TN3270 terminal emulation is widely used on Windows workstations to provide enterprise end users with a direct access to IBM mainframe applications. While many organizations have not implemented encryption controls for TN3270 application connections, sensitive data and user passwords are constantly exposed in the enterprise networks.
With the SSH Tectia solution, organizations can easily and cost-effectively secure their TN3270 connections completely transparently to end users and continue to use their existing TN3270 applications as before.
Transparent TN3270 tunneling requires that SSH Tectia Client or ConnectSecure is installed on the Windows workstations. Next, the administrator specifies tunneling rules for the TN3270 application connection(s) that need to be secured. Alternatively, it is possible to require that all terminal connections initiated by a certain terminal emulator will be tunneled. Optionally, SSH Tectia Manager can be used to enable centralized deployment and maintenance of secure application connectivity for all workstations with TN3270 access.
When the terminal client accesses a remote mainframe, SSH Tectia captures the connection transparently and establishes a secure tunnel between the workstation and IBM z/OS system. All TN3270 application connection traffic is then transmitted over an encrypted Secure Shell tunnel, ensuring confidentiality of passwords and application data.
Figure 5.3. Secure TN3270 application connectivity to IBM mainframe and secure file transfer to and from IBM mainframes
End users can continue to use their existing terminal emulator clients and there is no need to introduce a new authentication layer, as RACF passwords or certificates can be used for authentication. End-user and application transparency makes SSH Tectia a highly cost-effective solution for securing both interactive end-user connections and automated file transfers to and from IBM mainframes.