is an over-simplistic question, coming from a z/OS guy that doesn't have a lot of IP depth of knowledge. We recently had our annual site Disaster test, which for us is done locally, at one of our own datacenters. Data is replicated, and we simply IPL one of our systems onto the PPRC'd data with some highlevel config changes to IP/VTAM so that the system can exist on our PROD network. We do take some of what I consider rudimentary measures to avoid "data leakage" from the disaster environment to the prod environment in terms of TWS, FTP, MQ, etc.
At my prior employer, we had a similar process, but the DR system(s) were all placed onto their own D/R VLAN to with no access off of it. I'd love to get to that point here, but at least for now that is not a possibility. What I want to explore is whether or not, we can take steps at the IP stack level to maybe initially disallow ALL outbound connections, and then secondarily, even conditionally allow outbound connections to a known list of "disaster recovery" nodes elsewhere in the network? Can this be done in Comm Mgr? Our annual DR test encompasses many non-mainframe servers too. I don't want to create an administrative nightmare either. If I were to describe what I'd like in non-mainframe terms, it would like the firewall on my MAC, popping up a prompt for new outbound connections on the console, with the ability to respond yes/no to allow. Like I said, sorry, if I am over-simplifying, just looking to add some safeguards to help avoid a problem that occurred. Thanks, Dave _________________________________________________________________ Dave Jousma Manager Mainframe Engineering, Assistant Vice President [email protected] 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
