Re: SSL Telnet
- From: "Lou" <LouKur@xxxxxxxxxxxxx>
- Date: 12 Feb 2006 09:21:31 -0800
You need to set up SSL on the server. This will involve the Digital
Certificate Manager (aka DCM) to set up a *SYSTEM certificate, and
configuring a port for secure connections. I have not done the second
part for Telnet. I have done it for a custom port, where we wrote code
for the SSL. I'm sure there are simple configuration settings for
Telnet. I just don't know where these are.
The biggest draw back can be the overhead of encrypting every
transaction. If you don't have one of the hardware features for
encryption, the CPU has to do it. I have never been able to get IBM to
say exactly how much workload this is. The workload is noticeable, so
not a good idea if you are low on CPU and/or memory. Encryption
involves math with very long integers. The CPU has to do the math
piecemeal, and uses memory to store numerous intermediate results. The
hardware features have chips which do the "big endian" math, which
the CPU can't. If you know a PhD in math, ask them what the heck
"big endian" is. All I know is that it is the math for very long
integers, where the result must be precise. In other words, no
approximate results in scientific notation allowed.
I have one client who chose to use an external PC solution for the SSL.
They have 13 servers, and did not want to do the SSL administration in
13 places. They also did not want to risk additional overhead, which
IBM did not nor could I estimate for them. The other advantage of the
PC approach was they put a hardware feature in it to do the encryption,
thus avoided buying 13 of those.
.
- References:
- SSL Telnet
- From: d & v
- SSL Telnet
- Prev by Date: Re: writing to IFS and DB2 files - relative performance
- Next by Date: Re: Searching for AS/400
- Previous by thread: SSL Telnet
- Next by thread: writing to IFS and DB2 files - relative performance
- Index(es):
Relevant Pages
|
