Manualshelf

ASAP 3.0 Client Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
HP NonStop ASAP Client Manual Page 38 of 161
Configuring a secure SSGCOM service
This section describes the steps involved in configuring a secure, Telnet-based
communication link for use by the ASAP Client. This section would be of interest if you
are concerned about the possibility of user ID and password information being
transmitted in clear text across the local network. By following the steps below, CSG
and SSG can be configured in such a way that no logon userid or password
information are required to the NonStop server. Further, the TelServ process used by
ASAP can be set up so that it cannot be used for any purpose other than serving as a
communication pipe for ASAP.
Configuring NonStop server SSGCOM service
Configuration of the NonStop server SSGCOM service involves three separate steps:
starting the TelServ process, configuring the SSGCOM Telnet service, and specifying
SSG security settings in the SSGCONF file:
1. Start TelServ Process
This step starts a “secure” TelServ process. This includes starting the process itself on
a TCP/IP port other than the standard default of port 23, specifying that it should not
display a banner or menu, and specifying that it should not allow access to TACL.
For the purposes of this example, we’re starting a TelServ process named $TLSV on
port 8423 of TCP/IP process $ZTC04:
TACL 1> PARAM ZTNT^TRANSPORT^PROCESS^NAME $ZTC04
TACL 2> TELSERV/NAME $TLSV, TERM $ZHOME, PRI 170, NOWAIT/8423
nobanner nomenu -notacl
In the above, “8423” defines the port number on which TelServ will accept
connections, the “-nobanner” option prevents TelServ from displaying a banner or
welcome message, the “-nomenu” option prevents TelServ from displaying a service
menu, and the “-notacl” option prevents users from accessing a TACL command shell
via this TelServ. Together, these options essentially deliver a TelServ process that
cannot be used for doing anything on the system when it is started. Even if a user with
a Telnet client connects to port 8423, they cannot access any resources on the system
regardless of whether they have a user ID and password or not.
2. Configure TelServ Process In SCF
This step adds an SSGCOM service to the TelServ created in step 1. This service is
what the ASAP Client will use to access ASAP data. Our recommendation would be to
define this as the default service for the TelServ process. By doing so, any user who
connects to the port will be immediately presented with an SSGCOM prompt.
To continue the example above, the following SCF commands would add the
SSGCOM service to the TelServ process created in step 1 above: