Direct Internet connection from a system that provides connectivity for other systems or partitions

Situation

Suppose that you are responsible for maintaining a system for MyCompany, a small manufacturing company in Boone, Iowa. You need to establish a connection between Electronic Customer Support and MyCompany's system. Because MyCompany has an Internet network connection and a fixed global routable IP address cable modem, you can create a connection from your operating system through your cable modem. With this system, your system provides connectivity (as a virtual private network (VPN) multi-hop gateway and a service and support proxy) for the three other MyCompany systems that need to connect to Electronic Customer Support services.

Solution

Create a Universal Connection to IBM® through a direct Internet connection. The Universal Connection wizard creates all the required definitions for the connection to Electronic Customer Support. To provide connectivity for other systems, the wizard creates a Service and Support Proxy and a Layer Two Tunneling Protocol (L2TP) terminator profile. You can also choose to use an existing L2TP terminator profile rather than creating a new one.

Advantages

This scenario provides the following advantages:

• MyCompany can use its existing hardware and Internet provider to receive benefit from Electronic Customer Support. You can configure this connection through the Universal Connection wizard or CL commands.
• The Internet connection provides a simple means of ensuring that MyCompany has Electronic Customer Support available for ease of troubleshooting system problems, tracking current system hardware and software, or receiving software updates and fixes.
• MyCompany's other three systems can remotely connect to Electronic Customer support through a single system. MyCompany only need connectivity from one system.
• A direct Internet connection provides a high-speed connection to electronic services.
• With this scenario the other MyCompany systems are protected from the Internet.

Objectives

In this scenario, the customer wants to ensure that IBM can support the MyCompany system over a direct connection to the Internet. The objectives of this scenario are as follows:

• To create a direct connection between the MyCompany's four systems and Electronic Customer Support through the Internet.
• To automate customer support through Electronic Customer Support and services
• To enable Electronic Customer Support to create an electronic hardware and software service information of MyCompany's system
• To permit Electronic Customer Support to send software fixes and updates to MyCompany over the network

Details

The following figure illustrates a connection from MyCompany's system to Electronic Customer Support through a direct connection to the Internet.

Configuring Universal Connection

• IBM Navigator for i launches the Universal Connection wizard to configure the connection. This only needs to be done once unless some configuration information needs to be updated.

Using Universal Connection

When a Service Application wants to use the Universal Connection to communicate with IBM the following will occur:

• If the service application is not providing its own security and system A is connecting to IBM Service, a VPN is established through your existing Internet connection to a VPN gateway at IBM.
• If the service application is not providing its own security and system B, C, or D is connecting to IBM Service, an L2TP tunnel is established to system A, which initiates a VPN through your existing Internet connection to a VPN gateway at IBM.
• If the service application is providing its own security and system A is connecting to IBM Service, a Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) connection is made with the appropriate IBM systems.
• If the service application is providing its own security and system B, C, or D is connecting to IBM Service and they support a proxy: An HTTP or HTTPS connection is made through the Service and Support proxy server to the appropriate IBM servers..

The service application communicates with the appropriate IBM systems to perform the requested service.

Prerequisites and assumptions

The prerequisites for enabling Electronic Customer Support over a direct Internet connection include the following items:

• The IBM i operating system must have a globally routable IP address, or the system must be behind a NAT firewall with a globally routable address.

• Ensure that the IBM Navigator for i is available on your system.
• Ensure the latest HTTP Server and Java PTF groups are installed on your system.
• Ensure that TCP/IP is active. You can start TCP/IP through the Start TCP/IP (STRTCP) command.
• Ensure the HTTP Administration Server is started. You can start the HTTP Administration Server using the STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN) CL command.
• Ensure that you have security officer (*SECOFR) authority with *ALLOBJ, *IOSYSCFG, and *SECADM special authorities in your IBM i user profile and *USE authority to WRKCNTINF in order to configure the connection using the Universal Connection wizard.
• Ensure that the IBM TCP/IP Connectivity Utilities for i (5770-TC1) licensed program is installed.
• Ensure that the Digital Certificate Manager (DCM) (5770-SS1 option 34) licensed program is installed.
• Ensure that your default TCP/IP route, or a host route, directs traffic out the appropriate TCP/IP interface to the Internet to allow the VPN and other service connections to be established to IBM.
• Ensure that your firewall filter rules allow Universal Connection traffic to flow to the Internet.

Current system configuration steps

After you complete the prerequisites, you are ready to begin configuring the Universal Connection through the wizard.

Assuming that TCP/IP configuration already exists and works, complete these steps to set up the Universal Connection when your local system acts as a connecting point for the other three systems in MyCompany.