Learn more about the connectivity options
you have when
you use the call-home server.
You can configure the HMC
to send hardware service related information
to IBM by using
a LAN-based Internet connection, or a dial-up connection over a modem.
You have two communication choices when configuring the LAN based
Internet connection. The first choice is to use standard Secure Sockets
Layer (SSL). The SSL communication can be enabled to connect to the
Internet through your proxy server. SSL connectivity is more likely
to be compliant with corporate security guidelines. Your second option
is to use a VPN connection.
Note: If your open network interface connection
uses only Internet Protocol Version 6 (IPv6), you cannot use Internet
VPN to connect to support. For more information about the Protocols
used, see
Choosing an Internet Protocol.
The advantages to using an Internet connection can include:
- Significantly
faster transmission speed
- Reduced customer expense (for example,
the cost of a dedicated
analog telephone line)
- Greater reliability
The
following security characteristics are in effect, regardless
of the connectivity method chosen:
- Remote Support Facility
requests are always initiated from the
HMC to IBM. An inbound connection is never initiated from the IBM® Service Support System.
- All
data transferred between the HMC and the IBM Service
Support System are encrypted using
a high-grade encryption. Depending upon the connectivity method chosen,
it is encrypted using either SSL or IPSec Encapsulating Security Payload
(ESP).
- When initializing the encrypted connection the HMC
authenticates
the target destination as that of the IBM Service
Support System.
Data sent to the IBM Service
Support System consists solely of information about hardware problems
and configuration. No application or customer data is transmitted
to IBM.
Using an indirect Internet connection with
a proxy
server
If your installation requires the HMC to be on a
private network, you may be able to connect indirectly to the Internet
using an SSL proxy, which can forward requests to the Internet. One
of the other potential advantages of using an SSL proxy is that the
proxy may support logging and audit facilities.
To forward
SSL sockets, the proxy server must support the basic proxy header
functions (as described in RFC 2616) and the CONNECT method. Optionally,
basic proxy authentication (RFC 2617) may be configured so that the
HMC authenticates before attempting to forward sockets through the
proxy server.

For
the HMC to communicate successfully, the client's proxy server must
allow connections to port 443. You can configure your proxy server
to limit the specific IP addresses to which the HMC can connect. See Internet SSL address lists for a list of IP addresses.
Using a direct Internet SSL connection
If
your HMC can be connected to the Internet, and the external firewall
can be set up to allow established TCP packets to flow outbound to
the destinations described in Internet SSL address lists,
you can use a direct Internet connection.
