Easy and Secure VPN Tunnel for IBM i

Green Screens VPN allows secure access to the IBM I servers from the outside world without directly exposing machines from internal company infrastructure.

This is the opposite of having IBM I in the cloud and locally installed terminals and VPN clients on every workstation. Our solution does not require any installation on workstations except having a modern web browser.

Our technology allows you to connect Green Screens Server and IBM i machine through different networks, hiding IBM i from the Internet. In a case of network attacks, denial-of-service etc., our servers will be on the front to be hit. IBM I machines remain untouched and safe behind NAT and/or Firewall.

You don't need to buy an expensive VPN network appliance to access your IBM I, neither you have to put your IBM I into the cloud if you don't want to.

Green Screens VPN for IBM I will do the job. No extra cost.

About Network Tunnel

Network tunnel is a type of secured VPN implemented into Green Screens Server, allowing encrypted connections to the IBM I servers without touching IBM I configurations.

Green Screens VPN is based on two running services (small 2 MB programs). One running on the same machine where Green Screens Service is running, and another one on the same network where IBM I is running.

All communication goes through those two services, protecting IBM I server from the outside world. Telnet, DDM, and other services used by Green Screens server are fully encrypted as VPN Service is wrapping all communications into an encrypted stream.

VPN Service running inside your network has an additional security and acts as specialized firewall also by introspecting incoming network packets and blocking any other requests (if any) not related to the registered IBM I system.

What about web terminal security?

Now, one might ask about protecting access from the web terminal itself? Sure, we were thinking about that also. There are several protections schemes.

  • Mandatory login page asking and validating remote system username/password before accessing terminal sign-on
  • Mandatory OTP registration. Along username/password, 6-digit random token will be required upon every login.
  • Biometric TPM module - fingerprint reader available inside many laptops today.
  • Security key/token as Yubico Key or Google Key and many others.

To get an idea, here is a network infrastructure example. (click image to see full size)

Green Screens Flavors

Green Screens Server is available in two flavors. Enterprise and Cloud version.

For cloud version, there are two sub-versions:

  • dedicated - a single instance only for your company, fully isolated
  • shared - multiple small companies using the same GS server responsible to redirecting individual users to their IBM I machines

Enterprise vs Cloud Features

Features Enterprise
Required License on IBM i Yes Yes No
In-house installation Yes No No
Cloud installation No Yes Yes
Manage GS server by us No Yes Yes
Cloud only install No Yes Yes
Tunneling Feature No Yes Yes
Android Application Yes Yes Yes
Printing Yes Yes Yes
Modernization Yes Yes No
File transfer Yes Yes No

Dedicated vs Shared Cloud

Features Cloud Dedicated Cloud Shared
License on IBM i Yes No
Admin console access Yes No
Modernization Yes No
File transfer Yes No
Better performance Yes No
Shared performance No Yes
More features Yes No
More affordable No Yes