There are external solutions that provide greater flexibility and security. OSA is limited to a single listening port for all access. There are solutions that allow your users to access via a single IP address but multiple ports that can be dedicated to specific LPAR’s. Additionally, the connections can be secure using SSH.
If you would like to discuss contact me off line. Ken Kenneth A. Bloom Avenir Technologies Inc /d/b/a Visara International 203-984-2235<tel:203-984-2235> bl...@visara.com<mailto:bl...@visara.com> www.visara.com<http://www.visara.com/> On Feb 2, 2021, at 7:00 PM, Pew, Curtis G <curtis....@austin.utexas.edu> wrote: On Feb 2, 2021, at 4:58 PM, Gilson Cesar de Oliveira <gil...@gmail.com> wrote: My concern is related to isolate consoles for different lpars. All the console clients that will connect to 192.168.10.100 should not connect to 10.152.200.100 and vice-versa. Are you saying that I can define the ports in different subnets but the default gateway should be the same ?? I have the configuration in HCD and there is a panel where I can configure the ports 0 and 1. Am I wrong at this point ?? In HCD there are two parts to the “OSA Advanced Facilities” configuration, a server configuration and a sessions configuration. In the server configuration you specify an IP address, subnet prefix, and TCP port number for one or both of the physical ports. Then you may specify a single gateway address, which should be on the same subnet as one of the physical ports. The port whose address is not on the same subnet as the gateway will be inaccessible to any host that is not on the same subnet as that host. For example, one of the cards on the University’s z14 ZR1 has port 0 IPv4 address 10.157.166.44/27 and port 1 IPv4 address 192.168.2.13/24 and IPv4 gateway address 10.157.166.33. When I’m on the University’s VPN (or when I was on campus back when we still did that) I can connect to port 0. However, only hosts with an IP address of https://linkprotect.cudasvc.com/url?a=https%3a%2f%2f192.168.2.xxx&c=E,1,4DdNBo7m-8Yz41Hj84KyIw4VzOxiNoOLVSWbGt_1aCqu0nERuYjVltzVwFdaLZAfj51lWPnusSfhQP9I2CQtnCPY8UDdAZ20IsZjlpFOKmw50mI,&typo=1 (which are confined to the data center) can connect to port 1. Then there is the session configuration. Each session is assigned a CSS id and an MFID (which selects an LPAR) and a unit number; it is identified by an LU name. You can connect to a session from either port, but as part of the session definition you can filter by client IP address. So if what you want to do is isolate consoles for different LPARs, you need to be looking at the session definitions, not the port definitions. Although, of course, all clients will need to be able to access one or the other of the ports. -- Pew, Curtis G curtis....@austin.utexas.edu ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
