Re: TN3270 sessions
Note that some paramaters (in my case on zVM 5.2 - the port parm of the internalclientparms section) in the profile tcpip cannot be implemented on the fly with OBEYFILE, so be prepared for the need to bounce your IP stack. Bob -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Fran Hensler Sent: Friday, February 08, 2008 5:34 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: TN3270 sessions On Thu, 7 Feb 2008 15:32:40 -0500 Edward M. Martin said: I read and listen. What manual is the best place to start looking for Encrypted/unencrypted TN3270 sessions? We use an SSL appliance from http://www.illustro.com/icya called the iCYA. It sits between your network and the mainframe and takes the encryption/decryption load off the mainframe. Illustro takes care of obtaining the certificate and keeping the appliance software maintenance up to date. There are other vendors with SSL appliances. For TN3270 we use Hummingbird Hostexplorer http://connectivity.hummingbird.com/products/nc/he/index.html /Fran Hensler at Slippery Rock University of Pennsylvania USA for 44 years [EMAIL PROTECTED] +1.724.738.2153 Yes, Virginia, there is a Slippery Rock This electronic transmission and any documents accompanying this electronic transmission contain confidential information belonging to the sender. This information may be legally privileged. The information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on or regarding the contents of this electronically transmitted information is strictly prohibited.
Re: TN3270 sessions
On Thu, 7 Feb 2008 15:32:40 -0500 Edward M. Martin said: I read and listen. What manual is the best place to start looking for Encrypted/unencrypted TN3270 sessions? We use an SSL appliance from http://www.illustro.com/icya called the iCYA. It sits between your network and the mainframe and takes the encryption/decryption load off the mainframe. Illustro takes care of obtaining the certificate and keeping the appliance software maintenance up to date. There are other vendors with SSL appliances. For TN3270 we use Hummingbird Hostexplorer http://connectivity.hummingbird.com/products/nc/he/index.html /Fran Hensler at Slippery Rock University of Pennsylvania USA for 44 years [EMAIL PROTECTED] +1.724.738.2153 Yes, Virginia, there is a Slippery Rock
Re: TN3270 sessions
On Thursday, 02/07/2008 at 03:34 EST, Edward M. Martin [EMAIL PROTECTED] wrote: I read and listen. What manual is the best place to start looking for Encrypted/unencrypted TN3270 sessions? 1. You need to install and configure the SSL server 2. You need to configure the relevant apps (ftp, smtp, telnet) Both tasks are described in the z/VM TCP/IP Planning Admin book. Alan Altmark z/VM Development IBM Endicott
TN3270 sessions
Hello Everyone, I read and listen. What manual is the best place to start looking for Encrypted/unencrypted TN3270 sessions? Ed Martin 330-588-4723 ext 40441
Re: TN3270 sessions
TCP/IP Planning and Configuration for your release. From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Edward M. Martin Sent: Thursday, February 07, 2008 3:33 PM To: IBMVM@LISTSERV.UARK.EDU Subject: TN3270 sessions Hello Everyone, I read and listen. What manual is the best place to start looking for Encrypted/unencrypted TN3270 sessions? Ed Martin 330-588-4723 ext 40441
Re: TN3270 sessions
Thanks to David and Alan. Is there a REDBOOK available? Ed Martin 330-588-4723 ext 40441 From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of David Boyes Sent: Thursday, February 07, 2008 3:43 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: TN3270 sessions TCP/IP Planning and Configuration for your release. From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Edward M. Martin Sent: Thursday, February 07, 2008 3:33 PM To: IBMVM@LISTSERV.UARK.EDU Subject: TN3270 sessions Hello Everyone, I read and listen. What manual is the best place to start looking for Encrypted/unencrypted TN3270 sessions? Ed Martin 330-588-4723 ext 40441
Re: TN3270 sessions
On Thursday, 02/07/2008 at 04:27 EST, David Boyes [EMAIL PROTECTED] wrote: Key points to understand that the VM implementation is a transparent wrapper around the basic service, so telnet, SMTP, etc don?t really know it?s there. In 5.3, some of the servers and clients have been modified to support awareness of TLS (transport layer security), but not all. The FTP client and server, TELNET client and server, and SMTP all support transition of a clear-text session to an SSL/TLS-protected session. Alan Altmark z/VM Development IBM Endicott
Re: TN3270 sessions
Any final words of wisdom? Other than that SSL's dependency on certificates is an enormous PITA? 8-) Finding and deploying SSL-enabled clients will be your next big battle. Also, note that the SSLSERV code does NOT use OpenSSL as a base, so it doesn't know about any of the IBM crypto hardware. If you have lots of connect/disconnect style apps, that can hurt in terms of CPU (the initial exchange is the expensive part of a SSL handshake).
Re: TN3270 sessions
Any final words of wisdom? Steve Mitchell Sr Systems Software Specialist Blue Cross Blue Shield of Kansas (785) 291-8885 'There are no degrees of Honesty-you're either Honest or you're not! CONFIDENTIALITY NOTICE: This email message and any attachments are for the sole use of the intended recipient(s) and may contain proprietary, confidential, trade secret or privileged information. Any unauthorized review use, disclosure or distribution is prohibited and may be a violation of law. If you are not the intended recipient or a person responsible for delivering this message to an intended recipient, please contact the sender by reply email and destroy all copies of the original message.
Re: TN3270 sessions
Not that I know of, but we put together an appliance to simplify the Linux part of the setup (free download after a small hoop to jump through, see http://sinenomine.net/vm/sslenabler), and the IBM documentation covers most of the other issues you actually care about. Most of the hard parts are getting the Linux system set up, so skip that part and just use the enabler system. Key points to understand that the VM implementation is a transparent wrapper around the basic service, so telnet, SMTP, etc don't really know it's there. In 5.3, some of the servers and clients have been modified to support awareness of TLS (transport layer security), but not all. The hardest thing will be dealing with certificates. X.509 is a *bear* to understand, but the important point is that you need a certificate to identify the system that matches the host name you use for that system. It's easier in terms of deployment to use one that is generated by an external certificate authority (look in your copy of Windows for the default companies), but not required. Get it, import it, and go through the configuration steps in the docs. After that, you can start the hunt for clients that implement requesting SSL-protected services.
Re: TN3270 sessions
On Feb 7, 2008, at 3:24 PM, Steve Mitchell wrote: Any final words of wisdom? Neither a borrower nor a lender be. Objects in mirror are closer than they appear. The just regardeth the lives of his beasts, but the bowels of the wicked are cruel. Adam
Re: Odd sizes for tn3270 sessions
I sometimes also use odd sizes (particularly 43x133) in the way that Kris describes but there are a few applications (Ditto, VM:Operator) that do not like this and refuse to play. Colin Allinson Amadeus Data Processing Kris Buelens [EMAIL PROTECTED] wrote: I sometimes use odd screen-sizes from PCOMM over TELNET into VM. No problem whatsoever. VM supposrt this for ages (since the arrival of the 3290 gaspanel I think). The PCOMM GUI does not allow to enter odd values, but if you edit the .WS file you enter whatever. Kris, IBM Belgium, VM customer support
Re: Odd sizes for tn3270 sessions
62x140; same with VM:Operator not liking it, VMYCON155E userid screen size exceeds 43-line/80-column maximum. but VM:Backup resizes it to 24x80... How's that done or could it be done from REXX? Gregg No plan survives execution Colin Allinson [EMAIL PROTECTED] us.comTo Sent by: The IBM IBMVM@LISTSERV.UARK.EDU z/VM Operating cc System [EMAIL PROTECTED] Subject ARK.EDU Re: Odd sizes for tn3270 sessions 10/11/2006 04:57 Please respond to The IBM z/VM Operating System [EMAIL PROTECTED] ARK.EDU I sometimes also use odd sizes (particularly 43x133) in the way that Kris describes but there are a few applications (Ditto, VM:Operator) that do not like this and refuse to play. Colin Allinson Amadeus Data Processing
Re: Odd sizes for tn3270 sessions
Gregg Reed wrote: 62x140; same with VM:Operator not liking it, VMYCON155E userid screen size exceeds 43-line/80-column maximum. but VM:Backup resizes it to 24x80... How's that done or could it be done from REXX? Gregg resizing to 24 by 80 is done by the application using the write vs write alternate form of the command code. Don Russell
Re: Odd sizes for tn3270 sessions
On: Wed, Oct 11, 2006 at 07:27:26AM -0700,Don Russell Wrote: } Gregg Reed wrote: } 62x140; same with VM:Operator not liking it, VMYCON155E userid screen size } exceeds 43-line/80-column maximum. but VM:Backup resizes it to 24x80... } How's that done or could it be done from REXX? } Gregg } resizing to 24 by 80 is done by the application using the write vs } write alternate form of the command code. Correction Don, its erase write and erase write alternate. For the non-3270 internals folks, all 3270 displays (except model 2s (24x80)) have 2 sizes. 24x80 and another size. On real 3270s, there were only a few other sizes, such as 32x80 (model 3), 43x80 (model 4) or 27x?? (model 5). On PC based emulators, many other sizes are possible. On all of them, if an erase write command is recieved, the display reverts to 24x80, and if an erase write alternate command is recieved, the display goes to the other size. Since VM:Backup wants to display its screens on 24x80 screens, it sends an erase write first. When VM:Backup ends, either it or CP sends an erase write alternate to reset the screen to what you had before. ISTR that part of CP's response to the CLEAR key is to send an erase write alternate. -- Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com + 1 239 543 1353 Eastern time. N6LRT I speak for myself my dogs only.VM'er since CP-67 Canines:Val, Red, Shasta Casey (RIP), Red Zero, Siberians Owner:Chinook-L Retired at the beach Asst Owner:Sibernet-L
Re: Odd sizes for tn3270 sessions
Rich Greenberg wrote: On: Wed, Oct 11, 2006 at 07:27:26AM -0700,Don Russell Wrote: } Gregg Reed wrote: } 62x140; same with VM:Operator not liking it, VMYCON155E userid screen size } exceeds 43-line/80-column maximum. but VM:Backup resizes it to 24x80... } How's that done or could it be done from REXX? } Gregg } resizing to 24 by 80 is done by the application using the write vs } write alternate form of the command code. Correction Don, its erase write and erase write alternate. Yes, that's why I used ...form of the command. My point being there are multiple commands to write to the display, depending on what the application wants to do. Of course before issuing an EWA command the host should query the device to determine its capabilities. If one were to send an EWA to a device that didn't support alternate sizes, the result would be a PROG 4xx (404 I think). For the non-3270 internals folks, all 3270 displays (except model 2s (24x80)) have 2 sizes. 24x80 and another size. On real 3270s, there were only a few other sizes, such as 32x80 (model 3), 43x80 (model 4) or 27x?? (model 5). Mod 5 == 27 by 132
Odd sizes for tn3270 sessions
My tn3270 client (Seagull Software's Bluezone tn3270 client) offers me a chance to have a dynamic device that can be any size of terminal besides the usual models: 2, 3, 4, and 5. However, when I try to use a dynamic device and ask for a 43x100 screen size, I got an error message that the server doesn't support the requested device type. Before I contact Seagull, what should z/VM 4.4's TCP/IP stack and CP's LDEV support provide for this? Is 43x100 ever a supported screen size for a tn3270 session? Does tn3270e somehow make this possible if I hit the right combination of settings? Will Julie leave Fred for Bill even though she's carrying John's baby? Signed, Befuddled Deviant in Gaithersburg
Re: Odd sizes for tn3270 sessions
Never mind; if I don't say dynamic device but still say, 43x100, please?, I get 43x100. Nick I wrote: My tn3270 client (Seagull Software's Bluezone tn3270 client) offers me a chance to have a dynamic device that can be any size of terminal besides the usual models: 2, 3, 4, and 5. However, when I try to use a dynamic device and ask for a 43x100 screen size, I got an error message that the server doesn't support the requested device type. Before I contact Seagull, what should z/VM 4.4's TCP/IP stack and CP's LDEV support provide for this? Is 43x100 ever a supported screen size for a tn3270 session? Does tn3270e somehow make this possible if I hit the right combination of settings? Signed, Befuddled Deviant in Gaithersburg
Re: Odd sizes for tn3270 sessions
I sometimes use odd screen-sizes from PCOMM over TELNET into VM. No problem whatsoever. VM supposrt this for ages (since the arrival of the 3290 gaspanel I think). The PCOMM GUI does not allow to enter odd values, but if you edit the .WS file you enter whatever. Kris, IBM Belgium, VM customer support The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU wrote on 10/10/2006 16:59:58: My tn3270 client (Seagull Software's Bluezone tn3270 client) offers me a chance to have a dynamic device that can be any size of terminal besides the usual models: 2, 3, 4, and 5. However, when I try to use a dynamic device and ask for a 43x100 screen size, I got an error message that the server doesn't support the requested device type. Before I contact Seagull, what should z/VM 4.4's TCP/IP stack and CP's LDEV support provide for this? Is 43x100 ever a supported screen size for a tn3270 session? Does tn3270e somehow make this possible if I hit the right combination of settings? Will Julie leave Fred for Bill even though she's carrying John's baby? Signed, Befuddled Deviant in Gaithersburg
Re: Odd sizes for tn3270 sessions
Just made a test 166x280 was refused ('not allowed over the current connection 66x180 was OK for TELNET but XEDIT and CP where confused 66x100 is perfect (except for my old eyes) 66x200 works too So, there are some limits but there is great freedom
Re: Odd sizes for tn3270 sessions
Hummingbird allows custom settings of: Rows (20 - 72) Columns (80 - 200) -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Kris Buelens Sent: Tuesday, October 10, 2006 11:51 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Odd sizes for tn3270 sessions Just made a test 166x280 was refused ('not allowed over the current connection 66x180 was OK for TELNET but XEDIT and CP where confused 66x100 is perfect (except for my old eyes) 66x200 works too So, there are some limits but there is great freedom If you are not an intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it. Click here for important additional terms relating to this e-mail. http://www.ml.com/email_terms/