Hi Werner
Regarding your questions:
- Which software are you using on the client side.
A: we are using open source Software stunnel. But you can choose any other tunnel Software.
- Is this software running in the background or does the user need to start a VPN client.
A: The stunnel Software is not running in Background. But we have the stunnel Client integrated into the applications start window summarizing the Gen clients. So user has not explicitly something to do.
- Is it necessary to imlpement user certificates on the mainframe.
A: No. You can do it if you like but than you have to manage Client certificates on mainframe respectively on RACF. That is a lot of Managing work.
- What needs to be done on the mainframe to activate the connenction.
A: Please ask your mainframe System progammer and look up the IBM manuals. At least you have to implement the Server certificates in AT-TLS and activate secure tunnel Connection for specific ports you want to use for that.
- How many users / applications are you tunneling in this way.
A: About 1000 users for about a half douzen Gen Client applications.
- Do you have any information on the effect of this traffic on your CPU performance on mainframe?
A: Yes, there is no effect We could not find any Problems on traffic increase, Performance or CPU usage.
In Performance tests we measured less then 0.1 second additional answer time per Client/Server call instead of without secure Connection. For us is this good enough because it does not affects end users.
Regards, Christos