When a request is received from a source that is external to the corporate network containing the SNA Server subdomain, or a domain-type network is not being used, domain authentication is usually a difficult process to implement.
In this case, SNA Server performs workstation authentication on the following services:
Figure 7.3 Workstation authentication process for TN3270 terminal access.
For these services, you can specify a list of client workstation IP addresses that are allowed for defined resources. When SNA Server receives a session request, it determines whether the requesting IP (or workstation name for TN3270E connections) matches that which is specified for the requested resource, as shown in Figure 7.3. Once verified, SNA Server allows the request to proceed.
Note This type of authentication is not as secure as domain security because workstation names and the IP address are transmitted in clear text over the network.