[OT] - X.25 PAD ? (was: TN3270 *from* a host??)
Chris Mason wrote: I learned all about this topic even before I started playing with UNIX systems by having to teach X.25 PAD and the 3708 protocol converter. There's no better way to drive the point home than by having students in an X.25 class enter set 2:0 . ot knitpicking Err.. IIRC, actually, that'd be an X.3 PAD[1]. X.25 describes the packet interface, X.29 describes how to use X.25 to send control commands from a DCE to a PAD (using qualified packets), and X.28 defines how to interact with the PAD from a DTE (entering commands following and escape command, usually by sending a DLE (^P), but might be different when not using Prof0). /knitpicking IIRC, SET 2:0 should turn PAD echo off right (that is not the local echo, but the echo of characters received from the PAD back to the terminal). [1] For ref : PAD stands for Packet Assembler Disassembler and is designed to allow a start/stop terminal to interact with an X.25 connected system. /ot -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: [OT] - X.25 PAD ? (was: TN3270 *from* a host??)
Ivan IIRC (number 1) You certainly have remembered correctly - I would wish my students could remember as well and summarise the 3 Xs as competently! The abbreviation for the class was X.25 and the abbreviation for the topic within the class was PAD. I never actually described the topic as the X.3 PAD since that tends to ignore the other two Xs: the vital X.28 and the optional X.29. However that description is rather common since it highlights the parameters. Another description is actually, and perhaps confusingly, the 3 X PAD. IIRC (number 2) Suddenly finding that what you key on the keyboard is no longer displayed on the monitor can be a deeply traumatic experience for those brought up on 3270 or 2260! Chris Mason On Tue, 1 Jul 2008 13:14:05 +0200, Ivan Warren [EMAIL PROTECTED] wrote: Chris Mason wrote: I learned all about this topic even before I started playing with UNIX systems by having to teach X.25 PAD and the 3708 protocol converter. There's no better way to drive the point home than by having students in an X.25 class enter set 2:0 . ot knitpicking Err.. IIRC, actually, that'd be an X.3 PAD[1]. X.25 describes the packet interface, X.29 describes how to use X.25 to send control commands from a DCE to a PAD (using qualified packets), and X.28 defines how to interact with the PAD from a DTE (entering commands following and escape command, usually by sending a DLE (^P), but might be different when not using Prof0). /knitpicking IIRC, SET 2:0 should turn PAD echo off right (that is not the local echo, but the echo of characters received from the PAD back to the terminal). [1] For ref : PAD stands for Packet Assembler Disassembler and is designed to allow a start/stop terminal to interact with an X.25 connected system. /ot -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
I was going to say I fear that there is a risk that you may be wrong again :-( and you're not taking me with you this time :-) - but see later. Sorry for not taking you with me. I probably leant out of the window too far this time; not my favourite subject, so I may well be choosing the wrong wording; I sure am not understanding all the nuts and bolts. Can you bear on last try? In TCP/IP based telnet, raw mode means that characters are send as they are typed. The application can respond to each and every key just when the user presses it. You cannot get into this mode when your (initial) session is a 3270based session. You always need to hit an action key in order to send data over the line. (I'd be happy to learn there is a way.) This is what I meant saying you can't get raw mode in TSO TELNET or TSO OMVS. -- Peter Hunkeler Credit Suisse -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Peter You misunderstood. I wasn't talking about the raw option but your contention that raw wasn't supported. You were entirely correct. Now you have explained and it looks just like what I described in my response to Natarajan as echo mode. So indeed such a protocol, efficient only when used on dedicated wire between the asynchronous ASCII device and the computer where the application resides, is *not* supported by the TSO TELNET command. However it is supported by the otelnetd server. I learned all about this topic even before I started playing with UNIX systems by having to teach X.25 PAD and the 3708 protocol converter. There's no better way to drive the point home than by having students in an X.25 class enter set 2:0 . Chris Mason On Mon, 30 Jun 2008 08:33:11 +0200, Hunkeler Peter (KIUK 3) [EMAIL PROTECTED] wrote: I was going to say I fear that there is a risk that you may be wrong again :-( and you're not taking me with you this time :-) - but see later. Sorry for not taking you with me. I probably leant out of the window too far this time; not my favourite subject, so I may well be choosing the wrong wording; I sure am not understanding all the nuts and bolts. Can you bear on last try? In TCP/IP based telnet, raw mode means that characters are send as they are typed. The application can respond to each and every key just when the user presses it. You cannot get into this mode when your (initial) session is a 3270based session. You always need to hit an action key in order to send data over the line. (I'd be happy to learn there is a way.) This is what I meant saying you can't get raw mode in TSO TELNET or TSO OMVS. -- Peter Hunkeler Credit Suisse -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Pat It would be incorrect to say that the concept of the socket is foreign to the Pascal API - but it's almost the case. Searching for the word socket in the Pascal chapter of the CS IP Sockets Application Programming Interface Guide and Reference manual and ignoring the hits from the bottom of alternate pages, the remaining hits seem to indicate that the Pascal API uses the word socket as a sort of shorthand for the IP address-port combination, either local or foreign - and nothing else. I get the impression the term Pascal language API or simply Pascal API is preferred to the Pascal socket interface. There's a pretty damning note at the end of the first section: quote Note: The Pascal API will not be enhanced for IPv6 support. /quote Thus functional stabilisation applies to any programming element shipped by the z/OS Communications Server IP component which continues to use the Pascal API - and that includes our well-examined TSO TELNET command. Chris Mason On Thu, 26 Jun 2008 17:14:27 -0500, Patrick O'Keefe [EMAIL PROTECTED] wrote: On Thu, 26 Jun 2008 11:04:07 -0700, Gibney, Dave [EMAIL PROTECTED] wrote: Well, I'm already TLS from my workstation to the original logon of TSO, and then I at least am so far always using the Hipersocket connection, so I see no security lapse. I don't have any good reason to check it out using the path out of the CEC and back. It does seem strange though if TLS isn't supported as you say. ... I'm joining this conversation far too late to add my own Does so! and Can too!, but I did confirm the TELNET load module in the 1.8 SEZALOAD has an eyecatcher VS PASCAL RELEASE 2.0 06/13/06 15:31:05 Still Pascal, and recently recompiled. I suspect that the developers would redo this client if there people started needing it, but with the current need, why bother. I don't know when SSL support was added to the Tn3270 server, but I'm sure it was long after the client was ported to MVS, and I bet the client has been functionally stablized since it was ported (effectively, if not explicitly). AT-TLS woun't help, either. It does not support the Pascal socket interface. BTW, NetView for z/OS also provides a Tn3270 client. It also does not support SSL or TLS. Pat O'Keefe -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Edward Thank you for your concern. If you imply by this that I was not able just to try what had been proposed, you are right. I am in some sort of state of retirement but I am not only cultivating my garden. I am assisting a customer with certain very interesting projects involving both components of z/OS Communications Server. As is evident I was not on site last week so I couldn't try this function out. Even if I had been I would have had to request my customer folk to try it since it's an aspect of assisting rather than doing that fingers do not touch customer keyboards! As is evident from another post, another mistake I appreciate I made is insisting that the TELNET commands apply only to line mode. Now I've taken more time over it I see that they apply equally to transparent mode. Chris Mason On Thu, 26 Jun 2008 11:18:58 -0700, Edward Jaffe [EMAIL PROTECTED] wrote: Chris. Are you retired? Do you no longer have access to a live z/OS system? -- Edward E Jaffe Phoenix Software International, Inc 5200 W Century Blvd, Suite 800 Los Angeles, CA 90045 310-338-0400 x318 [EMAIL PROTECTED] http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Dave According to some nice diagrams on an IBM web page I have seen explaining Hipersockets, to say using the path out of the CEC and back seems inappropriate. I made sure of this because Patrick O'Keefe - also taking an interest in this thread - complained in an APPN newsgroup post that the APPN transmission group characteristics table entry covering HiperSockets specified UNSECURE - I know if the VTAM developers had a better appreciation of negative prefixes in English they would have used the word INSECURE[1] - rather than one of the other security code words available. It turns out nobody bothered about the full set of characteristics; they concerned themselves only with the speed characteristic. Those who did think it through concluded that UNSECURE was incorrect - on two counts! I couldn't easily find the pretty picture I found before but this reference covers the point, specifically the initial text following the title HiperSockets: http://researchweb.watson.ibm.com/journal/rd/464/baskey.html [1] For what it's worth, the Google ration is 1:12 (in millions) in favour of insecure. Chris Mason On Thu, 26 Jun 2008 11:04:07 -0700, Gibney, Dave [EMAIL PROTECTED] wrote: Well, I'm already TLS from my workstation to the original logon of TSO, and then I at least am so far always using the Hipersocket connection, so I see no security lapse. I don't have any good reason to check it out using the path out of the CEC and back. It does seem strange though if TLS isn't supported as you say. -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Richard Peurifoy Sent: Thursday, June 26, 2008 8:37 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: TN3270 *from* a host?? ... It should be mentioned that the telnet transparent mode under TSO does not support TLS. So if TLS encryption is required (as it is here) this won't work (at least as of z/OS 1.7). As for being written using the PASCAL API, so is the SMTP server. -- Richard -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Dave ... any other application I can logon to in the target system. (which is all of them) Just to be sure your confidence hasn't derailed you, as I pointed out to Peter Hunkeler, not *all* applications - understood to be those running on a z/OS LPAR - are necessarily accessed using some function employing the 3270 data stream. Of the applications I used to use when I taught SNA matters - not very many, it's true - TSO, CICS and IMS could be accessed by a secondary LU behaving as a 3767, a keyboard-printer device for those who never managed to set eyes on it. This was very important for automation through NetView using the so-called operator control (OPCTL) Terminal Access Facility (TAF) function. It may be that some of the applications you so successfully accessed using transparent mode could also be access in line mode. Chris Mason On Thu, 26 Jun 2008 10:58:36 -0700, Gibney, Dave [EMAIL PROTECTED] wrote: I get full function ISPF or for that matter any other application I can logon to in the target system. (which is all of them) -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Dave Thanks for clarifying open. It could also be construed as implying OMVS which in turn tends to point to the otelnetd server. Another way you could avoid having a TN3270 server on each LPAR on your physical machine is to set up SNA connectivity over your HiperSockets CHPIDs using Enterprise Extender. This is a topic I am in the process of addressing with the customer with whom I am working at the moment - but very clearly I was not on site last week and able actually to try out a particular function! Chris Mason On Thu, 26 Jun 2008 10:55:00 -0700, Gibney, Dave [EMAIL PROTECTED] wrote: By open, I was referring to the fact that not all z/OS Lpars are running TCPIP (Those not may well be very few) and all should be firewalled to some extent. I have to admit I've never tried from a native 3270, but when logged on to one Lpar's TSO/ISPF via my emulator(we currently use QWS from Jolly Giant), the command TSO TELNET ipaddr easily reaches the TN3270 server in another Lpar, shows the MSG10 screen and lets me logon. I first used this doorway via the Hipersocket link when the SEGMENTAIONOFFLOAD issue of the OSA cards bit me in the posterior. Now it's helpful as I move to multiple stacks in our multiple security zones. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Tony Well, the restatement is still rather overspecified. TN3270 is a protocol, not a particular set of client and server software, originally rather loosely specified, which has been more clearly and accurately defined over time in RFCs 1647 and 2355. Strictly TN3270 is not a protocol but a set of practices built upon the TELNET protocol - I guess that's what you mean to imply with rather loosely specified. What RFCs 1647 and 2355 describe is a formal statement of an enhanced protocol TN3270E. RFC 2355 refers to RFC 1576 as defining traditional TN3270 but the title of RFC 1576 is TN3270 Current Practices. I take it from all of this that TN3270 is the short-hand in the RFCs rather than a strict protocol. Certainly hairs are being split here! However TN3270 is most definitely a piece of (at least) server software. You need only locate chapter 15 of the CS IP Configuration Reference manual. Since the server gained TN3270E capability it has named itself the TN3270E server. I tend not to bother with the E which, in any case, represents an optional capability. Obviously TN3270 servers for non z platforms are fairly rare, since there is not often native application support for 3270 data streams, but they do exist as part of commercial products. I believe that TN3270 - probably today TN3270E - servers may be regarded as mainstream products - even if a small number - since they would behave as, for example, 3174s. There existence is anticipated in RFC 2355 in, at least, the discussion of the SSCP function where they constitute what I call the passthrough mode of support for USS traffic. This topic has been discussed many times in this list. There is no need to insist on native application support for 3270 data streams for the TN3270 server! The System z TN3270 clients for both z/OS and z/VM are a little unusual in two respects: They are both called TELNET rather than TN3270, though they behave about like any other TN3270 client; At least for the z/OS client, TELNET is a quite correct - and so usual - designation for a product that behaves as a basic TELNET client as well as being able to negotiate additional function such as 3270 data stream support. I just don't get your point here! Since they are invoked from a terminal session that is already logged in to a 3270, they don't have to remap keyboard input and screen output to a foreign platform such as dumb ASCII datastreams or the Windows presentation interface; rather, they offer a passthrough or transparent mode, and rely on the existing 3270 session to understand the EBCDIC datastream with only the minimal unwrapping of the TN3270 protocol that is needed. I sort-of buy this second unusual although there is a mapping from 3270 data stream to whatever technology presents the image on the monitor at some stage in the path from the arriving data stream to the signals sent to the monitor and vice versa. Whether there is no involvement or some involvement by the software which constitutes the TN3270 client product is of no great concern to users - although a developer would have an intense interest in such a point! There is also no need to bring SNA into the picture, ... SNA was mentioned only because the OP seemed to be thinking in SNA terms. When accessing legacy z/OS applications SNA becomes relevant to TN3270 servers in one of 3 ways: 1. As with the z/OS CS IP TN3270E server, the server concatenates a TN3270 connection to an SNA session to a primary LU application using the VTAM API acting as the secondary LU and uses formatted requests on the SSCP-LU session. 2. The TN3270 server concatenates a TN3270 connection to an SNA session to a primary LU application using the platform SNA API acting as the secondary LU and, typically, uses unformatted requests on the SSCP-LU session. 3. The TN3270 server concatenates a TN3270 connection to a pre/non-SNA 3270 channel appearance. VTAM supports this appearance and converts it into an SNA session to a primary LU application using VTAM's non-SNA 3270 LU simulator acting as the secondary LU. Although the z/OS implementation of a TN3270 server does map the TN3270 session to an SNA one, this is not logically necessary. ... as indicated by case 3 since the channel appearance can be to a function other than the VTAM simulator. Chris Mason On Thu, 26 Jun 2008 13:26:08 -0400, Tony Harminc [EMAIL PROTECTED] wrote: See extracts above -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Natarajan Block mode is terminology I associate with asynchronous ASCII displays rather than 3270. You may have been familiar with this terminology before you got to know the wonderful 3270 devices in that list - or maybe you never have seen any of the listed devices. If so, you haven't really missed anything - except the opportunity to reminisce with others who have! Block mode with asynchronous ASCII devices - such as the IBM 3151 - implies that data is sent only when a key such as Enter is pressed. Indeed this is how devices - or emulators - using the 3270 data stream behave. The alternative mode of behaviour with asynchronous ASCII devices is to send each character as keyed and typically only to display characters when sent by the communicating partner, which, assuming the keyed character is sent back, as it were, is called echo mode. I guess that might be a helpful distinction to draw for some watchers - or perhaps not! Chris Mason On Thu, 26 Jun 2008 09:42:57 -0700, Natarajan Mohan [EMAIL PROTECTED] wrote: TN3270 supports block mode from a TSO Client. If you are connecting to a remote host (MVS TN3270) you will successfully connect in transparent mode. but if you invoke TSO TELNET host-name (linemode then your session is connected in line mode and anything after that is also connected in line mode. Natarajan IP USER's Guide states In 3270 transparent mode, all full-screen capabilities of the remote host are functional at your local display station, but the PA1 key is the only special-function key whose intended function is passed to the application by Telnet. In line mode, the remote host output is displayed on your screen one line at a time, without full-screen capabilities. v The TELNET command supports IBM 3270-type display stations. Examples of supported display stations are: â IBM 3178 Display Station â IBM 3179 Display Station â IBM 3180 Display Station â IBM 3191 Display Station â IBM 3192 Display Station â IBM 3193 Display Station â IBM 3194 Display Station â IBM 3275 Display Station Model 2 â IBM 3276 Control Unit Display Station Models 2, 3, and 4 â IBM 3277 Display Station Model 2 â IBM 3278 Display Station Models 2, 3, 4, and 5 â IBM 3279 Color Display Station Models 2 and 3 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Richard TLS (SSL) including AT-TLS is a topic with which I have yet thoroughly to familiarise myself. However, I believe that it needs hooks in the logic under the API used by the application using the transport protocol, e.g. TCP (or should that be i.e.?). My understanding of the situation is that such hooks have been inserted where the API is the sockets API but not where it is the Pascal API. Thus - assuming it is relevant - *all* modes of the TELNET command would not support TLS. Chris Mason On Thu, 26 Jun 2008 10:37:11 -0500, Richard Peurifoy r- [EMAIL PROTECTED] wrote: ... It should be mentioned that the telnet transparent mode under TSO does not support TLS. So if TLS encryption is required (as it is here) this won't work (at least as of z/OS 1.7). As for being written using the PASCAL API, so is the SMTP server. -- Richard -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Peter Thanks for the clarification. You don't have this raw mode available in TSO OMVS shell sessions and you don't have it in TSO TELNET shell sessions. I was going to say I fear that there is a risk that you may be wrong again :-( and you're not taking me with you this time :-) - but see later. Here is what I found searching on raw in the CS IP Configuration Guide, Configuring the z/OS UNIX Telnet server: quote The z/OS UNIX Telnet server runs in both line mode and raw mode, but does not support TN3270 or TN3270E, as the TN3270E Telnet server does. /quote However, you were talking about the TELNET command under TSO which I guess doesn't allow the generation or interpretation of the characters necessary to drive many clever UNIX functions in the way that the usual, say PC-based, TELNET clients do. Chris Mason On Thu, 26 Jun 2008 16:46:36 +0200, Hunkeler Peter (KIUK 3) [EMAIL PROTECTED] wrote: What's this over 3270? Where did that idea come from? I just coined this term trying to describe that logging into a UNIX server from TSO telnet does bring you into line mode in UNIX. Probably a misnomer. I suggest we just forget about it ;-) And what's raw mode? When logging into a server using telnet (not talking about TN3270 here), you initially are place into line mode. Certain utilites like vi need another mode, called raw mode, to be able to run. You don't have this raw mode available in TSO OMVS shell sessions and you don't have it in TSO TELNET shell sessions. -- Peter Hunkeler Credit Suisse -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Brian The only key that is not passed through is the ATTN key. This 'breaks' transparent mode and reverts to linemode, enabling you to enter telnet control commands such as 'quit', for example. Describing the use of Attn as causing the connection to revert to linemode is misleading. It allows the end user to send commands to the TELNET server, as you stated. Reverting to linemode implies that, somehow, the SNA session with the SNA application changes from one which uses the 3270 data stream to one which uses the 3767 data stream, more strictly, the SNA character stream (SCS). Incidentally, in the CS IP Users Guide and Commands manual I find only PA1 mentioned as being used to allow entry of commands to the TELNET server. With truly SNA, LU type 2, sessions, use of the Attn key causes TSO to recognise an attention condition, the equivalent of which with non-SNA, LU type 0 (using the 3270 data stream), sessions is PA1. Reading the use of the BRK function, I see that an Attn can be passed to the primary LU application, presumably only where the TN3270 server is supporting a session bound with LU type 2. I expect what you were thinking of was the PA1 key is not passed directly. However once in the state where a TELNET command can be entered, you can key PA1 in order that the PA1 can be sent to the primary LU application over the SNA session. If you try to do that to a 3270 telnet server, you will get an error message (or should do anyway) informing you that transparent mode is required. is completely wrong. Take a look at the device types listed under the description of the TELNETDEVICE parameter. If LINEMODE is negotiated, by default the mode table entry name INTERACT will be selected and the TN3270 - I know I'm not responsible for the misleading name! - server will quite happily attempt to persuade the primary LU SNA application that, in the role of representing the TELNET user, it requests the use of SNA protocols suitable for a 3767 keyboard-printer device. Naturally traffic on such an SNA-session/TELNET- connection concatenation is handled in the same way as a native (non-ISPF etc.) TSO conversation on a 3270 device. Chris Mason On Thu, 26 Jun 2008 13:51:40 +0100, Bri P [EMAIL PROTECTED] wrote: See extracts above. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
By out of the CEC and back, I meant using the link out to the switch and back in to a different Lpar. It is available, but I have no reason to test it at this time. Even so, that link wouldn't put traffic very far out on the network to be sniffed if it was not TLS. -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Chris Mason Sent: Sunday, June 29, 2008 4:52 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: TN3270 *from* a host?? Dave According to some nice diagrams on an IBM web page I have seen explaining Hipersockets, to say using the path out of the CEC and back seems inappropriate. I made sure of this because Patrick O'Keefe - also taking an interest in this thread - complained in an APPN newsgroup post that the APPN transmission group characteristics table entry covering HiperSockets specified UNSECURE - I know if the VTAM developers had a better appreciation of negative prefixes in English they would have used the word INSECURE[1] - rather than one of the other security code words available. It turns out nobody bothered about the full set of characteristics; they concerned themselves only with the speed characteristic. Those who did think it through concluded that UNSECURE was incorrect - on two counts! I couldn't easily find the pretty picture I found before but this reference covers the point, specifically the initial text following the title HiperSockets: http://researchweb.watson.ibm.com/journal/rd/464/baskey.html [1] For what it's worth, the Google ration is 1:12 (in millions) in favour of insecure. Chris Mason On Thu, 26 Jun 2008 11:04:07 -0700, Gibney, Dave [EMAIL PROTECTED] wrote: Well, I'm already TLS from my workstation to the original logon of TSO, and then I at least am so far always using the Hipersocket connection, so I see no security lapse. I don't have any good reason to check it out using the path out of the CEC and back. It does seem strange though if TLS isn't supported as you say. -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Richard Peurifoy Sent: Thursday, June 26, 2008 8:37 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: TN3270 *from* a host?? ... It should be mentioned that the telnet transparent mode under TSO does not support TLS. So if TLS encryption is required (as it is here) this won't work (at least as of z/OS 1.7). As for being written using the PASCAL API, so is the SMTP server. -- Richard -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
TN3270 *from* a host??
Hi all, Kind of a weird question I know, but ... it has been a day full of weird questions. A customer would like to know if they can open a TN3270 session *from* one z/OS host, to another z/OS host? I do not believe this is possible. For a start, you cannot have 2 SSCPs in the same Domain; so how can you have a Dependent LU?. Besides, there is no TN3270 client (AFAIK) for z/OS. However my customer - not on the face of it, a fool - sincerely believes that this is what he is doing, today. So who is right? Can I open a TN session to a host in another domain??? Many thanks for any clues Andrew -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Andrew McLaren wrote: A customer would like to know if they can open a TN3270 session *from* one z/OS host, to another z/OS host? I do not believe this is possible. For a start, you cannot have 2 SSCPs in the same Domain; so how can you have a Dependent LU?. Besides, there is no TN3270 client (AFAIK) for z/OS. However my customer - not on the face of it, a fool - sincerely believes that this is what he is doing, today. So who is right? Can I open a TN session to a host in another domain??? Which interface is being used when I issue TSO TELNET IBMLINK.ADVANTIS.COM from my ISPF session? -- Edward E Jaffe Phoenix Software International, Inc 5200 W Century Blvd, Suite 800 Los Angeles, CA 90045 310-338-0400 x318 [EMAIL PROTECTED] http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
TSO TELNET is not a TN3270 client, it supoprts only line mode. If you telnet to the foreign host's TN3270 server listening port (23 usualkly) you'll be able to login into TSO line mode. ISPF would not work, since it requires full screen mode (afaik, I haven't tried in a while). If you telnet to the foreogn host's telnet daemon / inet daemon listening port (623 or 1023 are widely used), you'll be able to login into a z/OS UNIX shell. Note that this still is line mode over 3270, no raw mode. It behaves more like TSO OMVS than real telnet from another UNIX box (or WINDOW$ or Mac). I don't know if there is a full-mode TN3270 client that could be installed on z/OS. -- Peter Hunkeler CREDIT SUISSE -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
I do it on occasion between our LPARs (over the Hipersocket link :), but yup the command TSO TELNET ip address will reach the TN327o server running on a TCPIP open z/OS LPAR. Actually, what do you think you're reaching when you use (what ever TN3270) emulator you're using on your Window$ desktop? -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Hunkeler Peter (KIUK 3) Sent: Thursday, June 26, 2008 12:03 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: TN3270 *from* a host?? TSO TELNET is not a TN3270 client, it supoprts only line mode. If you telnet to the foreign host's TN3270 server listening port (23 usualkly) you'll be able to login into TSO line mode. ISPF would not work, since it requires full screen mode (afaik, I haven't tried in a while). If you telnet to the foreogn host's telnet daemon / inet daemon listening port (623 or 1023 are widely used), you'll be able to login into a z/OS UNIX shell. Note that this still is line mode over 3270, no raw mode. It behaves more like TSO OMVS than real telnet from another UNIX box (or WINDOW$ or Mac). I don't know if there is a full-mode TN3270 client that could be installed on z/OS. -- Peter Hunkeler CREDIT SUISSE -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Actually, what do you think you're reaching when you use (what ever TN3270) emulator you're using on your Window$ desktop? Not sure I understand what you're asking, but... A TN3270 telnet client understands the 3270 protocol and is capable of doing full screen mode, which is required for TSO ISPF, IMS and CICS sessions, Omegamon, etc, etc. A (non-TN3270) telnet client does not understand 3270 and cannot support full screen mode in the sense of 3270. I'll need a TN3270 client on any platform to log into a legacy application on z/OS, such as TSO using ISPF, IMS, CICS, etc. And I'll need a (non-3270) telnet client to log into a z/OS UNIX shell. A TN3270 telnet client may well support non-3270 telnet sessions. -- Peter Hunkeler Credit Suisse -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Hunkeler Peter , KIUK 3 wrote: TSO TELNET is not a TN3270 client, it supoprts only line mode. I think it's safe to say the the TELNET command accessible from the READY prompt does support TN3270. At least it is possible to use it to telnet to another z/OS and get the VTAM logo and logon to TSO and crank up ISPF in all of its 7-colour glory. Cheers, Greg -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
I think it's safe to say the the TELNET command accessible from the READY prompt does support TN3270. At least it is possible to use it to telnet to another z/OS and get the VTAM logo and logon to TSO and crank up ISPF in all of its 7-colour glory. Indeed! I stand corrected! Should have tried before writing down from(fading) memory. Has this always been supported (and am I therefore mixing up things) or has TSO telnet been enhanced within the last 20 or so years? -- Peter Hunkeler Credit Suisse -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Under specific circumstances we have used this 'feature' during D/R tests for mor than 10 years! Always got the NVAS Main-menu up regards - Tonni CSC Danmark A/S Retortvej 8 DK - 1780 København V Direkte: +45 3614 4445 CSC Danmark A/S Registered Office: Retortvej 8, DK -1780 Copenhagen V , Denmark Registered in Denmark No: 15231599 - This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. - Hunkeler Peter (KIUK 3) [EMAIL PROTECTED] To REDIT-SUISSE.COM IBM-MAIN@BAMA.UA.EDU Sent by: IBM cc Mainframe Discussion List Subject [EMAIL PROTECTED] Re: TN3270 *from* a host?? .EDU 26-06-2008 12:56 Please respond to IBM Mainframe Discussion List [EMAIL PROTECTED] .EDU I think it's safe to say the the TELNET command accessible from the READY prompt does support TN3270. At least it is possible to use it to telnet to another z/OS and get the VTAM logo and logon to TSO and crank up ISPF in all of its 7-colour glory. Indeed! I stand corrected! Should have tried before writing down from(fading) memory. Has this always been supported (and am I therefore mixing up things) or has TSO telnet been enhanced within the last 20 or so years? -- Peter Hunkeler Credit Suisse -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Andrew I believe Peter Hunkeler is putting us more or less on the right track here in stating that there is no support for the 3270 data stream from the TELNET client function available from TSO. Of course there may be other vendors somehow supplying this function and, taking his post at face value, it seems Dave Gibney not only knows of one but is using one. Meantime what is all this about 2 SSCPs in the same Domain? I can vaguely see - because I used to be a teacher and I had to try to imagine how students' ideas could get tangled - that you may imagine that a VTAM application talking to another VTAM application has to be cross-domain. This is not true: two VTAM applications running on the same system and activated by the same VTAM SSCP can happily talk to one another. However, you seem to be talking about a TELNET client on one system talking to a TELNET server on another system which, if both applications were using the VTAM API would be cross-domain. However, the TELNET client function in z/OS does not rely on the VTAM API. Moreover the TELNET connection has nothing to do with VTAM domains. Read that twice since I see this false connection appears more than once in your post. The only involvement of VTAM in your scenario is from the TELNET server, which happens, confusingly IMHO, to be called the TN3270 server but does need to be distinguished from the z/OS UNIX TELNET server, to the accessed SNA application. Isn't it time for a show and tell, meaning a demonstration from your customer of what he/she is actually doing and a report back to the eager listeners here in the list? It may be this is all confusion over which server is being used. I haven't used the z/OS UNIX TELNET server (otelnetd) but if it can do what I imagine it may be able to do, it may give the impression that the 3270 data stream is being supported. Assuming my memory is good, I could use TELNET from one AIX system to another AIX system and manipulate SMIT with the cursor keys in what someone familiar with using 3270 devices might describe as a full- screen environment. What's interesting about the comparison of the two environments is that the SMIT application reacts to those cursor movements in a way that would never happen with 3270 since there can be an immediate reaction to the character entered rather than having to wait for the entry of an AID key such as ENTER. Chris Mason On Wed, 25 Jun 2008 22:56:17 -0700, Andrew McLaren [EMAIL PROTECTED] wrote: Hi all, Kind of a weird question I know, but ... it has been a day full of weird questions. A customer would like to know if they can open a TN3270 session *from* one z/OS host, to another z/OS host? I do not believe this is possible. For a start, you cannot have 2 SSCPs in the same Domain; so how can you have a Dependent LU?. Besides, there is no TN3270 client (AFAIK) for z/OS. However my customer - not on the face of it, a fool - sincerely believes that this is what he is doing, today. So who is right? Can I open a TN session to a host in another domain??? Many thanks for any clues Andrew -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Peter telnet daemon / inet daemon listening port (623 or 1023 are widely used) ... although they don't have to be since VIPAs and the PORT list BIND parameter are there to allow use of port 23 for access using the z/OS UNIX TELNET server to z/OS UNIX as well as using port 23 to access the TN3270 server. Then, with the aid of your preferred name to IP address translation, you can access either TELNET server by name. What's this over 3270? Where did that idea come from? And what's raw mode?[1] Perhaps there's some reflection here of the thorough confusion IBM has created - as they do again and again - by calling the original z/OS TELNET function the TN3270 server when it also quite happily - and with not a whiff of 3270 in sight - supports the network terminal protocol - otherwise known as line mode or LINEMODE. A cleverer and more technically accurate name would be the TELNET SNA gateway server. This would distinguish it from the z/OS UNIX TELNET server which abjures SNA! How would you describe a 'full-mode' tn3270 client? Perhaps a client which completely emulates being a TN3270 client with support for minimally 3277 level of 3270 data stream support? [1] The only raw I know in the Communications Server IP component is in the terminology used to differentiate using TCP or UDP from some other transport protocol such as ICMP. Chris Mason On Thu, 26 Jun 2008 09:03:20 +0200, Hunkeler Peter (KIUK 3) [EMAIL PROTECTED] wrote: TSO TELNET is not a TN3270 client, it supoprts only line mode. If you telnet to the foreign host's TN3270 server listening port (23 usualkly) you'll be able to login into TSO line mode. ISPF would not work, since it requires full screen mode (afaik, I haven't tried in a while). If you telnet to the foreogn host's telnet daemon / inet daemon listening port (623 or 1023 are widely used), you'll be able to login into a z/OS UNIX shell. Note that this still is line mode over 3270, no raw mode. It behaves more like TSO OMVS than real telnet from another UNIX box (or WINDOW$ or Mac). I don't know if there is a full-mode TN3270 client that could be installed on z/OS. -- Peter Hunkeler CREDIT SUISSE -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Dave Please be more specific about what you actually achieve here. the command TSO TELNET ip address will reach the TN327o server running on a TCPIP open z/OS LPAR is not in dispute - with or without the open whatever you may mean by that, perhaps the z/OS UNIX TELNET server (otelnetd). Do you eventually enter your TSO commands one line at a time with no support from ISPF? what do you think you're reaching when you use (what ever TN3270) emulator you're using on your Window$ desktop? Typically, you are using the so-called TN3270 function and your TN3270(E) client (from whatever desktop platform) will be relying on 3270 emulation not (previously?) available from the TELNET client function supplied by the Communications Server IP component. Chris Mason On Thu, 26 Jun 2008 00:22:57 -0700, Gibney, Dave [EMAIL PROTECTED] wrote: I do it on occasion between our LPARs (over the Hipersocket link :), but yup the command TSO TELNET ip address will reach the TN327o server running on a TCPIP open z/OS LPAR. Actually, what do you think you're reaching when you use (what ever TN3270) emulator you're using on your Window$ desktop? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Peter Use of 3270 data stream is *not* required for CICS and IMS - and possibly some of the applications you have in mind in your etc. etc.. They at least are happy to run with the 3767 emulator supported by the so-called TN3270 server when 3270 functions are *not* agreed during the TELNET connection negotiation. Chris Mason On Thu, 26 Jun 2008 09:34:28 +0200, Hunkeler Peter (KIUK 3) [EMAIL PROTECTED] wrote: Actually, what do you think you're reaching when you use (what ever TN3270) emulator you're using on your Window$ desktop? Not sure I understand what you're asking, but... A TN3270 telnet client understands the 3270 protocol and is capable of doing full screen mode, which is required for TSO ISPF, IMS and CICS sessions, Omegamon, etc, etc. A (non-TN3270) telnet client does not understand 3270 and cannot support full screen mode in the sense of 3270. I'll need a TN3270 client on any platform to log into a legacy application on z/OS, such as TSO using ISPF, IMS, CICS, etc. And I'll need a (non-3270) telnet client to log into a z/OS UNIX shell. A TN3270 telnet client may well support non-3270 telnet sessions. -- Peter Hunkeler Credit Suisse -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Greg Are you sure you are not talking about the z/OS UNIX TELNET server? See my response to Andrew McLaren. I cannot find any support for your contention in the manual: z/OS Communications Server IP User's Guide and Commands Version 1 Release 9 SC31-8780-07. Please explain how (you think) you are doing it. Be aware that, when using the TN3270 server in line mode, the TN3270 server emulates a 3767 device and logon to TSO as a 3767 user is possible. The TN3270 server also supports SCS USS messages so you can see what you may be in the habit of calling a VTAM logo. It's the 7-colour (right spelling incidentally!!!) glory ISPF I'm having difficulty getting my head around! Another little difficulty I have is that I noticed that the manual mentions that the TN3270 client uses the PASCAL API which almost certainly means it has not been changed - ever - since the days of TCP/IP for VM. The policy now is exclusively to use the sockets API so, had there been any change, you would no longer find the use of the Pascal API being excused. Chris Mason On Thu, 26 Jun 2008 18:21:59 +1000, Greg Price [EMAIL PROTECTED] wrote: Hunkeler Peter , KIUK 3 wrote: TSO TELNET is not a TN3270 client, it supoprts only line mode. I think it's safe to say the the TELNET command accessible from the READY prompt does support TN3270. At least it is possible to use it to telnet to another z/OS and get the VTAM logo and logon to TSO and crank up ISPF in all of its 7-colour glory. Cheers, Greg -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Tonni Other than confusion over which TELNET client may be being used, it may be that there is some confusion over what *from* a z/OS host means. Does this imply using the TSO TELNET client as most responders have assumed or does it mean a TN3270 connection to a TN3270 server in one system where the SNA application accessed is in another system? This latter interpretation may be what you are assuming. There is no surprise here since it is SNA business-as-usual. Chris Mason On Thu, 26 Jun 2008 13:15:37 +0200, Tonni J Ottosen [EMAIL PROTECTED] wrote: Under specific circumstances we have used this 'feature' during D/R tests for mor than 10 years! Always got the NVAS Main-menu up regards - Tonni I think it's safe to say the the TELNET command accessible from the READY prompt does support TN3270. At least it is possible to use it to telnet to another z/OS and get the VTAM logo and logon to TSO and crank up ISPF in all of its 7-colour glory. Indeed! I stand corrected! Should have tried before writing down from(fading) memory. Has this always been supported (and am I therefore mixing up things) or has TSO telnet been enhanced within the last 20 or so years? -- Peter Hunkeler Credit Suisse -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
On 6/26/08, Chris Mason [EMAIL PROTECTED] wrote: Please explain how (you think) you are doing it. If you issue tso telnet zoshostname from your tso/ispf session you will be presented with a full screen logon in the same manner as if you used a TN3270 client from a pc. If you then hit PA1 you will get telnet command : in the bottom left hand corner of the screen where you can enter quit which will return you to your original session. I don't know if it's actually TN3270 but it is certainly full screen 3270 mode. Jim McAlpine -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Peter The function postulated in this thread has certainly not been always supported - always starting from the earliest flavour of TCP/IP for VM - or it escaped my extensive testing of the function in the earliest TCP/IP for MVS and the documentation. That such a handy function would escape description - as it still does - would be most remarkable - to coin a phrase. It's also remarkable that the TELNET client in the Communications Server IP component should still be written in Pascal - unless some development author just forgot to remove the excuse - it's been known - after having undergone such a major enhancement. Incidentally, you are spreading your net rather too widely in dating the original function at 20 years ago. I think 15 would be closer to the advent of TCP/IP for VM. I expect some lurking IBM developer will provide an accurate age. Chris Mason On Thu, 26 Jun 2008 12:56:36 +0200, Hunkeler Peter (KIUK 3) [EMAIL PROTECTED] wrote: I think it's safe to say the the TELNET command accessible from the READY prompt does support TN3270. At least it is possible to use it to telnet to another z/OS and get the VTAM logo and logon to TSO and crank up ISPF in all of its 7-colour glory. Indeed! I stand corrected! Should have tried before writing down from(fading) memory. Has this always been supported (and am I therefore mixing up things) or has TSO telnet been enhanced within the last 20 or so years? -- Peter Hunkeler Credit Suisse -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
From 1 Tso to another tcpip stack, certainly full screen: READY telnet p3l1 MVS TCP/IP TELNET CS V1R7 Connecting to P3L1 198.176.137.228, port TELNET (23) *** Using Transparent Mode... Notes on using Telnet when in Transparent Mode: - To enter Telnet Command, Hit PA1 *** Hi all, Kind of a weird question I know, but ... it has been a day full of weird questions. A customer would like to know if they can open a TN3270 session *from* one z/OS host, to another z/OS host? I do not believe this is possible. For a start, you cannot have 2 SSCPs in the same Domain; so how can you have a Dependent LU?. Besides, there is no TN3270 client (AFAIK) for z/OS. However my customer - not on the face of it, a fool - sincerely believes that this is what he is doing, today. So who is right? Can I open a TN session to a host in another domain??? Many thanks for any clues Andrew -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- NOTICE: This electronic mail message and any attached files are confidential. The information is exclusively for the use of the individual or entity intended as the recipient. If you are not the intended recipient, any use, copying, printing, reviewing, retention, disclosure, distribution or forwarding of the message or any attached file is not authorized and is strictly prohibited. If you have received this electronic mail message in error, please advise the sender by reply electronic mail immediately and permanently delete the original transmission, any attachments and any copies of this message from your computer system. Thank you. == -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Jim The acid test is getting something like ISPF running having used the TSO TELNET command. I'm afraid just seeing a USS message 10 isn't sufficient. It's the TN3270 server which is responsible for presenting you with USS messages. You need to get past this point in order to be playing in the game under discussion in this thread. Hitting PA1 etc is a description of LINEMODE behaviour. See Using the TELNET subcommands in Chapter 2. Logging on to a host using TELNET of the z/OS Communications Server IP Users Guide and Commands. Chris Mason On Thu, 26 Jun 2008 13:09:22 +0100, Jim McAlpine [EMAIL PROTECTED] wrote: On 6/26/08, Chris Mason [EMAIL PROTECTED] wrote: Please explain how (you think) you are doing it. If you issue tso telnet zoshostname from your tso/ispf session you will be presented with a full screen logon in the same manner as if you used a TN3270 client from a pc. If you then hit PA1 you will get telnet command : in the bottom left hand corner of the screen where you can enter quit which will return you to your original session. I don't know if it's actually TN3270 but it is certainly full screen 3270 mode. Jim McAlpine -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Andrew McLaren of the IBM Mainframe Discussion List IBM-MAIN@BAMA.UA.EDU wrote on 06/26/2008 12:56:17 AM: Hi all, Kind of a weird question I know, but ... it has been a day full of weird questions. A customer would like to know if they can open a TN3270 session *from* one z/OS host, to another z/OS host? I do not believe this is possible. For a start, you cannot have 2 SSCPs in the same Domain; so how can you have a Dependent LU?. Besides, there is no TN3270 client (AFAIK) for z/OS. However my customer - not on the face of it, a fool - sincerely believes that this is what he is doing, today. So who is right? Can I open a TN session to a host in another domain??? Many thanks for any clues I just did it. See below Regards, John K --- READY telnet another.zos.host Using Transparent Mode... Notes on using Telnet when in Transparent Mode: - To enter Telnet Command, Hit PA1 ... ... tn3270 session (on another.zos.host) ... ... READY logoff Session ended. ENTER to return to TSO. READY -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
On 6/26/08, Chris Mason [EMAIL PROTECTED] wrote: Jim The acid test is getting something like ISPF running having used the TSO TELNET command. I'm afraid just seeing a USS message 10 isn't sufficient. It's the TN3270 server which is responsible for presenting you with USS messages. You need to get past this point in order to be playing in the game under discussion in this thread. Hitting PA1 etc is a description of LINEMODE behaviour. See Using the TELNET subcommands in Chapter 2. Logging on to a host using TELNET of the z/OS Communications Server IP User's Guide and Commands. Chris Mason Chris, you seem determined not to be convinced. Full screen 3270 mode including ISPF and all other applications. Exactly the same as from a TN3270 client on your pc. Jim McAlpine -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
I use Telnet quite regularly (from the TSO command line) to get from one z/OS system to another. It doesn't matter that the system you are going from is referred to by you as a 'host' - in this case, it's just another telnet client. All colours, PFkeys, ISPF screen displays, scrolling etc all work exactly as they do if you're using a telnet client from Windows or Unix or OS/2 or whatever - you wouldn't know the difference. This is what Transparent Mode does. By default the z/OS telnet client opens in Transparent Mode - allowing all screen control characters and key function codes to pass between the remote server and the local client. Since it recognises 3270 datastreams, I would say that this makes it a TN3270 client. The only key that is not passed through is the ATTN key. This 'breaks' transparent mode and reverts to linemode, enabling you to enter telnet control commands such as 'quit', for example. You can force z/OS telnet client to open in linemode by specifying that as an option on the initial command line. If you try to do that to a 3270 telnet server, you will get an error message (or should do anyway) informing you that transparent mode is required. Brian - Email sent from www.virginmedia.com/email Virus-checked using McAfee(R) Software and scanned for spam -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Chris - I thought I understood the question - after your mail I may be confused! What we did was: Telnet (PCOMM) to z/os mainframe and get NVAS logon menu - logon tso and enter TSO TELNET and via TCP/IP go through the TCP/IP stack in another z/OS mainframe and get the NVAS logon screen on this system - logon here and run normal tso/ispf. No 'network-SNA' involved - only 'application SNA'. Confused - not when I do it - only when I shall explain it - - ehhr;-) Venlig hilsen Tonni Ottosen CSC Danmark A/S Retortvej 8 DK - 1780 København V Direkte: +45 3614 4445 CSC Danmark A/S Registered Office: Retortvej 8, DK -1780 Copenhagen V , Denmark Registered in Denmark No: 15231599 - This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. - Chris Mason [EMAIL PROTECTED] COM.NET To Sent by: IBM IBM-MAIN@BAMA.UA.EDU Mainframe cc Discussion List [EMAIL PROTECTED] Subject .EDU Re: TN3270 *from* a host?? 26-06-2008 14:13 Please respond to IBM Mainframe Discussion List [EMAIL PROTECTED] .EDU Tonni Other than confusion over which TELNET client may be being used, it may be that there is some confusion over what *from* a z/OS host means. Does this imply using the TSO TELNET client as most responders have assumed or does it mean a TN3270 connection to a TN3270 server in one system where the SNA application accessed is in another system? This latter interpretation may be what you are assuming. There is no surprise here since it is SNA business-as-usual. Chris Mason On Thu, 26 Jun 2008 13:15:37 +0200, Tonni J Ottosen [EMAIL PROTECTED] wrote: Under specific circumstances we have used this 'feature' during D/R tests for mor than 10 years! Always got the NVAS Main-menu up regards - Tonni I think it's safe to say the the TELNET command accessible from the READY prompt does support TN3270. At least it is possible to use it to telnet to another z/OS and get the VTAM logo and logon to TSO and crank up ISPF in all of its 7-colour glory. Indeed! I stand corrected! Should have tried before writing down from(fading) memory. Has this always been supported (and am I therefore mixing up things) or has TSO telnet been enhanced within the last 20 or so years? -- Peter Hunkeler Credit Suisse -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
This is what Transparent Mode does. That seems to be the point, or function, I was missing. Still learning something new every day (forgetting something else to make room the new stuff :-) -- Peter Hunkeler Credit Suisse -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
George Thanks for putting the doubters right. The key is transparent and transparent mode. It is documented. Under the description, ironically enough, of the linemode parameter we find the following small print: quote Linemode Uses the line mode and prevents operation in the transparent mode. ... In transparent mode, the foreign host full-screen capabilities are functional on your local terminal. Transparent mode is the default. /quote How strange I couldn't recall having used this function. The wages of age! I also checked back with my presentation notes on the topic - otherwise gathering dust - which date from the earliest days of TCP/IP for MVS. The use of transparent mode is covered there. This almost certainly means the function has always been there - coded in Pascal. That'll teach me to use my own sources before responding in future! So, in order to answer the original question So who is right? Can I open a TN session to a host in another domain??? restated accurately as Can I create a TELNET connection using 3270 data stream from one Communications Server IP component - using the TSO TELNET command - over an IP network to another Communications Server IP component - using the TN3270 server? the answer is Yes. You'll note that the restatement avoids the words session and domain. Chris Mason On Thu, 26 Jun 2008 07:26:02 -0500, Mansell, George R. [EMAIL PROTECTED] wrote: From 1 Tso to another tcpip stack, certainly full screen: READY telnet p3l1 MVS TCP/IP TELNET CS V1R7 Connecting to P3L1 198.176.137.228, port TELNET (23) *** Using Transparent Mode... Notes on using Telnet when in Transparent Mode: - To enter Telnet Command, Hit PA1 *** Hi all, Kind of a weird question I know, but ... it has been a day full of weird questions. A customer would like to know if they can open a TN3270 session *from* one z/OS host, to another z/OS host? I do not believe this is possible. For a start, you cannot have 2 SSCPs in the same Domain; so how can you have a Dependent LU?. Besides, there is no TN3270 client (AFAIK) for z/OS. However my customer - not on the face of it, a fool - sincerely believes that this is what he is doing, today. So who is right? Can I open a TN session to a host in another domain??? Many thanks for any clues Andrew -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Jim See my response to George. The point about your post was that you didn't go further than the USS messages which means you didn't go far enough. George did - and it seems you did before this post also. I'm glad we're all on the same page now! Chris Mason On Thu, 26 Jun 2008 13:45:50 +0100, Jim McAlpine [EMAIL PROTECTED] wrote: On 6/26/08, Chris Mason [EMAIL PROTECTED] wrote: Jim The acid test is getting something like ISPF running having used the TSO TELNET command. I'm afraid just seeing a USS message 10 isn't sufficient. It's the TN3270 server which is responsible for presenting you with USS messages. You need to get past this point in order to be playing in the game under discussion in this thread. Hitting PA1 etc is a description of LINEMODE behaviour. See Using the TELNET subcommands in Chapter 2. Logging on to a host using TELNET of the z/OS Communications Server IP User's Guide and Commands. Chris Mason Chris, you seem determined not to be convinced. Full screen 3270 mode including ISPF and all other applications. Exactly the same as from a TN3270 client on your pc. Jim McAlpine -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
What's this over 3270? Where did that idea come from? I just coined this term trying to describe that logging into a UNIX server from TSO telnet does bring you into line mode in UNIX. Probably a misnomer. I suggest we just forget about it ;-) And what's raw mode? When logging into a server using telnet (not talking about TN3270 here), you initially are place into line mode. Certain utilites like vi need another mode, called raw mode, to be able to run. You don't have this raw mode available in TSO OMVS shell sessions and you don't have it in TSO TELNET shell sessions. -- Peter Hunkeler Credit Suisse -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Chris Mason wrote: Jim See my response to George. The point about your post was that you didn't go further than the USS messages which means you didn't go far enough. George did - and it seems you did before this post also. I'm glad we're all on the same page now! Chris Mason Sorry if you get this twice, I sent it to the newsgroup the first time. It should be mentioned that the telnet transparent mode under TSO does not support TLS. So if TLS encryption is required (as it is here) this won't work (at least as of z/OS 1.7). As for being written using the PASCAL API, so is the SMTP server. -- Richard -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
TN3270 supports block mode from a TSO Client. If you are connecting to a remote host (MVS TN3270) you will successfully connect in transparent mode. but if you invoke TSO TELNET host-name (linemode then your session is connected in line mode and anything after that is also connected in line mode. Natarajan IP USER's Guide states In 3270 transparent mode, all full-screen capabilities of the remote host are functional at your local display station, but the PA1 key is the only special-function key whose intended function is passed to the application by Telnet. In line mode, the remote host output is displayed on your screen one line at a time, without full-screen capabilities. v The TELNET command supports IBM 3270-type display stations. Examples of supported display stations are: – IBM 3178 Display Station – IBM 3179 Display Station – IBM 3180 Display Station – IBM 3191 Display Station – IBM 3192 Display Station – IBM 3193 Display Station – IBM 3194 Display Station – IBM 3275 Display Station Model 2 – IBM 3276 Control Unit Display Station Models 2, 3, and 4 – IBM 3277 Display Station Model 2 – IBM 3278 Display Station Models 2, 3, 4, and 5 – IBM 3279 Color Display Station Models 2 and 3 | NOTICE OF CONFIDENTIALITY The information contained in this communication, including but not limited to any accompanying document(s) and/or attachment(s), is privileged and confidential and is intended solely for the above-named individual(s). If you are not the intended recipient, please be advised that any distribution, copying, disclosure, and/or use of the information contained herein is strictly prohibited. If you received this communication in error, please destroy all copies of the communication, whether in electronic or hard copy format, and immediately contact the Security Office at EDFUND at (916) 526-7539 or [EMAIL PROTECTED] Thank you. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
2008/6/26 Chris Mason [EMAIL PROTECTED]: So, in order to answer the original question So who is right? Can I open a TN session to a host in another domain??? restated accurately as Can I create a TELNET connection using 3270 data stream from one Communications Server IP component - using the TSO TELNET command - over an IP network to another Communications Server IP component - using the TN3270 server? the answer is Yes. Well, the restatement is still rather overspecified. TN3270 is a protocol, not a particular set of client and server software, originally rather loosely specified, which has been more clearly and accurately defined over time in RFCs 1647 and 2355. The platforms the client and server run on have no real bearing on use of the protocol, and there are both clients and servers for System z and other platforms. Obviously TN3270 servers for non z platforms are fairly rare, since there is not often native application support for 3270 data streams, but they do exist as part of commercial products. The System z TN3270 clients for both z/OS and z/VM are a little unusual in two respects: They are both called TELNET rather than TN3270, though they behave about like any other TN3270 client; Since they are invoked from a terminal session that is already logged in to a 3270, they don't have to remap keyboard input and screen output to a foreign platform such as dumb ASCII datastreams or the Windows presentation interface; rather, they offer a passthrough or transparent mode, and rely on the existing 3270 session to understand the EBCDIC datastream with only the minimal unwrapping of the TN3270 protocol that is needed. There is also no need to bring SNA into the picture, except for those specifically SNA functions defined in newer versions of the protocol. Although the z/OS implementation of a TN3270 server does map the TN3270 session to an SNA one, this is not logically necessary. The z/VM server uses SNA, oddly enough, only for line mode, but uses VM's Logical Devices for 3270 mode. It really comes down to the terminal interface that the application program is expecting. On z/OS (and maybe VSE, which I know nothing about), SNA apps such as TSO and CICS are common; on VM, apps typically use the low-level DIAGNOSE interface or layered software that ultimately drives what it perceives to be a local, channel-attached 3270 device. (Of course on VM, that app could be an entire guest operating system.) On a non z platform, the server application interface is generally proprietary to the software vendor. Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
By open, I was referring to the fact that not all z/OS Lpars are running TCPIP (Those not may well be very few) and all should be firewalled to some extent. I have to admit I've never tried from a native 3270, but when logged on to one Lpar's TSO/ISPF via my emulator(we currently use QWS from Jolly Giant), the command TSO TELNET ipaddr easily reaches the TN3270 server in another Lpar, shows the MSG10 screen and lets me logon. I first used this doorway via the Hipersocket link when the SEGMENTAIONOFFLOAD issue of the OSA cards bit me in the posterior. Now it's helpful as I move to multiple stacks in our multiple security zones. -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Chris Mason Sent: Thursday, June 26, 2008 4:50 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: TN3270 *from* a host?? Dave Please be more specific about what you actually achieve here. the command TSO TELNET ip address will reach the TN327o server running on a TCPIP open z/OS LPAR is not in dispute - with or without the open whatever you may mean by that, perhaps the z/OS UNIX TELNET server (otelnetd). Do you eventually enter your TSO commands one line at a time with no support from ISPF? what do you think you're reaching when you use (what ever TN3270) emulator you're using on your Window$ desktop? Typically, you are using the so-called TN3270 function and your TN3270(E) client (from whatever desktop platform) will be relying on 3270 emulation not (previously?) available from the TELNET client function supplied by the Communications Server IP component. Chris Mason On Thu, 26 Jun 2008 00:22:57 -0700, Gibney, Dave [EMAIL PROTECTED] wrote: I do it on occasion between our LPARs (over the Hipersocket link :), but yup the command TSO TELNET ip address will reach the TN327o server running on a TCPIP open z/OS LPAR. Actually, what do you think you're reaching when you use (what ever TN3270) emulator you're using on your Window$ desktop? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
I get full function ISPF or for that matter any other application I can logon to in the target system. (which is all of them) -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Chris Mason Sent: Thursday, June 26, 2008 5:36 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: TN3270 *from* a host?? Jim The acid test is getting something like ISPF running having used the TSO TELNET command. I'm afraid just seeing a USS message 10 isn't sufficient. It's the TN3270 server which is responsible for presenting you with USS messages. You need to get past this point in order to be playing in the game under discussion in this thread. Hitting PA1 etc is a description of LINEMODE behaviour. See Using the TELNET subcommands in Chapter 2. Logging on to a host using TELNET of the z/OS Communications Server IP User's Guide and Commands. Chris Mason On Thu, 26 Jun 2008 13:09:22 +0100, Jim McAlpine [EMAIL PROTECTED] wrote: On 6/26/08, Chris Mason [EMAIL PROTECTED] wrote: Please explain how (you think) you are doing it. If you issue tso telnet zoshostname from your tso/ispf session you will be presented with a full screen logon in the same manner as if you used a TN3270 client from a pc. If you then hit PA1 you will get telnet command : in the bottom left hand corner of the screen where you can enter quit which will return you to your original session. I don't know if it's actually TN3270 but it is certainly full screen 3270 mode. Jim McAlpine -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Well, I'm already TLS from my workstation to the original logon of TSO, and then I at least am so far always using the Hipersocket connection, so I see no security lapse. I don't have any good reason to check it out using the path out of the CEC and back. It does seem strange though if TLS isn't supported as you say. -Original Message- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Richard Peurifoy Sent: Thursday, June 26, 2008 8:37 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: TN3270 *from* a host?? Chris Mason wrote: Jim See my response to George. The point about your post was that you didn't go further than the USS messages which means you didn't go far enough. George did - and it seems you did before this post also. I'm glad we're all on the same page now! Chris Mason Sorry if you get this twice, I sent it to the newsgroup the first time. It should be mentioned that the telnet transparent mode under TSO does not support TLS. So if TLS encryption is required (as it is here) this won't work (at least as of z/OS 1.7). As for being written using the PASCAL API, so is the SMTP server. -- Richard -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
Chris Mason wrote: The acid test is getting something like ISPF running having used the TSO TELNET command. I'm afraid just seeing a USS message 10 isn't sufficient. It's the TN3270 server which is responsible for presenting you with USS messages. You need to get past this point in order to be playing in the game under discussion in this thread. Hitting PA1 etc is a description of LINEMODE behaviour. See Using the TELNET subcommands in Chapter 2. Logging on to a host using TELNET of the z/OS Communications Server IP Users Guide and Commands. Chris. Are you retired? Do you no longer have access to a live z/OS system? -- Edward E Jaffe Phoenix Software International, Inc 5200 W Century Blvd, Suite 800 Los Angeles, CA 90045 310-338-0400 x318 [EMAIL PROTECTED] http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TN3270 *from* a host??
On Thu, 26 Jun 2008 11:04:07 -0700, Gibney, Dave [EMAIL PROTECTED] wrote: Well, I'm already TLS from my workstation to the original logon of TSO, and then I at least am so far always using the Hipersocket connection, so I see no security lapse. I don't have any good reason to check it out using the path out of the CEC and back. It does seem strange though if TLS isn't supported as you say. ... I'm joining this conversation far too late to add my own Does so! and Can too!, but I did confirm the TELNET load module in the 1.8 SEZALOAD has an eyecatcher VS PASCAL RELEASE 2.0 06/13/06 15:31:05 Still Pascal, and recently recompiled. I suspect that the developers would redo this client if there people started needing it, but with the current need, why bother. I don't know when SSL support was added to the Tn3270 server, but I'm sure it was long after the client was ported to MVS, and I bet the client has been functionally stablized since it was ported (effectively, if not explicitly). AT-TLS woun't help, either. It does not support the Pascal socket interface. BTW, NetView for z/OS also provides a Tn3270 client. It also does not support SSL or TLS. Pat O'Keefe -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html