VM TCP/IP and VTAM

LU names don't mean anything to a VM system. If we let a user provide an LU name to VTAM, it would be a major security breach. To address this limitation, TCP/IP for VM provides a session connection exit, which allows each installation to decide, based on IP address:

1. who is allowed to access their system via Telnet, and
2. how they are allowed access it.

The exit can issue commands on behalf of an incoming user, suppressing the logo and any responses to those commands, so the user is not aware of what is being done for them.

For example, suppose you want to assign particular virtual device addresses in the VTAM virtual machine to users at specific IP addresses. Based on a user's IP address, the session connection exit can determine which VTAM machine virtual address they should be connected to. The virtual address could be selected by looking up the IP address in a table or by using an algorithm based on the value of the IP address. The exit can clear the screen and issue the appropriate DIAL VTAM command on the user's behalf to get them to the right place.

The sample session connection exit we supply shows how to do this and is documented in Appendix A of the TCP/IP for VM Planning and Customization manual (for TCP/IP FL310 and V2R4); for TCP/IP FL320, this information is present in the TCP/IP Programmer's Reference. We provide an Assembler routine (SCEXIT ASSEMBLE) that invokes an EXEC (SCEXIT EXEC). The EXEC is where the actual work is done. An exit could do much more than this, as the sample in the manuals illustrate. To enable the exit, PROFILE TCPIP must specify the exit routine filename as follows:

  InternalClientParms
    ConnectExit filename
  EndInternalClientParms

The exit routine TEXT file must reside on a disk accessible to the TCPIP service machine.

TN3270E support for printers is introduced with TCP/IP FL310 for VM/ESA Version 2 Release 3. This support maps LU name-IP address combinations for printer sessions to particular VTAM virtual addresses. This involves another exit, the printer management exit (PMEXIT), and gives more direct support for the concept of LU names. A table of LU names and IP addresses and their corresponding userids (VTAM in this case) and virtual addresses is part of the TCPIP configuration file. As well, the printer must be defined to VTAM as a type 2 LU (perhaps it already is) since we do not support SNA data streams.

Incidentally: the LU name is simply a way of, in conjunction with the IP address, identifying the printer. If the printer is attached to VTAM at a virtual address that doesn't correspond to the LU name, neither TCP/IP nor VTAM (a) can tell there is a mismatch, or (b) do anything about it.

Documentation for the printer management exit can be found in Appendix A of the TCP/IP for VM Planning and Customization manual (for TCP/IP FL310); for TCP/IP FL320, this information is present in the TCP/IP Programmer's Reference.