How to open a 5250 console on a Novalink managed IBM i partition

Resolving The Problem

On PowerVC controlled Novalink servers, the recommended method is to open the IBM i partition's console directory in the PowerVC GUI. See "PowerVC" below.

On Novalink managed servers, there are 3 different methods to create an IBM i 5250 console using Novalink. Two methods use VNC to a "local" 5250 emulator hosted by novalink. The third allows use of IBM Personal Communications (stand-alone) connecting remotely.

On HMC-Novalink dual managed servers, Novalink must be set as the management "master" to create a novalink 5250 console. The console can also be opened on the HMC regardless of management mode however, as with dual HMCs, only one Management Console can actively host the partition console session at any one time.

Summary table

Method	Required Software	Security	Authentication	Sharing Modes	132 column support	Sizable Window
HMC	Supported 5250 emulator such as ACS, IBM i Access for Windows/Linux or IBM Personal Communications.	Plain text or TLS 1.2	HMC	Dedicated Shared (password protected)	No	yes
PowerVC via Novalink	Web browser	Browser Encryption	PowerVC, novalink	Shared via novalink VNC (no password)	No	No
Novalink - local VNC	ssh client with local port forwarding VNC Client	Encrypted (via ssh)	Novalink	Shared via VNC (password optional)	No	Via VNC scaling
Novalink - remote VNC	VNC Client	Not secured	Novalink	Shared via VNC (password optional)	No	Via VNC scaling
Novalink - remote emulation	ssh client with local port forward IBM Personal Communications (stand-alone)	Encrypted (via ssh)	Novalink	*Dedicated only	Yes	Yes

PowerVC

For PowerVC managed novalink servers, the console can be opened directly in the PowerVC GUI. These sessions can be shared via novalink local VNC.

1. Log in to PowerVC
Open a browser to the PowerVC server and login.

2. In the navigation area, select Virtual Machines then click the desired IBM i partition


3. Click the console tab



Novalink - local VNC
This method uses ssh to tunnel/encrypt the vnc session. It restricts access to the 5250 console session to users with a novalink login and, optionally, further restricts access to novalink users with the vnc session password.

Requirements:
- A VNC client. There are many clients available for download such as TightVNC, TigerVNC, RealVNC, etc.
- A ssh client. There are several ssh utilities available such as PuTTy.

Step 1: (Optional) Set a password for the session
Use the x11vnc -storepassword option to create a VNC session password. This only has to be done one time.
Note: With the VNC protocol only the first 8 characters of a password are used (DES key).

This examples uses a unique password file to allow for different passwords for different sessions:
x11vnc -storepasswd /home/padmin/.vnc/lpar6passwd
Enter VNC password:
Verify password:
Write password to /home/padmin/.vnc/lpar6passwd? [y]/n y
Password written to: /home/padmin/.vnc/lpar6passwd

Step 2. Novalink: Open the 5250 console
a) Open a ssh session
On the novalink command line run the mkvterm command to the target partition using the "--vnc" and "--local" options. Optionally specify a password file.

Example for lpar 6 - no password:

mkvterm --id 6 --vnc --local

Example for lpar 6 - password protected:

mkvterm --id 6 --vnc --local --passwdfile /home/padmin/.vnc/lpar6passwd

The output of the command will show the vnc port to use. Example:

5906
VNC is started on port 5906 for localhost access only. Use 'rmvterm --id 6' to close it.

Step 3: Open a ssh tunnel with local forwarding to the target port
Create a ssh local port forward from an unused local port to the VNC port returned in step 1 (5906 in our example) to the novalink partition.

Linux example:

ssh -L 30000:127.0.0.1:5906 padmin@<novalink>

Putty example:
For Putty you can configure the tunnel prior to opening a new session or Change settings on the current session:
- click Configure or change settings, Connection > SSH > Tunnels
- Pick an unused source port such as 30000
- Set destination to 127.0.0.1:5906 where "5906" is the VNC port returned in Step 1.
- Click Add
- Click Apply


Step 4. Open a VNC session to the local port
Connect VNC
In the example above the local source port was "30000" so VNC to loopback (127.0.0.1) port 30000:


Enter a password if prompted/set and connect.



Step 5 To disable the console run the rmvterm command
In our example, the command is rmvterm --id 6

Novalink - Remote 5250 Emulation
This method allows connection from a remote TN5250 client over a ssh local port forward. It requires a novalink login. The session is dedicated however connecting a second emulator will force the first emulator to disconnect. The behavior of the console "job" is dependant on the console recovery options configured in the partition.

Requirements
- A 5250 emulator supported by IBM i console which does not require an IBM i license.
This includes IBM Personal Communications (stand-alone) . Other TN5250 clients may work but are not supported.
- A ssh client. There are several ssh utilities available such as PuTTy.

Step 1: Open the session
In novalink, run the mkvterm command to the target partition without any additional optional parameters:

mkvterm --id 6
You can connect using a 5250 emulator on your local workstation via an SSH tunnel:
* ssh -L 2300:10.253.0.6:2300 padmin@lxsles11
* Connect your 5250 emulator to localhost port 2300

Note: This command does not run detached/batch. You must leave the mkvterm command running with its ssh session active.

Step 2: Create a ssh local port forward to the target.

In Linux, open a ssh session with local port forwarding to novalink using the command specified in the mkvterm output.
In this example it is: ssh -L 2300:10.253.0.6:2300 padmin@lxsles11

For Putty you can open a new session or change settings on the current session:
- click Configuration/change settings, Connection > SSH > Tunnels
- Pick an unused source port such as 2300
- Set destination as specified in the mkvterm output from step 1
In this example the destination is the "10.253.0.6:2300"
- Click Add
- Click Apply


Step 3: Connect a TN5250 session to the local port.

In IBM Personal Communcations select "iSeries" or "IBM i"


In "Link Parameters", configure the emulator to connect to loopback and the source port specified in step 2. Click OK


In Session Parameters, optionally specify27x132 session if desired.


Connect the new session


Step 4 To disable the console use ctl+c to end the mkvterm command or disconnect the ssh session the command runs in.



Common Errors
Note that IBM i TN5250 clients that require an IBM i license, such as IBM i Access Client Solutions (ACS) host on demand and IBM i Access for Windows/Linux will fail to connect.

ACS console will fail validation with MSGHMC007:

ACS TN5250 will fail license connection with MSGSOCK007. IBM i Access for Windows will fail to connect with CWBLM0018 rc2=8413 HMC c

Novalink - Direct VNC
Use the x11vnc -storepassword option to create a VNC session password. This only has to be done one time.
Note: With the VNC protocol only the first 8 characters of a password are used (DES key).

This examples uses a unique password file to allow for different passwords for different sessions:
x11vnc -storepasswd /home/padmin/.vnc/lpar6passwd
Enter VNC password:
Verify password:
Write password to /home/padmin/.vnc/lpar6passwd? [y]/n y
Password written to: /home/padmin/.vnc/lpar6passwd

Step 2. Novalink: Open the 5250 console
On the novalink command line run the mkvterm command to target partition using the "--vnc" but omit the "--local" option. Optionally specify a password file.

Example - no password:

mkvterm --id 6 --vnc

Example - password protected:

mkvterm --id 6 --vnc --passwdfile /home/padmin/.vnc/lpar6passwd

The output of the command will show the vnc port to use. Example:
5906
VNC is started on port 5906 for localhost access only. Use 'rmvterm --id 6' to close it.

Step 3: Open a VNC session to the target port on the novalink partition.
Specify the target port returned in step 2.



Step 4: To disable the console run the rmvterm command
In our example, the command is rmvterm --id 6