The coronavirus pandemic and accompanying "social distancing" has created unique business challenges on many fronts. This is particularly true for companies who weren't already set up to support large swaths of employees suddenly looking to access their IBM i-based ERP systems from home.
This fundamental change to where users perform their jobs is often not a simple technical task to achieve, particularly when already stretched IT departments need to support the changes en masse. From security concerns to hardware limitations and VPN complexities, there is no shortage of obstacles to be addressed.
Fortunately, almost everyone has some sort of internet-connected computer device at home with a browser. So with a relatively simple setup on the IBM i side, employees can use Valence's Fusion5250 app to provide secure green screen access from home quite quickly, without the rigmarole of procuring new hardware and/or installing client software.
Before we continue, let's preface this with a reminder that CNX absolutely favors and promotes the use of web and mobile technology as the best way to interface with IBM i wherever possible. However we must also acknowledge there are thousands of companies running ERP systems and custom programs that harken back to the AS/400 and iSeries days where green screens serve as the primary UI. The fact is, leaping from a widely used text-based UI to a browser-based GUI is not something that can be quickly achieved across the board anywhere. And rushed solutions like screen-scraping tend to result in clunky, lipstick-on-a-pig solutions that users often reject over their tried and true 5250 emulators.
Hence the introduction of Fusion5250, a purely browser-based 5250 emulator that was announced last year as part of the Valence 5.2+ release. Fusion5250 makes it possible for web apps and green screen programs to work side-by-side in the same browser tab, providing a mechanism for companies to ease their way into the brave new GUI world. It also happens to be a good way for users to access 5250 programs from home without requiring any special software, which is the focus of this post.
Once you've installed Valence 5.2+, initiating a Fusion5250 green screen session is simple. First, be sure to log in to the Valence Portal with your standard IBM i user and password. Once you're presented with the launchpad, click on the Fusion5250 app tile.
You should then be automatically logged in and presented with the first screen you normally see after your green screen login.
In the event you do not get a login screen, the problem may be that your network is blocking the port Valence needs to communicate through web sockets with the Fusion5250 app. The default port for Valence 5.2+ is 17052, so check with your network admin that this port is not closed off. Alternatively, you can change the port by launching the Portal Admin app, then going into Settings > IBM i Settings > Fusion5250 Settings and changing the Socket Listener Port, as shown here:
Creating a URL Link to Fusion5250
If you're looking to give your users a simple bookmark to get straight into a 5250 session, bypassing the Valence Portal (other than to log in), you can append some special query parameters to the URL you use to access Valence, telling Valence to automatically launch the Fusion5250 app (which is Valence app ID 150) and, optionally, to not show the user the Portal. For instance, if your IBM i is at 192.168.1.1, then you should have your users bookmark this URL:
It's also possible to create different versions of the Fusion5250 app that jump straight into specific programs within your ERP system. This is accomplished through the use of macros that are linked to the app. For instance, you could create an "Inventory Inquiry" app or bookmark that would take users straight into your company's inventory lookup program. See the Valence Guide for specific instructions on creating Fusion5250 macros.
Remote Access Options
Once you've proven out that you can use Fusion5250 to access your IBM i within your network, you're ready to make it accessible to users working from home. There are basically two ways to accomplish this: (1) Through VPN access to the network, and (2) by opening up your Valence Instance to the outside world using SSL.
For users who already have VPN access, this approach is kind of a no-brainer. Just be sure that your VPN and firewall pass through the two required ports, which are 7052 and 17052. The latter port can be changed in Portal Admin, as discussed above. If you need to change the 7052 port then you will need to go into your IBM i Apache Server setup and change the Listener Port.
If some of your outside users do not have VPN access for whatever reason, you'll need to set up access to the Valence Portal instance via a direct or indirect connection to your IBM i through the internet. Most locations do this by setting up a separate Valence instance with a secure SSL connection, sometimes augmented with a proxy connection. There are two processes required to get your Valence instance running in this manner:
(1) Obtain a digital certificate and configure your Valence instance to use it. The steps to accomplish this are described in great detail on a separate blog post.
(2) Adjust your Fusion5250 configuration settings to run through the SSL setup, as described in the Valence Guide.
Again, be sure your network is allowing all the appropriate ports to get through, otherwise you will get communication errors when attempting to launch the Fusion5250 app. It is recommended you be on Valence build 5.2.20200323.0 or greater when using SSL with Fusion5250 in order to avoid certificate authority issues.
CNX has amassed a great deal of experience over the years helping companies get remotely connected to their Valence instances from outside their networks, so if you run into any troubles getting it all to work, drop us a line and we'll be happy to help you out. In the wake of all this coronavirus pandemonium, perhaps one silver lining is that a lot of companies will have gained a whole new way of getting connected to their systems.