if the host to which you want to open the telnet session is not the one from which the applet was loaded then you have to either
* sign your applet (and every user must then confirm that they trust you as a provider)
* tunnel your telnet traffic through a gateway located on the server which serves the applet.
The first solution is more simple but required each user to perform a supplemental action and wouldn't work with firewalls
The second solution is more challenging but is transparent for the user and passes through firewalls if you tunnel your telnet traffic over HTTP.