Scenario: Configure a PPP dial-up connection for a server that provides connectivity for other systems through AGNS

Situation

In this situation, you are responsible for maintaining an iSeries™ server for MyCompany, a small manufacturing company in Boone, Iowa. As part of providing this support, you need to establish a connection between electronic customer support and the four MyCompany iSeries servers. Since MyCompany does not have an Internet network connection, you could dial into AT®&T to connect your iSeries servers to IBM® over a point-to point connection. In addition, the only modem you currently have is an external 7852-400 modem, and you want to utilize this modem for all your servers.

Solution

Create a Universal Connection to IBM through the AT&T Global Network Services (AGNS). In this case, you establish a connection through the Connection Manager on the iSeries server that has a modem through an AGNS point-to-point connection to electronic customer support. The iSeries server acts as a connecting point for the other three servers.

As an option, your system can act as a connecting point for other the other three MyCompany servers in your company that need to connect to electronic customer support services, as described in Configure a remote PPP dial-up connection. In this case, you must either select an existing L2TP terminator profile, or let the Universal Connection wizard create an L2TP terminator profile. See L2TP (virtual line) for additional information about L2TP terminator profiles.

Advantages

This scenario provides the following advantages:

MyCompany does not need to invest in additional hardware or software to receive benefit from electronic customer support. You can configure this connection through the Universal Connection wizard using your existing external modem or using CL commands.
MyCompany's other three servers can remotely connect to electronic customer support through a single server. MyCompany would only need a single modem instead of a separate modem for each system or partition.
The AGNS connection provides a simple means of ensuring that MyCompany has electronic customer support available for ease of troubleshooting server problems, tracking current system hardware and software, or receiving software updates and fixes.
The AGNS provides a secure connection between MyCompany and IBM by implementing its own security when making a connection. You do not need to provide additional security.

Objectives

In this scenario, the customer wants to ensure that IBM can support the MyCompany system over the network though a point to point connection through the AT&T Global Network Services. The objectives of this scenario are as follows:

To create a secure point-to-point dial-up connection between the MyCompany's 4 servers and electronic customer support through AT&T Global Network Services
To automate customer support through electronic customer support and services
To allow electronic customer support to create an electronic hardware and software inventory of MyCompany's iSeries system
To permit electronic customer support to send software fixes and updates to MyCompany over the network

Details

The following diagram illustrates connecting the MyCompany iSeries server to electronic customer support through an AT&T Global Network Services connection.

Diagram that depicts a PPP dial-up connection for a server that provides connectivity for other systems through AGNS

Configuring Universal Connection

iSeries Navigator launches the Universal Connection Wizard to configure the connection. This only needs to be done once on the system providing connectivity to others, and also once on each system using the connectivity.

Using Universal Connection

When a Service Application wants to use the Universal Connection to communicate with IBM the following will occur:

If iSeries A needs to connect, a Point-to-Point connection is made through the local modem to an AT&T Local Interface Gateway (LIG). If iSeries B, C or D needs to connect, a Point-to-Point connection is made through an L2TP tunnel using the remote modem to the AT&T LIG.
A Virtual Private Network (VPN) is established, if the service application is not providing its own encrypted communications, through the AT&T LIG and the Internet to a VPN Gateway at IBM.
The service application communicates with the appropriate IBM servers to perform the requested service.

Prerequisites and assumptions

The prerequisites for enabling electronic customer support over an AGNS connection include:

Ensure that the iSeries Access for Windows® and iSeries Navigator exist on your personal computer, as described in the iSeries Access for Windows: Installation and setup topic.
Ensure that you install all of the latest service packs for iSeries Navigator. The scenarios show using the V5R4 version of the software.
Ensure that TCP/IP is active. You can start TCP/IP through the Start TCP/IP (STRTCP) command.
You must have security officer (*SECOFR) authority with *ALLOBJ, *IOSYSCFG, and *SECADM special authorities in your i5/OS™ user profile and *USE authority to WRKCNTINF in order to configure the connection using the Universal Connection wizard.
You must install the TCP/IP Connectivity Utilities (5722–TC1).
For the virtual private network (VPN) and SSL to operate, you must install the Digital Certificate Manager (DCM) (5722-SS1 option 34).
Ensure that the QRETSVRSEC system value is set to 1. You can check this value with the Display System Value (DSPSYSVAL) command. If this value is not set to 1, enter a Change System Value (CHGSYSVAL) command.
If you are using an internal modem such as the 56 Kbps modem that is provided with the 9793 adapter card, ensure that the network attribute MDMCNTRYID is set appropriately. You can check this value with the Display System Value (DSPSYSVAL) command. If this value is not set correctly, change this value with a Change System Value (CHGSYSVAL) command. This allows the account userid and password to be stored on the iSeries server.
IP connectivity is required between the system or partition with the modem and the systems or partitions wishing to use it.

Current® system or partition configuration steps

Assuming that TCP/IP configuration already exists and works, complete the following steps to set up the Universal Connection when your local server acts as a connecting point for the other three servers in MyCompany:

Scenario details: Configure a PPP dial-up connection to a server that provides connectivity to other systems

After you complete the prerequisites, you are ready to begin configuring the Universal Connection through the wizard.

Step 1: Complete the planning work sheet.

The following planning work sheet illustrates the type of information you need before configuring the AGNS connection. You use this information when running the Universal Connection wizard.

Planning work sheet	Answers
Service information Company Contact name Telephone number Help desk or pager number Fax number Alternate fax number	MyCompany Tom Smith 515–870–9990 515–870–9942 515–870–5586 515–870–5587
Company address Street address City or locality State or province Country (or region) Postal code National language version Electronic mail address Alternate electronic mail address Media for PTFs (fixes)	94 West Proctor St. Boone Iowa United States 55902 English (2924) myname@company.com myname@othercompany.com Automatic selection
Location Country (or region) State	United States Iowa
Connection method	Through current iSeries server
Connection type	A dial-up connection using AT&T Global Network Services
Hardware resource	CMN07
Modem type (if you use an external modem)	IBM 7852–400®
Interface description for other systems to use when connecting this system through a TCP/IP address	10.1.1.1 (Ethernet)

If you prefer using CL Commands to create the configuration, use the Change Contact Information (CHGCNTINF) and the Create Service Configuration (CRTSRVCFG) commands.

Step 2: Start the iSeries Navigator and select the Universal Connection wizard.

To start the Universal Connection wizard and begin establishing your connection:

Open iSeries Navigator software.
Select the server under the My Connections folder that you want to configure for electronic customer support.
Expand Network.
Expand Remote Access Services.
Right-click Originator Connection Profiles.
Select Configure IBM Universal Connection to start the Universal Connection wizard. The Welcome dialog appears.

Note:

A progress bar indicates that iSeries Navigator is loading the Universal Connection wizard. If you encounter problems while running the wizard, see Troubleshoot the Universal Connection wizard for a solution. Run the wizard again after solving the problem.

Step 3: Enter the service, address, and country information on the Universal Connection wizard dialogs.

To enter information about your company and connections:

On the Select Configuration dialog, select either Primary connection configuration or Backup connection configuration. The default is primary. Check the View and modify contact information box and click Next
On the Service Information dialog, enter the following information about MyCompany and click Next:
- Company – MyCompany
- Contact name – Tom Smith
- Telephone number – 515–870–9990
- Help desk or pager number— 515–870–9999
- Fax number — 515–870–5586
- Alternate fax number — 515–870–9942
If this information exists on your server, the company data already appears in the fields. For example, if MyCompany previously created a configuration, the wizard retrieves the data from the existing configuration.
On the Company Address dialog, enter MyCompany's address and click Next.
- Street address – 94 West Proctor St.
- City or locality – Boone
- State or province – Iowa
- Country or region – United States
- Postal code – 55902
- National language version – English (2924)
- Electronic mail address – myname@company.com
- Alternate electronic mail address – myname@othercompany.com
- Media for PTFs – Automatic selection
On the Location dialog, select the country (or region) and the state or province where your iSeries server resides and Click Next.
- Country (or region) – United States
- State – Iowa

Step 4: Under Connect from the Current System, select the dialup connection using AT&T Global Network Services as a connection type.

Note:

There is a checkbox to Additionally configure a proxy connection. If your enterprise has an HTTP proxy or you've configured a service and support proxy on another system or partition, and you wish to use that for Universal Connection applications which support going through a proxy, check this box. If this box is checked, Step 6 will appear.

Step 5: Choose a hardware resource, primary telephone number, and backup telephone number for creating a connection over the modem.

To specify hardware resources, telephone lines, and modems

Select an existing hardware resource from the list on the dialog and click Next. You can sort the hardware resources list in one of these ways:
- List internal modem resources only.
- List all resources by name.
- List all resources by location
Select the appropriate country or region and state from the Phone Number dialog. A group of corresponding cities and telephone numbers appears in the City list. Select a telephone number from the list. If your location requires a dial prefix (such as a 9) or does not require part of the phone number (such as an area code), modify the selected phone number. Note that if a delay is required between a dial prefix and the rest of the number, insert a comma to add a delay. Click Next. The wizard takes you to the Backup Phone Number dialog.
Note:

If you have never connected your server through AT&T, the telephone numbers may not be current. Verify your telephone number selections at the AT&T Business Internet Services (www.attbusiness.net) Web site.
Optional: Select the appropriate country or region and state from the Backup Phone number dialog. A group of corresponding cities and telephone numbers appears in the City list. Select a telephone number from the list, modify (if necessary) as described above, and click Next.
If your server has an external modem associated with the hardware resource and line, the wizard takes you to the Modem dialog, as described in Step 4. If the resource selected is for an internal modem, the wizard takes you to Step 8.
Optional: If your server uses an external modem, select a modem name from the list, and click Next.

Step 6: For proxy option, configure a proxy destination.

Note:

This screen only appears if the proxy option was selected in Step 4.

To configure a proxy destination

Attempt proxy connection first
1. Choose this option if you want the proxy to take precedence over the configuration for this scenario.
2. If necessary, check the Proxy destination requires HTTP basic authentication box and fill in the User name and Password fields.
3. Click Next and proceed to the next Step.
Attempt proxy connection if previously defined configuration fails
1. Choose this option if the proxy is to be used only in the event that the configuration for this scenario fails.
2. Fill in the Proxy IP address or host name field.
3. Fill in the Proxy port field.
4. If necessary, check the Proxy destination requires HTTP basic authentication box and fill in the User name and Password fields.
5. Click Next and proceed to the next Step.

Step 7: Specify that you want this iSeries server to provide connectivity for other systems that connect to electronic customer support.

Select Yes to indicate that this server provides connectivity for other servers or partitions and click Next.

Step 8: Select an interface the other servers use when connecting to electronic customer support.

Select the interfaces that the other MyCompany servers will use when connecting to IBM. Select one of the following options:

Click Any interface to let the Universal connection accept connections from all TCP/IP interfaces.
Click Select interfaces to select specific interfaces to listen for connection requests. The list box becomes active. Select all appropriate interfaces. The wizard automatically creates an L2TP terminator for each interface that does not have an associated terminator. If there are L2TP terminators associated with an interface, the wizard prompts you to select the one terminator you wish to associate with the interface.
As an option, you can select multiple interfaces with the CTRL key.

Note:

In addition, the wizard configures the Service and Support HTTP Proxy to start with TCP and to listen for connection requests on the interfaces you select.

In this case, MyCompany selects 10.1.1.1 Ethernet Interface.

Step 9: Create or select L2TP terminator profiles.

Select an L2TP terminator profile for each of your selected interfaces. Choose one of the following options:
- Click Create a new profile named QL2TPnn where nn represents a number from 00 to 99. With this selection, the wizard creates, names, and consecutively numbers the new L2TP profile.
- Click Select an existing profile to choose a specific L2TP profile for the associated interface.
In this case, MyCompany lets the Universal Connection wizard create an L2TP profile.
Ensure that the Start selected L2TP terminator profiles when TCP/IP is started check box is checked. MyCompany wishes to start this profile when starting TCP/IP.
Note:

By starting the selected L2TP terminator profile when the system starts TCP/IP, all other L2TP terminator profiles for this interface will be modified not to start with TCP/IP.
If you specify that you do not want to start the selected L2TP terminator profiles when TCP/IP is started, you must manually start the L2TP terminator before using the connection to the systems.

Step 10: Configure a Service and Support proxy server.

To configure a service and support proxy server

Fill in the Server port field.
If desired, check the Require HTTP basic authentication box and fill in the User name and Password fields. Authentication is optional. If specified, all other partitions or systems using this proxy must provide these security credentials.
Click Next and proceed to the next Step.

Step 11: Review the Summary window to ensure that the configuration meets your requirements, and click Finish to save your configuration.

To complete and save your server configuration:

Review the configuration summary. Click Back if you need to change a value on any of the wizard dialogs.
When the configuration is correct, click Finish to save the configuration. A progress bar indicates that the wizard is in the process of saving the configuration.

Step 12: Test the connection from your server to electronic customer support.

To test the configuration:

Click Yes when the wizard prompts you to test the configuration. The Verify Universal Connection dialog appears.
Make note of any problems as the wizard displays verification progress.
Click OK when the wizard indicates that verification is complete.
If the wizard finds errors, restart the Universal Connection wizard, make necessary corrections, save, and retest the corrected configuration.

Note:

After completing this scenario the system is ready to communicate with IBM and to accept remote connection requests from other systems. The Configure a remote PPP dial-up connection scenario should be repeated for each system or partition that is to use this system to reach IBM Electronic Customer Support.

Step 13: Configure a backup configuration (optional).

If an additional connection method is available to you, it is suggested that you rerun the wizard to configure a backup. This backup will be used automatically in the event that the primary connection fails.