POWER7 information

Deciding which connectivity method to use for the call-home server

Learn more about the connectivity options you have when you use the call-home server.

You can configure the HMC to send hardware service related information to IBM by using a LAN-based Internet connection, or a dial-up connection over a modem.

You have two communication choices when configuring the LAN based Internet connection. The first choice is to use standard Secure Sockets Layer (SSL). The SSL communication can be enabled to connect to the Internet through your proxy server. SSL connectivity is more likely to be compliant with corporate security guidelines. Your second option is to use a VPN connection.

Note: If your open network interface connection uses only Internet Protocol Version 6 (IPv6), you cannot use Internet VPN to connect to support. For more information about the Protocols used, see Choosing an Internet Protocol.

The advantages to using an Internet connection can include:

Significantly faster transmission speed
Reduced customer expense (for example, the cost of a dedicated analog telephone line)
Greater reliability

The following security characteristics are in effect, regardless of the connectivity method chosen:

Remote Support Facility requests are always initiated from the HMC to IBM. An inbound connection is never initiated from the IBM® Service Support System.
All data transferred between the HMC and the IBM Service Support System are encrypted using a high-grade encryption. Depending upon the connectivity method chosen, it is encrypted using either SSL or IPSec Encapsulating Security Payload (ESP).
When initializing the encrypted connection the HMC authenticates the target destination as that of the IBM Service Support System.

Data sent to the IBM Service Support System consists solely of information about hardware problems and configuration. No application or customer data is transmitted to IBM.

Using an indirect Internet connection with a proxy server

If your installation requires the HMC to be on a private network, you may be able to connect indirectly to the Internet using an SSL proxy, which can forward requests to the Internet. One of the other potential advantages of using an SSL proxy is that the proxy may support logging and audit facilities.

To forward SSL sockets, the proxy server must support the basic proxy header functions (as described in RFC 2616) and the CONNECT method. Optionally, basic proxy authentication (RFC 2617) may be configured so that the HMC authenticates before attempting to forward sockets through the proxy server.

indirect Internet connection with a proxy server

For the HMC to communicate successfully, the client's proxy server must allow connections to port 443. You can configure your proxy server to limit the specific IP addresses to which the HMC can connect. See Internet SSL address lists for a list of IP addresses.

Using a direct Internet SSL connection

If your HMC can be connected to the Internet, and the external firewall can be set up to allow established TCP packets to flow outbound to the destinations described in Internet SSL address lists, you can use a direct Internet connection.

direct Internet SSL connection

Send feedback Rate this page

Last updated: Wed, May 07, 2014