This past Sunday, April 1 we enabled negotiable secure (SSL/TLS) TN3270
connectivity on the second UC Berkeley mainframe host system, iridea. We are
now positioned to move forward with the final transition to mandatory secure TN3270
connectivity.
Important upcoming dates for the transition are April 15 when we will
enable mandatory secure TN3270 connectivity on the ironwood host system and
then April 29 when we will enable mandatory secure TN3270 connectivity on
iridea. After those dates when you attempt to connect to the mainframe host
systems your TN3270 emulator client software must be configured to request a
secure connection. If your emulator client is not so configured or is not capable
of being configured to request a secure connection, you will experience a
denial of service until you have a TN3270 emulator that meets these
requirements.
At this point all users who connect to the mainframe should ensure
their TN3270 emulator client is capable of making a secure connection to the
mainframe. For more information about the move to secure TN3270 connectivity please
read the iNews article http://istpub.berkeley.edu:4201/bcc/Spring2007/1000.html
and associated FAQs http://security.berkeley.edu/Secure-TN3270-Emulation-FAQ.html#HEdoc
. These documents provide details about UCB’s recommended TN3270 client,
where and how to get and install the software.
For OPTRS/PPS and other users who connect to the mainframe ironwood
host system using a VPN and the lonicera server, there are additional
considerations. You must continue to use the VPN/lonicera connectivity to
ironwood even after April 15th mandatory secure TN3270 date. The
mainframe support group has additional work to complete on ironwood before
transitioning all VPN+Lonicera users. Future communications will provide more
details and transition dates. However, in preparation for that eventuality you
can uninstall any old TN3270 client that may not be SSL/TLS capable, install
the recommended Hummingbird Host Explorer 2007 TN3270 emulator and then use the
lonicera profile provided in the hummingbird neighborhood program group to
connect as all OPTRS/PPS users currently do by still using VPN. The advantage
of doing this now is that when the mainframe support group completes its configuration
changes to support OPTRS/PPS users connecting directly to ironwood, you will
already have the new Hummingbird HE TN3270 client installed and the only change
necessary will be to use the ironwood-mod2ssl profile in the hummingbird
neighborhood program group rather than the interim lonicera profile.
All IT workstation support groups are aware of these changes and can
assist you through the TN3270 client upgrade process. If you have not been
contacted about an IT support group, are not sure you even use the mainframe or
do not know whom to contact to get assistance please call the IST Service Desk at
510-642-4920 and they will get you connected with an appropriate IT support
group.
berkeley.edu">
Rich
Poliak
Supervisor Mainframe Group
Infrastructure Services
UC Berkeley
Office: (510) 643-8168
Cell: ; (510) 812-5301
rpoliak berkeley.edu">rpoliakberkeley.edu
|
