× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2003

RE: VPN & web enabling applications

1. Make sure the client PCs are running antivirus software and personal
firewall software.  This needs to be a requirement and not an option.
Practically any of the available packages will suffice, but consider
that to be mandatory.  Any system, local or remote, that has access to
your network should be considered a potential entry point for hackers.
If possible, add a spyware remover remover like Ad Aware.

2. Have the remote folks VPN to your network.  Have additional
firewall/router rules to restrict their access to just the systems/ports
they'll use, i.e. just the iSeris' IP address & CAE ports but not your
file & print servers.  Your remote users now have secure access to the
iSeries and whatever other services you allow them to get access to.  No
messing with SSL or anything else required as the VPN provides your
security layer.  Your iSeries itself is unmodified.

3. If your developers are internal, do you need to secure their 5250
sessions?  Properly configured, outside resources can't see their
traffic and if there are insiders sniffing the wire you've got bigger
problems.  If your developers are external, have them use the VPN like
the external users.

I periodically telecommute so I VPN in to the corporate network.  From
there I can access our systems, full email, etc.  No concern about
security because the VPN provides it.

The one caveat about VPNs: Any internet access done while a VPN is
connected will generally route to the internet through the VPN.  So if
your clients VPN to you and then go surfing to Yahoo, download movie
trailers, whatever, it'll use your bandwidth.  We instituted a severe
restriction on internet access through the VPN.

As far as webifying your 5250 apps, other can speak to this.

- John

-----Original Message-----
From: Gerald Kern [mailto:gkern@xxxxxxxxxxxxxxxxxxx] 
Sent: Tuesday, April 08, 2003 6:34 AM
To: midrange-l@xxxxxxxxxxxx
Subject: VPN & web enabling applications


Let me first say that I'm am looking for general direction and bullet
points for achieving the objective. Suggested manuals, redbooks, links
to appropriate websites would be appreciated, as well as any general
summary of recommended direction.

OBJECTIVE: Develop a strategy to enable secure, stable web
based/browsing and CAE/400 access to our iSeries applications. Our
organinization is a large medical facility supporting over 100
physicians onsite, and it will also require additional support for
multiple (30+) remote locations.

I would like to provide support to users via browsers for 5250 apps
(something along the lines of CGIDEV2 perhaps?), along with the iSeries
developers who will be using traditional CAE/400 5250 to do development
(some code/400 users too), remote support and testing, as well as access
the apps too.

We have two iSeries, one for production and one for development - the
development system is also our production Domino email server.

Our iSeries apps are a mix of old Sys/38 code, some RPG/400 and a lot of
newly developed & deployed ILE RPG using embedded SQL with bound
modules, prototyped procedures, subprocedures and so forth (with
activation groups of *CALLER). To my knowledge, webfacing is not a
practical solution at this point due to the nature of our heavily
influenced ILE applications, which will most likely be the majority of
applications to be accessed.

My first step will be to utilize VPN to access our Novell Network
thereby providing the link to two iSeries systems. My first goal is to
establish the VPN connections and ensure that they are stable and
totally secure to both the iSeries.

The next step will be to provide secured telnet 5250 access to both
systems to the developers. Once this is established, stable, and secure,
we will then determine which apps to web-enable and choose the method to
achieve web-enablement based on the underlying nature of the chosen
app(s).

I'm not sure what Websphere has to offer in terms of support for this
project, only because I have limited resources ($$$ and bodies), and
also little time to devote to Websphere & Java type training. For the
most part, this is being done as "proof of concept" for upper
management. Most likely I will be doing most of the work here too.

I'm only looking for the 30,000 ft overview.

Comments and general directions and suggetions will be greatly
appreciated.

This can be taken offline if anyone cares to go much deeper into this
than is practical here.

Thanks,

Gerald Kern
gkern@xxxxxxxxxxxxxxxxxxx
This e-mail is for the use of the intended recipient(s) only.  If you have 
received this e-mail in error, please notify the sender immediately and then 
delete it.  If you are not the intended recipient, you must not use, disclose 
or distribute this e-mail without the author's prior permission.  We have taken 
precautions to minimize the risk of transmitting software viruses, but we 
advise you to carry out your own virus checks on any attachment to this 
message.  We cannot accept liability for any loss or damage caused by software 
viruses.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.