Easy and Secure VPN Tunnel for IBM i
Green Screens VPN allows secure access to the IBM I servers from the outside world without directly exposing machines from internal company infrastructure.
This is the opposite of having IBM I in the cloud and locally installed terminals and VPN clients on every workstation. Our solution does not require any installation on workstations except having a modern web browser.
Our technology allows you to connect Green Screens Server and IBM i machine through different networks, hiding IBM i from the Internet. In a case of network attacks, denial-of-service etc., our servers will be on the front to be hit. IBM I machines remain untouched and safe behind NAT and/or Firewall.
You don't need to buy an expensive VPN network appliance to access your IBM I, neither you have to put your IBM I into the cloud if you don't want to.
Green Screens VPN for IBM I will do the job. No extra cost.
About Network Tunnel
Network tunnel is a type of secured VPN implemented into Green Screens Server, allowing encrypted connections to the IBM I servers without touching IBM I configurations.
Green Screens VPN is based on two running services (small 2 MB programs). One running on the same machine where Green Screens Service is running, and another one on the same network where IBM I is running.
All communication goes through those two services, protecting IBM I server from the outside world. Telnet, DDM, and other services used by Green Screens server are fully encrypted as VPN Service is wrapping all communications into an encrypted stream.
VPN Service running inside your network has an additional security and acts as specialized firewall also by introspecting incoming network packets and blocking any other requests (if any) not related to the registered IBM I system.
What about web terminal security?
Now, one might ask about protecting access from the web terminal itself? Sure, we were thinking about that also. There are several protections schemes.
- Mandatory login page asking and validating remote system username/password before accessing terminal sign-on
- Mandatory OTP registration. Along username/password, 6-digit random token will be required upon every login.
- Biometric TPM module - fingerprint reader available inside many laptops today.
- Security key/token as Yubico Key or Google Key and many others.
To get an idea, here is a network infrastructure example. (click image to see full size)
Green Screens Flavors
Green Screens Server is available in two flavors. Enterprise and Cloud version.
For cloud version, there are two sub-versions:
- dedicated - a single instance only for your company, fully isolated
- shared - multiple small companies using the same GS server responsible to redirecting individual users to their IBM I machines
Enterprise vs Cloud Features
| Features | Enterprise |
Cloud Dedicated |
Cloud Shared |
|---|---|---|---|
| Required License on IBM i | Yes | Yes | No |
| In-house installation | Yes | No | No |
| Cloud installation | No | Yes | Yes |
| Manage GS server by us | No | Yes | Yes |
| Cloud only install | No | Yes | Yes |
| Tunneling Feature | No | Yes | Yes |
| Android Application | Yes | Yes | Yes |
| Printing | Yes | Yes | Yes |
| Modernization | Yes | Yes | No |
| File transfer | Yes | Yes | No |
Dedicated vs Shared Cloud
| Features | Cloud Dedicated | Cloud Shared |
|---|---|---|
| License on IBM i | Yes | No |
| Admin console access | Yes | No |
| Modernization | Yes | No |
| File transfer | Yes | No |
| Better performance | Yes | No |
| Shared performance | No | Yes |
| More features | Yes | No |
| More affordable | No | Yes |