In order to provide better security for our customers, beginning October 1st, 2008, the NWRDC implemented new security measures that require all TN3270 sessions with NWRDC applications which are carried over the commodity Internet to be secured with SSL or TLS protection.

This means that any TN3270 connection to a NWR z9 host address (NWRDC.FSU.EDU, NWALT.FSU.EDU, and TEST.NWRDC.FSU.EDU) which results in session data being routed over any of our commodity-Internet gateways will require that the client have SSL/TLS enabled before the session can be established. Connection requests received via commodity-Internet gateways for non-SSL/TLS protected TN3270 sessions will not be honored.

Customer sites that currently communicate with NWRDC via network paths other than commodity-Internet, such as FLR (Florida Lambda Rail), FIRN (Florida Information Resource Network), VPN (Virtual Private Networks), Internet-2, etc., are not affected by this new requirement. This is in fact the case for most NWRDC customers. These networks currently offer at least some level of security or limited access so that SSL/TLS protection is not being required at this time. However, a requirement for SSL/TLS protection may be extended to other network paths at a future date.

Individuals who connect with NWRDC from their homes, commercial business sites, public access points, or from other off-campus locations via commercial Internet providers are highly likely to be affected by this secure-TN3270 requirement. These types of connections would reach the NWRDC over a commodity-Internet interface mandating that SSL or TSL be enabled.

It may be the case that some customer institutions provide VPN-tunneling services to their staffs, allowing an individual to securely access a server or workstation within the institutions own network from an off-campus location. The TN3270 client host may reside in such a location and be accessed in this manner. If such a customer’s access to NWRDC is not subsequently routed thru any of our commodity-Internet interfaces then SSL/TLS would not be required for the TN3270 session. The technical support group at the customer’s institution can provide information regarding such VPN services.

Customers are strongly encouraged to enable secure-TN3270 communications by using SSL/TLS protection regardless of their location or network path to the data center. This allows end-to-end protection of the session so that the entire path between the TN3270 client and NWRDC z9 host is secure regardless of the route taken. TN3270 with SSL/TLS protection is highly available, easy to configure, and works very well.

Please see the TN3270 Encryption page for information on secure-TN3270 communications using SSL/TLS.

The basic requirements for securing TN3270 connections to NWRDC are:
• Obtain TN3270 software that supports SSL/TLS security
• Enable the SSL/TLS feature for the client session with NWRDC
• Connect with port 992 at the NWRDC host address

For customers who do not currently have TN3270 software that supports SSL/TLS, information can be found on the following two Web sites:

http://planetmvs.com/tn3270/index.html