Plain text version….
From: Richard Poliak [mailto:rpoliak berkeley.edu]
Sent: Wednesday, April 04, 2007 6:04 PM
To: 'Micronet group micronet'
Subject: UC Berkeley mainframe TN3270 emulation going
SSL/TLS - Status
Update
This past Sunday, April 1 we enabled negotiable secure
(SSL/TLS) TN3270
connectivity on the second UC Berkeley mainframe host
system, iridea. We are
now positioned to move forward with the final transition to
mandatory secure
TN3270 connectivity.
Important upcoming dates for the transition are April 15
when we will enable
mandatory secure TN3270 connectivity on the ironwood host
system and then
April 29 when we will enable mandatory secure TN3270
connectivity on iridea.
After those dates when you attempt to connect to the
mainframe host systems
your TN3270 emulator client software must be configured to
request a secure
connection. If your emulator client is not so configured or
is not capable
of being configured to request a secure connection, you will
experience a
denial of service until you have a TN3270 emulator that
meets these
requirements.
At this point all users who connect to the mainframe should
ensure their
TN3270 emulator client is capable of making a secure
connection to the
mainframe. For more information about the move to secure
TN3270 connectivity
please read the iNews article
http://istpub.berkeley.edu:4201/bcc/Spring2007/1000.html
and associated FAQs
http://security.berkeley.edu/Secure-TN3270-Em
ulation-FAQ.html#HEdoc .
These documents provide details about UCB’s recommended
TN3270 client, where
and how to get and install the software.
For OPTRS/PPS and other users who connect to the mainframe
ironwood host
system using a VPN and the lonicera server, there are
additional
considerations. You must continue to use the VPN/lonicera
connectivity to
ironwood even after April 15th mandatory secure TN3270 date.
The mainframe
support group has additional work to complete on ironwood
before
transitioning all VPN+Lonicera users. Future communications
will provide
more details and transition dates. However, in preparation
for that
eventuality you can uninstall any old TN3270 client that may
not be SSL/TLS
capable, install the recommended Hummingbird Host Explorer
2007 TN3270
emulator and then use the lonicera profile provided in the
hummingbird
neighborhood program group to connect as all OPTRS/PPS users
currently do by
still using VPN. The advantage of doing this now is that
when the mainframe
support group completes its configuration changes to support
OPTRS/PPS users
connecting directly to ironwood, you will already have the
new Hummingbird
HE TN3270 client installed and the only change necessary
will be to use the
ironwood-mod2ssl profile in the hummingbird neighborhood
program group
rather than the interim lonicera profile.
All IT workstation support groups are aware of these changes
and can assist
you through the TN3270 client upgrade process. If you have
not been
contacted about an IT support group, are not sure you even
use the mainframe
or do not know whom to contact to get assistance please call
the IST Service
Desk at 510-642-4920 and they will get you connected with an
appropriate IT
support group.
Rich Poliak
Supervisor Mainframe Group
Infrastructure Services
UC Berkeley
Office: (510) 643-8168
Cell: (510) 812-5301
rpoliakberkeley.edu
------------------------------------------------------------
------------
The following was automatically added to this message by the
list server:
To learn more about Micronet, including how to subscribe to
or unsubscribe from its mailing list and how to find out
about upcoming meetings, please visit the Micronet Web
site:
http://micronet.berkele
y.edu/
|
