friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatj_5.4.0.1/scenario8.htm

372 lines
20 KiB
HTML
Raw Permalink Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Scenario: Configure a multi-hop connection through a remote server</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<a name="scenario8"></a>
<h3 id="scenario8">Scenario: Configure a multi-hop connection through a remote server</h3>
<p class="sectionscenariobar"><span class="bold">Situation</span></p>
<p>Suppose you are responsible for maintaining an iSeries&trade; server for
MyCompany, a medium-sized manufacturing company in Boone, Iowa. As part of
providing this support, you need to establish a connection between electronic
customer support and MyCompany's iSeries server. MyCompany has an iSeries server on
a private network that accesses the Internet through a VPN multi-hop gateway.
The multi-hop gateway could be either an iSeries or a router that supports L2TP multi-hop
(chained tunnels). In this case, you create a connection from your iSeries server through
a multi-hop connection. Because you do not need to provide connections for
other systems, you do not need to consider providing connections for other
servers or partitions.</p>
<a name="wq129"></a>
<div class="notetitle" id="wq129">Note:</div>
<div class="notebody">The HMC cannot currently provide this
multi-hop gateway support.</div>
<p class="sectionscenariobar"><span class="bold">Solution</span></p>
<p>Create a Universal Connection to IBM&reg; through the multi-hop connection. In this
case, you establish a connection between two virtual private network tunnels
from a remote server to electronic customer support.</p>
<p></p>
<p class="sectionscenariobar"><span class="bold">Advantages</span></p>
<p>This scenario provides the following advantages:</p>
<ul>
<li>MyCompany can create a connection from its iSeries system on a private network through
another iSeries or router that has direct connectivity to the Internet.</li>
<li>The multi-hop connection provides a means of ensuring that MyCompany has
electronic customer support available for ease of troubleshooting server problems,
tracking current system hardware and software, or receiving software updates
and fixes.</li>
<li>A multi-hop connection provides a high degree of security between your iSeries system and electronic customer support by shielding it from the Internet.</li>
<li>High speed access to electronic customer support is available with this
option.</li></ul>
<p class="sectionscenariobar"><span class="bold">Objectives </span></p>
<p>In this scenario, the customer wants to ensure that IBM can support
the MyCompany system over the network though a multi-hop connection over the
Internet. The objectives of this scenario are as follows:</p>
<ul>
<li>To create a secure multi-hop connection between MyCompany and electronic
customer support over the Internet.</li>
<li>To automate customer support through electronic customer support and services</li>
<li>To allow electronic customer support to create an electronic hardware
and software inventory of MyCompany's iSeries system</li>
<li>To permit electronic customer support to send software fixes and updates
to MyCompany over the network</li></ul>
<p class="sectionscenariobar"><span class="bold">Details</span></p>
<p>The following diagram illustrates connecting the MyCompany iSeries server to
electronic customer support through a VPN multi-hop gateway.</p>
<div class="mmobj">
<img src="rzatj509.gif" alt="Diagram that depicts a multi-hop connection through a remote server" /></div>
<p><span class="bold">Configuring Universal Connection</span></p>
<ul>
<li>iSeries Navigator launches the Universal Connection Wizard to configure
the connection. This only needs to be done once unless some configuration
information needs to be updated.</li></ul>
<p><span class="bold">Using Universal Connection</span></p>
<p>When a Service Application wants to use the Universal Connection to communicate
with IBM the following will occur:</p>
<ul>
<li>An L2TP tunnel is established to the VPN multi-hop gateway.</li>
<li>Seeing that the connection request is for IBM service, a VPN is established through
your existing Internet connection to a VPN Gateway at IBM.</li>
<li>The L2TP tunnel is chained to the VPN connection.</li>
<li>The service application communicates with the appropriate IBM servers to perform
the requested service.</li></ul>
<a name="scenprereqs8"></a>
<p id="scenprereqs8" class="sectionscenariobar"><span class="bold">Prerequisites
and assumptions</span></p>
<p>The prerequisites for enabling electronic customer support over a remote
multi-hop connection include:</p>
<ul>
<li>The iSeries server must have IP connectivity to the VPN multi-hop gateway.</li>
<li>Ensure that the iSeries Access for Windows&reg; and iSeries Navigator exist on your personal computer,
as described in the <a href="../rzaij/rzaijrzaijinstall.htm">iSeries Access for Windows:
Installation and setup</a> topic.</li>
<li>Ensure that you install all of the latest service packs for iSeries Navigator.
The scenarios show using the V5R4 version of the software.</li>
<li>Ensure that TCP/IP is active. You can start TCP/IP through the Start TCP/IP
(STRTCP) command.</li>
<li>You must have security officer (*SECOFR) authority with *ALLOBJ,
*IOSYSCFG, and *SECADM special authorities in your i5/OS&trade; user profile and *USE authority to WRKCNTINF
in order to configure the connection using the Universal Connection wizard.</li>
<li>You must install the TCP/IP Connectivity Utilities (5722&ndash;TC1).</li>
<li>You must install the Digital Certificate Manager (DCM) (5722-SS1
option 34).</li>
<li>Ensure that the QRETSVRSEC system value is set to 1. You can check this
value with the Display System Value (DSPSYSVAL) command. If this value is
not set to 1, enter a Change System Value (CHGSYSVAL) command.</li>
<li>Ensure that the VPN multi-hop gateway has been configured to allow connections
to IBM. If you are using an iSeries as the VPN multi-hop gateway, see <a href="scenario5.htm#scenario5">Configure a direct Internet connection from a server that
provides connectivity for other systems or partitions</a>. Other options are
discussed in <a href="detvpnaddy.htm#detvpnaddy">Determine the IBM VPN Gateway addresses</a>.</li></ul>
<p class="sectionscenariobar"><span class="bold">Current&reg; System or Partition configuration
steps</span></p>
<p>Assuming that TCP/IP configuration already exists and works, complete the
following steps to set up the Universal Connection if you connect to electronic
customer support through a VPN multi-hop gateway:</p>
<ol type="1">
<li><a href="scenario8.htm#step1multihop1">Complete the planning work sheet.</a></li>
<li><a href="scenario8.htm#step2multihop1">Start iSeries Navigator and select the Universal
Connection wizard.</a></li>
<li><a href="scenario8.htm#step3multihop1">Enter the service, address, and country information
on the Universal Connection wizard dialogs.</a></li>
<li><a href="scenario8.htm#step4multihop1">Under Connect through another system or partion,
select the A multi-hop VPN connection to the Internet option.</a></li>
<li><a href="scenario8.htm#step5multihop1">Enter a VPN Gateway address or host name to
make the multi-hop VPN connection to IBM.</a></li>
<li><a href="scenario8.htm#step6multihop1">For proxy option, configure a proxy destination.</a></li>
<li><a href="scenario8.htm#step7multihop1">Indicate that this server does not provide
connectivity for other servers or partitions.</a></li>
<li><a href="scenario8.htm#step8multihop1">Review the Summary window to ensure that the
configuration meets your requirements, and click <span class="bold">Finish</span> to
save your configuration.</a></li>
<li>When prompted, <a href="scenario8.htm#step9multihop1">Test the connection from your
server to electronic customer support.</a></li>
<li><a href="scenario8.htm#step10multihop1">Configure a backup configuration.</a></li></ol>
<p><span class="bold">Scenario details: Configure a multi-hop connection through
a remote server</span></p>
<p>After you complete the <a href="scenario8.htm#scenprereqs8">prerequisites</a>, you
are ready to begin configuring the Universal Connection through the wizard.</p>
<a name="step1multihop1"></a>
<p id="step1multihop1" class="sectionscenariobar"><span class="bold">Step 1:
Complete the planning work sheet.</span></p>
<p>The following planning work sheet illustrates the type of information you
need before configuring the remote multi-hop connection to electronic customer
support. You use this information when running the Universal Connection wizard.</p>
<a name="wq131"></a>
<table id="wq131" width="100%" summary="" border="1" frame="border" rules="all" class="blocksingleborder">
<thead valign="bottom">
<tr class="tablemainheaderbar">
<th id="wq132" width="58%" align="left" valign="top">Planning work sheet</th>
<th id="wq133" width="41%" align="left" valign="top">Answers</th>
</tr>
</thead>
<tbody valign="top">
<tr>
<td headers="wq132"><span class="bold">Service information</span>
<ul>
<li>Company</li>
<li>Contact name</li>
<li>Telephone number</li>
<li>Help desk or pager number</li>
<li>Fax number</li>
<li>Alternate fax number</li></ul></td>
<td align="left" headers="wq133"><span>&nbsp;</span>
<ul>
<li>MyCompany</li>
<li>Tom Smith</li>
<li>515&ndash;870&ndash;9990</li>
<li>515&ndash;870&ndash;9942</li>
<li>515&ndash;870&ndash;5586</li>
<li>515&ndash;870&ndash;5587</li></ul></td>
</tr>
<tr>
<td headers="wq132"><span class="bold">Company address</span>
<ul>
<li>Street address</li>
<li>City or locality</li>
<li>State or province</li>
<li>Country (or region)</li>
<li>Postal code</li>
<li>National language version</li>
<li>Electronic mail address</li>
<li>Alternate electronic mail address</li>
<li>Media for PTFs (fixes)</li></ul></td>
<td align="left" headers="wq133"><span>&nbsp;</span>
<ul>
<li>94 West Proctor St.</li>
<li>Boone</li>
<li>Iowa</li>
<li>United States</li>
<li>55902</li>
<li>English (2924)</li>
<li>myname@company.com</li>
<li>myname@othercompany.com</li>
<li>Automatic selection</li></ul></td>
</tr>
<tr>
<td headers="wq132"><span class="bold">Location</span>
<ul>
<li>Country (or region)</li>
<li>State</li></ul></td>
<td align="left" headers="wq133"><span>&nbsp;</span>
<ul>
<li>United States</li>
<li>Iowa</li></ul></td>
</tr>
<tr>
<td headers="wq132">Connection method</td>
<td align="left" headers="wq133">Through a remote server</td>
</tr>
<tr>
<td headers="wq132">Connection type</td>
<td align="left" headers="wq133">A multi-hop connection to the Internet</td>
</tr>
<tr>
<td headers="wq132">VPN Gateway address or host name</td>
<td align="left" headers="wq133">192.168.1.1 (As an alternative, supply the host
name [charlie@mycompany.com]</td>
</tr>
</tbody>
</table>
<p>If you prefer using <a href="../clfinder/finder.htm">CL Commands</a> to
create the configuration, use the Change Contact Information (CHGCNTINF) and
the Create Service Configuration (CRTSRVCFG) commands.</p>
<a name="step2multihop1"></a>
<p id="step2multihop1" class="sectionscenariobar"><span class="bold">Step 2:
Start iSeries Navigator and select the Universal Connection wizard.</span></p>
<div>
<p>To start the Universal Connection wizard and begin establishing your connection:</p>
<ol type="1">
<li>Open iSeries Navigator software.</li>
<li>Select the server under the My Connections folder that you want to configure
for electronic customer support.</li>
<li>Expand <span class="bold">Network</span>.</li>
<li>Expand <span class="bold">Remote Access Services</span>.</li>
<li>Right-click <span class="bold">Originator Connection
Profiles</span>.</li>
<li>Select <span class="bold">Configure IBM Universal Connection</span> to start the Universal Connection wizard. The Welcome dialog appears.</li></ol>
<a name="wq135"></a>
<div class="notetitle" id="wq135">Note:</div>
<div class="notebody">A progress bar indicates that iSeries Navigator
is loading the Universal Connection wizard. If you encounter problems while running the wizard, see <a href="troubleintro.htm#troubleintro">Troubleshoot the Universal Connection wizard</a> for a solution. Run the wizard again after solving the
problem.</div></div>
<a name="step3multihop1"></a>
<p id="step3multihop1" class="sectionscenariobar"><span class="bold">Step 3:
Enter the service, address, and country information on the Universal Connection
wizard dialogs.</span></p>
<div>
<p>To enter information about your company and connections:</p>
<ol type="1">
<li>On the Select Configuration dialog, select either <span class="bold">Primary connection configuration</span> or <span class="bold">Backup connection
configuration</span>. The default is primary. Check the <span class="bold">View
and modify contact information</span> box and click <span class="bold">Next</span></li>
<li>On the Service Information dialog, enter the following information about
MyCompany and click <span class="bold">Next</span>:
<ul>
<li>Company &ndash; MyCompany</li>
<li>Contact name &ndash; Tom Smith</li>
<li>Telephone number &ndash; 515&ndash;870&ndash;9990</li>
<li>Help desk or pager number&mdash; 515&ndash;870&ndash;9999</li>
<li>Fax number &mdash; 515&ndash;870&ndash;5586</li>
<li>Alternate fax number &mdash; 515&ndash;870&ndash;9942</li></ul>
<p>If this information exists on your server, the company data already
appears in the fields. For example, if MyCompany previously created a configuration,
the wizard retrieves the data from the existing configuration.</p></li>
<li>On the Company Address dialog, enter MyCompany's address and click <span class="bold">Next</span>.
<ul>
<li>Street address &ndash; 94 West Proctor St.</li>
<li>City or locality &ndash; Boone</li>
<li>State or province &ndash; Iowa</li>
<li>Country or region &ndash; United States</li>
<li>Postal code &ndash; 55902</li>
<li>National language version &ndash; English (2924)</li>
<li>Electronic mail address &ndash; myname@company.com</li>
<li>Alternate electronic mail address &ndash; myname@othercompany.com</li>
<li>Media for PTFs &ndash; Automatic selection</li></ul></li>
<li>On the Location dialog, select the country (or region) and the state or
province where your iSeries server resides and Click <span class="bold">Next</span>.
<ul>
<li>Country (or region) &ndash; United States</li>
<li>State &ndash; Iowa</li></ul></li></ol></div>
<div>
<a name="step4multihop1"></a>
<p id="step4multihop1" class="sectionscenariobar"><span class="bold">Step 4:
Under Connect through another system or partion, select the A multi-hop VPN
connection to the Internet option.</span></p>
<a name="wq137"></a>
<div class="notetitle" id="wq137">Note:</div>
<div class="notebody">There is a checkbox to <span class="bold">Additionally configure
a proxy connection</span>. If your enterprise has an HTTP proxy or you've configured
a service and support proxy on another system or partition, and you wish to
use that for Universal Connection applications which support going through
a proxy, check this box. If this box is checked, Step 6 will appear.</div>
<a name="step5multihop1"></a>
<p id="step5multihop1" class="sectionscenariobar"><span class="bold">Step 5:
Enter a VPN Gateway address or host name to make the multi-hop VPN connection
to IBM.</span></p>
<p>Enter either the VPN multi-hop gateway address or enter the host (server)
name that connects to IBM electronic customer support.</p>
<a name="step6multihop1"></a>
<p id="step6multihop1" class="sectionscenariobar"><span class="bold">Step 6:
For proxy option, configure a proxy destination.</span></p>
<a name="wq138"></a>
<div class="notetitle" id="wq138">Note:</div>
<div class="notebody">This screen only appears if the proxy option was selected
in Step 4.</div>
<div>
<p>To configure a proxy destination</p>
<ol type="1">
<li><span class="bold">Attempt proxy connection first</span>
<ol type="a">
<li>Choose this option if you want the proxy to take precedence
over the configuration for this scenario.</li>
<li>If necessary, check the <span class="bold">Proxy destination
requires HTTP basic authentication</span> box and fill in the <span class="bold">User name</span> and <span class="bold">Password</span> fields.</li>
<li>Click <span class="bold">Next</span> and proceed to the next Step.</li></ol></li>
<li><span class="bold">Attempt proxy connection if previously defined configuration
fails</span>
<ol type="a">
<li>Choose this option if the proxy is to be used only in the
event that the configuration for this scenario fails.</li>
<li>Fill in the <span class="bold">Proxy IP address or host name</span> field.</li>
<li>Fill in the <span class="bold">Proxy port</span> field.</li>
<li>If necessary, check the <span class="bold">Proxy destination requires HTTP
basic authentication</span> box and fill in the <span class="bold">User name</span> and <span class="bold">Password</span> fields.</li>
<li>Click <span class="bold">Next</span> and proceed to the next Step.</li></ol></li></ol></div>
<a name="step7multihop1"></a>
<p id="step7multihop1" class="sectionscenariobar"><span class="bold">Step 7:
Indicate that this server does not provide connectivity for other servers
or partitions.</span></p>
<p>Click <span class="bold">No</span> to indicate that this server has
a direct connection to electronic customer support without providing connectivity
for other server or partitions.</p>
<a name="step8multihop1"></a>
<p id="step8multihop1" class="sectionscenariobar"><span class="bold">Step 8:
Review the Summary window to ensure that the configuration meets your requirements,
and click <span class="bold">Finish</span> to save your configuration.</span></p>
<div>
<p>To complete and save your server configuration:</p>
<ol type="1">
<li>Review the configuration summary. Click <span class="bold">Back</span> if you need to change a value on any of the wizard dialogs.</li>
<li>When the configuration is correct, click <span class="bold">Finish</span> to save the configuration. A progress bar indicates that the wizard
is in the process of saving the configuration.</li></ol></div>
<a name="step9multihop1"></a>
<p id="step9multihop1" class="sectionscenariobar"><span class="bold">Step 9:
Test the connection from your server to electronic customer support.</span></p>
<p>To test the configuration:</p>
<ol type="1">
<li>Click <span class="bold">Yes</span> when the wizard prompts you to test the
configuration. The Verify Universal Connection dialog appears.</li>
<li>Make note of any problems as the wizard displays verification progress.</li>
<li>Click <span class="bold">OK</span> when the wizard indicates that verification
is complete.</li>
<li>If the wizard finds errors, restart the Universal Connection wizard, make
necessary corrections, save, and retest the corrected configuration.</li></ol></div>
<a name="step10multihop1"></a>
<p id="step10multihop1" class="sectionscenariobar"><span class="bold">Step 10: Configure a backup configuration (optional).</span></p>
<div>
<p>If an additional connection method is available to you, it is suggested
that you rerun the wizard to configure a backup. This backup will be used
automatically in the event that the primary connection fails.</p></div>
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink