5 pts.
 Options for Connecting 2 AS/400
We currently have two iSeries connected via TCP in our network. One of the iSeries belongs to a division we no longer own and we are investigating removing them from our network. They will continue to perform services for us and are located close by. We currently have a number of DDM files setup and send spool files between systems. We don't want to go through a lot of programming to make this change. We are considering using dual ethernet cards in thr AS/400s. One card in each system would connect to that system's network; the 2nd card would be connected to the other AS/400. I have two questions on this scenario. 1, will this plan work? 2, What are the security considerations for this plan? We don't want company #2 to be able to access anything diectly, only to have DDM and spool files continue to function. Thanks, CFrey

Software/Hardware used:
ASKED: May 27, 2008  2:17 PM
UPDATED: May 28, 2008  4:45 PM

Answer Wiki:
Hi, I think your basic idea is sound, but you need to think what you're going to use for the connection between the 2 machines. Are you thinking of using an internet/broadband connection? Then you'll probably need to look at getting a firewall setup on each end, with a VPN connection between the machines (maybe this infrastructure is already in place at your site?). You shouldn't really need to have dual ethernet cards in the machines, as long as your network is setup correctly with routes between the 2 machines. If you setup the firewalls correctly you should be able to close down everything apart from DDM and whatever transport mechanism you use for spooled files (SNADS, remote writers, etc). In any case, I suggest you talk to someone with knowledge of setting up networks and firewalls for more detailed advice for your particular situation. Regards, Martin Gilbert.
Last Wiki Answer Submitted:  May 27, 2008  3:28 pm  by  Gilly400   23,625 pts.
All Answer Wiki Contributors:  Gilly400   23,625 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _


 

Basically, it will come down to what your security people will let you do.

You can use an extra NIC in each machine and set up specific routing to send traffic through one NIC or the other depending on destination. But, security folks consider that a “dual-hosted” machine and as such a big security risk. Whether it is a risk or not is up to you to prove.

The only advantages to having two NICS is that you control bandwidth (should not even be an issue) and you have a completely seperate physical connection.

As Martin suggested, you’ll need firewalls on each end no matter what you do – which you likely already have. Your firewalls can be set up to pass traffic to and from specific IP’s and over specific ports so you can limit the traffic to just the DDM and SPLF. And that will work with one NIC or two NICs.

Regards
Mike

 2,725 pts.