Planning for Universal Connection

The connection you want to use depends on your network and accessibility to the Internet from your system. With network address translation (NAT)-compatible IP security protocol (IPSec), the system supports a connection even when an intervening NAT firewall exists. The support for Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS) allows connections through most firewalls and through customer or IBM-supplied proxies.

Consider the following points before you select a Universal Connection configuration scenario:

• Your hardware, software, and network configuration.
  • If your system is not in a network, or is only in a private network and has a modem, you might want to select the A dial-up connection using the AT&T Global Network Services option. This option provides a secure dial-up connection to IBM services and support, and all service information is protected using a virtual private network (VPN) or Secure Sockets Layer (SSL).
  • If your system or partition has access to a partition, system, or Hardware Management Console (HMC) that has a modem, you can configure that system with the Connect through another system or partition option using a remote AT&T Connection.
  • If your system has direct access (broadband with a fixed IP address or local area network with a globally routable IP address) to the Internet (without an intervening firewall), or if your system has a private IP address but can access the Internet through a firewall using NAT, you can select the A direct connection to the Internet option. This is the recommended option, because it allows for the fastest, most secure access to IBM services and support.
  • If you have an Internet service provider (ISP) that your system dials into and acts as a connecting point for other systems or partitions, you might want to select the A connection using an Internet Service Provider option. This option supports a secure connection to IBM services and support at the same time and over the same dial-up connection that is currently used by your system to access the Internet.
  • If your system is located in a private network, does not have a global IP address, and has access to a router or system that allows the system to establish a connection to the Internet through an ISP, select the A multi-hop connection to the Internet option.
  • In addition to one of the above configurations, if your enterprise contains an HTTP proxy, you can also configure a service and support proxy on one or more of your logical partitions, so that service applications that support either HTTP, or HTTPS, or both proxies can use these proxies.
  Note: You can configure both a primary and a backup configuration, and both a primary and a backup proxy.
• The network security policy of your company.
• Setting packet rules: ensure that the Universal Connection traffic is allowed through your firewall.
• SOCKS security: ensure that none of the Universal Connection traffic gets directed through a SOCKS system.
• Domain Name system (DNS): When possible, the service applications use a DNS to look up service destination addresses. This allows for additional fault tolerance. If this is the case, you might want to make your DNS available to the appropriate system using the Change TCP/IP Domain (CHGTCPDMN) command. If you configure a dial-up connection you may specify a DNS server that is dynamically added when the dial-up connection is active.