Consolidation Servers

This topic describes how to create a new Console Consolidation Server or modify an existing one.

On the Consolidation Servers page, perform one of these steps:

  • To create a new server, click +New Console.
    The New Server page is displayed.
  • To modify an existing server, on the existing server, click Actions (column) > Edit. You can also click on the server name to modify it.

Related topics

Administering

Console-Consolidation

Then, configure or modify the server on the following tabs:

General Settings tab

The following table describes the UI features on the General Settings tab:

UI feature

Description

Server Name

(Required) Enter a unique name for the server.

Controller Type

(Required) Select OSA controller for all other connections including IBM OSA adapters, IBM 2074 controllers, and Unix/Linux servers. The default value is OSA.

Select Visara controller for connections to Visara SCON controllers.

Upstream IP

(Required) Enter the network address of the telnet server to which the CCS consoles connect.

If valid domain name servers are set in the BMC AMI Ops Console Management networking configuration, the address can be the host name of the telnet server. Otherwise, specify the address in numeric format (for example, 192.168.2.1). 

Default Port

(Required) Enter the port number of the telnet server to which the CCS consoles are going to connect. The default port is 1024.

This value affects the port value set when you add a new console; it does not change the port values of existing consoles. To change the value for individual consoles, use the Console Configuration page.

This default value is the standard port 23 used by mainframe and Unix/Linux telnet servers. Other servers might require a different value, particularly Visara SCON controllers and IBM 2074 controllers:

  • Visara SCON controllers are often configured with a different port for each mainframe console, requiring you to set the port value for each console by using the Console Configuration page.
  • IBM 2074 controllers customarily use ports 3270 and 3271.

Use Secure TCP

(Optional) Select this check box to control the Use Secure TCP setting for new consoles. Changing this does not affect already created consoles.

Startup on Host

(Optional) Select the host. The default host is localhost.

Select one of the three toggle buttons, which activate the following CCS console startup modes:

Mode

Description

Automatically when
booted

Starts the server whenever the unit is started.

You can manually stop the running server on the main Console Servers page.

Manually started

(Default) Prevents the server from starting when the unit is started. 

You can manually start the server on the main Console Servers page.

Disabled

Prevents the server from starting when the unit is started.

You cannot use the main Console Servers page to start the server manually.

Enable Command Suppression

(Optional) Enable this toggle button to enable command suppression for this CCS server.

Command suppression controls which commands a user or group of users may enter.

Field

Description

Command Suppression File

(Required) Select a suppression file that you can delete or download.

Actions

Select an operation that you can perform on a suppression file.

Important

Deleting a Command Suppression File from a CCS server might affect other servers because this file is a shared resource.

Consoles tab

You can define consoles on the Consoles tab. This tab is organized into three sections:

  • Console Configuration: This section contains the settings required to connect to the host and manage client connections.
  • Input Options: This section contains the settings that control keyboard behavior for CCS clients.
  • Viewer Color: This section contains the settings for administrator-defined colors.

In the Console Name column, click a console name to configure it. You can also use the Actions > Edit option to modify a console.

Console Configuration

The following table describes the Console Configuration tab:

UI feature

Description

Console Name 

(Required) The name used to identify this console in the Consoles list and on the Console Consolidation Server page.

To connect to this console, including CCS clients, Console Automation servers, and third-party TN3270E emulation software, you must use this name to identify the console. Names must be limited to alphanumeric characters (a-z, A-Z, 0-9), the hyphen ("-"), and the underscore ("_").

Important

If you intend to use third-party TN3270E emulators to access this console, be aware that some client software might limit the length of the console (or LU) name. We recommend that you limit console names to 8 characters in length to avoid any such issues.

Description

A longer description of the console.

The console description appears on the CCS consoles page and provides operators with more information about the console.

Translation Table (Required)

(Optional) The console emulator has a default built-in table for translating characters back and forth between the EBCDIC character set used by IBM mainframes and the ASCII character set used on other computers. If the default translations are not sufficient for this console, you may select an alternate table from one of those supplied with the BMC AMI Ops Console Management software. If you need a customized table, contact BMC Support.

The default built-in table uses the following unusual input mapping:

Keyboard character

Mainframe character

[

¢

]

|

^

¬

|

¦

If you are using any of these mainframe characters as a console command prefix or in VTAM consoles, then you must set the translation table setting to United States (37), or one of the other national tables. If you use VTAM consoles and do REXX or another scripting or programming language that extensively uses square brackets, then you must use the United States (1047) setting.

Emulator Command Line Options 

(Optional) Allows you to include extra command line options to be passed on to the console emulation process.

Use only as directed by BMC Support. 

Upstream Port

(Required) The port number on the telnet server that the CCS console connects to. The default port is 1024.

The upstream port value is initially set to the value on the CCS General page. You can change this value as required.

Use Secure TCP

(Required) This checkbox controls the use of SSL/TLS to the mainframe. When selected, SSL/TLS is used.

TN3270E LUName 

(Optional) Requests a specific console name LU from the telnet server.

The console names available are determined in the configuration setup for the telnet server. If you do not request a specific LU, then the telnet server assigns the first available LU to this console when it connects.

For mainframe console consoles you will probably need to set this field unless you are connecting to a Visara SCON controller that has been configured to use a different port for each terminal device. In that case, specifying the upstream port is sufficient to identify the console.

Maximum Simultaneous Clients

(Required) The maximum number of clients that may view this console at the same time. Possible clients include desktop Console Consolidation clients, Console Automation servers, and third-party TN3270E clients.

Startup Script 

(Optional) Select a text file containing commands that run when the console first connects to the host. The format of a script file is described here. This allows you to automate a repetitive sequence of startup actions, such as logging in to a host.

You can perform the following actions:

  • Edit: Select an existing script from the script pulldown menu and click Edit to open the script in the script editor window to make changes.
  • Add: After entering a script name and clicking Save, select the new script from the script menu and click Edit to make the script functional.
  • Delete: Select an existing script and click Actions > Delete
  • Upload: Use a text file stored on your computer as a startup script. The script name in the menu is the name of the file you choose.
  • Download: Save a text file and store it on your computer as a startup script.

Important

Deleting a Startup Script File from a CCS console might affect other consoles because this file is a shared resource.

VTAM

Indicates to the server that the console is a standard VTAM terminal console and not a general console. This parameter is disabled by default.

Restart after all clients disconnect

The server stops and then restarts this console any time no clients are connected immediately after the last client disconnects. This parameter is disabled by default.

This option is useful for non-console (VTAM) connection if you want to make sure that mainframe consoles are logged off when they are not in use.

Model 

(Required) Selects the emulation to be performed by the console process. The default value is 3728-2.

This value must match the 3270 model defined on the mainframe for the console.

Extended Attributes

Enables the console support for 3270 extended attributes.

When unselected, the console support for 3270 extended attributes is disabled.

Enable TN3270E Access

Enables 3270 emulators to access this console.

The 3270 software must support the standard TN3270E protocol and you must configure the software to use both the CCS console name to specify this console and also the correct 3278 model or screen size to match the console definition. If the console name or model is not correctly specified, then the CCS server rejects the client's attempt to connect.

Enable User ID & Password Prompt

When enabled, the CCS server sends an initial user ID and password prompt to the 3270 client, requiring the user to enter in a valid CCS user ID and password to access the requested console.

Create/Save

Use the Create option to save your new console configuration.

Use the Save option to save any configuration changes you have made to an existing console.

Cancel

Cancel any configuration changes you have made to this console.

Input Options tab

The following table describes the Input Options tab:

UI feature

Description

Enable Command Suppression

Enables processing of client input for this console by command filtering defined on the CCS Server General tab. This option is disabled by default.

Buffered Input

Allows multiple CCS clients to type at the same time without their keystrokes interfering with each other. This option should always be selected unless otherwise directed by BMC Support. Make sure that it is selected if your site is using Console Automation.

Keyboard Lockout

If enabled, the console only allows a single client at a time to input data. The first user to start typing is granted the right to use the keyboard leaving the remaining users locked out.

The user who owns the keyboard can give it up in one of the following ways:

  • The user quits the client.
  • The user fails to type for a length of time determined by the Lockout Idle Timeout (see the next row).
  • The user types the keystroke combination assigned to the Keyboard Release function (by default this is CTRL+Shift+Q).
  • Another user types the Keyboard Override function (see Lockout Override in the next row).

This option is enabled by default.

Lockout Override

If enabled, then operators may use the Keyboard Override function to take the keyboard away from another user.

This option is disabled by default.

Lockout Idle Timeout (seconds)

Specifies the length of time after which a user who owns the keyboard but fails to type is forced to allow other users the opportunity to type. Values ranging from 10 seconds to 3600 seconds (1 hour) are permitted.

This option is disabled by default.

Interact with RACF security

For use at sites where RACF security is enabled on mainframe consoles. If enabled, only one user at a time may input commands. The lockout override function is automatically enabled and the idle timeout is disabled; keyboard ownership can change only when either the owning client quits or another user invokes the Keyboard Override function. Whenever the keyboard owner changes, the CCS server ensures that the first operator is logged off by sending in a PA2 (console Cancel command) and LOGOFF before accepting input from a different operator.

This option is disabled by default.

Viewer Color tab

The following table describes the Viewer Color tab:

Field

Description

Viewer Color

You can use the Viewer Color settings to define the visual appearance of the console in CCS clients.

Changing the viewer colors aids in distinguishing CCS consoles.

To change the colors, click the field and adjust the color. The preview is updated to show the changes.

Client Access tab 

CCS servers support connections from proprietary BMC Software clients (including Console Automation servers) and also third-party TN3270E emulators. On the Client Access tab, you can define the client access methods and port numbers to use for client connections.

When you create a CCS server, default client port numbers, that are unique and do not conflict with other services, are automatically chosen. If you need to change the port assignments, do not choose port numbers that conflict with the port numbers used by other defined CCS servers or any other server processes running on the BMC AMI Ops Console Management unit. To determine which ports are in use, see the Console report feature on the Consolidation Servers page.

The Client Access tab contains the following sections:

Standard Protocol section

Standard protocol clients include the Windows Console Consolidation Client, the Console Automation server, and viewer. These clients support both SSL-encrypted and unencrypted connections. The following table describes the UI features in the Standard Protocol section of the Client Access tab:

UI feature

Description

Enable unencrypted Access at port—Port  Number

(Required) CCS server accepts unencrypted connections from a standard protocol client on the specified port.

Enter the value of the port.

Enable SSL Access at port—Port  Number

(Required) CCS server accepts SSL-encrypted connections from a standard protocol client on the specified port.

Enter the value of the port.

Require client certificates

CCS server acquires authentication certificates from the CCS viewer running on the client desktop. This requires setting up a certificate trust store on the computer that you are using. All operators must have appropriate certificates set up in their Windows certificate store. For more information, see Creating-a-public-key-infrastructure-PKI-trust-store.

TN3270E Protocol section

TN3270E protocol clients include commercial software such as IBM's Personal Communications (or PCOMM) and the open-source Linux x3270. The following table describes the UI features in the TN3270E protocol section of the Client Access tab:

UI feature

Description

Enable unencrypted Access

CCS server accepts unencrypted connections from a TN3270E client on the specified port.

Enable SSL Access

CCS server accepts SSL-encrypted connections from a TN3270E client on the specified port. You might be required to change the default SSL certificate delivered with the unit and install the server's SSL certificate on client desktop computers.

To enable TN3270E SSL access, contact BMC Support.

Enable UserID and Password prompt

Select the toggle button to enter your user ID and password for 3270 emulators to access the 3270 console screen.

Prompting is determined on a per-console basis in the configuration for each defined console. If you enable this option in the server configuration, then you must also enable it in the desired console configurations. Disabling the prompt at the server level disables the prompt for all consoles whether or not their configuration requires it.

This option is enabled only when Enable unencrypted Access or Enable SSL Access is enabled.

Allow LU selection

CCS server presents a 3270 screen that lists available consoles for clients who connect without initially specifying a TN3270E LU name.

This option is enabled only when Enable unencrypted Access or Enable SSL Access is enabled.

Require client certificates

CCS server acquires authentication certificates from the CCS viewer running on the client desktop. This requires setting up a certificate trust store on the computer you are using and all operators must have appropriate certificates set up in their Windows certificate store. For more information, see Creating-a-public-key-infrastructure-PKI-trust-store.

This option is enabled only when Enable unencrypted Access or Enable SSL Access is enabled.

Logging tab

On the Logging tab, you can control and view server logging in the form of an operational log and an optional command auditing log. The operational log includes messages about server initialization, console startup, client connection, disconnection, and any errors experienced while the server is running. This log is the usual starting point for diagnosing problems.

The following table describes the UI features on the Logging tab:

UI feature

Description

Lookup client computer names

CCS server uses the current DNS server settings to obtain the name of the client computer.

To perform this function, at least one DNS server must be configured on the General Settings tab and the DNS server must be capable of performing a reverse DNS lookup.

Enable Logging

(Optional) Activates logging in the CCS server. This setting is enabled by default and is essential for problem diagnosis. Do not disable this setting unless directed by BMC Support.

Field

Description

Log File Name

Enter a name for the log.

Maximum Size (kilobytes)

Enter a value that defines the maximum size of the log file. After the log file reaches the maximum value, the server overwrites the earlier information to accommodate new information. The default value is 524288.

Enable Command Auditing

Activates the Command Auditing log feature. The Command Auditing log includes operator logons, logoffs, and commands sent to the host. If command suppression is enabled, the logged command messages indicate whether the command was permitted or denied.

Field

Description

Audit Log Directory

The name of the directory where the audit logs are stored. The default value is AuditLogs.

Maximum Size (kilobytes)

Enter a value that defines the maximum size of the log file. After the log file reaches the maximum value, the server automatically archives the current log and begins writing a new log file.

Security tab

Operators who want to connect to CCS consoles must authenticate themselves before they connect to a console. The authentication method is configured in the authentication server configuration.

You can configure a CCS server to use an authentication server on a different host.

Also, you can send additional configurational options to the authentication server. If the authentication server configures them, it passes them as a parameter to an external program.

The following table describes the UI features on the User Authentication Setup section of the Security tab:

US Feature

Description

Authentication Server Host

(Required) Enter the host for the authentication server. The default value is localhost.

Port

Enter the port number for the authentication server. The default value is 1515.

Send Additional Options

(Optional) Select the toggle button to send additional options that are passed as a parameter to an external program if it is configured in the authentication server.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*