Virtual private network

Virtual private network (VPN) can protect service information when you configure a Universal Connection between your system and the IBM support services.

A VPN allows your company to extend its private intranet over a public network. It is based on creating virtual secure tunnels between hosts or gateways connected to the public network. To participate in a secure tunnel or VPN connection, the VPN tunnel end point must implement a compatible suite of VPN protocols. VPN provides the following security functions:

Service information origin authentication to verify that each datagram was originated by the claimed sender.
Service information integrity to verify that the contents of a datagram were not changed either deliberately or due to random errors.
Service information encryption to ensure message text confidentiality.
Replay protection to ensure that an attacker cannot intercept service information and play it back at some later date.
Key management to ensure that your VPN policy can be implemented throughout the extended network with little or no manual configuration.

The Universal Connection builds a VPN connection to IBM, in some scenarios, to ensure that the information sent and received between your system and IBM is safe (for example, VPN encrypts and authenticates service information). The VPN technologies used by the Universal Connection include Layer Two Tunneling Protocol (L2TP), Internet Key Exchange (IKE), and IP security protocol (IPSec). For some of the connectivity options, the Universal Connection uses L2TP alone for those portions of the connection that do not require encryption. For example, if you are connecting from one partition to another partition and then connecting across the Internet to IBM, the Universal Connection uses L2TP between the partitions and then uses L2TP protected by IPSec for the second portion of the connection (that portion requiring encryption).