IBM Support

Secure FTP downloads for IBM i PTFs

News


Abstract

IBM has implemented the function to download PTFs for the IBM i, from the Fix Central FTP site using secure FTP. This new function will allow customers to use the FTP server in a secure fashion. The un-secure method of FTP PTF download is no longer available as of Saturday, July 17th, 2021.

Content

The Fix Central team and the IBM i iGSC have updated the way that PTF orders are obtained from the Fix Central FTP site.  This site is now using the secure FTP options for the IBM i customers to download PTFs from that site.  This option is only used when you (the customer) select the option for ordering PTFs and have them sent to the FTP site using this option:

image 8767

After you have selected this option, you will receive emails with the order number, the user ID and the password, which you must use in order to download the order from the FTP site.  The previous FTP method of using “ANONYMOUS” as your user ID to sign onto the FTP server has been eliminated and is no longer available.  The new function requires you to sign in using your user ID and password which will be provided in the emails, in order to download PTFs that were ordered in the above fashion.  In addition to using this user ID and password, you will be required to have set up secure FTP on your IBM i system.

Important information:

When you use the method of sending your IBM i PTFs to the FTP server as your delivery method, you will receive the 3 emails.  The first email will still essentially be the one that says that your order has been received.  The second and third emails will contain the information that will be needed such as your user ID, Password and information for you to use to download these PTFs from the server.

You will need to set up your IBM i system as the client to which Secure FTP or FTP and SSL will be used to download PTFs.  You may need to understand and use Digital Certificate Manager (DCM), creating a Digital Certificate Store which holds your certificates; setting up the IBM i as the secure client to which the PTFs will be downloaded.  Below are links to documents which may be of help in answering questions you might have.

These tools are for setting up FTPS:

In order to use the instructions in the document SSL FTP Client Configuration, you will need to download both of the certificate authorities from the compressed file. ca.zip (https://www.ibm.com/support/pages/system/files/inline-files/ca.zip)

The following document includes steps to configure the IBM i, FTP client to use SSL:  SSL/TLS FTP Client Configuration for Fix Central Secured FTP Downloads (FTPS) https://www.ibm.com/support/pages/node/6475697

The following document includes steps and answers to questions on the use of DCM:  Digital Certificate Manager (DCM) - Frequently Asked Questions and Common Tasks 

These tools are for setting up SFTP:

NOTE: These tools are as-is tools and are not supported by the IBM i iGSC.

This link takes you to a document with steps for setting up SFTP using the PuTTY tool: Instructions for setting up SFTP for use in downloading PTFs from Fix Central to the IBM i.


Firewall considerations: 
  • IBM bulk FTPS method for Fix Central is referenced by 2 hostnames: delivery01-bld.dhe.ibm.com and delivery01-mul.dhe.ibm.com.   Customer's firewall teams will need to be aware of those 2 hostnames.
  • Additional questions may be answered in the documentation under the section titled: What does my firewall team need to know?

Using an FTP client to download secure images to a PC:

Note: The following example uses FileZilla as the FTP client. This is a freeware product not supported by IBM. Use an FTP client of your choice.

The customer installs an FTP client (such as FileZilla) to their PC.
Once it is installed, start it and you should see this:
image 10999
Now from the secondemail that you get from Fix Central, at the very top you will see the following information:
INFORMATION YOU WILL NEED TO RETRIEVE YOUR ORDER
Your user ID --> BQ8433
FTP Server --> delivery01-bld.dhe.ibm.com
Transfer type --> ascii/binary
Directory on server --> 12304423/C
Files to get --> ftpSI76515.txt
                    --> ilstSI76515.txt
                    --> sha256.txt
                     --> SI76515_1.bin

So now on the FileZilla screen:  enter the FTP server in the space for the Host, the username provided in the second email, password provided in the third email and specify port 22 (21 and 990 may also work). Then click quick connect and you should end up with the following screen:

image 11007

Now next to remote site you need to paste in the 'directory on server' from the note from fix central.  In my case it is /12304423/C
For the local site you need to put in where on your pc do you want the file stored in.  In my case it was C:\
Highlight the files in the remote site location that you want to download to your PC. Right-click on them and select the 'Download' option and the images will be transferred to your pc.
Once the images are downloaded to your PC, FTP the images to the IBM i IFS directory, add them to an image catalog, and continue the steps to install PTFs from an image catalog.
Though the links noted are as-is tools, we have tested the instructions using PuTTY and it has worked quite well.

Related Information

[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000001iCOAAY","label":"PTF-\u003Eorder ptfs"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]

Document Information

Modified date:
26 August 2021

UID

ibm11077897