| Author |
Message |
Dwayne
Guest
|
 Posted:
Fri Dec 10, 2004 3:45 am Post subject:
HIS2000, DLC, and a VPN |
|
|
Not quite sure how to ask the question I need so I will try to explain what
I need to do and wonder if it can be done. We just took on a new client
that has their own VPN back to their central IT departement. They want us
to put a HIS2000 server in their IT department, but I know that the DLC
protocal needed for my HIS server will not leave our network past the
firewall.
Is there a way to connect the two HIS servers that the one in the IT
department could forward requests to our HIS in the data center to gain
access to the mainframe (VSE) using the VPN connection supplied by the IT
department?
The only way I see this working is if the users of the IT VPN get routed
thru the VPN to the HIS server here in our data center.
Any logical thoughts or solutions out there, or did I not explain myself
enough? |
|
| Back to top |
|
 |
Guest
|
| Posted:
Fri Dec 10, 2004 5:37 am Post subject:
Re: HIS2000, DLC, and a VPN |
|
|
Yes, what your asking can be done using a Distributed Link Service. When
set up correctly it will allow the remote HIS Server (In the IT
Department) to route it's traffic to your local HIS server over a routable
protocol such as TCP/IP. In turn your local HIS server will then
communicate between the IT HIS Server and your Host. The following is a
clip from the Help file. There is more information on the requirements to
configure this type of connection in the Help file.
Distributed Link Service
The Distributed Link Service feature provides a method for a Host
Integration Server 2000 computer to connect to a host using a link service
installed on a different Host Integration Server 2000 computer. The
network connecting SNA Server computers need not support any SNA link
level protocol such as DLC 802.2 or SDLC.
Distributed Link Service is configured in two parts: by installing the
Distributed Link Service on one SNA Server computer and by marking a real
link service on another computer as "distributable." The Distributed Link
Service acts as a proxy for sharing the distributable link service. It
supports load balancing across multiple, distributed link services. It
also supports hot backup because the Distributed Link Service can select
alternate remote servers when a remote link fails. It allows a branch SNA
Server computer to connect to the host over a wide area network (WAN).
This supports only routable internetworking protocols such as TCP/IP,
rather than requiring an SNA WAN protocol such as SDLC or bridged DLC. |
|
| Back to top |
|
|
Neil Pike
Guest
|
| Posted:
Fri Dec 10, 2004 4:58 pm Post subject:
Re: HIS2000, DLC, and a VPN |
|
|
Dwayne,
As per Curtis's reply, you could use DLS to "link" the two HIS Servers, but
why do the folks at the remote end of the VPN even need a HIS Server? If all
they need to do is connect to the mainframe in the datacentre then they can use
normal HIS client to do that - the HIS client talks to the HIS server over
tcp-ip, so that will pass across the VPN just dandy.
Neil Pike. Protech Computing Ltd |
|
| Back to top |
|
|
Dwayne
Guest
|
| Posted:
Sat Dec 11, 2004 12:51 am Post subject:
Re: HIS2000, DLC, and a VPN |
|
|
Contractual obligations, the HIS server must reside at the clients site and
we can not offer to install a frame-relay drop at their site
"Neil Pike" <neilpike@compuserve.com> wrote in message
news:VA.00006281.0033a731@compuserve.com...
| Quote: | Dwayne,
As per Curtis's reply, you could use DLS to "link" the two HIS Servers,
but
why do the folks at the remote end of the VPN even need a HIS Server? If
all
they need to do is connect to the mainframe in the datacentre then they
can use
normal HIS client to do that - the HIS client talks to the HIS server over
tcp-ip, so that will pass across the VPN just dandy.
Neil Pike. Protech Computing Ltd
|
|
|
| Back to top |
|
|
Neil Pike
Guest
|
| Posted:
Mon Dec 13, 2004 4:53 am Post subject:
Re: HIS2000, DLC, and a VPN |
|
|
But if you (they) don't need a HIS server at that site anyway, why bother with
it, contractual obligations or not?
| Quote: | Contractual obligations, the HIS server must reside at the clients site and
we can not offer to install a frame-relay drop at their site
"Neil Pike" <neilpike@compuserve.com> wrote in message
news:VA.00006281.0033a731@compuserve.com...
Dwayne,
As per Curtis's reply, you could use DLS to "link" the two HIS Servers,
but
why do the folks at the remote end of the VPN even need a HIS Server? If
all
they need to do is connect to the mainframe in the datacentre then they
can use
normal HIS client to do that - the HIS client talks to the HIS server over
tcp-ip, so that will pass across the VPN just dandy.
Neil Pike. Protech Computing Ltd
|
Neil Pike. Protech Computing Ltd |
|
| Back to top |
|
|
Dwayne
Guest
|
| Posted:
Mon Dec 13, 2004 10:34 pm Post subject:
Re: HIS2000, DLC, and a VPN |
|
|
If I wanted to do this, do you know what ports need to be opened inbound thru the firewall?
<Curtis.Smith@Daltile.com> wrote in message news:urHrQgk3EHA.1264@TK2MSFTNGP12.phx.gbl...
Yes, what your asking can be done using a Distributed Link Service. When set up correctly it will allow the remote HIS Server (In the IT Department) to route it's traffic to your local HIS server over a routable protocol such as TCP/IP. In turn your local HIS server will then communicate between the IT HIS Server and your Host. The following is a clip from the Help file. There is more information on the requirements to configure this type of connection in the Help file.
a.. Distributed Link Service
The Distributed Link Service feature provides a method for a Host Integration Server 2000 computer to connect to a host using a link service installed on a different Host Integration Server 2000 computer. The network connecting SNA Server computers need not support any SNA link level protocol such as DLC 802.2 or SDLC.
Distributed Link Service is configured in two parts: by installing the Distributed Link Service on one SNA Server computer and by marking a real link service on another computer as "distributable." The Distributed Link Service acts as a proxy for sharing the distributable link service. It supports load balancing across multiple, distributed link services. It also supports hot backup because the Distributed Link Service can select alternate remote servers when a remote link fails. It allows a branch SNA Server computer to connect to the host over a wide area network (WAN). This supports only routable internetworking protocols such as TCP/IP, rather than requiring an SNA WAN protocol such as SDLC or bridged DLC. |
|
| Back to top |
|
|
Guest
|
| Posted:
Tue Dec 14, 2004 1:41 am Post subject:
Re: HIS2000, DLC, and a VPN |
|
|
The follow KB article "Branch Servers Using DLS Cannot Communicate Through
Firewalls" states that the DLS chooses it's communications port
dynamically. It then goes through the procedure "Registry modifications"
so you can assign a static port to the DLS service. After assigning this
port you must open inbound and outbound traffic for that port. All the
details are given.
http://support.microsoft.com/default.aspx?scid=kb;en-us;164590 |
|
| Back to top |
|
|
Dwayne
Guest
|
| Posted:
Tue Dec 14, 2004 11:17 pm Post subject:
Re: HIS2000, DLC, and a VPN |
|
|
I can't find very much information on making this configuration. Any suggestions as to where to start? Do I run DLS on both the remote and local server? Where do I configure the host sessions remote or host? I'm lost..............
<Curtis.Smith@Daltile.com> wrote in message news:Olhg4uU4EHA.2428@TK2MSFTNGP14.phx.gbl...
The follow KB article "Branch Servers Using DLS Cannot Communicate Through Firewalls" states that the DLS chooses it's communications port dynamically. It then goes through the procedure "Registry modifications" so you can assign a static port to the DLS service. After assigning this port you must open inbound and outbound traffic for that port. All the details are given.
http://support.microsoft.com/default.aspx?scid=kb;en-us;164590 |
|
| Back to top |
|
|
Guest
|
| Posted:
Thu Dec 16, 2004 9:52 pm Post subject:
Re: HIS2000, DLC, and a VPN |
|
|
When you create your DLC, you have to select the option "Allow link
service to be distributed" Then you Set your (if this is a mainframe) FEP
to allow multiple SAPs, AS400 allows multiple SAPs by default. Then on
your remote systems you configure your DLS. |
|
| Back to top |
|
|
Dwayne
Guest
|
| Posted:
Fri Jan 14, 2005 8:00 pm Post subject:
Re: HIS2000, DLC, and a VPN |
|
|
I able to relay from one to another when the PC's are next to each other. When I take the branch out to the client site where I have a VPN tunnel I cannot get the two to talk anymore. Is there a problem sending the IP traffic across a VPN tunnel? Or what could be the possible problem, I see the machine trying to talk in the logs of my firewall.
Thanks
"Dwayne" <dferet@hotmail.com> wrote in message news:ecQ8gJg4EHA.3908@TK2MSFTNGP12.phx.gbl...
I can't find very much information on making this configuration. Any suggestions as to where to start? Do I run DLS on both the remote and local server? Where do I configure the host sessions remote or host? I'm lost..............
<Curtis.Smith@Daltile.com> wrote in message news:Olhg4uU4EHA.2428@TK2MSFTNGP14.phx.gbl...
The follow KB article "Branch Servers Using DLS Cannot Communicate Through Firewalls" states that the DLS chooses it's communications port dynamically. It then goes through the procedure "Registry modifications" so you can assign a static port to the DLS service. After assigning this port you must open inbound and outbound traffic for that port. All the details are given.
http://support.microsoft.com/default.aspx?scid=kb;en-us;164590 |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in