× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2007

RES: i5/OS external entitlement definition

Eric,

I've read those old threads and again found several opinions.

But still no clear documented definitons, all material found at IBM website,
depending on the reader, can result on sligtly different meanings.

My problem ($$$) is related exactly on that unlimited "external" access, I
don't think we need it for our Webserver, Microsoft says we don't need it,
IBM included it on our proposal but can't give a detailed explanation on
why.

I5/OS costs for unlimited "external" access is about the same of a complete
Wintel Server, if we get a Wintel server for web serving, there's no reason
to get a new 515 for other applications, as our old box can manage most of
them.

Our mail server (iSeries based), which has some nasty peaks, can also be
substituted by Wintel or Lintel alternatives, and so on...

Really remembers that "How do they compare" video backwards :(

Thanks,

Rubens

-----Mensagem original-----
De: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] Em nome de DeLong, Eric
Enviada em: quarta-feira, 29 de agosto de 2007 19:15
Para: Midrange Systems Technical Discussion
Assunto: RE: i5/OS external entitlement definition

As I recall, there were several LONG and involved threads
about two months ago that discussed the user entitlements.
As I recall, IBM initially counted users by counting USRPRF
objects, but later changed this.... I can't remember quite
what the final word was on that. There is also the bit ($$$)
that allows for unlimited "external" access, which would be
used for web-based users who are NOT employed by your company.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Rubens
Sent: Wednesday, August 29, 2007 1:32 PM
To: 'Midrange Systems Technical Discussion'
Subject: RES: i5/OS external entitlement definition


Kirk,

Thanks for your kind answer.

You see, that's exactly my problem... You defined based on
your own understanding, there's not a clear document stating
all those points.

Mine point of view differs from yours and maybe both differs
from others on this list, my legal department sure would have
yet another opinion, wich one is right?

As IBM quoted external entitlement for us, my question is
based on what, as documents found are unclear, they can't
sell anything wich is undefined can they?

I've posted here exactly to know how others are dealing with that.

Thanks


-----Mensagem original-----
De: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] Em nome de Kirk
Goins Enviada
em: quarta-feira, 29 de agosto de 2007 15:01
Para: Midrange Systems Technical Discussion
Assunto: Re: i5/OS external entitlement definition

If access say Apache in the i5 to browse a file, say a list of
available inventory that ANYONE can see and I Do Not give a ID and
Password then I am not authenticated and do not need a
license. On the
other hand if I give and ID and password or in some other
way identify
myself specifically I need a license.

Let's say I login to a Intel based server and that server accesses
data on the i5 on my behalf then I need a license

If say I login to an application running on an i5, like
Lotus Notes,
but never directly login to the i5, I still need a license.

External Users vs Internal Users
Internal User is someone you are paying. Either a real employee or
even a consultant working on the system.

External Users aren't on the payroll, Like Visitors your
website. If
you ask then to login for whatever reason and the
i5 is in the mix then they need a license. If they can
browse and even
place an order but do login then no license is required.

It is my understanding that if I have a 50 user license and
I'm using
25 of those concurrently for internal users and that I
could handle 25
external users without buying more licenses.



Rubens wrote:
Hi,

I'm trying to configure a new 515, but can't find a clear
definiton
about external entitlement, to know if we really need it or not.

An i5/OS user is a person who accesses the i5/OS operating system
through one or more connections. The user exchanges
credentials (user
identifications) either directly with the operating system or
indirectly through application or middleware software that is
supported by the operating system.



http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=
/rzam8
/rzam8userentitlements.htm

What's exactly operating system? Just 5250, Ops Navigator
and similar
ways to reach "commands"? Are applications included?

Suppose I have a website (hosted on i5), as my "visitor" types a
string it gets pages generated by a query - true he's indirectly
getting results from DB2, but I hope he should never reach our
operating system - is that a "visitor" or an "user"?

Since all my "visitors" indirectly exchanges identification
on Apache,
they're "users"?

Going further, there are several ways to achieve real protection
"exchanging credentials" on Apache, such as writing an
application
wich reads and verifies data ("user" and "password") saved
anywhere,
IP ranges, validation lists (again "user" and "password"),
user name
(again from anywhere), and finally i5/OS USRPRF (perhaps
this one is
really a "user"), or maybe a combination or any of those.

As there are many applications wich run on i5, wich
behave such as
Apache, where exactly a "visitor" becames an "user"?

Microsoft defines "user" those defined on Active Directory
- such as
an USRPRF - anything else is defined as a "visitor", it's
simple and
maybe it don't covers all possibilities, but it's perfectly clear.

Thanks,


Rubens Lehmann




--
This is the Midrange Systems Technical Discussion
(MIDRANGE-L) mailing list To post a message email:
MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list
options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting,
please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion
(MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.




--
This is the Midrange Systems Technical Discussion
(MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.