Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Defining multiple global VRNs z/OS Communications Server: SNA Network Implementation Guide SC27-3672-01 |
|
If a network is designed with multiple subnetworks, firewalls probably
do not exist between these subnetworks. But if this same network also
has APPN EBN connectivity to external vendors, a firewall probably
exists between them. In this case, it would be beneficial to define
two different global VRNs:
This enables you to control which systems external vendors can connect to directly (using global VRN), while still allowing internal systems (in any subnetwork) to directly connect to any of the other system in your subnetworks. Additionally, defining multiple global VRNs enables you to avoid problems that might occur when multiple external customers connect to your network using the same global VRN. For example, assume Company A connects to Company B using a given global VRN (as shown in Figure 1). If Company B connects to a second company using the same global VRN, it might then be possible for Company A to inadvertently connect directly to that second company. Although you can restrict this type of access by implementing the appropriate searching controls, defining a separate global VRN for connectivity to each external vendor increases your control over network access. |
Copyright IBM Corporation 1990, 2014
|