Slippery Rock University is using SSL TN3270. We use the Hummingbird
HostExplorer emulator on the desktop and an SSL appliance called iCYA
(Internet Control Your Access) from Illustro: http://www.illustro.com/icya.htm
The iCYA offloads the encryption from the mainframe. Secure data
coming into the iCYA on port 992 is sent to the mainframe in clear
text on port 23 and when the response is received by the iCYA it is
encrypted and sent out on port 992.
We did not do a mass conversion of desktops to SSL TN3270. Users who
are not converted yet come into the iCYA on port 23.
So the iCYA handles both the SSL users and the unsecured users.
Eventually we will close port 23 and then all users will be required
to use the SSL version of HostExplorer.
/Fran Hensler at Slippery Rock University of Pennsylvania USA for 43 years
[EMAIL PROTECTED] +1.724.738.2153
"Yes, Virginia, there is a Slippery Rock"
On Thu, 21 Dec 2006 10:09:57 -0500 Mrohs, Ray said:
>How many sites are using SSL for end-to-end encryption of TN3270
>sessions? I am looking at SSLSERV as well as external appliances such as
>Visara's. We will provide this for about 800 concurrent CMS users at
>peak times.
>
>My main concerns are:
>1. reliability and proven load-handling capability
>2. user impact, so we want to minimize changes at the desktop
>3. system overhead
>4. compatibility with other initiatives such as 2-factor authentication
>
>I am interested in hearing about any real-life test or production
>implementations. If its too sensitive to discuss in the open, please
>email or call me. Thanks.
>
>Ray Mrohs
>U.S. Department of Justice
>202-307-6896
>
