372 lines
20 KiB
HTML
372 lines
20 KiB
HTML
|
<?xml version="1.0" encoding="utf-8"?>
|
||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
||
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="dc.language" scheme="rfc1766" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow"/>
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<title>Scenario: Configure a multi-hop connection through a remote server</title>
|
||
|
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="ic.css" />
|
||
|
</head>
|
||
|
<body>
|
||
|
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
|
||
|
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
|
||
|
|
||
|
|
||
|
<a name="scenario8"></a>
|
||
|
<h3 id="scenario8">Scenario: Configure a multi-hop connection through a remote server</h3>
|
||
|
<p class="sectionscenariobar"><span class="bold">Situation</span></p>
|
||
|
<p>Suppose you are responsible for maintaining an iSeries™ server for
|
||
|
MyCompany, a medium-sized manufacturing company in Boone, Iowa. As part of
|
||
|
providing this support, you need to establish a connection between electronic
|
||
|
customer support and MyCompany's iSeries server. MyCompany has an iSeries server on
|
||
|
a private network that accesses the Internet through a VPN multi-hop gateway.
|
||
|
The multi-hop gateway could be either an iSeries or a router that supports L2TP multi-hop
|
||
|
(chained tunnels). In this case, you create a connection from your iSeries server through
|
||
|
a multi-hop connection. Because you do not need to provide connections for
|
||
|
other systems, you do not need to consider providing connections for other
|
||
|
servers or partitions.</p>
|
||
|
<a name="wq129"></a>
|
||
|
<div class="notetitle" id="wq129">Note:</div>
|
||
|
<div class="notebody">The HMC cannot currently provide this
|
||
|
multi-hop gateway support.</div>
|
||
|
<p class="sectionscenariobar"><span class="bold">Solution</span></p>
|
||
|
<p>Create a Universal Connection to IBM® through the multi-hop connection. In this
|
||
|
case, you establish a connection between two virtual private network tunnels
|
||
|
from a remote server to electronic customer support.</p>
|
||
|
<p></p>
|
||
|
<p class="sectionscenariobar"><span class="bold">Advantages</span></p>
|
||
|
<p>This scenario provides the following advantages:</p>
|
||
|
<ul>
|
||
|
<li>MyCompany can create a connection from its iSeries system on a private network through
|
||
|
another iSeries or router that has direct connectivity to the Internet.</li>
|
||
|
<li>The multi-hop connection provides a means of ensuring that MyCompany has
|
||
|
electronic customer support available for ease of troubleshooting server problems,
|
||
|
tracking current system hardware and software, or receiving software updates
|
||
|
and fixes.</li>
|
||
|
<li>A multi-hop connection provides a high degree of security between your iSeries system and electronic customer support by shielding it from the Internet.</li>
|
||
|
<li>High speed access to electronic customer support is available with this
|
||
|
option.</li></ul>
|
||
|
<p class="sectionscenariobar"><span class="bold">Objectives </span></p>
|
||
|
<p>In this scenario, the customer wants to ensure that IBM can support
|
||
|
the MyCompany system over the network though a multi-hop connection over the
|
||
|
Internet. The objectives of this scenario are as follows:</p>
|
||
|
<ul>
|
||
|
<li>To create a secure multi-hop connection between MyCompany and electronic
|
||
|
customer support over the Internet.</li>
|
||
|
<li>To automate customer support through electronic customer support and services</li>
|
||
|
<li>To allow electronic customer support to create an electronic hardware
|
||
|
and software inventory of MyCompany's iSeries system</li>
|
||
|
<li>To permit electronic customer support to send software fixes and updates
|
||
|
to MyCompany over the network</li></ul>
|
||
|
<p class="sectionscenariobar"><span class="bold">Details</span></p>
|
||
|
<p>The following diagram illustrates connecting the MyCompany iSeries server to
|
||
|
electronic customer support through a VPN multi-hop gateway.</p>
|
||
|
<div class="mmobj">
|
||
|
<img src="rzatj509.gif" alt="Diagram that depicts a multi-hop connection through a remote server" /></div>
|
||
|
<p><span class="bold">Configuring Universal Connection</span></p>
|
||
|
<ul>
|
||
|
<li>iSeries Navigator launches the Universal Connection Wizard to configure
|
||
|
the connection. This only needs to be done once unless some configuration
|
||
|
information needs to be updated.</li></ul>
|
||
|
<p><span class="bold">Using Universal Connection</span></p>
|
||
|
<p>When a Service Application wants to use the Universal Connection to communicate
|
||
|
with IBM the following will occur:</p>
|
||
|
<ul>
|
||
|
<li>An L2TP tunnel is established to the VPN multi-hop gateway.</li>
|
||
|
<li>Seeing that the connection request is for IBM service, a VPN is established through
|
||
|
your existing Internet connection to a VPN Gateway at IBM.</li>
|
||
|
<li>The L2TP tunnel is chained to the VPN connection.</li>
|
||
|
<li>The service application communicates with the appropriate IBM servers to perform
|
||
|
the requested service.</li></ul>
|
||
|
<a name="scenprereqs8"></a>
|
||
|
<p id="scenprereqs8" class="sectionscenariobar"><span class="bold">Prerequisites
|
||
|
and assumptions</span></p>
|
||
|
<p>The prerequisites for enabling electronic customer support over a remote
|
||
|
multi-hop connection include:</p>
|
||
|
<ul>
|
||
|
<li>The iSeries server must have IP connectivity to the VPN multi-hop gateway.</li>
|
||
|
<li>Ensure that the iSeries Access for Windows® and iSeries Navigator exist on your personal computer,
|
||
|
as described in the <a href="../rzaij/rzaijrzaijinstall.htm">iSeries Access for Windows:
|
||
|
Installation and setup</a> topic.</li>
|
||
|
<li>Ensure that you install all of the latest service packs for iSeries Navigator.
|
||
|
The scenarios show using the V5R4 version of the software.</li>
|
||
|
<li>Ensure that TCP/IP is active. You can start TCP/IP through the Start TCP/IP
|
||
|
(STRTCP) command.</li>
|
||
|
<li>You must have security officer (*SECOFR) authority with *ALLOBJ,
|
||
|
*IOSYSCFG, and *SECADM special authorities in your i5/OS™ user profile and *USE authority to WRKCNTINF
|
||
|
in order to configure the connection using the Universal Connection wizard.</li>
|
||
|
<li>You must install the TCP/IP Connectivity Utilities (5722–TC1).</li>
|
||
|
<li>You must install the Digital Certificate Manager (DCM) (5722-SS1
|
||
|
option 34).</li>
|
||
|
<li>Ensure that the QRETSVRSEC system value is set to 1. You can check this
|
||
|
value with the Display System Value (DSPSYSVAL) command. If this value is
|
||
|
not set to 1, enter a Change System Value (CHGSYSVAL) command.</li>
|
||
|
<li>Ensure that the VPN multi-hop gateway has been configured to allow connections
|
||
|
to IBM. If you are using an iSeries as the VPN multi-hop gateway, see <a href="scenario5.htm#scenario5">Configure a direct Internet connection from a server that
|
||
|
provides connectivity for other systems or partitions</a>. Other options are
|
||
|
discussed in <a href="detvpnaddy.htm#detvpnaddy">Determine the IBM VPN Gateway addresses</a>.</li></ul>
|
||
|
<p class="sectionscenariobar"><span class="bold">Current® System or Partition configuration
|
||
|
steps</span></p>
|
||
|
<p>Assuming that TCP/IP configuration already exists and works, complete the
|
||
|
following steps to set up the Universal Connection if you connect to electronic
|
||
|
customer support through a VPN multi-hop gateway:</p>
|
||
|
<ol type="1">
|
||
|
<li><a href="scenario8.htm#step1multihop1">Complete the planning work sheet.</a></li>
|
||
|
<li><a href="scenario8.htm#step2multihop1">Start iSeries Navigator and select the Universal
|
||
|
Connection wizard.</a></li>
|
||
|
<li><a href="scenario8.htm#step3multihop1">Enter the service, address, and country information
|
||
|
on the Universal Connection wizard dialogs.</a></li>
|
||
|
<li><a href="scenario8.htm#step4multihop1">Under Connect through another system or partion,
|
||
|
select the A multi-hop VPN connection to the Internet option.</a></li>
|
||
|
<li><a href="scenario8.htm#step5multihop1">Enter a VPN Gateway address or host name to
|
||
|
make the multi-hop VPN connection to IBM.</a></li>
|
||
|
<li><a href="scenario8.htm#step6multihop1">For proxy option, configure a proxy destination.</a></li>
|
||
|
<li><a href="scenario8.htm#step7multihop1">Indicate that this server does not provide
|
||
|
connectivity for other servers or partitions.</a></li>
|
||
|
<li><a href="scenario8.htm#step8multihop1">Review the Summary window to ensure that the
|
||
|
configuration meets your requirements, and click <span class="bold">Finish</span> to
|
||
|
save your configuration.</a></li>
|
||
|
<li>When prompted, <a href="scenario8.htm#step9multihop1">Test the connection from your
|
||
|
server to electronic customer support.</a></li>
|
||
|
<li><a href="scenario8.htm#step10multihop1">Configure a backup configuration.</a></li></ol>
|
||
|
<p><span class="bold">Scenario details: Configure a multi-hop connection through
|
||
|
a remote server</span></p>
|
||
|
<p>After you complete the <a href="scenario8.htm#scenprereqs8">prerequisites</a>, you
|
||
|
are ready to begin configuring the Universal Connection through the wizard.</p>
|
||
|
<a name="step1multihop1"></a>
|
||
|
<p id="step1multihop1" class="sectionscenariobar"><span class="bold">Step 1:
|
||
|
Complete the planning work sheet.</span></p>
|
||
|
<p>The following planning work sheet illustrates the type of information you
|
||
|
need before configuring the remote multi-hop connection to electronic customer
|
||
|
support. You use this information when running the Universal Connection wizard.</p>
|
||
|
<a name="wq131"></a>
|
||
|
<table id="wq131" width="100%" summary="" border="1" frame="border" rules="all" class="blocksingleborder">
|
||
|
<thead valign="bottom">
|
||
|
<tr class="tablemainheaderbar">
|
||
|
<th id="wq132" width="58%" align="left" valign="top">Planning work sheet</th>
|
||
|
<th id="wq133" width="41%" align="left" valign="top">Answers</th>
|
||
|
</tr>
|
||
|
</thead>
|
||
|
<tbody valign="top">
|
||
|
<tr>
|
||
|
<td headers="wq132"><span class="bold">Service information</span>
|
||
|
<ul>
|
||
|
<li>Company</li>
|
||
|
<li>Contact name</li>
|
||
|
<li>Telephone number</li>
|
||
|
<li>Help desk or pager number</li>
|
||
|
<li>Fax number</li>
|
||
|
<li>Alternate fax number</li></ul></td>
|
||
|
<td align="left" headers="wq133"><span> </span>
|
||
|
<ul>
|
||
|
<li>MyCompany</li>
|
||
|
<li>Tom Smith</li>
|
||
|
<li>515–870–9990</li>
|
||
|
<li>515–870–9942</li>
|
||
|
<li>515–870–5586</li>
|
||
|
<li>515–870–5587</li></ul></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td headers="wq132"><span class="bold">Company address</span>
|
||
|
<ul>
|
||
|
<li>Street address</li>
|
||
|
<li>City or locality</li>
|
||
|
<li>State or province</li>
|
||
|
<li>Country (or region)</li>
|
||
|
<li>Postal code</li>
|
||
|
<li>National language version</li>
|
||
|
<li>Electronic mail address</li>
|
||
|
<li>Alternate electronic mail address</li>
|
||
|
<li>Media for PTFs (fixes)</li></ul></td>
|
||
|
<td align="left" headers="wq133"><span> </span>
|
||
|
<ul>
|
||
|
<li>94 West Proctor St.</li>
|
||
|
<li>Boone</li>
|
||
|
<li>Iowa</li>
|
||
|
<li>United States</li>
|
||
|
<li>55902</li>
|
||
|
<li>English (2924)</li>
|
||
|
<li>myname@company.com</li>
|
||
|
<li>myname@othercompany.com</li>
|
||
|
<li>Automatic selection</li></ul></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td headers="wq132"><span class="bold">Location</span>
|
||
|
<ul>
|
||
|
<li>Country (or region)</li>
|
||
|
<li>State</li></ul></td>
|
||
|
<td align="left" headers="wq133"><span> </span>
|
||
|
<ul>
|
||
|
<li>United States</li>
|
||
|
<li>Iowa</li></ul></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td headers="wq132">Connection method</td>
|
||
|
<td align="left" headers="wq133">Through a remote server</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td headers="wq132">Connection type</td>
|
||
|
<td align="left" headers="wq133">A multi-hop connection to the Internet</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td headers="wq132">VPN Gateway address or host name</td>
|
||
|
<td align="left" headers="wq133">192.168.1.1 (As an alternative, supply the host
|
||
|
name [charlie@mycompany.com]</td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|
||
|
<p>If you prefer using <a href="../clfinder/finder.htm">CL Commands</a> to
|
||
|
create the configuration, use the Change Contact Information (CHGCNTINF) and
|
||
|
the Create Service Configuration (CRTSRVCFG) commands.</p>
|
||
|
<a name="step2multihop1"></a>
|
||
|
<p id="step2multihop1" class="sectionscenariobar"><span class="bold">Step 2:
|
||
|
Start iSeries Navigator and select the Universal Connection wizard.</span></p>
|
||
|
<div>
|
||
|
<p>To start the Universal Connection wizard and begin establishing your connection:</p>
|
||
|
<ol type="1">
|
||
|
<li>Open iSeries Navigator software.</li>
|
||
|
<li>Select the server under the My Connections folder that you want to configure
|
||
|
for electronic customer support.</li>
|
||
|
<li>Expand <span class="bold">Network</span>.</li>
|
||
|
<li>Expand <span class="bold">Remote Access Services</span>.</li>
|
||
|
<li>Right-click <span class="bold">Originator Connection
|
||
|
Profiles</span>.</li>
|
||
|
<li>Select <span class="bold">Configure IBM Universal Connection</span> to start the Universal Connection wizard. The Welcome dialog appears.</li></ol>
|
||
|
<a name="wq135"></a>
|
||
|
<div class="notetitle" id="wq135">Note:</div>
|
||
|
<div class="notebody">A progress bar indicates that iSeries Navigator
|
||
|
is loading the Universal Connection wizard. If you encounter problems while running the wizard, see <a href="troubleintro.htm#troubleintro">Troubleshoot the Universal Connection wizard</a> for a solution. Run the wizard again after solving the
|
||
|
problem.</div></div>
|
||
|
<a name="step3multihop1"></a>
|
||
|
<p id="step3multihop1" class="sectionscenariobar"><span class="bold">Step 3:
|
||
|
Enter the service, address, and country information on the Universal Connection
|
||
|
wizard dialogs.</span></p>
|
||
|
<div>
|
||
|
<p>To enter information about your company and connections:</p>
|
||
|
<ol type="1">
|
||
|
<li>On the Select Configuration dialog, select either <span class="bold">Primary connection configuration</span> or <span class="bold">Backup connection
|
||
|
configuration</span>. The default is primary. Check the <span class="bold">View
|
||
|
and modify contact information</span> box and click <span class="bold">Next</span></li>
|
||
|
<li>On the Service Information dialog, enter the following information about
|
||
|
MyCompany and click <span class="bold">Next</span>:
|
||
|
<ul>
|
||
|
<li>Company – MyCompany</li>
|
||
|
<li>Contact name – Tom Smith</li>
|
||
|
<li>Telephone number – 515–870–9990</li>
|
||
|
<li>Help desk or pager number— 515–870–9999</li>
|
||
|
<li>Fax number — 515–870–5586</li>
|
||
|
<li>Alternate fax number — 515–870–9942</li></ul>
|
||
|
<p>If this information exists on your server, the company data already
|
||
|
appears in the fields. For example, if MyCompany previously created a configuration,
|
||
|
the wizard retrieves the data from the existing configuration.</p></li>
|
||
|
<li>On the Company Address dialog, enter MyCompany's address and click <span class="bold">Next</span>.
|
||
|
<ul>
|
||
|
<li>Street address – 94 West Proctor St.</li>
|
||
|
<li>City or locality – Boone</li>
|
||
|
<li>State or province – Iowa</li>
|
||
|
<li>Country or region – United States</li>
|
||
|
<li>Postal code – 55902</li>
|
||
|
<li>National language version – English (2924)</li>
|
||
|
<li>Electronic mail address – myname@company.com</li>
|
||
|
<li>Alternate electronic mail address – myname@othercompany.com</li>
|
||
|
<li>Media for PTFs – Automatic selection</li></ul></li>
|
||
|
<li>On the Location dialog, select the country (or region) and the state or
|
||
|
province where your iSeries server resides and Click <span class="bold">Next</span>.
|
||
|
<ul>
|
||
|
<li>Country (or region) – United States</li>
|
||
|
<li>State – Iowa</li></ul></li></ol></div>
|
||
|
<div>
|
||
|
<a name="step4multihop1"></a>
|
||
|
<p id="step4multihop1" class="sectionscenariobar"><span class="bold">Step 4:
|
||
|
Under Connect through another system or partion, select the A multi-hop VPN
|
||
|
connection to the Internet option.</span></p>
|
||
|
<a name="wq137"></a>
|
||
|
<div class="notetitle" id="wq137">Note:</div>
|
||
|
<div class="notebody">There is a checkbox to <span class="bold">Additionally configure
|
||
|
a proxy connection</span>. If your enterprise has an HTTP proxy or you've configured
|
||
|
a service and support proxy on another system or partition, and you wish to
|
||
|
use that for Universal Connection applications which support going through
|
||
|
a proxy, check this box. If this box is checked, Step 6 will appear.</div>
|
||
|
<a name="step5multihop1"></a>
|
||
|
<p id="step5multihop1" class="sectionscenariobar"><span class="bold">Step 5:
|
||
|
Enter a VPN Gateway address or host name to make the multi-hop VPN connection
|
||
|
to IBM.</span></p>
|
||
|
<p>Enter either the VPN multi-hop gateway address or enter the host (server)
|
||
|
name that connects to IBM electronic customer support.</p>
|
||
|
<a name="step6multihop1"></a>
|
||
|
<p id="step6multihop1" class="sectionscenariobar"><span class="bold">Step 6:
|
||
|
For proxy option, configure a proxy destination.</span></p>
|
||
|
<a name="wq138"></a>
|
||
|
<div class="notetitle" id="wq138">Note:</div>
|
||
|
<div class="notebody">This screen only appears if the proxy option was selected
|
||
|
in Step 4.</div>
|
||
|
<div>
|
||
|
<p>To configure a proxy destination</p>
|
||
|
<ol type="1">
|
||
|
<li><span class="bold">Attempt proxy connection first</span>
|
||
|
<ol type="a">
|
||
|
<li>Choose this option if you want the proxy to take precedence
|
||
|
over the configuration for this scenario.</li>
|
||
|
<li>If necessary, check the <span class="bold">Proxy destination
|
||
|
requires HTTP basic authentication</span> box and fill in the <span class="bold">User name</span> and <span class="bold">Password</span> fields.</li>
|
||
|
<li>Click <span class="bold">Next</span> and proceed to the next Step.</li></ol></li>
|
||
|
<li><span class="bold">Attempt proxy connection if previously defined configuration
|
||
|
fails</span>
|
||
|
<ol type="a">
|
||
|
<li>Choose this option if the proxy is to be used only in the
|
||
|
event that the configuration for this scenario fails.</li>
|
||
|
<li>Fill in the <span class="bold">Proxy IP address or host name</span> field.</li>
|
||
|
<li>Fill in the <span class="bold">Proxy port</span> field.</li>
|
||
|
<li>If necessary, check the <span class="bold">Proxy destination requires HTTP
|
||
|
basic authentication</span> box and fill in the <span class="bold">User name</span> and <span class="bold">Password</span> fields.</li>
|
||
|
<li>Click <span class="bold">Next</span> and proceed to the next Step.</li></ol></li></ol></div>
|
||
|
<a name="step7multihop1"></a>
|
||
|
<p id="step7multihop1" class="sectionscenariobar"><span class="bold">Step 7:
|
||
|
Indicate that this server does not provide connectivity for other servers
|
||
|
or partitions.</span></p>
|
||
|
<p>Click <span class="bold">No</span> to indicate that this server has
|
||
|
a direct connection to electronic customer support without providing connectivity
|
||
|
for other server or partitions.</p>
|
||
|
<a name="step8multihop1"></a>
|
||
|
<p id="step8multihop1" class="sectionscenariobar"><span class="bold">Step 8:
|
||
|
Review the Summary window to ensure that the configuration meets your requirements,
|
||
|
and click <span class="bold">Finish</span> to save your configuration.</span></p>
|
||
|
<div>
|
||
|
<p>To complete and save your server configuration:</p>
|
||
|
<ol type="1">
|
||
|
<li>Review the configuration summary. Click <span class="bold">Back</span> if you need to change a value on any of the wizard dialogs.</li>
|
||
|
<li>When the configuration is correct, click <span class="bold">Finish</span> to save the configuration. A progress bar indicates that the wizard
|
||
|
is in the process of saving the configuration.</li></ol></div>
|
||
|
<a name="step9multihop1"></a>
|
||
|
<p id="step9multihop1" class="sectionscenariobar"><span class="bold">Step 9:
|
||
|
Test the connection from your server to electronic customer support.</span></p>
|
||
|
<p>To test the configuration:</p>
|
||
|
<ol type="1">
|
||
|
<li>Click <span class="bold">Yes</span> when the wizard prompts you to test the
|
||
|
configuration. The Verify Universal Connection dialog appears.</li>
|
||
|
<li>Make note of any problems as the wizard displays verification progress.</li>
|
||
|
<li>Click <span class="bold">OK</span> when the wizard indicates that verification
|
||
|
is complete.</li>
|
||
|
<li>If the wizard finds errors, restart the Universal Connection wizard, make
|
||
|
necessary corrections, save, and retest the corrected configuration.</li></ol></div>
|
||
|
<a name="step10multihop1"></a>
|
||
|
<p id="step10multihop1" class="sectionscenariobar"><span class="bold">Step 10: Configure a backup configuration (optional).</span></p>
|
||
|
<div>
|
||
|
<p>If an additional connection method is available to you, it is suggested
|
||
|
that you rerun the wizard to configure a backup. This backup will be used
|
||
|
automatically in the event that the primary connection fails.</p></div>
|
||
|
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
|
||
|
</body>
|
||
|
</html>
|