Admin Alert: Don't Forget Which OS/400 Box You're Attached To

by Joe Hertvik

On partitioned OS/400 servers, or in larger shops where there are multiple machines, it's fairly common for administrators working on one OS/400 partition to start a Telnet session on a second partition by using the OS/400 Start TCP/IP Telnet command (TELNET). While this is a handy feature to use, it can also lead to confusion and, possibly, accidental system damage.

(To use the configurations covered in this article, TCP/IP must be configured and running on your iSeries or AS/400, and the OS/400 Telnet server must also be running.)

When you want to start a session on a remote OS/400-based machine from the iSeries or AS/400 session you are attached to, you can use the TELNET command, as follows:

TELNET  RMTSYS(target_machine)

And this works fine because Telnet lets you access a different machine directly from your system console or from a single PC5250 session. The Telnet session takes you to your target AS/400, where you can sign on, do your work, and then disconnect and return to your originating session by using the Sign Off (SIGNOFF) command, as follows:

SIGNOFF ENDCNN(*YES)

It's important to specify *YES in the End Connection (ENDCNN) parameter of this command, because that's what kills your Telnet connection and returns you to the AS/400 that initiated the session. You need to specify *YES here because the default ENDCNN value on the SIGNOFF command is *NO. If you use SIGNOFF with ENDCNN(*NO), your Telnet session won't terminate; rather, the Telnet session goes back to a sign-on screen on the remote AS/400 that you Telnetted over to, even though you think you are still attached to the originating iSeries or AS/400.

And this is an important point. By using Telnet to perform work on remote partitions, you run the risk of becoming confused about which AS/400 you're actually signed on to, and it's easy to accidentally apply changes to the wrong AS/400 or cause damage to the remote partition.

This mistake is most likely to happen when you have two similarly configured iSeries partitions, with one partition being used for live production work and the other being used for testing. Say you sign on to the system console of the test machine, then Telnet over to the production AS/400 to check for messages. Under this scenario you are still using the test machine's system console, but you are now signed on to the production box.

If you forget to end the Telnet session with the remote AS/400, by using the SIGNOFF command with the ENDCNN(*YES) parameter, the test machine's system console remains Telnetted to the remote production AS/400. This means that anyone using that console to perform tests, to delete data, or to change configurations may accidentally be changing the configuration on the production box, which could wreak all kinds of havoc on your systems.

Given that, here are a few guidelines to following when accessing multiple AS/400 or iSeries boxes and partitions using Telnet or a 5250 session.

• Don't use Telnet casually from your system console. Whenever possible, sit down at the system console of the machine you want to work on, and don't Telnet elsewhere. By doing this, you eliminate the risk of performing the wrong commands on the wrong system. This approach may not always be possible because, due to network configurations, you may only be able to sign on to certain remote machines by Telnetting to them from a certain network location. Whenever you can, only use a partition's system console for doing work on that partition. Don't stray.
  
  
• Think about making *YES the default value for ENDCNN in the SIGNOFF command. You can do this by changing SIGNOFF's default ENDCNN value or by creating a CL program or command that wrappers your SIGNOFF command with the correct value. Then use these changes as the standard SIGNOFF technique when attached to any iSeries or AS/400 partition.
  
  
• When using a 5250 emulator, create a new session for a second machine, rather than Telnetting to it from an existing session. Don't be lazy at your desktop. If you need to work on a second machine, create a second session for accessing that AS/400 or iSeries, rather than using Telnet. Remember, it only takes a minute to make a mistake.
  
  
• When you create multiple 5250 sessions on your desktop for different partitions, differentiate them by using colored text. With many terminal emulators, including IBM's PC5250 and MochaSoft's Mocha W32 TN5250, it's possible to change the colors of the 5250 text on your emulator. You can use text colors as a visual key to determine which AS/400 or iSeries you're connected to. For one partition, you may decide to keep your default text color as green, while on a second partition you may want to change the text color to blue. By color-coding each partition's 5250 session, you'll always know exactly which machine you are working on. Besides being a good idea for administrators, color-coding 5250 screens is also a good idea for users who are accessing multiple systems.

Many good system administrators (including myself) have accidentally messed up stable, working OS/400 partitions by losing track of their Telnet sessions. Such problems are always a potential hazard when dealing with multiple partitions and machines, so it's important to know how your shop can avoid them.

Sponsored By BYTWARE

Santa has an early gift for you: 50% off from Bytware! This holiday season, take advantage of the special StandGuard Premier Promotion and you can get StandGuard Network Security at a whopping 50% savings. For more information, call us at 775-851-2900 or 800-932-5557. Make sure your system is protected with the most extensive iSeries security around. Get Secure. Get StandGuard. Get 50% off! www.bytware.com