× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Pete,

We use the fat client version of jWalk that requires that software be loaded
on the users PC. JWalk does have a thin client java version, but we're not
using it at the moment.

So on that basis; it looks like we do need the VPN.

Thanks,
Ron Hawkins

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Pete Helgren
Sent: Thursday, May 29, 2008 9:15 PM
To: Midrange Systems Technical Discussion
Subject: Re: VPN access

Ron,

It has been a while since I looked at JWalk but I thought it used an
ActiveX plugin so it was all http traffic. If it isn't, if it is a
"fat" client that requires more than just http (your example of
accessing the IFS, for example), then yes, VPN would be the only way to
go.

I'd check with Seagull and see what they say about an SSL
implementation. However, if it is more than just http (or https in the
case of SSL) then you'll probably have to stick with VPN. HATS, for
instance, does NOT require a VPN in order to run and it is just a thin
web layer in front of 5250.

Pete


ron hawkins wrote:
Pete,

"But, to access a single web application, it can be
a less secure, more involved solution."


I don't think our application is really a web application. I think of web
applications as being accessed by a browser. Our application is strictly
5250, with a gui interface. What we need is for the user to simply run
menu
options. Some of the programs they run will need access to the IFS. All of
this works today via the VPN and client access.

So, if they don't need access to anything except the iSeries and the IFS,
can we give them access without the VPN? I'm not sure what was the
original
reason for using a VPN.

Ron

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Pete Helgren
Sent: Thursday, May 29, 2008 4:19 PM
To: Midrange Systems Technical Discussion
Subject: Re: VPN access

Ron,

If your sole reason for using the VPN was to get secure access to a web
application, then SSL is the ticket. It is simple, secure and, since
you aren't extending your network out to an "unknown" end point, it is
*more* secure, given your goals.

A VPN creates a secure connection, but it also extend the network to the
endpoint, so your security controls must be even tighter. For example,
I use VPN connections frequently to access customer machines and they
have given me that permission. But I pretty much have access as though
I am sitting inside their firewall on their network as any other PC. I
can browse the network and access network resources (which is why I have
the VPN access). So, you need some VERY good network access and
monitoring tools and a carefully configured network in order to make
that VPN a "single use" connection. Again, SSL for a web app is a
better solution in this case.

VPN has it's place. But, to access a single web application, it can be
a less secure, more involved solution.

Pete


ron hawkins wrote:

Thanks everyone.

It seems the consensus is yes, you can run without the VPN using just SSL
(assuming our Seagull product handles that and I'm pretty sure that it
does). So the issue is really price vs extra security? What extra
security
do we get with the VPN? Again, the argument I'm getting is that banks

don't

use VPN's - why do we need to?

I thought I read somewhere that with the VPN you can get to your network,
but with only SSL you can not access the network. Is there any truth to

this

or did I misinterpret the article?

Ron

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Aaron Abreu
Sent: Thursday, May 29, 2008 1:52 PM
To: midrange-l@xxxxxxxxxxxx
Subject: Re: VPN access

before we had VPN we simply used our
PowerTerm software to emulate 5250 from
our home computers and then relyed on
400 security to control who could get into the
system.

so yes, if you have a client emulater that everyone
could intall, then you could run withou VPN, but what
is the "security risk" factor. VPN is all about a secure
link before you allow someone to even touch your 400.

can you put a price on that??
Aaron



*-------------------------------------------------------------*
<businesscardinfo>
*-------------------------------------------------------------*
Aaron Abreu, Systems Consultant
MIS Dept.
Bay District Schools
1311 Balboa Ave.
Panama City, FL 32401-2080
Phn# 1-850-872-4288 (suncom 777-4288)
Fax# 1-850-872-7768
abreual@xxxxxxxxxxxxx






The information contained in this message may be privileged and

confidential

and protected from disclosure. If the reader of this message is not the
intended recipient, or an employee or agent responsible for delivering

this

message to the intended recipient, you are hereby notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please

notify

us immediately by replying to the message and deleting it from your
computer. Under Florida law, e-mail addresses are public records. If you

do

not want your e-mail address released in response to a public-records
request, do not send electronic mail to this entity. Instead, contact
this
office by phone or in writing.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.