The TN5250 server function enables you to configure your network as shown in Figure 32 or Figure 33.
Figure 32. Communications Server Configured as a TN5250 Server with Wide Area SNA Network
Figure 33. Communications Server Configured as a TN5250 Server with Wide Area TCP/IP Network
The TN5250 server function supports:
TN5250 server allows the configuration of multiple ports with specifications for server name, security, client authentication, the level of security, and Certificate Revocation List (CRL) support for each port configured.
In implementing the protocols outlined in RFC 1205, the server passes 5250 workstation data to and from a TCP/IP client emulating an IBM 5250 workstation. This client is commonly known as a TN5250 client.
The server connects to AS/400 hosts using SNA LU 6.2 protocol. Support is provided to access one or more AS/400s from the same or different client workstations.
Communications Server enables the specification of TCP/IP client filters, using IP addresses, subnetworks, hostnames, or domain names. This function enables central administration of the clients allowed to connect into the server, as well as support for directing clients to specific AS/400s.
You can specify that a TN5250 server port is secure, indicating that SSL Version 3 be used for connections on the port to provide data encryption and server authentication using digital certificates. Additional configuration parameters are supported to specify the level of security for connections on the port, whether client authentication should be processed, and whether a certificate revocation list (CRL) should be checked before accepting the client connection.
Refer to Quick Beginnings for instructions on how to configure a TN5250 server.
TN5250 server supports any TN5250 client that is fully compliant with RFC 1205.
This section provides more information about some of the features you can configure for TN5250 server.
When you configure the TN5250 server support, a default port is defined with port number 23, but other Telnet applications, such as the TN3270E server support, may also use this port. If other Telnet applications are running using port 23, you must use another port.
If you change the port number, avoid numbers that you know are used by other applications. If two applications use the same port number, one of the applications will fail.
If you change the port number, use a number greater than 1 024. Numbers less than 1 024 are reserved. For more information about reserved port numbers, see the following location on the Internet:
At the time of publication of this document, the most recent RFC for assigned numbers is RFC 1700.
Notify TN5250 client users when you change the port number, because they will have to configure their emulator applications to match.
There are two ways to control how often unused connections are disconnected: keepalive processing and automatic logoff.
By default, TN5250 server does not use keepalive processing. If you use keepalive processing, you can choose either NOP or timing mark.
Timing mark processing causes more traffic on the system than NOP processing, but frees unused connections more quickly.
If you choose automatic logoff, the server disconnects any session that has no traffic for the specified period. Traffic from keepalive processing does not keep the connection open; data must be sent to or from the host.
If your client emulators are configured to do keepalive processing, you might want to turn it off at the server, and if keepalive processing is done at the server, you might want to turn it off at the client to reduce network traffic.
Communications Server enables you to configure more than one AS/400, and enables you to configure more than one port for the TN5250 server to listen for incoming connections. When you configure a new TN5250 server port, you can specifiy the AS/400 to be associated with the port. Incoming TCP/IP connections received on that port by the TN5250 server will access the AS/400 associated with that port.
Notify TN5250 client users which port numbers to configure for their emulator applications to connect to specific AS/400s.
Communications Server enables you to configure TN5250 filters to specifiy which TCP/IP clients can connect into the server. Clients can be specified using individual IP addresses, IP subnetworks, or TCP/IP host names or domain names.
You can also configure an AS/400 with a filter to specify a different AS/400 than the one associated with the port. This can be used to direct the clients associated with a filter to a specific AS/400.
More than one AS/400 can be specified in a filter. If a client connection attempt to the first AS/400 specified is unsuccessful, connection to other AS/400s specified in the filter are attempted.
When you configure a new TN5250 server port, you can specify that the port be used for secure connections. More than one port can be specified as secure.
To enable security, Communications Server provides a Key Management utility to generate the certificate and keys required by SSL. Refer to Chapter 10, Planning for Secure Sockets Layer-based Security for more information.
When you have configured and enabled security, TN5250 clients supporting SSL Version 3 can connect into a secure port number and establish secure connections.
You need to configure your SNA network to allow the TN5250 server to connect to the AS/400s. Refer to Quick Beginnings for information on configuring your SNA network for the TN5250 server.
Communications Server also supports load balancing of TN5250 clients across multiple TN5250 servers. Refer to Chapter 11, Planning for Load Balancing for more information.