User Experience Implementing Ssl And Terminal Server In

1686141314
ADVERTISEMENT
User experience implementing ssl and terminal server in

File Name: 10047 User Experience Implementing SSL and Terminal Server in zVM 6.1.pdf

File Size: 386.96 KB

File Type: Application/pdf

Last Modified: 11 years

Status: Available

Last checked: 8 days ago!

This Document Has Been Certified by a Professional

100% customizable

Language: English

We recommend downloading this file onto your computer

Summary

User Experience Implementing SSL
and Terminal Servers in z/VM 6.1
Jim Moling
US Treasury, Financial Management Service
Friday, August 12, 2011
Session Number 10047
Disclaimers
• The opinions & ideas expressed herein are those of the author alone and do not necessarily
reflect those of Financial Management Service, furthermore, Financial Management Service is
hereby absolved of any and all responsibility or liability for the information contained herein

• Copyrights & Trademarks:
• Any and all copyrights & trademarks are hereby acknowledged to be owned by their respective
parties
• All other brands, logos and products are trademarks or registered trademarks of their respective
companies
• All rights reserved
• Disclaimer of Endorsement:
Reference herein to any specific commercial products, process, or service by trade name,
trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement,
recommendation, or favoring by the United States Government. The views and opinions of
authors expressed herein do not necessarily state or reflect those of the United States
Government, and shall not be used for advertising or product endorsement purposes

• Disclaimer of Liability:
With respect to this presentation, neither the United States Government nor any of their
employees, makes any warranty, express or implied, including the warranties of merchantability
and fitness for a particular purpose, or assumes any legal liability or responsibility for the
accuracy, completeness, or usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately owned rights

Introduction
• This presentation describes how a user implemented the
SSL TCP/IP server for secure access to z/VM (version 6.1)
as well as how the new Terminal Server has been
implemented for access to virtual Linux servers. The goal
of this implementation was to achieve a more secure and
centralized means of accessing VM and the Linux servers
running under it. This session will show a before and after
configuration and the steps taken to achieve the stated
goals in a step-by-step how-to fashion

• Another incentive (perhaps even the driving force) behind
accomplishing these goals was to satisfy audit findings
Overview
Part 1 - Implementing an SSL Server on z/VM 6.1
• What is an SSL Server? Why do we want to use it?
• What is needed for implementation
• Steps for basic implementation
• Overview of steps
• Recipe
• Next steps
Part 2 - Implementing a Terminal Server on z/VM 6.1
• What is a Terminal Server? Why do we want to use it?
• What is needed for implementation
• Steps for basic implementation
• Overview of steps
• Recipe
• Next steps
Overview (Continued)
• Summary
• Questions
Part 1 - Implementing an SSL Server
What is the (CMS-based) SSL Server for z/VM?
• SSL (Secure Sockets Layer) was developed to provide
point-to-point encryption of TCP/IP traffic
• Standardized by RFC 2246 as TLS (Transport Layer
Security)
• Provides security in a z/VM environment for any server
associated with a TCP/IP stack
• Prior to z/VM 5.4, only a Linux-based SSL Server option
was available
• A CMS-based SSL Server was introduced with z/VM 5.4
• It’s a component of TCP/IP that ships with z/VM 6.1
Part 1 - Implementing an SSL Server
Why do we want to use it?
• Allows us to access VM via a Telnet client, such as IBM
Personal Communications, in a secure fashion
• Allows us to perform FTP-based file transfers in a secure
fashion
• SSL Server references that this presentation is based on:
• http://www.vm.ibm.com/related/tcpip/tcsslspe.html
• Presentation: z/VM SSL Server Update by Brian
Hugenbruch
Part 1 - Implementing an SSL Server
What is needed for implementation
• Install z/VM 6.1 + configure with basic TCP/IP access
• Either follow instructions from IBM that come with z/VM 6.1,
or
• Use the Virtualization Cookbook for SLES11 (Redbook
SG24-7931-00) to install z/VM 6.1
• Make sure that PTF UK59536 is applied
• Provides required updates for the SSL & TCP/IP components
• The implementation that follows is based on a z/VM 6.1
system after the initial installation of the shipped
configuration and then applying PTF UK59536
• Assumes the default VM System ID is used – ZVMV6R10
Part 1 - Implementing an SSL Server
Overview of steps to implement an SSL Server
• Determine the SSL Server Configuration For Your Installation
• Update the TCP/IP server configuration file (PROFILE TCPIP)
• Update the DTCPARMS file for the TCP/IP server
• Update the DTCPARMS file for the SSL Server and the (new)
DCSS Management Agent server
• Update the DTCPARMS file for the SSL Server Daemon
• Set up the Certificate Database
• Bounce TCPIP to start up the SSL Server
Part 1 - Implementing an SSL Server
Determine the SSL Server Configuration For Your Installation
• Secure communications support can be provided via one
of the following SSL configurations:
• A single-instance SSL server, or
• A server "pool," for which multiple SSL servers are employed
• We are choosing to implement the single-instance SSL
server option to keep it simple

Part 1 - Implementing an SSL Server
Update the TCP/IP Server Configuration File (PROFILE TCPIP)
• Logon to TCPMAINT and do the following:
• Copy PROFILE TCPIP D1 to ZVMV6R10 TCPIP D1
• Command: COPYFILE PROFILE TCPIP D ZVMV6R10 = D
• Note: ‘ZVMV6R10’ is the system name. When TCPIP is
started, it looks for file names = system name first, i.e

sysname TCPIP, sysname DTCPARMS, etc

• Xedit ZVMV6R10 TCPIP D and add the following SSL
Server related statements:
• SSLSERVERID SSLSERV TIMEOUT 60
• SSLLIMITS MAXSESSIONS 1000 MAXPERSSLSERVER 100
Part 1 - Implementing an SSL Server
Update the DTCPARMS File for the TCP/IP Server
• Include a :DCSS_Parms. tag for the TCP/IP server with
which the SSL server is to provide secure communications
support

• Copy SYSTEM DTCPARMS D1 to ZVMV6R10 DTCPARMS D1
• Command: COPYFILE SYSTEM DTCPARMS D ZVMV6R10 = D
• Xedit ZVMV6R10 DTCPARMS D and update the TCPIP
server definition

Part 2 -Implementing a Terminal Server What is a Terminal Server? •A terminal server is a Linux instance that provides access to terminal devices on other Linux instances, called target …

Download Now

Documemt Updated

Understanding Your Request For Information Letter
Using Needs Assessments For School And District Improvement
Ur Core Values
User Profile Tutorial Microsoft
Understanding User Profiles Bristol Community
User Profile Wizard Freeware Edition Forensit
Uk Cystic Fibrosis Registry
Uninstalling Incorrect Usb Device Drivers Microchip
Unregistered User Manual Applying For Temporary User Id For
User Manual New Registration Under Mvat Tax Guru
Using Remote Desktop Via Cosa Desktop San Antonio
Users Profiles Mysites Dont Papanic
User Experience Implementing Ssl And Terminal Server In
Umbrella Roaming Security Cisco
User Guide Terminalworks
Using Permanent Roaming For Your Internet Of
Use Roaming Profiles To Store User Profiles Centrally
Using The Request Tracker Quick Reference Guide
Us Army Corps Of Engineers Request For
Union Request For Information Template National
ADVERTISEMENT

Popular Download

ADVERTISEMENT