TCP/IP SSL Server - Managing Network Connectivity

   The modsymlinks Utility

A utility script (modsymlinks) is provided as part of the vmssld-1.24.7-1 (and later) RPM packages, as an aid for managing the symbolic link changes required for running the SSL server. By default, this utility resides in the /opt/vmssl/bin directory.

The script deactivates existing boot links in the /etc/rc.d/rcn.d directory (where  n  is the established run level), by renaming those links and then creating appropriate links for running vmssl. This utility can also be used to restore links that were previously renamed through its use.

Note
Use of the modsymlinks utility is the preferred method for managing symbolic link changes within the SSL server Linux guest. However, if you have chosen to manage the required link changes on your own (or plan to do so), refer to the "isntall" file provided with the SSL RPM package in use for detailed information about specific changes that are necessary.

   SuSE Linux - Deactivating Linux Networking Support

The steps presented here can be used to deactivate the automatic startup and shutdown of networking support for the Linux 2.4.7 kernel.

Initialize the SSL Server to an Inactive State

  1. Initialize the SSL server to an inactive state, using the VMSSL STOP command.

Deactivate Linux Networking Support

  1. After Linux has initialized, login via the 3270 console as: root

  2. Assuming the modsymlinks utility is being used to manage the necessary modifications, issue the commands that follow to deactivate symbolic links to allow for running the SSL server deamon application (vmssl) within this Linux guest: 

      cd /opt/vmssl/bin
  ./modsymlinks -m

    The -m option indicates that symbolic links are to be modified, and that link information is to be saved for later reference (such as to restore the original links).

Shutdown Linux

  1. After having completed the above changes, use the halt command to shutdown Linux: 

       halt -n

    When this Linux system is again initialized (using either the z/VM VMSSL command, or the CP IPL devnum command), it then can be configured and tested, using certificates of your choosing as described in the Configuring the SSL Server chapter of z/VM: TCP/IP Planning and Customization.

    Reminder
    Once the SSL server has been initialized using the z/VM VMSSL command, other Linux network functions (such as telnet and ftp) are no longer available for use.

   SuSE Linux - Activating Linux Networking Support

The steps presented here can be used to activate the automatic startup and shutdown of networking support for the Linux 2.4.7 kernel.

Initialize the SSL Server to an Inactive State

  1. Initialize the SSL server to an inactive state, using the VMSSL STOP command.

Activate Linux Networking Support

  1. After Linux has initialized, login via the 3270 console as: root

  2. Assuming the modsymlinks utility is being used to manage the necessary modifications, issue the commands that follow to activate the various symbolic links required for using Linux networking support: 

      cd /opt/vmssl/bin
  ./modsymlinks -r

    The -r option indicates that symbolic links are to be restored, based on previously saved link information.

Shutdown Linux and Re-Establish Network Connections

  1. After having completed the above changes, use the halt command to shutdown Linux: 

       halt -n

  2. Modify the TCP/IP server configuration file (PROFILE TCPIP, or its equivalent) such that the appropriate network connection (originally used to install Linux within the SSLSERV virtual machine) is again activated. If necessary, see z/VM: TCP/IP Planning and Customization for information about specific statements that should be changed.

    In general, the DEVICE, LINK, and START statements associated with this connection, as well as applicable GATEWAY or other network routing statements, will likely require modification.

Re-Initialize the SSL Server

  1. The SSL server should again be initialized to an inactive state, using the VMSSL STOP command. Once this is done, it should then be possible to establish ftp and telnet connections for making Linux-specific configuration changes.

    Note:
    After all modifications have been completed, you must again deactivate Linux networking support (as described in the previous section), which at the same time activates automatic startup of the vmssl daemon, prior to using the SSL server to provide secure connection support.