Direct Internet connection

This scenario shows how to use the Universal Connection wizard to create a connection between your system and Electronic Customer Support over a direct Internet connection.

Situation

Suppose that you are responsible for maintaining a system for MyCompany, a small manufacturing company in Boone, Iowa. You need to establish a connection between Electronic Customer Support and MyCompany's system. Because MyCompany has an Internet connection and its system has a fixed global routable IP address or is behind a NAT firewall, you can create a connection from your system through your Internet connection.

Solution

Create a Universal Connection to IBM through a direct Internet connection. The Universal Connection wizard creates all the required definitions for the connection to Electronic Customer Support.

Advantages

This scenario provides the following advantages:

  • MyCompany can use its existing hardware and Internet provider to receive benefit from Electronic Customer Support. You can configure this connection through the Universal Connection wizard or CL commands.
  • Using an existing Internet connection provides a simple means of ensuring that MyCompany has Electronic Customer Support available for ease of troubleshooting system problems, tracking current system hardware and software, or receiving software updates and fixes.
  • This option provides higher speed connections than modem-based solutions.

Objectives

In this scenario, the customer wants to ensure that IBM can support the MyCompany system over the network though a direct connection to the Internet. The objectives of this scenario are as follows:

  • To create an Internet connection between MyCompany and Electronic Customer Support through MyCompany's cable modem, or other high-speed connection, over a direct Internet connection.
  • To automate customer support through Electronic Customer Support and services
  • To enable Electronic Customer Support to create an electronic hardware and software service information of MyCompany's system
  • To permit Electronic Customer Support to send software fixes and updates to MyCompany over the network

Details

The following diagram illustrates a connection from MyCompany's system to Electronic Customer Support through a direct connection to the Internet.

Diagram that depict a direct Internet connection

Configuring Universal Connection

  • System i® Navigator launches the Universal Connection wizard to configure the connection. This only needs to be done once unless some configuration information needs to be updated.

Using Universal Connection

When a service application wants to use the Universal Connection to communicate with IBM the following will occur:

  • The service application attempts to establish an HTTP (if the service application provides its own encryption) or HTTPS (if the service application uses SSL) connection to IBM. If an HTTP or HTTPS connection cannot be established, the service application attempts to establish a virtual private network (VPN) through the AT&T LIG and the Internet to a VPN gateway at IBM.
  • The service application communicates with the appropriate IBM® systems to perform the requested service.

Prerequisites and assumptions

The prerequisites for enabling Electronic Customer Support over a direct Internet connection are as follows:

  • The IBM i operating system must have a globally routable IP address, or the system must be behind a NAT firewall with a globally routable address.
  • Ensure that the IBM i Access for Windows and System i Navigator programs exist on your personal computer, or the IBM Systems Director Navigator for i web-based console is available on your system.
  • If you are using System i Navigator ensure that you have installed all of the latest service packs. If you are using IBM Systems Director Navigator for i web-based console ensure the latest PTFs are installed on your system.
  • Ensure that TCP/IP is active. You can start TCP/IP through the Start TCP/IP (STRTCP) command.
  • If you are using IBM Systems Director Navigator for i web-based console ensure the HTTP Administration Server is started. You can start the HTTP Administration Server using the STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN) CL command.
  • Ensure that you have security officer (*SECOFR) authority with *ALLOBJ, *IOSYSCFG, and *SECADM special authorities in your IBM i user profile and *USE authority to WRKCNTINF in order to configure the connection using the Universal Connection wizard.
  • Ensure that the IBM TCP/IP Connectivity Utilities for i (5770-TC1) licensed program is installed.
  • Ensure that the Digital Certificate Manager (DCM) (5770-SS1 option 34) licensed program is installed.
  • Ensure that the QRETSVRSEC system value is set to 1. You can check this value with the Display System Value (DSPSYSVAL) command. If this value is not set to 1, enter a Change System Value (CHGSYSVAL) command.
  • Ensure that your default TCP/IP route, or a host route, directs traffic out the appropriate TCP/IP interface to the Internet to allow the VPN and other service connections to be established to IBM.
  • Ensure that your firewall filter rules allow Universal Connection traffic to flow to the Internet.

Current system configuration steps

After you complete the prerequisites, you are ready to begin configuring the Universal Connection through the wizard.

Assuming that TCP/IP configuration already exists and works, complete these steps to set up the Universal Connection if you connect to Electronic Customer Support through MyCompany's local system.

  1. Completing the planning work sheet
    The planning work sheet illustrates the type of information you need before configuring the direct Internet connection. You use this information when running the Universal Connection wizard.
  2. Starting the Universal Connection Wizard
    The Universal Connection wizard is started from System i Navigator or IBM Systems Director Navigator for i web-based console.
  3. Entering the service, address, and country (or region) information
    From the Universal Connection wizard dialogs, specify the service, address, and country or region information about your company and the connections.
  4. Selecting a direct connection to the Internet as a connection type
    From the current system under Connection, select the direct connection to the Internet as a connection type.
  5. Configuring a proxy destination
    To configure a proxy destination for the proxy option, follow these steps.
  6. Indicating that this system does not provide connectivity for other systems or partitions
    To indicate that this system has a direct connection to Electronic Customer Support without providing connectivity for other systems or partitions, click No.
  7. Reviewing the Summary window
    To ensure that the configuration meets your requirements, review the Summary window.
  8. Testing the connection
    To test the connection from your system to Electronic Customer Support, follow these steps.
  9. Optional: Configuring a backup configuration
    If an additional connection method is available to you, you might want to rerun the wizard to configure a backup. This backup is used automatically in the event that the primary connection fails.
Parent topic: Scenarios: Universal Connection
Related concepts:
IP packet filter firewall
Related tasks:
Determining the IBM VPN gateway addresses
Configuring a direct Internet connection
Related reference:
Determining the IBM service destination addresses
Related information:
NAT compatible IPSec
System i Access for Windows: Installation and setup