Scenario: Configure a direct Internet connection
Situation
Suppose you are responsible for maintaining an iSeries™ server for
MyCompany, a small manufacturing company in Boone, Iowa. As part of providing
this support, you need to establish a connection between electronic customer
support and MyCompany's iSeries server. Since MyCompany has an Internet
connection and its iSeries server has a fixed global routable IP address or
is behind a NAT firewall (see NAT compatible IPSec for
details), you can create a connection from your iSeries server through your Internet connection.
Because you do not need to provide connection for other systems, you do not
need to consider providing connections for other servers or partitions.
Solution
Create a Universal Connection to IBM® through a direct Internet connection.
The Universal Connection wizard creates all the required definitions for the
connection to electronic customer support.
Advantages
This scenario provides the following advantages:
- MyCompany can use its existing hardware and Internet provider
to receive benefit from electronic customer support. You can configure this
connection through the Universal Connection wizard or CL commands.
- Using an existing Internet connection provides a simple means of ensuring
that MyCompany has electronic customer support available for ease of troubleshooting
server problems, tracking current system hardware and software, or receiving
software updates and fixes.
- This option provides higher speed connections than modem-based solutions.
Objectives
In this scenario, the customer wants to ensure that IBM can support
the MyCompany system over the network though a direct connection to the Internet.
The objectives of this scenario are as follows:
- To create an Internet connection between MyCompany and electronic customer
support through MyCompany's cable modem, or other high-speed connection, over
a direct Internet connection.
- To automate customer support through electronic customer support and services
- To allow electronic customer support to create an electronic hardware
and software inventory of MyCompany's iSeries system
- To permit electronic customer support to send software fixes and updates
to MyCompany over the network
Details
The following diagram illustrates connecting the MyCompany iSeries server to
electronic customer support through a direct connection to the Internet.
Configuring Universal Connection
- iSeries Navigator launches the Universal Connection Wizard to configure
the connection. This only needs to be done once unless some configuration
information needs to be updated.
Using Universal Connection
When a Service Application wants to use the Universal Connection to communicate
with IBM the following will occur:
- A Virtual Private Network (VPN) is established through your
existing Internet connection to a VPN Gateway at IBM if the service application does not provide
its own security.
- The service application communicates with the appropriate IBM servers to perform
the requested service.
Prerequisites
and assumptions
The prerequisites for enabling electronic customer support over a direct
Internet connection include:
- The iSeries server must have a globally routable IP address, or the server
must be behind a NAT firewall with a globally routable address.
- Ensure that the iSeries Access for Windows® and iSeries Navigator exist on your personal computer,
as described in the iSeries Access for Windows:
Installation and setup topic.
- Ensure that you install all of the latest service packs for iSeries Navigator.
The scenarios show using the V5R4 version of the software.
- Ensure that TCP/IP is active. You can start TCP/IP through the Start TCP/IP
(STRTCP) command.
- You must have security officer (*SECOFR) authority with *ALLOBJ,
*IOSYSCFG, and *SECADM special authorities in your i5/OS™ user profile and *USE authority to WRKCNTINF
in order to configure the connection using the Universal Connection wizard.
- You must install the TCP/IP Connectivity Utilities (5722–TC1).
- You must install the Digital Certificate Manager (DCM) (5722-SS1
option 34).
- Ensure that the QRETSVRSEC system value is set to 1. You can check this
value with the Display System Value (DSPSYSVAL) command. If this value is
not set to 1, enter a Change System Value (CHGSYSVAL) command.
- Ensure your default TCP/IP route, or a host route, directs
traffic out the appropriate TCP/IP interface to the Internet to allow the
VPN and other service connections to be established to IBM. For details,
see Determine the IBM VPN Gateway addresses and Determine the IBM Service Destination addresses.
- Ensure your filter rules allow Universal Connection traffic to flow to
the Internet. For details, see IP Packet Filter Firewall.
Current® system configuration steps
Assuming that TCP/IP configuration already exists and works, complete the
following steps to set up the Universal Connection if you connect to electronic
customer support through MyCompany's local server:
- Complete the planning work sheet.
- Start iSeries Navigator and select the Universal
Connection wizard.
- Enter the service, address, and country information
on the Universal Connection wizard dialogs.
- Under Connect from the current system, select
a direct connection to the Internet as a connection type.
- For proxy option, configure a proxy destination.
- Indicate that this server does not provide connectivity
for other servers or partitions.
- Review the Summary window to ensure that the configuration
meets your requirements, and click Finish to save your
configuration.
- When prompted, Test the connection from your server
to electronic customer support.
- Configure a backup configuration
Scenario details: Configure a direct Internet connection
After you complete the prerequisites, you
are ready to begin configuring the Universal Connection through the wizard.
Step 1: Complete
the planning work sheet.
The following planning work sheet illustrates the type of information you
need before configuring the direct Internet connection. You use this information
when running the Universal Connection wizard.
| Planning work sheet |
Answers |
Service information
- Company
- Contact name
- Telephone number
- Help desk or pager number
- Fax number
- Alternate fax number
|
- MyCompany
- Tom Smith
- 515–870–9990
- 515–870–9942
- 515–870–5586
- 515–870–5587
|
Company address
- Street address
- City or locality
- State or province
- Country (or region)
- Postal code
- National language version
- Electronic mail address
- Alternate electronic mail address
- Media for PTFs (fixes)
|
- 94 West Proctor St.
- Boone
- Iowa
- United States
- 55902
- English (2924)
- myname@company.com
- myname@othercompany.com
- Automatic selection
|
Location
- Country (or region)
- State
|
|
| Connection method |
Through the local iSeries server |
| Connection type |
Direct |
If you prefer using CL Commands to
create the configuration, use the Change Contact Information (CHGCNTINF) and
the Create Service Configuration (CRTSRVCFG) commands.
Step 2: Start iSeries Navigator and select the Universal Connection wizard.
To start the Universal Connection wizard and begin establishing your connection:
- Open iSeries Navigator software.
- Select the server under the My Connections folder that you want to configure
for electronic customer support.
- Expand Network.
- Expand Remote Access Services.
- Right-click Originator Connection
Profiles.
- Select Configure IBM Universal Connection to start the Universal Connection wizard. The Welcome dialog appears.
Note:
A progress bar indicates that iSeries Navigator
is loading the Universal Connection wizard. If you encounter problems while running the wizard, see
Troubleshoot the Universal Connection wizard for a solution. Run the wizard again after solving the
problem.
Step 3: Enter
the service, address, and country information on the Universal Connection
wizard dialogs.
To enter information about your company and connections:
- On the Select Configuration dialog, select either Primary connection configuration or Backup connection
configuration. The default is primary. Check the View
and modify contact information box and click Next
- On the Service Information dialog, enter the following information about
MyCompany and click Next:
- Company – MyCompany
- Contact name – Tom Smith
- Telephone number – 515–870–9990
- Help desk or pager number— 515–870–9999
- Fax number — 515–870–5586
- Alternate fax number — 515–870–9942
If this information exists on your server, the company data already
appears in the fields. For example, if MyCompany previously created a configuration,
the wizard retrieves the data from the existing configuration.
- On the Company Address dialog, enter MyCompany's address and click Next.
- Street address – 94 West Proctor St.
- City or locality – Boone
- State or province – Iowa
- Country or region – United States
- Postal code – 55902
- National language version – English (2924)
- Electronic mail address – myname@company.com
- Alternate electronic mail address – myname@othercompany.com
- Media for PTFs – Automatic selection
- On the Location dialog, select the country (or region) and the state or
province where your iSeries server resides and Click Next.
- Country (or region) – United States
- State – Iowa
Step 4: Under
Connect from the current system, select a direct connection to the Internet
as a connection type.
Note:
There is a checkbox to Additionally configure
a proxy connection. If your enterprise has an HTTP proxy or you've
configured a service and support proxy on another system or partition, and
you wish to use that for Universal Connection applications which support going
through a proxy, check this box. If this box is checked, Step 5 will appear.
Step 5: For
proxy option, configure a proxy destination.
Note:
This screen only appears if the proxy option was selected
in Step 4.
To configure a proxy destination
- Attempt proxy connection first
- Choose this option if you want the proxy to take precedence
over the configuration for this scenario.
- If necessary, check the Proxy destination
requires HTTP basic authentication box and fill in the User name and Password fields.
- Click Next and proceed to the next Step.
- Attempt proxy connection if previously defined configuration
fails
- Choose this option if the proxy is to be used only in the
event that the configuration for this scenario fails.
- Fill in the Proxy IP address or host name field.
- Fill in the Proxy port field.
- If necessary, check the Proxy destination requires HTTP
basic authentication box and fill in the User name and Password fields.
- Click Next and proceed to the next Step.
Step 6: Indicate
that this server does not provide connectivity for other servers or partitions.
Select No to indicate that this server has a direct
connection to electronic customer support without providing connectivity for
other server or partitions.
Step 7: Review
the Summary window to ensure that the configuration meets your requirements,
and click Finish to save your configuration.
To complete and save your server configuration:
- Review the configuration summary. Click Back if you need to change a value on any of the wizard dialogs.
- When the configuration is correct, click Finish to save the configuration. A progress bar indicates that the wizard
is in the process of saving the configuration.
Step 8: Test
the connection from your server to electronic customer support.
To test the configuration:
- Click Yes when the wizard prompts you to test the
configuration. The Verify Universal Connection dialog appears.
- Make note of any problems as the wizard displays verification progress.
- Click OK when the wizard indicates that verification
is complete.
- If the wizard finds errors, restart the Universal Connection wizard, make
necessary corrections, save, and retest the corrected configuration.
Step 9: Configure a backup configuration (optional).
If an additional connection method is available to you, it is suggested
that you rerun the wizard to configure a backup. This backup will be used
automatically in the event that the primary connection fails.
Note:
A good backup scenario for this might be dial-up.
In the event the LAN fails, dial-up would ensure that there is still a way
to contact IBM service.
