Notification
Risk classification
HIPER (High Impact and/or Pervasive)
Risk categories
Function Loss
Affected Domain
All users of IBM Downloads (public.dhe.ibm.com)
Abstract
Effective 12 February 2023 IBM disabled unsecure access to IBM Downloads (public.dhe.ibm.com). Customer action might be required to ensure uninterrupted downloads that use the getupgfiles and updhmc commands on the HMC.
Description
In support of IBM network infrastructure improvements, on 12 February 2023, secure connections will be required to connect to IBM Downloads (public.dhe.ibm.com). Downloads that use IBM Downloads (public.dhe.ibm.com) are impacted if using FTP in clear text or HTTP. The getupgfiles and updhmc commands are affected.
Recommended Action
Ensure as soon as possible that the connections made to IBM Downloads (public.dhe.ibm.com) are secured
The IBM Downloads (public.dhe.ibm.com) servers currently support FTPS and HTTPS protocols. Ensure you have secure protocols in place and update any procedures, including existing JCL, jobs, or tools to use the secure protocols.
The HMC can no longer be updated directly from public.dhe.ibm.com. HMC update is supported directly from Fix Central by using SFTP option or by staging the updates on a local server. HMC V10R2 and later also supports updates that use the IBM website repository
The getupgfiles command will no longer support connecting to public.dhe.ibm.com directly. Instead, first download the network upgrade files from Fix Central or from public.dhe.ibm.com using ftps or https and place them on a local FTP server.
| Hostnames | IPs | Secure connection methods | Ports |
|---|---|---|---|
|
public.dhe.ibm.com
|
170.225.126.18
129.35.224.112
9.124.168.53
9.133.44.112
|
FTPS
HTTPS
|
20,21,65024-65535
443
|
Questions & Answers
Q1) Am I impacted by this change?
A1: The ability to download files from IBM might be impacted if this change to implement secure connection methods is not made before February 12, 2023.
Q2) Which systems can be impacted by this change?
A2: All systems or customers who download files by using the IBM Download using FTP in clear text or HTTP will be impacted. The impacted hostname is public.dhe.ibm.com.
Q3) Will the anonymous login option be removed?
No, the anonymous login will continue to exist, however the access protocol will have to be secure (FTPS/HTTPS).
No, the anonymous login will continue to exist, however the access protocol will have to be secure (FTPS/HTTPS).
Q4) What certificate authority has signed the secure FTP server SSL certificate?
A4) The server's SSL certificate is signed by the DigiCert Global Root CA. If this CA is not in the list of trusted CAs for your secure FTP client, the root certificate can be obtained directly from https://www.digicert.com/kb/digicert-root-certificates.htm.
A4) The server's SSL certificate is signed by the DigiCert Global Root CA. If this CA is not in the list of trusted CAs for your secure FTP client, the root certificate can be obtained directly from https://www.digicert.com/kb/digicert-root-certificates.htm.
Q5) Who can I contact if I need further information?
A5) edelsup@us.ibm.com
Date first published
01 March 2023
[{"Risk Classification":"HIPER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSSYO2","label":"Hardware Management Console (7042-CR9)"},"ARM Category":[{"code":"a8m0z000000GnS5AAK","label":"HMC"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Risk Classification":"HIPER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"7063-CR1","label":"Hardware Management Console (7063-CR1)"},"ARM Category":[{"code":"a8m0z000000GnS5AAK","label":"HMC"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Risk Classification":"HIPER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"7063-CR2","label":"Hardware Management Console (7063-CR2)"},"ARM Category":[{"code":"a8m0z000000GnS5AAK","label":"HMC"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Risk Classification":"HIPER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSOQ2E","label":"Hardware Management Console V10"},"ARM Category":[{"code":"a8m0z000000cw1DAAQ","label":"Hardware Management Console-\u003EHMC Upgrade\/Update"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Risk Classification":"HIPER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SGGSNP","label":"Hardware Management Console V9"},"ARM Category":[{"code":"a8m0z000000cw1DAAQ","label":"Hardware Management Console-\u003EHMC Upgrade\/Update"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Risk Classification":"HIPER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SGBR3L","label":"Hardware Management Console V8"},"ARM Category":[{"code":"a8m0z000000cw1DAAQ","label":"Hardware Management Console-\u003EHMC Upgrade\/Update"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
01 March 2023
UID
ibm16959323