Use this panel to enter a new printer name to associate with a terminal device name.
This function is unique to TN3270. A terminal client first connects to the TN3270 server. A printer client then connects and request to be associated with the terminal LU name. The server understands this special request and knows to assign the printer client to the LU printer name that is associated with the terminal.
Before you begin, understand the printer name you want to associate with a terminal device.
Steps
You have completed this panel after you have entered a new printer name.
Fields
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The name of the printer, 1-8 characters, following these rules:
Use this panel to select from a list of printer group names.
This function is unique to TN3270. A terminal client first connects to the TN3270 server and is assigned an LU from a defined LU group. A printer client then connects and request to be associated with the terminal LU name. The server understands this special request and knows to assign the printer client to the LU printer name that is associated with the terminal LU within the LU terminal group.
Before you begin, ensure the a printer group you want to associate with an terminal LU group contains the same number of LUs as the terminal LU group. This association links a terminal LU group with a printer LU group. The two LU group MUST have the same number of LUs defined so the LUs can be paired.
For example, a payroll application can automatically send print data to a certain printer set up to print payroll data, based on the terminal LU processing the request. If the requested device name is already in use, the connection request is rejected.
Only printer groups that contain the same number of LUs as the number of LUs in the terminal device group appear in the pull-down list.
Steps
You have completed this panel after you selected from the list provided.
Fields
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
This is a list of the printer groups that contain
the same number of LUs as the Terminal LU group that you are editing.
Select which printer group you want to associate with the Terminal group.
If you do not want to associate a printer group, choose the No selection
entry. If there are no printer groups defined that have the
same number of LUs as this terminal group, then No selection is the only
available and valid choice.
Use this panel to customize cryptographic algorithms. To provide port security, the TN3270 server uses the encryption services of SSL or TLS to protect data. Your z/OS system SSL/TLS provides a defined set of encryption and data authentication algorithms we refer to as ciphers. The encryption algorithm scrambles the data so that it cannot be interpreted. The data authentication algorithm ensures that the data is delivered completely without alteration.
Before you begin, make some decisions about security.
Steps
You have completed this panel after you have:
You can find more detailed help on the following elements of this window:
I want to select which algorithms to use
Is this system subject to export regulations?
Radio Buttons
Click I want to use the defaults to use defaults.
Click I do not want to use ciphers to indicate you will not use ciphers.
Click I want to select which algorithms to use to indicate you will be selecting particular algorithms to use.
Click Yes to indicate your system is subject to export regulations.
Click No to indicate your system is not subject to export regulations.
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Click here if you want to use the defaults of the TN3270 server, using the services of the system SSL and TLS programming interface. When using the defaults, the system SSL/TLS services determine the cipher algorithms that are installed and available on your system. These will be used to negotiate the level of cipher to use for each connect ion, with the client. The system SSL/TLS services has a set priority order it uses when negotiating with the client, which is:
Click here to indicate that you do not want any encryption or data authentication to be performed.
Click here if you want to specify which algorithms to use. If you select multiple algorithms, the TN3270 server must exchange information with the client to determine which of the algorithms to use. This is based on:
The TN3270 server uses the list of selected algorithms in the same preferred order as that appear on the panel. This order is:
This information is passed on to the z/OS SSL/TLS programming interface.
The z/OS SSL/TLS programming interface determines what ciphers are installed at this z/OS installation, and
negotiates with the client about what ciphers it supports.
Select 'yes' if you are. This disables the choices that are not available due to export restrictions. 'No' is the default. The ciphers that are not available for export are:
You may select the ciphers that system SSL/TLS will attempt to negotiate with the client. The TN3270 server will pass your selections the system SSL/TLS programming services and will indicate the preferred order or preference as:
Use this panel to signify you want the client identifier to be a particular host name or that the client's host name should match an entry in a particular group.
Before you begin, you should decide whether you want the client identifier to have a particular host name or you want the client's host name to match an entry in a particular group. Depending on that decision, do one of the following:
Steps
You have completed this panel when you have selected either radio button, and filled either the host name field or the group name.
Fields
Radio Buttons
Click The client must have the following host name if you want to the client to always connect using this hostname.
Click The client's host name must match an entry in this group if the client's host name can be an entry in a group.
Push buttons
Click Add to add host names to the group.
Click Edit to edit host names in the group.
Click Remove to remove host names from the group.
1 - 66 characters, one or more character strings, separated by dots (periods).
For example:
The name of the group following these rules:
The list of host names in this group that you can add, edit, or remove.
Use this panel to specify a host name.
Before you begin, know the name of the host name you want to specify.
Steps
You have completed this panel when you have entered a hostname meeting the requirements.
Fields
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
1 - 66 characters, can be one or more character strings, separated by dots (periods).
An example is:
Use this panel to signify you want the client identifier to be a particular IP address or that the client's IP address should match an entry in a particular group.
Before you begin, decide whether you want the client to have a particular IP address or you want the client's IP address to match an entry in a particular group. Depending on that decision, do one of the following:
Steps
You have completed this panel when you have selected either radio button, and filled either the IP address field or the Group name.
Fields
Radio buttons
Click The client must have the following IP address to indicate the client must use the IP address entered.
Click The client's IP address must match an entry in this group to indicate the client's IP address should be an entry in the specified group. You have the ability to add, edit and remove IP address in this group.
Push buttons
Click Add to add an IP address/subnet in this group.
Click Edit to modify an IP address/subnet in this group.
Click Remove to delete an IP address/subnet in this group.
The IP address must be specified in dotted decimal notation, in which a 32-bit IP address is represented as four decimal numbers, one for each 8 bits, separated by dots (periods). Each of the four decimal numbers is greater than or equal to 0 and less than or equal to 255. For example:
00001010 00000001 10110100 11111110 a 32-bit address
10
1
180
254
dotted decimal notation (10.1.180.254)
The name of the group following these rules:
The list of IP addresses that you can add, edit, or remove. The IP addresses in the list consist of either an IP address or a subnet value and subnet mask.
Use this panel to signify you want the client identifier to be a particular user ID or that the client's user ID should match an entry in a particular group.
The User IDs for a client identifier are not the same thing as the user IDs entered at TN3270 clients when logging on to an application. Typically, when a client logs on to the application the end user will enter the application name, user ID, and password. However, the client's log on user ID is NOT what is used to match to the User IDs in client identifiers.
To understand what the User IDs of a client identifier represent, you must first understand that User ID client identifiers are only available for connections that use the client authentication function of SSL. Client authentication can be specified to use multiple levels of authentication.
Level 1 authentication is performed by system SSL. The client passes an X.509 certificate to the server. To pass authentication, the Certificate Authority that signed the client certificate must be considered trusted by the server.
Level 2 authentication provides level 1 authentication and additionally requires that the client certificate be registered with RACF (or other SAF compliant security product) and mapped to a user ID. The client certificate received during the SSL handshake is used to query the security product to verify that the certificate maps to a user ID known to the system prior to connection negotiation.
Level 2 authentication must be enabled to make use of the User ID client identifiers. It is the user ID returned from RACF during level 2 authentication that is used to find matches in these client identifiers. To enable this level of authentication you should select Use security server to verify client user ID on the Advanced SSL Settings panel.
Before you begin, you should decide whether you want the client to have a particular user ID or you want the client's user ID to match an entry in a particular group. Depending on that decision, do one of the following:
Steps
You have completed this panel when you have selected either radio button, and filled either the User ID field or the Group name.
Fields
Radio Buttons
Click The client must have the following user ID if you want to the client to always connect using this user ID.
Click The client's user ID must match an entry in this group if the client's user ID can be an entry in a group.
Push buttons
Click Add to add User IDs in this group.
Click Edit to modify User IDs in this group.
Click Remove to delete User IDs in this group.
the name of the user, following these rules:
The name of the group following these rules:
The list of user IDs in the group that you can add, edit, or remove.
Use this panel to specify a user ID.
Before you begin, know the name of the user ID you want to specify.
Steps
You have completed this panel when you have entered a user ID meeting requirements.
Fields
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The name of the user, following these rules:
Use this panel to set the application access method for clients that match this client identifier.
When assigning applications, you must understand some characteristics of the connecting clients. The client may be a terminal or a printer. If the client is a terminal, then it is likely connecting in to an application that provides full screen TN3270 support. However, it may be connecting to a line mode application such as TSO. If the client is a printer, then it is likely that the application will initiate the session to the client and no additional application access needs to be defined. There are several ways of setting up application access based on the characteristics of the client and the application.
Before you begin, decide which of the 4 types of applications you want to assign (for printers, for terminal-full screen mode sessions, for a USS table, or line mode sessions).
Steps
You have completed this panel when you have selected one of the 4 assignment options.
Fields
Radio buttons
Click Assign application for printers to indicate you want to map an application for printer clients.
Click Assign application for terminal-full screen mode sessions to indicate you want to map an application for terminal-full screen mode clients.
Click Display a USSMSG10 panel to indicate you want a USS MSG10 sent to terminal client.
Click Assign application for line mode sessions to indicate you want to map an application for linemode sessions clients.
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The name of the application, following these rules:
The application name may be network qualified. A network qualified application name consists of a 1-8 character network ID followed by an application name, with the names separated by a period.
The name of the USS table, following these rules:
Use this panel to enter a group name, group type and group members.
Before you begin, know the group name, type and members you want to enter.
Steps
You have completed this panel when you have entered the group name, selected the type and added, edited or removed group member names.
Fields
Radio Buttons
Click Terminal to indicate the group type is a terminal group.
Click Printer to indicate the group type is a printer group.
Push buttons
Click Associate Printer Group...
to associate this group name with a printer. This button is only available when editing an LU terminal group that has been assigned to the client identifier.
Click Add to add a group member. This button is only available when editing from the LU groups table.
Click Edit to edit a group member. This button is only available when editing from the LU groups table.
Click Remove to remove a group member. This button is only available when editing from the LU groups table.
Click Move Up to move a group member up in the list.
Click Move Down to move a group member down in the list.
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
This button is available only when editing a terminal LU group assigned to a client identifier.
Use this button to establish a TN3270 printer association, which allows a printer to specify an active LU terminal name during connection negotiation. The server understands this special request and knows to assign a printer LU name associated with the requested terminal LU name. The association is established by linking a terminal LU group with a printer LU group. The two LU groups MUST have the same number of LUs defined. For example, once the pools are linked, the server will assign the third printer LU to a printer connection that requests association with the third terminal LU.
The name of the group following these rules:
The group can be either for terminal clients or printer clients.
The list of group members that you can add, edit, or remove. At least one entry is required.
Use this panel to select the type of object to be mapped to the client identifier.
Before you begin, decide which of the 4 types of objects (specific terminal, terminal LU group, specific printer, printer group) you want to associate with the client.
Steps
You have completed this panel when you have selected one of the 4 types of objects you can map to a client.
Fields
Radio buttons
Click Specific terminal to indicate you want the client identifier mapped to a particular terminal, known by an LU name
Click Terminal LU group to indicate you want the client identifier mapped to a particular terminal LU group, known by a group name
Click Specific printer to indicate you want the client identifier mapped to a particular printer, known by a printer name
Click Printer group to indicate you want the client identifier mapped to a particular printer group, known by a printer group name
Push buttons
Click New group specify a new group to associate with a terminal
LU group or a printer group.
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
A drop down list of all currently defined terminal or printer groups. Select from the list and click OK.
The name of the printer, following these rules:
Client identifiers are used to match clients to VTAM LUs and to connect the clients to applications. Use this panel to indicate which LUs will be assigned to this client identifier and to specify how the clients get assigned to applications.
When a client connects to the TN3270 server, the server searches the client identifiers to find a match. For example, if this client identifier is an IP address group and a client connects to the server, the server looks to see if the clients IP address is one of the IP addresses in the IP address group. If a match is found, the server determines which LUs are assigned to the client identifier and in turn assigns the client's connection to one of these LUs. Likewise, the server determines the application access method that has been assigned to the client identifier and uses the assigned method to allow the client to access the correct application.
You assign LUs to the client identifier for clients that connect as terminals and separate ones for clients that connect as printers. You may not have clients that are printers and you are not required to assign LUs for clients that are printers. There are no LUs assigned by default. For both printers and terminals, you can assign either individual LUs or groups of LUs. This panel is also used to create and manage all LU groups.
When assigning applications to the client identifier, you must understand some characteristics of the connecting clients. If the client is a terminal, then it is likely connecting in to an application that provides full screen TN3270 support. However, it may be connecting to a line mode application such as TSO. There are several ways of setting up application access based on the characteristics of the client and the application.
It is recommended that you assign all desired application access and enough LUs for all clients that match this client identifier. However, such assignments are not required. It is possible that you define multiple client identifiers that match a specific client. One of the client identifiers may be assigned LUs, but no application access. The other client identifier may be assigned application access, but no LUs. In this case the TN3270 server will use an LU from one client identifier and the application access from the other client identifier to setup the client's session. You are required to assign at least one LU or application access to the client identifier, otherwise the client identifier does not provide any function. If you do not assign all necessary LUs or all application access to this client identifier, you should must be cautious that you understand the interaction between multiple client identifiers.
Before you begin, decide whether you want to make application assignments and how you want to make LU assignments.
Steps
You have completed this panel after you have assigned at least one LU.
Fields
LU and application assignments
Push buttons for LU and application assignments
Click Assign LUs to assign terminal and printer LUs and LU groups to clients.
Click Assign application to set the applications for the clients.
Click Edit to edit an LU or application assignment.
Click Remove to remove an LU or application assignment.
Push buttons for LU groups currently defined
Click Add to add a terminal or printer LU group name.
Click Edit to edit a terminal or printer LU group name.
Click Remove to remove a group name.
These are the LU and application assignments already available. The client id tree shows the five types of assignments that may be made:
Use the tree structure to see what assignments have been made. If no assignment has been made for one of the types, the default setting is displayed.
Use the Assign LUs... and Assign application... buttons to make assignments. Once an assignment has been made, you can select it and use the Edit or Remove buttons. If the assignments are removed you will see the default assignment displayed. You cannot edit or remove the default assignments.
These are the LU groups previously defined. You can add, edit, or delete them here. These groups define terminal clients or printer clients. When you add a new group, specify whether its for terminal or printers. When you edit a group, you can change its name and also modify the entries in the group. However, you cannot change the group type that indicates whether the group is for terminals or printers.
Use this panel to select which type of client identifier you want to define.
When clients connect, the TN3270 server searches the defined client identifiers looking for a match. A match tells the server how to assign the client to the correct VTAM LU and application. There are five basic types of client identifiers you can define.
It is possible that a client would match multiple client identifiers. For example, a client's host name may be in one client identifier and its IP address in another. If this is the case, TN3270 server uses the same priority order as the order the types appear in the list above and on the panel.
Before you begin, decide how you want the client to be identified.
Click on the identification you want to use. The Client user ID option is available and valid only for ports using security.
You have completed this panel after you have selected the identification you want to use.
Radio buttons
Click Client user ID to define a client identifier that matches clients' user ids.
Click Client host name to define a client identifier that matches clients' host names.
Click Client IP address to define a client identifier that matches clients' IP addresses.
Click Destination link IP address to define a client identifier for clients that connect in through specific links identified by the link IP address.
Click Destination link name to define a client identifier for clients that connect in through specific links identified by the link name.
This panel allows you to either define a new client identifier or modify an existing one. The TN3270 server uses Client identifiers to match clients as they connect. For example, a client identifier may be a client's IP address. When the client connects to the server, the server sees this client's IP address matches the one defined in the client identifier. The server then uses this client identifier to know which VTAM LU to assign to the client and to which application to connect the client.
When you are defining a new client identifiers, you perform several tasks.
When a client connects in, the server may find that the client matches multiple client identifiers. The server uses the following search order priority to determine the match:
This panel shows a tree of all the currently defined client identifiers. You can expand a client identifier in the tree and see the applications and LUs that are assigned. Each client id shows the five types of assignments that may be made:
Use the tree structure to see what assignments have been made. If no assignment has been made for one of the types, the default setting is displayed.
Before you begin, know whether you are defining a new client identifier or modifying an existing one.
You have completed this panel after you have defined, edited or deleted client identifiers. You are not required to define any client identifiers. However, if no client identifiers are defined, you must use at least one of the default LU pools.
Push buttons
Click New to add a new client identifier.
Click Edit to edit a client identifier you've selected.
Click Delete to delete a client identifier you've selected.
Use this panel to set the application access method when a client connects to a server.
When assigning applications, you must understand some characteristics of the clients connecting. If the client is a terminal, then it is likely connecting to an application that provides full screen TN3270 support. However, it may be connecting to a line mode application such as TSO. There are several ways of setting up application access based on the characteristics of the client and the application.
Before you begin, decide the application access method you want for a client connecting to the TN3270 server.
Steps
An assembled and linked USS table can be used directly by Telnet.
You have completed this panel if you have clicked a button to indicate a selection under either 3270 full screen mode sessions or line mode sessions.
Fields
Radio buttons
Click Open an application to indicate you always want to connect to the same application
Click Display a USSMSG10 panel to indicate you want to connect to an existing USS table
Click Display the Telnet Solicitor panel to indicate you want
the default
The name of the application, following these rules:
The application name may be network qualified. A network qualified application name consists of a 1-8 character network ID followed by an application name, with the names separated by a period.
The name of the USS table, following these rules:
Use this panel to establish a set of logical units (LUs) for the default pool. When clients connect to the TN3270 server, each client must be assigned to a VTAM LU. This LU will be activated and used for SNA connectivity to the SNA application.
The TN3270 server uses VTAM application LUs to represent clients. The TN3270 server activates one SNA application minor node LU to represent each Telnet IP client. These Telnet application LUs establish sessions with VTAM host applications (for example, CICS), simulating terminals (LU0 or LU2) or printers (LU1 or LU3).
You are required to add at least one LU. You may enter multiple individual LUs using the Add... button. You may also define an LU range using the Add... button.
Before you begin, have ready the list of terminal LUs you want to specify in the default pool.
Steps
You have completed this panel after you have added, edited, or removed an LU or LU range. At least one LU must be added.
Push buttons
Click Add to add a new LU or LU range to the default pool.
Click Edit to change an existing LU or LU range.
Click Remove to remove an existing LU or LU range.
Use this panel to signify you want the client identifier to match clients that connect to a particular link or that connect to any in a group of links. The links are identified by the link's IP address.
Before you begin, you should decide whether you want the client identifier to match clients connecting to a particular link IP address or to just any link within a group of links. Depending on that decision, do one of the following:
Steps
You have completed this panel when you have selected either radio button, and filled in either the IP address field or the Group name and added at least one link to the group.
Fields
Radio buttons
Click The client must connect to a specific link to indicate the client must connect to the a specific link.
Click The client must connect to a link in a group to indicate the client must connect to one of the links in the link group. You have the ability to add, edit and remove IP addresses and subnets in this group.
Push buttons
Click Show Links... to display the available links from which to choose
an IP address.
Click Add to add IP address or subnet in this group.
Click Edit to modify IP address in this group.
Click Remove to delete IP address in this group.
Click here to see a list of existing links from which to choose. This is optional. You may type in a link IP address directly and not use the Show links... button.
The links established in this group that you can add, edit, or remove.
The IP address must be specified in dotted decimal notation, in which a 32-bit IP address is represented as four decimal numbers, one for each 8 bits, separated by dots (periods). Each of the four decimal numbers is greater than or equal to 0 and less than or equal to 255. For example:
00001010 00000001 10110100 11111110 a 32-bit address
10
1
180
254
dotted decimal notation (10.1.180.254)
The name of the group following these rules:
Use this panel to signify you want the client identifier to match to clients that connect a particular link or that connect to any in a group of links. The links are identified by the link name.
Before you begin, decide whether you want the client identifier to match clients connecting to a particular link or to just any link within a group of links. Depending on that decision, do one of the following:
Steps
You have completed this panel when you have selected either radio button, and filled in either the IP address field or the Group name and added at least one link to the group.
Fields
Radio buttons
Click The client must connect to a specific link to indicate the client must use connect to the a specific link.
Click The client must connect to a link a group to indicate the client must connect to one of the links in the link group. You have the ability to add, edit and remove IP addresses and subnets in this group.
Push buttons
Click Show Links...
to display the available links from which to choose a link.
Click Add to add a link name to this group.
Click Edit to modify a link name in this group.
Click Remove to delete a link name from this group.
The name of the link, following these requirements:
If the first digit is numeric, the entire name cannot be hexadecimal.
Click here to see a list of existing links from which to choose. This is optional. You may type in a link name directly and not use the Show links... button.
The name of the group following these rules:
The list of established links that you can add, edit, or remove.
Use this panel to edit the application name for clients that connect as full screen terminals.
Before you begin, know the application name you want to modify.
Steps
You have completed this panel when you have edited an application name.
Fields
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The name of the application, following these rules:
The application name may be network qualified. A network qualified application name consists of a 1-8 character network ID followed by an application name, with the names separated by a period.
Use this panel to edit the application name for clients that connect as linemode terminals.
Before you begin, know the linemode application name you want to modify.
Steps
You have completed this panel when you have edited an application name.
Fields
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The name of the application, following these rules:
The application name may be network qualified. A network qualified application name consists of a 1-8 character network ID followed by an application name, with the names separated by a period.
Use this panel to edit the printer name that has been assigned to the client identifier.
Before you begin, know the printer name you want to modify.
Steps
You have completed this panel when you have edited a printer name.
Fields
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The name of the printer, following these rules:
Use this panel to edit the application name for clients that connect as printers.
Before you begin, know the application name you want to modify.
Steps
You have completed this panel when you have edited an application name.
Fields
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The name of the application, following these rules:
The application name may be network qualified. A network qualified application name consists of a 1-8 character network ID followed by an application name, with the names separated by a period.
Use this panel to edit the terminal LU name that has been assigned to the client identifier.
Before you begin, know the terminal LU name you want to modify.
Steps
You have completed this panel when you have modified the terminal LU name.
Fields
Push buttons
Click Associate Printer... to associate a printer with this terminal LU.
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The name of the terminal LU, following these rules:
Use this button to setup up a TN3270 printer association, which allows a printer to specify an active LU terminal name during connection negotiation. The server understands this special request and knows to assign the printer LU name associated with the requested terminal LU name.
Use this panel to edit the USS table name that has been assigned to the client identifier.
Before you begin, know the USS table name you want to modify.
Steps
You have completed this panel when you have edited a USS table name.
Fields
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The name of the USS table, following these rules:
You have completed the z/OS Telnet 3270 server configuration. Click Finish to save your settings.
After clicking Finish:
This panel allows you to obtain SMF information during initialization and termination, and/or specify the reuse of inactive sessions.
Before you begin, make decisions about SMF recording, and the reuse of inactive sessions. To complete this panel:
Steps
You have completed this panel after you have clicked yes or no to answer the questions about SMF, and inactive session reuse.
You can find more detailed help on the following elements of this window:
Should the server write SMF records for initialization and termination?
Radio buttons
For SMF:
If you select Yes, the server will write format 119 SMF records. Session Initiation (or LOGON, subtype 20) will be generated when a client connects and Session Termination (or LOGOFF, subtype 21) SMF records will be generated when the client disconnects or is otherwise disconnected. If you Click Yes, ensure SMF is up and running and will accept these SMF record types.
This function is applicable only for clients that connect using a specific LU name. When the client connects and the TN3270 server finds that the LU specified on the client's connection request is already active then the server will initiate the take over processing. The server sends a TIMEMARK request to the original client that was using this LU. The server waits 5 seconds for a response from the client. If a response is not received within 5 seconds, the server terminates the old connection and the new client is connected.
Use this panel to specify an IP address or subnet to assign to the group.
Before you begin, decide if you want to specify an individual IP address or an IP subnet.
Steps
You have completed this panel when you have entered an IP address or IP subnet mask and value meeting the requirements.
Fields
Radio Buttons
Click Individual IP address to specify an individual IP address.
Click IP subnet to specify and IP address in the form of a subnet and mask.
Push buttons
Click Show Links... to see
the defined links.
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The IP address must be specified in dotted decimal notation, in which a 32-bit IP address is represented as four decimal numbers, one for each 8 bits, separated by dots (periods). Each of the four decimal numbers is greater than or equal to 0 and less than or equal to 255. For example:
00001010 00000001 10110100 11111110 a 32-bit address
10
1
180
254
dotted decimal notation (10.1.180.254)
The IP address, specified in dotted decimal notation, in which a 32-bit IP address is represented as four decimal numbers, one for each 8 bits, separated by dots (periods). Each of the four decimal numbers is greater than or equal to 0 and less than or equal to 255. For example:
00001010 00000001 10110100 11111110 a 32-bit address
10
1
180
254
dotted decimal notation (10.1.180.254)
This value will be logically ANDed with the subnet mask to determine the subnet.
The 32-bit subnet mask must be one or more one-bits followed by one or more zero-bits. The subnet mask cannot have any one-bits to the right of any zero-bits. Therefore, a mask of 255.255.192.0 is valid because 255 is 11111111 and 192 is 11000000, but a mask of 255.255.208.0 is not valid because 208 is 11010000.
However, the special subnet mask 0.0.0.0 is valid. This subnet mask is a wildcard that accepts all subnets.
The subnet value will be logically ANDed with the subnet mask to determine the subnet.
Clicking this button takes you to a panel that displays the currently defined set of links. If you have selected an Individual IP address you can select from the set of links and the value will be added back to this panel. If you have selected an IP subnet, the defined links can only be used for your reference. Use of the Show links... button is optional.
Use the link name panel to specify link names to be added to the link group.
Before you begin, know the name of the link name you want to specify.
Steps
You have completed this panel when you have entered a link name meeting the requirements.
Fields
Push buttons
Click Show Links... to display the available links from which to choose
a link.
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The name of the link, following these requirements:
Clicking this button takes you to a panel that displays currently defined links. You can select from the set of links and the value will be added back to this panel. Use of the Show links... button is optional.
Use this panel to alter logmode names used for Telnet device types. A logmode is the SNA logon mode entry used to select a set of session parameters such as screen size for the session being established. Telnet 3270 defines a set of device types that a client may specify when connecting. For each device type, you can modify the suggested logmode by clicking on that entry and typing in the new name.
The defaults are already available and predefined in VTAM and the TN3270 server can access these.
Before you begin, know what device types your clients are using and the logmodes you want to associate with those device types.
Steps
You have completed this panel if you have made desired changes to logmodes.
Fields
Use this panel to add LUs to a group. Select either an Individual LU or an LU range using fixed base.
Before you begin, decide whether you want to add an Individual LU or an LU range.
If you decide on an Individual LU, click on Individual LU and:
If you decide on an LU range, click on LU range using fixed base, and keep in mind these rules as you enter numbers:
After understanding these rules, you can proceed to:
You have completed this panel when you have selected either an Individual LU or an LU range using fixed base, and entered an LU name or the values required for the range.
Fields
Radio buttons
Click Individual LU to select a single terminal LU.
Click LU range using fixed base to select a range of
LU terminals.
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The base value of the range.
The length of the base value plus the length of the lower range cannot exceed 8 characters.
The lowest number in this LU terminal range. This must be either all numeric or all alphabetic characters.
The length of the base value plus the length of the lower range cannot exceed 8 characters.
If this value is numeric, the upper range must be numeric and have the same number of digits.
If this value is alphabetic, the upper range must be alphabetic and have the same number of digits.
The upper range must be greater than the lower range.
The highest number in this LU terminal range. This must be either all numeric or all alphabetic characters.
The length of the base value plus the length of the upper range cannot exceed 8 characters.
If this value is numeric, the lower range must be numeric and have the same number of digits.
If this value is alphabetic, the lower range must be alphabetic and have the same number of digits.
The upper range must be greater than the lower range.
Use this panel to configure a new port when you want to base its configuration on an existing port. All settings for the new port will be identical to the old port except for the port number and link association.
Before you begin, verify the existing port from which you want to copy.
Steps
You have completed this panel after you have entered a new port number.
Fields
Push buttons
Click Show Links... to see a display of existing links, from which
to choose.
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
An integer from 1 - 65535.
You can enter either an IP address or a link name. If specifying a link name should follow these requirements:
If the first digit is numeric, the entire name cannot be hexadecimal
If specifying a link's IP address, it must be in dotted decimal notation, in which a 32-bit IP address is represented as four decimal numbers, one for each 8 bits, separated by dots (periods). Each of the four decimal numbers is greater than or equal to 0 and less than or equal to 255. For example:
00001010 00000001 10110100 11111110 a 32-bit address
10
1
180
254
dotted decimal notation (10.1.180.254)
Clicking this button takes you to a panel that displays the currently defined links. You can select from the set of links and the link name will be added back to this panel. Use of the Show links... button is optional.
This panel allows you to specify a port number on which the TN3270 server will listen for client connections. Optionally, you can specify an associated link, which causes the TN3270 server to listen on the specified port, but only for connections that come in over the associated link.
You can indicate if the connections for the port should be secured using SSL or TLS technology. Typically, clients are within a secure intranet and additional security is not required. However, if your clients connect in from the internet outside of your firewall, you will likely want to protect your connections using SSL or TLS security. This includes encrypting and authenticating data delivery and possibly using client certificates to authenticate the clients.
Before you begin, know the port number, any desired link association, and whether security services are needed.
Steps
You have completed this panel after you have entered a port number and selected a connection type.
Fields
Push buttons
Click Security Settings... to specify more security information. This
button is only available when editing a port definition.
Click Show Links... to see a display of existing links so you can
select from the display.
Check this box if you want this port to use TLS and SSL technology to secure connections and transaction. If this is the first defined port to use security functions, you are required to enter a key ring database name on the security settings panel. All other security settings have defaults.
This button is only available if you are editing a previously defined TN3270 port and if you have indicated the port should use security services. If the port is defined to use security, you are required to enter a key ring database. This is done by clicking on the Security settings... button.
You may also further customize your security settings by clicking on this button. You can customize functions such as client certificate authentication, express logon, and choosing specific cipher algorithms.
Clicking this button takes you to a panel that displays the currently defined links. You can select from the set of links and the link name will be added back to this panel. Use of the Show links... button is optional.
You can enter either an IP address or a link name. If specifying a link name should follow these requirements:
If the first digit is numeric, the entire name cannot be hexadecimal
If specifying a link's IP address, it must be in dotted decimal notation, in which a 32-bit IP address is represented as four decimal numbers, one for each 8 bits, separated by dots (periods). Each of the four decimal numbers is greater than or equal to 0 and less than or equal to 255. For example:
00001010 00000001 10110100 11111110 a 32-bit address
10
1
180
254
dotted decimal notation (10.1.180.254)
The TN3270 server requires at least one port to listen for client connections. This panel allows you to manipulate existing ports as well as add new ports for the TN3270 server to use. The standard port reserved by the IETF for TN3270 server use is port number 23. This is the default when you define your first TN3270 port and it is the default for all TN3270 clients.
Before you begin, you need to know the port number of the port you want to define, edit or remove. Here are steps to complete everything available through this panel. Your steps will be limited by the tasks you chose to accomplish:
Steps
You have completed this panel after you have added, edited, copied or removed defined ports, or viewed a report, and selected how Telnet should start.
Fields
Indicate how the TN3270 server should get started
Push buttons
Click Add to launch a wizard, which enables you to add
a new TN3270 port.
Click Edit to edit a port you've selected.
Click Copy to copy an existing port definition you've selected.
Click Remove to delete a port definition you've selected.
Click Report... to display a snapshot of what the configuration
file would look like if you save all your input at this point and ask the
configuration demo to create the file.
Click Close to return to the
IBM TCP/IP Configuration Demo for z/OS main customization panel.
Telnet can be started as part of the TCP/IP stack, or, beginning with z/OS V1R6, it can run in its own address space separate from the stack. Typically, it will be started as part of the TCP/IP stack. However, you may consider running it in its own address space for one of the following reasons:
If you decide to start the Telnet server it its own address space, there are special considerations for operator command processing, CTRACE set up, Resolver search order, SNMP, and RACF (or other security product) setup. These are described in z/OS Communications Server IP Configuration Guide (SC31-8775) in the "Accessing remote hosts using Telnet" chapter.
This table shows all the ports defined for TN3270 servers use. Each entry indicates the port number, whether security services are to be used, and if there is a link associated with the port. You can add new ports, edit an exiting port definition, remove an existing port definition, or copy an existing port's settings to a new port.
Once the first port has been defined, you can use this button at any time to see a snapshot of the TN3270 profile configuration statements and keywords that the GUI would produce.
Use this panel to assign LUs to either default generic pools or default specific pools. When printer clients connect to the TN3270 server, each client must be assigned to a VTAM LU. This LU will be activated and used for SNA connectivity to the SNA application.
TN3270 server uses VTAM application LUs to represent clients. The TN3270 server activates one SNA application minor node LU to represent each Telnet IP client. These Telnet application LUs establish sessions with VTAM host applications (for example, CICS).
When a printer client connects, the TN3270 server searches for a client identifier that matches this client connection. If no match is found, then the server will use the default printer pools to assign an LU for the client's use.
The client's workstation can be configured to assign the TN3270 client to a specific LU when the connection is established. By default, clients are not defined to use a specific LU. Clients that do NOT specify assignment to a specific LU will be assigned an LU from the Default generic pool. Client's that DO specify assignment to a specific LU will be assigned that LU if it is defined in the Default specific pool.
You may also specify an application that printer clients should be connected to if the client is assigned one of the LUs from the default printer pools. Typically a printer client connects to the TN3270 server and then waits for the application to initiate the session to the client. However, you can specify the application and TN3270 server will connect the client directly to the application.
Before you begin, decide which printer pools you want to manipulate and which actions you want to perform on them.
Steps
You have completed this panel after you have added, edited or removed LUs to and from the default generic or default specific pools, and specified the application name for printer clients. You are not required to use the default printer pools at all.
Fields
Push buttons
Click Add to add an LU or a range of LUs to either a default generic pool or
a default specific pool.
Click Edit to edit an LU or a range of LUs to either a default generic pool
or a default specific pool.
Click Remove to delete an LU or range of LUs from either a default generic
pool or a default specific pool.
The name of the application, following these rules:
The application name may be network qualified. A network qualified application name consists of a 1-8 character network ID followed by an application name, with the names separated by a period.
The list of LU and/or ranges of LUs defined for the default generic pool for printer clients. You can add, edit or remove LUs and LU ranges from this list.
The TN3270 client's workstation can be configured to assign a TN3270 client to a specific LU when
the connection is established. By default, the clients are not defined to use a specific LU. Clients that do NOT
specify assignment to a specific LU will be assigned an LU from the Default generic pool.
The list of LU and/or ranges of LUs defined for the default specific pool for printer clients. You can add, edit or remove LUs and LU ranges from this list.
TN3270 clients can be administered on the client's workstation to specify to be assigned to a specific LU when
the connection is established. By default, the client's are not defined to use a specific LU. Client's that DO specify
to be assigned to a specific LU will be assigned that LU if it is defined in the Default specific pool.
Use this panel to specify the certificate location required for SSL/TLS security functions. The server certificate authentication process defined in the SSL protocol requires a certificate location. This location can be either:
Before you begin, decide:
Steps
You have completed this panel when you have:
Fields
Certificate (key ring) location
Radio Buttons
Click Key ring in security server to specify a key ring name within a security server.
Click Key database in HFS to specify an HFS file name.
Push buttons
Click Ciphers... to specify cryptographic algorithms.
Click Advanced... to specify additional security settings.
Create this file using the z/OS shell-based program, gskkyman. When running gskkyman:
Enter the key database name and extension on the panel. The TN3270 server can locate the stash file since it has the same file name.
When you are done, ensure you have created 2 files:
SSL requires server and optionally client authentication. Such authentication requires the server certificate location. Client authentication certificates reside in the same data base.
System SSL supports the following two methods for managing PKI private keys and certificates.
Use this button if you want to modify your choice of cipher algorithms.
Use this button if you want to modify additional security settings. These include:
Use this panel to specify more security information.
Before you begin, decide:
Steps
You have completed this panel when you have selected one of the three SSL protocol types, optionally selected a level of client certificate authentication, and optionally activated SSL.
You can find more detailed help on the following elements of this window:
Client certificate authentication
Enable client certificate authentication
Radio buttons
Click Assume client is using SSL to indicate the server should use standard SLL handshake.
Click Use TLS to initiate SSL to indicate the server should use TLS to initiate the SSL handshake.
Click Use TLS to allow client to decide if connection is secure to indicate the server should use TLS to determine if the client is willing to use SSL.
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
The TN3270 server provides several choices for negotiating SSL usage with the client.
Assume client is using SSL indicates the SSL handshake will be used to start the SSL connection. If the client does not start the handshake within 5 seconds, then an attempt is made to do a negotiated SSL handshake using the IETF TLS-based Telnet Security specifications. If the client rejects SSL, the connection is closed.
Use TLS to initiate SSL indicates the client supports the IETF TLS-based Telnet Security Draft. A TN3270 negotiation with the client first determines if the client is willing to enter into a secure connection. If the client agrees, an SSL handshake is started and SSL protocols will be used for communication. If the client rejects SSL, the connection is closed.
Use TLS to allow client to decide if connection is secure indicates that the security protocol defined in the IETF TLS-based Telnet Security Draft is used to initiate the SSL connection. If the client agrees to enter into the secure connection, then SSL protocols will be used. If the client is NOT willing to enter into the secure connection, the connection is still allowed, but no SSL is used.
Client authentication provides additional verification and access control by checking client certificates at the server. This prevents a client from obtaining a connection without an installation approved certificate.
The server authenticates the client by receiving the client's certificate during the SSL handshake and verifying the certificate is valid. System SSL at the server decrypts the signature using the public key of the client certificate issuer found in the server key database file. The server then creates a new message digest using the certificate's Distinguished Names and public key and compares the new message digest with the decrypted one. If they match, the server can be assured the client is authentic.
There are multiple levels of client authentication possible:
Level 1 authentication is performed by system SSL. The client passes an X.509 certificate to the server. To pass authentication, the Certificate Authority that signed the client certificate must be considered trusted by the server. Selecting Enable client certificate authentication provides level 1 authentication.
Level 2 authentication provides level 1 authentication and additionally requires that the client certificate be registered with RACF (or other SAF compliant security product) and mapped to a user ID. The client certificate received during the SSL handshake is used to query the security product to verify that the certificate maps to a user ID known to the system prior to connection negotiation. Selecting Use security server to verify client user ID provides level 2 authentication.
Level 3 authentication provides level 1 and 2 authentication. In addition, it provides the capability to restrict access to the server based on the user ID returned from RACF. If the SERVAUTH class of RACF is active and the server profile is defined, a connection is accepted only if the requester's user ID associated with the client certificate is in the profile. Selecting Use security server to verify client user ID provides level 3 authentication if the SERVAUTH class of RACF is active.
Check to indicate you want the server to authenticate client certificates during the SSL handshake. To pass authentication, the Certificate Authority (CA) that signed the client certificate must be considered trusted by the server. This means a certificate for the CA that issued the client certificate is listed as trusted in the server's keyring.
Check to indicate that in addition to client certificate certification, the server will verify the certificate has been registered with your SAF compliant security product, such as RACF, and has an associated user ID. Additionally, if the SERVAUTH RACF class is active and a RACF resource has been defined for the port, the connection is allowed only if the user ID associated with the client certificate has READ access to the RACF resource.
Users of TN3270 clients are generally required to know the user ID and password for the application they want to access. Users may forget their IDs and passwords or they may write down their IDs and password creating a security risk. A solution for this problem is the Express Logon Feature (ELF), which allows a TN3270 client with a x.509 certificate to log on to an SNA application without entering an ID or password. The client's certificate must be associated with a valid user ID in RACF. When the client connects, the TN3270 server uses RACF Secured Sign on services to obtain a user ID and PassTicket, which the server passes on to the SNA application to complete the logon.
This is a snapshot of your configuration file containing your TN3270 server definitions. If you configured the TN3270 server to start automatically with the TCP/IP stack, then this file is pointed to by an INCLUDE statement in file PROFILE.TCPIP. Otherwise, the TN3270 server is configured to start in its own address space and this file is pointed to by the PROFILE DD statement in the TN3270 start procedure.
Push buttons
Click Save to save this configuration file to your local disk.
Click Print to print this configuration file.
Click Close to end this panel.
Click Help to understand more about this panel.
Use this panel to see and select from a list of configured links. You may double click on an entry or select an entry and click OK. If this panel is shown when defining an IP subnet for a group, this panel can only be used for reference; no selection can be made.
Before you begin, know the link name or IP address you want to select.
Steps
You have completed this panel when you have selected a configured link or an IP address from the list displayed.
Push buttons
Click OK to complete the specification.
Click Cancel to negate any entries you have made on this page.
Click Help to understand more about this panel.
Currently you do not have a TN3270 server configured. Use the TN3270 Wizard to initially setup your TN3270 server. After you have completed the TN3270 Wizard, use the Advanced Setup... button to edit your configuration settings and expand them to use more advanced settings as necessary.
Before you begin, you should know a few basics.
A Telnet server is bridging between an IP network and SNA applications. A TN3270 client connects from a workstation to the z/OS mainframe over an IP network using TCP/IP protocols. The TN3270 server running on the z/OS system receives client connect requests by listening on a TCP port. Once a connect request is received, the server bridges from the TCP/IP network to VTAM and establishes an SNA session with the SNA application. The server then manages an end-to-end connection from the TN3270 client through the IP network to the server and from the server to the SNA application.
The TN3270 server needs to be configured with some basic information. The server needs two pieces of information to be configured properly:
The name of the SNA LU used to represent the client to the SNA application, when
a client connects.
Since TN3270 is bridging between your previous SNA network, it is likely that your SNA applications
expect the end users to be represented using specific SNA LU names. Therefore, TN3270 server allows you to
configure the LU names to server. There are no defaults.
The name of the SNA application to which the client will connect.
It is likely that in your SNA network, the SNA LU definition statements were defined to either send
the SNA LU terminal a specific USSMSG10 or to automatically log the terminal on to a specific application when
the terminal LU was activated. Since the SNA LU definitions are no longer used, the equivalent information
must be defined to the TN3270 server.
For more information on the differences between the TN3270 Wizard and the Advanced Setup, see the Push buttons below.
Push buttons
Click TN3270 Wizard... to start the TN3270 Wizard.
Click Advanced Setup... to use the advanced setup.
Click Close to return to the TCP/IP configuration console without configuring a TN3270 server.
Click here if you want to establish your first and basic TN3270 server.
The TN3270 Wizard will configure the TN3270 server to listen on the well-known IETF port number 23, without SSL security protocols.
The wizard will help you:
Define a group of SNA LUs to assign to TN3270 terminal clients.
Define the application access for the clients, which includes choosing:
The TN3270 default solicitor panel, which will query the client asking for the application name, user id and password.
To send a USSMSG10 to the clients.
To log directly on to an application for full screen TN3270 clients.
To log directly on to an application for line mode TN3270 clients.
Modify your SNA logmode choices for the various TN3270 device types to customize settings, such as the client's screen size.
Click here if you want to configure a server that uses advanced features. These advanced features include:
Multiple TN3270 ports
IETF defines port 23 as the well-known TN3270 port. This is the default setting for TN3270 clients. You may want to use other ports. It is a common practice to use port 23 as a basic non-SSL port and define an additional port for clients connecting across the internet, who require SSL security protection.
SSL security
If you have clients that connect over the internet, you may need to use the SSL security. This provides encryption, data authentication and client certificate authentication functions.
TN3270 printer support
If you have TN3270 clients that are printers you can configure the server to support them.
Default specific pools
You can configure the server to allow TN3270 clients to be assigned to a specific LU, when they connect to the server. Clients must be configured to request assignment to a specific LU.
Client identifiers
The TN3270 server provides sophisticated and flexible settings to allow certain clients assignment to specific LUs
and applications, while other groups of clients are assigned to other specific LUs and applications.
You define a client identifier to match specific client
characteristics and you assign the SNA LUs and application access to the client identifier. When a client connects,
the server matches the client to a client identifier and applies the client identifier's LUs and application to the
connecting client.
For example, you can define a client identifier as a group of client IP addresses. You then assign specific LUs
and specific application access to this client identifier. When a client connects, the server understands the
client's IP address and determines that it matches one of the addresses in the defined group of client IP addresses.
The server then uses one of the LUs and the application access assigned to this
client identifier when establishing the connection for the client.
Use this panel to assign LUs to either default generic pools or default specific pools. When clients that are terminals connect to the TN3270 server, each client must be assigned to a VTAM LU. This LU will be activated and used for SNA connectivity to the SNA application.
TN3270 server uses VTAM application LUs to represent clients. The TN3270 server activates one SNA application minor node LU to represent each Telnet IP client. These Telnet application LUs establish sessions with VTAM host applications (for example, CICS).
When a terminal client connects, the TN3270 server searches for a client identifier that matches this client connection. If no match is found, then the server will use the default terminal pools to assign an LU for the client's use.
The client's workstation can be configured to assign the TN3270 client to a specific LU when the connection is established. By default, clients are not defined to use a specific LU. Clients that do NOT specify assignment to a specific LU will be assigned an LU from the Default generic pool. Client's that DO specify assignment to a specific LU will be assigned that LU if it is defined in the Default specific pool.
This panel is also used to set the application access method when a client is assigned to an LU from one of these default pools.
When assigning applications you must understand some characteristics of the clients connecting. If the client is a terminal, then it is likely connecting in to an application that provides full screen TN3270 support. However, it may be connecting to a line mode application such as TSO. There are several ways of setting up application access based on the characteristics of the client and the application.
Before you begin, decide which terminal pools you want to manipulate and which actions you want to perform on them.
Steps
You have completed this panel after you have:
You are not required to use either of the default pools.
Fields
3270 full screen mode sessions
Radio buttons
Click Open an application to specify an application name for 3270 full screen mode sessions.
Click Display a USSMSG10 panel to specify a USS table name for 3270 full screen mode sessions.
Click Display the Telnet solicitor panel to use the default.
Push buttons
Click Add to add a LU or range of LUs in either a default generic pool
or a default specific pool.
Click Edit to edit an LU or range of LUs in either a default generic
pool or a default specific pool.
Click Remove delete an LU or range of LUs from either a default generic
pool or a default specific pool.
The name of the application, following these rules:
The application name may be network qualified. A network qualified application name consists of a 1-8 character network ID followed by an application name, with the names separated by a period.
The name of the USS table, following these rules:
When assigning applications, you must understand some characteristics of the connecting clients. If the client is a terminal, then it is likely connecting to an application that provides full screen TN3270 support. The default is to use the TN3270 server's solicitor panel, which is sent to the client to query which application to connect to, along with the logon id and password. You may override the default by assigning an application and the TN3270 server will connect the client directly to the application. Or you may also override the default by assigning a USS table, and the TN3270 server will send a USS MSG10 to the client.
When assigning applications, you must understand some characteristics of the connecting clients. If the client is a terminal, then it is likely connecting to an application that provides full screen TN3270 support. However, it may be connecting to a line mode application such as TSO. The default is to use the TN3270 server's solicitor panel, which is sent to the client in linemode to query which application to connect to, along with the logon id and password. You may override the default by assigning an application for linemode clients, and the TN3270 server will connect directly to the application.
The list of LU and/or ranges of LUs defined for the default generic pool for clients that are terminals. You can add, edit or remove LUs and LU ranges from this list.
The client's workstation can be configured to assign the TN3270 client to a specific LU when
the connection is established. By default, the client's are not defined to use a specific LU. Clients that do NOT
specify assignment to a specific LU will be assigned an LU from the Default generic pool.
The list of LU and/or ranges of LUs defined for the default specific pool for clients that are terminals. You can add, edit or remove LUs and LU ranges from this list.
The client's workstation can be configured to assign the TN3270 client to a specific LU when
the connection is established. By default, clients are not defined to use a specific LU. Clients that do NOT
specify assignment to a specific LU will be assigned an LU from the Default generic pool. Client's that DO specify assignment to a specific LU will be assigned that LU if it is defined in the Default specific pool.
Use this panel to specify when to disconnect idle clients. There are two methods used to handle idle clients. With both methods, you define a period of inactivity that is allowed before labeling the client as "idle".
Before you begin, understand the timing mark intervals you desire and whether you want to use the inactivity timer to disconnect clients.
Steps
You have completed this panel after you have filled in the 2 timing mark fields and made a decision about the inactivity timer.
Fields
Radio buttons
Click Yes to indicate you want to use an inactivity timer.
Click No to indicate you Do NOT want to use an inactivity timer.
An integer in the range 1-99 999 999 seconds.
If this value is less than, the scan interval value, it will be set equal to the scan interval value.
An integer in the range 1-99 999 999 seconds.
An integer in the range 1-99 999 999 seconds
The Timing mark scan interval and the Timing mark interval are used together to determine if a connection has been lost. Whenever data is received from the client, the TN3270 server records the time. The server checks all connections at regular intervals defined by the scan interval value. Each connection is checked to see if any data has been received from the client in the past timing mark period of time. If no data has been received, the server sends a TN3270 TIMEMARK command to the client, which acts as an "are you there?" and the server remembers that it sent this TIMEMARK. During the next check at the scan interval, each connection is again checked to see if any data has been received from the client. If not, and a TIMEMARK had been sent on the previous scan interval check, then the connection is dropped.
For example, assume the values for scan interval and timing mark interval are 1800 and 10800, respectively. That means every 30 minutes, all connections are checked to see if any data has been received in the last 3 hours. If not, a TIMEMARK is sent to the client. Thirty minutes later, the server checks the connections again. If the client responded to the TIMEMARK or sent in actual data, the server leaves the connection active. If nothing has been received the server drops the connection.
Caution must be used in setting these timers.
Setting the scan interval too low could cause excessive CPU usage.
Setting the timing mark interval too low could cause excessive flooding of the network with TIMEMARK commands.
For
example, these timers should take into account extended breaks such as lunch. If the timing mark interval is smaller
than the lunch break time, the network may be flooded with TIMEMARK commands around the lunch hour.
Indicates how long a terminal connection can be idle with no SNA data traffic before the connection is dropped. The TN3270 server records the time at which data is received from VTAM or sent to VTAM per connection. The server periodically scans the connections and checks if the connection has had any data sent or received within the inactivity interval. If not, the connection is dropped.
Caution must be used in setting this timer. Setting it too low could cause excessive CPU usage.
A TN3270 server is an interface between IP and SNA networks. End users in an IP network connect to the server, which is also a VTAM application. The TN3270 Telnet server runs in the TCP/IP address space as part of TCP/IP, and is started as part of the TCP/IP startup procedure.
As you proceed through the TN3270 Wizard, you will use the Next, Back and Finish buttons to proceed through a few basic panels where you will configure:
A group of SNA LUs that will be used to assign to TN3270 terminal clients.
The application access for the clients which includes choices for:
The TN3270 default solicitor panel, which will query the client asking for the application name, user id and password.
Sending a USSMSG10 to the clients.
Directly logging on to an application for full screen TN3270 clients.
Directly logging on to an application for line mode TN3270 clients.
Your SNA logmode choices for the various TN3270 device types. This will allow you the customize settings, such as the clients screen size.
This configuration will provide:
A default LU pool, which allows TN3270 terminal clients to connect to the server and establish SNA connectivity.
The ability for clients to access the desired SNA application directly or indirectly with the use of a USSMSG10.
The use of TCP port 23, from which the server will listen. Port 23 is the IETF well-known TN3270 port and the default for TN3270 clients.
The proper SNA logmode settings to allow for desired characteristics such as screen size.
Use this panel to see a display of the Telnet 3270 start procedure. This start procedure can be used to start the Telnet 3270 Server in its own address space.
Push buttons
Click Save to save this file to your local disk.
Click Print to print this file.
Click Close to end this panel.
Click Help to understand more about this panel.