Secure network connections, Management planning, Management – Visara SCON-20L Installation User Manual

2-4

707054-005

SCON-20L/22L/25L/28L/3074 Planning and Installation Guide

Secure Network Connections

Secure network connections for TN3270 or Telnet clients using Secure Socket Layer
(SSL) protocol can be provided by the Visara SSL1000 server. The SSL1000 server is
designed to provide secure SSL encrypted communication between PC desktops and
the SSL1000, and provide clear text between the SSL1000 and the SCON through a
separate network interface. By running the SSL protocol on a separate platform, it is
possible to use a single SSL1000 to provide communication to multiple SCON platforms,
and even provide failover routing of the communications to whichever SCON is available.
Also because of the nature of SSL encryption, there is a substantial load on the platform
performing encryption. By running this operation on a separate platform designed to
provide this function, performance of the SCON platforms can be kept optimum. You
can also implement two SSL1000s to provide redundant secure connections.

Management Planning

The SCON offers several options for management. Configuration changes for the SCON
can be made while the SCON is performing its normal duties, however for most changes,
an IML of the SCON is required. To allow for routine maintenance and system changes,
it is strongly suggested that more than one SCON be used to provide redundant console
connections.

Configuration and management of the SCON is supported through a simple coax
connection (not supported on the SCON-3074) or TELNET connection.

It is recommended that you configure a display, other than a console for the purpose of
managing the SCON. If one of the console devices is used to go into central control
mode and configure or manage, it may be reported as powered off to the host causing
the console function to roll to another device.

If management through a network is intended using Telnet, some thought should be
given to the level of security that should be used. Among the security options that are
provided by the SCON are:

• Password Protection of the Telnet interface

• Configurable TCP Port assignment

• IP address filtering

Additional security could be added by isolating the IP network used with the SCON
from the corporate networks. Another option would be to implement a VPN (Virtual
Private Network) using external VPN equipment.

A unique management product produced by Visara for the purpose of managing the
SCON, as well as the 1174 Communication Server family and Thin Client/Console
desktops is available. This product is called eManager.